Re: [Discuss] Mothballing Synology NAS
Actually, QNAP is probably one of the worst storage system vendors. They offer little or no support. They sat on a silent corruption bug until they were out-ed by a blogger who went public after the company's refusal to acknowledge the bug: http://www.sbsfaq.com/?p=4277 I have personally had to deal with qnap as a back-end to a ZFS storage appliance and the customer kept getting corruption errors. (He actually did have a disk failure/replacement in his raid.) We showed him the bug report. That system is now "retired." Worse yet, they don't publish the systems affected by the bug, oh no! They only published the systems NOT affected by the bug leaving you to wonder whether or not you are affected. "Is that my system? Its close, but not exact." Those small closed systems aren't worth it. A moderate ECC RAM motherboard barebones system and good SATA disks will come in at about the same price, be faster, and be more reliable. Or pony up for a real storage system with support and service level agreements. > At least QNAP offer to one-click secure your installation with a Let's > Encrypt cert through their SSL management plugin - even though they sell > certs through the the same plugin/admin interface. > > (ed. note: TLS/SSL does not prevent Spectre / Meltdown - it's just an > indication that QNAP are not 'crap' vendors if you consider Let's Encrypt > free certs the 'right thing' to do.) > > Greg Rundlett > https://eQuality-Tech.com > https://freephile.org > > On Mon, Feb 5, 2018 at 3:07 PM, Greg Rundlett (freephile) < > g...@freephile.com> wrote: > >> I have a QNAP TS-231 (dual bay SMB NAS) https://static. >> myqnapcloud.com/device_model/53466f86d6b82f5cd5295b28?r=1517796001 >> >> QNAP offered this security advisory on Jan. 8th >> https://www.qnap.com/en-us/security-advisory/nas-201801-08 >> >> And have released firmware upgrades since then ( 2018/01/30 ) QTS >> 4.3.3.0448 Build 20180126 >> >> However, they don't mention anything in the release notes yet >> https://www.qnap.com/en/releasenotes/ so I'm unsure if it's "in there". >> >> They advise: >> >>- Do not install applications from unknown third-party sources. >>- Do not open or run unknown virtual machine (VM) images on your >>device. >>- Do not run unknown software in Container Station. >> >> >> > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Mothballing Synology NAS
This is common across the industry. EMC, Cisco, IBM, and others have said basically the same thing. I would dump synology because its crap, but not because of that. > The Meltdown and Spectre vulnerabilities were publicly disclosed 3 > January. > > Synology posted their own security advisory 5 days later on 8 January > listing these vulnerabilities as moderate "because these vulnerabilities > can only be exploited via local malicious programs." As if there were no > ways for "local malicious programs" to ever be installed or injected. > > As of 4 February, a month after the initial disclosure, Synology have > yet to release fixes for these vulnerabilities. > > I will be mothballing my Synology NAS box as soon as I get a replacement > for it up and running. I have the parts. I just need to assemble and > test them, install an OS, and move the drives. > > -- > Rich P. > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] Specific RedHat kernel: kernel-3.10.0-327.62.4.el7.src.rpm
I need a specific redhat kernel to patch an appliance that is out of support. Does anyone have it? kernel-3.10.0-327.62.4.el7.src.rpm ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] 3D Printers
I've had the 3D printer working for about a week now, I have to say its interesting. Some of my friends at work and I have been thinking about this.. Are they a fad or a technology with a big future? I'm still not sure. Yes, they can make a lot of things, but the pieces will never be cheaper than mass production. They will probably never have the "quality" of a molded plastic. Then there is "plastic," metal would be nice. So assuming plastic only.That has a wide range of application, so maybe that's enough? One thing I did print was a Raspberry PI project box. it only took 4% of a 1kg roll of filament. The filament was on sale at Microcenter for $14.99. The box cost about $0.60 in materials, and maybe 5~10 cents of electricity. It 10 hours to print. About 5 hours for the top and the bottom. I also printed a camera holder for the Raspberry PI camera, probably $0.05 worth of filament. So, it may make sense for people like me who like to build things. > I recently bought an ANet A8 3D printer for 163.99 (a week ago counting > shipping) > > www.gearbest.com/3d-printers-3d-printer-kits/pp_343643.html?currency=USD&viphttp://www.gearbest.com/3d-printers-3d-printer-kits/pp_343643.html?currency=USD&vip=760163&gclid=CJLTpfywoNMCFduEswoddZsDaw=760163&gclid=CJLTpfywoNMCFduEswoddZsDaw > > I am currently printing stuff right now. Its kind of cool. I have a number > of thing I want to print, but it will take days to get them done. 3D > printing is not terribly fast. > > A co-worker of mine dismissed 3D printers as gimmicks and while I sort of > agree, I think the technology is interesting. Here is one issue that drove > home the issue for me. > > I was trying to set up a raspberry pi camera as a web cam. I was double > sided taping the camera to a box. Then I asked myself, "I bet > thingiverse.com" has a 3D cad of what I want, and, of course, they did!!.I > printed the camera mount. Easy. > > This technology is in its infancy. It has so much potential. Anyone else > have a 3D printer? > > > > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] 3D Printers
I recently bought an ANet A8 3D printer for 163.99 (a week ago counting shipping) www.gearbest.com/3d-printers-3d-printer-kits/pp_343643.html?currency=USD&viphttp://www.gearbest.com/3d-printers-3d-printer-kits/pp_343643.html?currency=USD&vip=760163&gclid=CJLTpfywoNMCFduEswoddZsDaw=760163&gclid=CJLTpfywoNMCFduEswoddZsDaw I am currently printing stuff right now. Its kind of cool. I have a number of thing I want to print, but it will take days to get them done. 3D printing is not terribly fast. A co-worker of mine dismissed 3D printers as gimmicks and while I sort of agree, I think the technology is interesting. Here is one issue that drove home the issue for me. I was trying to set up a raspberry pi camera as a web cam. I was double sided taping the camera to a box. Then I asked myself, "I bet thingiverse.com" has a 3D cad of what I want, and, of course, they did!!.I printed the camera mount. Easy. This technology is in its infancy. It has so much potential. Anyone else have a 3D printer? ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] KVM, virt-manager, and CentOS7
> On Thu, Feb 09, 2017 at 11:40:28AM -0500, ma...@mohawksoft.com wrote:
>> Here's the problem with all this.
>>
>> 8 characters for a name. Yes, in a hypothetical sense you have
>> 2.183401056×10^14 possible passwords if you use 8 ascii alpha/numeric
>> characters with no punctuation characters, but the vast majority of that
>> space are random strings not suitable for nicknames or meaningful
>> identifiers. For instance, I can't see that any remaining meaningful
>> permutations of "john smith" could possibly be left. How many email
>> addresses do they assign a year? How many back-logged names did they
>> create at first?
>
> Let's call it 26^8 or so: 208 billion.
Actually, 62^8, [a-zA-Z0-9]{8}
>
> The real problem is the lack of human meaning and the fact that
> names are usually longer than 8 characters.
>
> How many do they assign a year? Roughly a freshman class worth,
> plus maybe a hundred more? So 1200ish.
>
> John Smith is out of luck. So is Elizabeth Jones. But still, they probably
> have better options than "bb30...@binghamton.edu" -- the login I was
> assigned so many years go, can still remember, and have absolutely no
> use for.
>
> -dsr-
>
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] KVM, virt-manager, and CentOS7
Here's the problem with all this. 8 characters for a name. Yes, in a hypothetical sense you have 2.183401056×10^14 possible passwords if you use 8 ascii alpha/numeric characters with no punctuation characters, but the vast majority of that space are random strings not suitable for nicknames or meaningful identifiers. For instance, I can't see that any remaining meaningful permutations of "john smith" could possibly be left. How many email addresses do they assign a year? How many back-logged names did they create at first? When an alum dies, does their email address become available? > Dan Ritter writes: > >> On Wed, Feb 08, 2017 at 10:24:54AM -0500, Derek Atkins wrote: >>> Eric Chadbourne writes: >>> >>> > Off topic, warl...@mit.edu, is the best email ever. >>> >>> Thanks. I've had it since 1989. >> >> MIT trivia: once you have a username, you can't change it. >> >> http://mitadmissions.org/blogs/entry/dont-screw-up-your-username > > Only mostly true. I know a handful of people who successfully changed > their usernames. It's rare, and only done in extreme circumstances. > But it *can* be done. > >> -dsr- > > -derek > > -- >Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory >Member, MIT Student Information Processing Board (SIPB) >URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH >warl...@mit.eduPGP key available > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] KVM, virt-manager, and CentOS7
I tried overt on a machine that was already hosting VMs. Needless to say, I had to painstakingly restore my KVM environment to get them back. The thing that I like about KVM and libvirt is that it works within a standard Linux system. I've tried vmware, parallels, and a number of other vm environments, and they just didn't have the features to get the job done. Networking between VMs didn't work or was a $$ feature. Snapshots and disk compaction not available. Sharing CPUs during idle. The next step up is vShpere and overt, which are so comprehensive that you are buried with features and have to, more or less, commit to using their strategy. Sure, if you want to run a large scale vm warehouse, something like overt is for you. If you want to host a small-ish number of VMs, or use VMs to develop/test software for different environments and operating systems, KVM with libvirt is much easier to set-up and use. > I've been playing with oVirt 4.0.6 on EL7.3 and I've almost migrated all > my VMs from my old VMware infrastructure. So far I'm enjoying it. I > can't say it was painless to set up -- ovirt has a lot of moving > parts -- but once I figured it all out it's been pretty smooth sailing. > > -derek > > Jerry Feldman writes: > >> A lot of this has been available in Fedora for several years. >> Unfortunately, the GUI support had been lacking where vmWare and >> VirtualBox >> provided a much easier way to do it. >> >> On Mon, Feb 6, 2017 at 2:04 PM, wrote: >> >>> Has anyone played with virt-manager and KVM on CentOS 7 lately? >>> >>> I was surprised by a lot of the things that were difficult or at least >>> arcane in previous releases are fairly trivial now. >>> >>> For instance, a few years ago, bridged networking was a fairly poorly >>> documented procedure of setting up a bridge, setting up the virtual >>> lan, >>> virtual adapters, etc. Now, its just a setting on the network adapter >>> when >>> you add it. >>> >>> I think I can easily step away from VMWare. >>> >>> ___ >>> Discuss mailing list >>> Discuss@blu.org >>> http://lists.blu.org/mailman/listinfo/discuss >>> > > -- >Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory >Member, MIT Student Information Processing Board (SIPB) >URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH >warl...@mit.eduPGP key available > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] sshd and key authority -- inspired by deadmanish
One of the problems with ssh is the "I have to connect to the machine to copy my public key before I can connect with my key to the machine" problem. One of the cool, but little used, features of sshd is the TrustedUserCAKeys setting. This allows you to create a public/private centralized key authority, (you use openssl to create the authority) and you can use: ssh-keygen -f ca.key -y > ca.sshd This will create the sshd authority key, (the ca.key and ca.pub was set up by openssl.) put in sshd_config as: TrustedUserCAKeys /path/ca.sshd Now, create your key as you normally would. ssh-keygen -f yourkeyname Here's the fun part! Sign it: ssh-keygen -s ca.pem -I "yourname" -n yourlogin -V +2d yourkeyname.pub The above does a two things: (1) Creates a certificate public key that is signed with your central authority. (2) The -V command line option limits how long the key is valid This allows you to give someone a key that is valid for a certain number of days. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] KVM, virt-manager, and CentOS7
Has anyone played with virt-manager and KVM on CentOS 7 lately? I was surprised by a lot of the things that were difficult or at least arcane in previous releases are fairly trivial now. For instance, a few years ago, bridged networking was a fairly poorly documented procedure of setting up a bridge, setting up the virtual lan, virtual adapters, etc. Now, its just a setting on the network adapter when you add it. I think I can easily step away from VMWare. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] NAS: encryption
> On 7/8/2015 3:19 PM, Chuck Anderson wrote: >> Sorry, I call BS. My point was that having access to source code is a >> prerequisite. If you don't have access to the source code, it becomes >> MUCH harder to audit because you are limited in the techniques you can >> use, such as black box testing. If you have source code, you can read >> the code and try to understand what it is doing. > > This is why I say you don't have the qualifications. Access to the > source code isn't worth nearly as much as you seem to think it is. There > are classes of vulnerabilities like insecure compiler optimizations that > are impossible to detect by examining the source code even when you do > understand what the code is supposed to do. On the other hand, no-source > techniques like black box testing work whether or not you have the > source. This is why my answer to your next question is... > > >> And do you think we would know about those instances if the >> code/standards were closed? > > ... yes, we would. > Everyone, step back and think about encryption. There are a lot of moving parts. Take for instance, the AES encryption algorithm. This is a known quantity and you can "trust" that it works when given any two independent implementations of it can encrypt/decrypt. That's just the beginning. The next step is your key value. Is your key sufficiently random to really get the benefits of the encryption? How do you know? Does your key generation use /dev/urandom, /dev/random, some neat hardware entropy generation? If your key is not sufficiently unpredictable, then no matter how good the encryption algorithm is, it will break if the attacker knows about your key vulnerability. Next, how safe is your private key? Why use brute force when the key can be had by bad programming? "trusting" that a closed system like encrypted hard disks is probably OK, but if you are paranoid, it isn't. We should all be paranoid. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] NAS: encryption
>> From: John Abreau [mailto:abre...@gmail.com] >> >> "Edward Ned Harvey (blu)" writes: >> >> > You seem to think there's an obstacle which isn't really real - >> > Encryption is very cheap computationally, so cheap indeed it can be >> > done by the disks themselves. >> >> >> Â On Tue, Jul 7, 2015 at 1:14 PM, Derek Atkins wrote: >> I don't trust my disks to do the encryption, mostly because there's >> really no way to verify that it's doing it correctly, and the key >> management gets a lot harder. >> >> The way I read it, the message wasn't that you should trust the disk to >> do the >> encryption; it's that encryption has very low overhead today, and the >> reference to disk-based encryption was merely to illustrate that point. > > It seems silly not to trust the disk to do encryption, when you'd trust > some software that you equally haven't decompiled and inspected. > The difference is that with "open source" software, specifically the crypto library in openssl, because that's how people get FIPS certified, many people do audit the code. Maybe not you, but many, and the fact that we have so many CVE notices means that people are. Did *you* verify the crypto had no holes? That the random number generator had enough entropy? That the proper key length was used, and so on. No, you didn't, but many people have, and most importantly, have the ability to inspect this. The problem with internal drive encryption is getting any level of disclosure and accountability. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Thin Provisioned LVM
> On 3/12/2015 2:04 PM, ma...@mohawksoft.com wrote: >> sync only controls when data is written to the ZIL, not whether or not >> the >> ZIL is used at all. > > Incorrect on all counts. You can read Robert Milkowski's blog (Robert is > the author of this piece of code) for further details. No, I'm not > providing you with any more links. If you really care then you can > search for it yourself. useless ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Thin Provisioned LVM
> On 3/12/2015 1:51 PM, ma...@mohawksoft.com wrote: >> So, what is it? > > Ahahahahaha. > > "man zfs" and read. You're looking for the sync option. sync only controls when data is written to the ZIL, not whether or not the ZIL is used at all. Try again. > > -- > Rich P. > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Thin Provisioned LVM
> On 3/12/2015 12:14 PM, ma...@mohawksoft.com wrote: >> Exactly my point, by the way. I don't want ZIL for some applications. It >> isn't a misunderstanding, I've looked over the code intensely looking >> for >> some way to provide this functionality. > > I disbelieve. Globally disabling the ZIL was an unsupported tunable from > Day 1 (it was used internally at Sun to isolate different parts of ZFS > for performance analysis). ZIL synchronicity was implemented as a > per-dataset option in 2010. So, what is it? ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Thin Provisioned LVM
> On 3/12/2015 8:46 AM, ma...@mohawksoft.com wrote: >> (1) If someone could point me in the direction of documentation on how >> to >> get ZFS to update file or zvol blocks IN PLACE, i.e. without going >> through >> the ZIL, then cool, I would really find that helpful. > > See, this is what Ned is on about. There are two things that you've > written here that demonstrate a significant lack of understanding of ZFS. NO, I understand this, really I do. > > First is the ZIL. ZFS always has a ZIL. On a simple system the ZIL is on > the data vdevs. In a high performance pool the ZIL is a dedicated > low-latency device like a RAM-based SSD (optimally a mirrored pair). But > regardless, there's always a ZIL. Exactly my point, by the way. I don't want ZIL for some applications. It isn't a misunderstanding, I've looked over the code intensely looking for some way to provide this functionality. > > Second is that you don't tell ZFS to update in place. That's not how one > does things with ZFS. Yes, I know this. Disagreeing with the way ZFS implements storage is not the same as misunderstanding it. > The ZFS way is to enable deduplication and > compression. I *DID* point you at these and I explicitly called out > deduplication as the solution to the rampant space gobbling problem that > you described. You chose to brush all of it off as "ZFS is stupid". > > No, it isn't. I think you misunderstood what I was saying about space utilization. Consider this: You are a large cloud hosting company. You have a SAN storage system from which you allocate thin provisioned virtual luns which you then present to ESX server virtual machines. You give each customer a 2T LUN on which to install their OS of choice. The customers are billed by the actual amount of storage they use. Using a conservative allocation of disk space and in-place modification, the hosted system doesn't grow on the LUN. This is good for two things: (1) It saves the customer money because they are not paying for storage they are not using. (2) It allows the hosting company to monitor and budget hardware infrastructure additions gradually. The problem with ZFS, is that it is very aggressive at growing the pool. It assumes there is no cost to using the whole disk. Once it writes to a block, that block is pulled out of the SAN and allocated to the LUN, you can't give it back in the SAN. The number of "used" blocks have not really changed on the LUN, only more free space has been allocated to it. Now the customer has to pay for that and the hosting company has to add more storage to their SAN. There is no way I have found to curtail this behavior and everyone just says "ZFS wants to own the disks." That's not a solution to the problem. > > >> First, on Linux, currently, ZFS does not cluster across multiple >> systems, >> so there's one instance. That means you can't create fully redundant >> applications on Linux using ZFS. > > I don't know where you picked up this idea but it's very wrong. I've > designed, deployed and managed fully redundant HA systems without > cluster-aware file systems. Cluster-aware file systems are just of > several solutions to the problem of shared storage. Fully redundant on linux, i.e. active-active. This is not supported on Linux as of 3/12/2015. We have an active-passive solution, but that is half way toward what we want to do. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Thin Provisioned LVM
>> From: ma...@mohawksoft.com [mailto:ma...@mohawksoft.com] >> >> >> From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On >> >> Behalf Of ma...@mohawksoft.com >> >> >> >> says give ZFS whole disks, which is stupid. >> > >> > Mark, clearly you know nothing about ZFS. >> >> Think what you wish. Maybe I'm not explaining the problem > > You're explaining your thoughts well - it's just that you're saying a lot > of things that demonstrate lack of understanding of ZFS. This is something you've said, but you haven't pointed to anything that is incorrect. I really hate when people bring a "personal" pejorative to a technical discussion. The problem I have had with ZFS and its supporters is that they don't accept their baby is is not perfect and I raised real issues that real users have, and sink to making it personal, so be it. Yes, if you put an SSD on the ZIL, you can improve performance, and there are a host of tricks you can use. If I have not stated it, I will state it now, ZFS has some features that make it a great system for a broad set of applications, but it does have issues related to performance and resource usage that make it unsuitable for some classes of applications and/or environments. To deny this would be *you* having a lack of understanding of ZFS or systems design. > Normally I like > to react to those kind of things in a helpful manner, but for 1, you're > certainly writing the stuff much faster than I have time to react to, and > for 2, based on a zillion similar things you've written here before, I > believe you have some kind of personal bias that I don't understand, It isn't personal bias to debate the pros and cons of a system. I'm sorry if I offend people if I barbecue their sacred cows. ZFS is just a thing and for the class of systems and environments I deal with, some of its behaviors run against the design criteria of the rest of the system. A database-like system that manages its blocks and data integrity will generally show a degradation in performance on ZFS. > some > kind of personal resentment for zfs. I don't think anything I can say is > going to change your mind about anything, so it would also be a waste of > time for me to react to your zfs comments for your sake. (1) If someone could point me in the direction of documentation on how to get ZFS to update file or zvol blocks IN PLACE, i.e. without going through the ZIL, then cool, I would really find that helpful. (2) If someone could point me to a property of a ZFS pool to favor re-use of storage blocks rather than expanding the footprint of the zpool usage on the device, I would find that very helpful. Both these behaviors REALLY REALLY impact enterprise class systems. Saying "you are doing it wrong" is not an answer because #1 is a problem for highly performant data systems and #2 is a problem for IT in corporations that run SAN environments which use space-efficient (thin provisioned) volumes. >I personally > believe each tool is a tool, and has characteristics different from each > other, and based on those characteristic differences, each tool is better > for certain situations. But as I mentioned, there's *almost* no situation > I can think of where I would choose lvm over zfs. First, on Linux, currently, ZFS does not cluster across multiple systems, so there's one instance. That means you can't create fully redundant applications on Linux using ZFS. That combined with my previous issues, really move ZFS out of the running for a host of "enterprise class" applications. > > I only want to tell people "don't listen to what this guy says about zfs. Now, I seriously take offense too this. If I were to say, Edward Ned Harvey is an idiot, on the internet, that's bad because it cached and searchable on google for the rest of time. The ad-hominem attack is the lowest form of debate and a clear sign that the person using it has no real standing in the discussion. You do not know me and have no idea what I do or do not know about anything, and nothing I have written about ZFS is fundamentally incorrect at this point in time. You don't even bother to debate it, you just sink to using insults. Are you comfortable with that level of discourse? I dislike it. Saying "You are wrong about XYZ, here's why" means that you can be respectful and have a proper discussion. Saying "I want to tell people don't listen to this guy" is a personal attack. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Thin Provisioned LVM
>> From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On >> Behalf Of ma...@mohawksoft.com >> >> says give ZFS whole disks, which is stupid. > > Mark, clearly you know nothing about ZFS. Think what you wish. Maybe I'm not explaining the problem Commercial SAN systems provide disks as "LUNs" over fibre channel or iSCSI. These LUNs are allocated from a pool of disks in a commercial storage system. Ideally, a number of servers would use storage from the SAN. Each of the servers or VMs will be presented with their disks. Now, EXT2, XFS and many other file systems keep their data allocation conservative, opting to re-use blocks in-place instead of using new blocks. The problem arises when you have something like a 100 VMs, each with a 2TB LUNs, running off a SAN with only 20TB of actual storage. Without ZFS, the systems only use space as they need it. 100VMs with 2TB of logical storage each, can easily come out of 20TB as long as block allocation is conservative. When you use ZFS the 100VMs will, far more quickly than actually needed, gobble up 2TB each and force 200TB physical storage even though most of the VMs have largely free space used by ZFS. This is representative of a *real* and actual problem seen in the field by a real customer. ZFS is not compatible with this strategy, and this strategy is common and not something the VERY LARGE customer is willing to change. > > Also, it's clear you have an axe to grind, which makes anything you say > about it "take it with a grain of salt." Believe what you will, I have posted nothing but real issues that myself and other people have had. > > I've personally used a lot of zfs, and a lot of lvm, and there is barely > any situation that I would ever consider using lvm ever again. Agreed, ZFS does a lot of things "right," unfortunately it does a lot of things incorrectly and renders itself as a sub-optimal for a class of applications, specifically ones which manage their own block cache and block I/O strategy. You can make ZFS "faster," but in the configuration I describe, not as fast as a simpler volume management system. > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Thin Provisioned LVM
> On 3/11/2015 1:13 PM, ma...@mohawksoft.com wrote: >> Yes, please, oh please, put some links that describe "best practices" >> that >> address my "complaints" as there are none that anyone I have ever known > > http://lmgtfy.com/?q=zfs+best+practices+memory > http://lmgtfy.com/?q=zfs+best+practices+database > http://lmgtfy.com/?q=zfs+best+practices+sparse+volumes Again, like I said, these do not address the problems. Specifically, the post about sparse volumes says nothing about how to keep a ZFS pool from growing out of control on a sparse presented to it from a SAN. It merely says give ZFS whole disks, which is stupid. The performance "best practice" show how to improve performance on ZFS, but not how to make the performance on ZFS equivalent to much thinner volume management. ZFS has a lot of good qualities for a number of applications, but it is just bad for a lot of other applications. > > Was that so hard? Yes, because it didn't have any usable information. > > -- > Rich P. > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Thin Provisioned LVM
> On 3/10/2015 11:09 PM, ma...@mohawksoft.com wrote: >> There are some very good reasons to NOT use ZFS, but this isn't the >> discussion I intended to start. > > Then all I will say on this subject at this time is that your problems > with ZFS seem to fall under "you're doing it wrong". ZFS best practices > are thoroughly documented and those documents do address your complaints > about ZFS. Yes, please, oh please, put some links that describe "best practices" that address my "complaints" as there are none that anyone I have ever known have been able to find. Yes, there are some that "claim" to fix these problems, but not really or completely dismiss the architecture of the application. Remember, a lot of very high quality, very high performance, applications are designed to run on very thin disk layers, i.e. LVM, RAID, etc. ZFS introduces I/O, latency, memory requirements, CPU utilization, and other resource requirements that are otherwise not desirable in a product. A high performance application which is bottle-necked by I/O and I/O latency, will run faster against a raw disk than it will against a zvol or file in a zfs pool. > > In re Linux LVM, well, it comes as no surprise to me that the thin > provisioning mechanism feels like a bolted-on hack. LVM always felt > unfinished to me compared to other offerings like AdvFS, VxVM, even the > volume manager that IBM created to support JFS (IBM's tools and internal > consistency made up for a lot of the shortcomings in AIX). I used LVM > not because it was good but because it was the only volume manager that > Linux had. These days I try to avoid using LVM for anything other than > basic OS volumes. > > -- > Rich P. > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Thin Provisioned LVM
> On 3/10/2015 1:03 PM, ma...@mohawksoft.com wrote: >> intensive for much hungrier applications. LVM is much more light weight >> and has better performance in applications that manage their own >> journalling and data integrity (like a database). > The important part of the above paragraph that was omitted was: "the implementation of ZFS is too resource intensive for much hungrier applications" > If you're getting substantially better performance with LVM than with > ZFS then you've done something wrong. ZFS done right is only a little > worse than bare disk speeds assuming that you have enough physical RAM > for I/O cache (or dedicated ZIL and L2ARC vdevs for heavy I/O loads) and > enough CPU for raidz, compression and encryption if you are using these > features. I didn't want to talk about ZFS, I wanted to talk about LVM, but here we go with ZFS. ZFS takes significant amounts of memory. If you have high memory demands for your application, you will be competing with ZFS and significantly increase the cost of your application. ZFS does not update your disk "in-place," i.e. it is all copy-on-write. For a vast number of applications, this works pretty well, but for database class systems that manage their file blocks, this incurs extra disk I/O and impacts performance. ZFS is a nightmare for high-end commercial storage that present thin-provisioned LUNs. It is a classic strategy to present systems with a SAN LUN that grows as it is used. ZFS does not constrain itself, it grows until it takes all available space on the lun. Even if your ZFS pool shows that it is 99% empty, it will fully use the volume. There are some very good reasons to NOT use ZFS, but this isn't the discussion I intended to start. > > -- > Rich P. > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] Thin Provisioned LVM
As the storage wars continue, the debate of ZFS vs LVM continues. I have been dealing with ZFS heavily for about a year now and just don't see it as a viable file system for a lot of applications that would otherwise benefit from its feature set. Specifically "thin provisioned volumes" for virtual machines or iscsi luns. Yes, ZFS zvols do support thin provisioning and the API is basically correct. Unfortunately, the implementation of ZFS is too resource intensive for much hungrier applications. LVM is much more light weight and has better performance in applications that manage their own journalling and data integrity (like a database). LVM has recently gained "thin provisioning" of volumes, but its kind of broken. You create a "thin pool" as an LVM volume and then sub-allocate LVM volumes out of that. So, you have the volume group, the "thin pool" allocated out of the volume group, and the volumes allocated out of the thin pool. I am not sure if this even makes sense. It is conceptually no different than allocating a volume out of a volume group, putting a file system on it (ETX2, say) and then putting a sparse file on it. The EXT2 file system is performing the function of the "thin pool" code. I think its kind of bogus. Any opinions? ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Raspberry PI 2
> On 2/22/2015 12:11 PM, ma...@mohawksoft.com wrote: >> Maybe I'm old, but this much computing capability the size of a pack of >> playing cards for $35 in quantities of one, seems like a HUGE enabling >> technology for a new boom in hardware products. > > You're right - you ARE old! ;-) I am, for sure, but I don't think the size/power/cost/support have been present until now. > > The hardware and software curves crossed about ten years ago, so it's > logical that the hardware devices would get smaller and more > specialized. The only thing I'm afraid of is that they're headed toward > "appliance" status, where each "strawberry Pi", "Pecan Pi", etc. is > limited to a single burned-in capability that can never be changed. I would much rather see a hackable PI future than a locked down android/ipad/xbox future. > > Bill, who is contemplating Caesar's bust on the shelf and wondering how > many will get the reference. > > -- > E. William Horne > 339-364-8487 > > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] Raspberry PI 2
Quad Core 900MHZ CPU 1 1G of RAM Solid state storage (SD Card) DC power supply A theoretical price of $35 (currently obtainable at $45) Seriously, how is this not an ideal platform for 99% of computer projects? Why isn't one embedded in every toaster in the world? I have used a PI(b+) ind its pretty damn good. A little slow and not a lot of RAM (700MHZ single core and 512M RAM), but you could use it as a general purpose computer. Maybe I'm old, but this much computing capability the size of a pack of playing cards for $35 in quantities of one, seems like a HUGE enabling technology for a new boom in hardware products. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Linux project - WX
> On 2/10/2015 12:19 PM, Nuno Sucena Almeida wrote: >> As you mention, weather stations hardware is still a bit on the >> expensive side, so for now I make do with temperature+humidity DHT22 and >> the barometric pressure sensor BMP180. > > Kids these days with their sensors and their servers. When I did weather > recording I used an alcohol thermometer, a hair-tension hygrometer, and > a Goethe barometer, and I recorded measurements in a spiral-bound > notebook with a pencil. > > :) > > As a point: weather != climate. You won't observe any kind of climate > change with your back yard weather station. Not to be pedantic, sure he will, it will just take years to see the trends. > > -- > Rich P. > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Passwords in Source Code?? Or, How to secure interprocess communications?
This is a common problem and there are some common guidelines that allow you to run your program almost anywhere. Store your passwords in an external file. The passwords must be encrypted using at least 1024 bit encryption with some sort of salt. AES is probably your best bet. The file must be readable *only* by the administrator. Do NOT roll your own encryption, use openssl. > Related to my previous database questions... > > Normally I think of a program as trusting itself, having some integrity, > maybe not even having gaping bugs or security holes. But what if I the > program I am writing is talking to another, such as Postgres? Postgres > has the ability to do passwords, so do I just put a password in my > program source? Set Postgres to only accept local connections, and hope > for the best? Seems wrong. Do I try to put both in a chroot or something? > > My program already has to hope that its program files are secured by the > hosting OS, but at least if it isn't opening up a network port it stays > a rather contained problem. > > (I want multiple programs talking to the database, so no, I can't just > link in Sqlite.) > > Seems a general problem of securing interprocess communications. > > Thoughts? > > Thanks, > > -kb, the Kent who knows that people Google for passwords, search github > for passwords, and get a lot of juicy results. > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Home server
For a desktop system, I'd go debian or ubuntu. For a server, I would seriously go CentOS. > Hi all, > > I was thinking of making a home server that will backup my photos and > documents, preferably one that is scheduled. > > Is there any particular distribution that is better than Ubuntu for this > purpose. I have a pentium D, and 2 gb of memory to work with. > Also, any other suggestions of how to go about this are welcome. > > Thanks, > Rohan > > -- > "Only a Sith deals in absolutes" > - Obi Wan Kenobi > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] SQL discussion
> You can and usually have many tables. That's true. This example is quite good, actually. So the issue with dimensions, regardless of technology, is how do you represent them. A computer, at its core, only has one axis, i.e. element offset linear addressing. Everything else is a construct beyond that. For example: mov ecx, index mov ebx, [ecx] Everything else is X * Y [Z [* n]] Where X is the width of the record or data item, and x is the index. If you want to represent multiple dimensions you need to come up with a way to map the above into some addressing scheme that emulates true n-dimensions. What ever system you use to access a multidimensional array it has to construct this behavior in what ever language it is written in, and what ever functions and constructs it uses to implement these arrays, they are still constructs based on linear addressing. SQL should is no better or worse than any other system that is capable of multidimensional representation. Probably better because people have been doing it in SQL for some time. > > On 01/14/2015 04:22 PM, Mike Small wrote: >> Richard Pieri writes: >>> Precisely. What is the structure of a relational database? A table. A >>> 2-dimensional table. If you have 3 dimensions of data in a relational >> | x | y | z | t | Humidity | Pressure | >> |-+-++---+--+--| >> | 100 | -10 | 12 | 12:05 | 40 |1.302 | >> ... >> |-+-++---+--+--| >> >> >> Not what you had in mind? >> >> > > -- > Jerry Feldman > Boston Linux and Unix > PGP key id:B7F14F2F > PGP Key fingerprint: D937 A424 4836 E052 2E1B 8DC6 24D7 000F B7F1 4F2F > > > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] SQL discussion
> On 1/13/2015 1:39 PM, ma...@mohawksoft.com wrote: > >>> SQL is a database interface language. It was designed specifically for >>> use with relational tables. >> >> That is part of it, true, but not all of it. > > No, that's the entirety of it: SQL was developed specifically for use > with relational data. Period. You can argue that it's not but if you're > going to do that then I suggest taking it up with the guys at IBM who > designed it. Yes, the language structure was designed to facilitate relational data. This is true, but that is the last yard so to speak. The original work included representing data such that it could be relational. How to represent types of data. Specifying the language and verbs on how to find it, how to add data to the system, etc. It wasn't JUST relational. --- >>> It's difficult to implement >>> queries against these kinds of data with SQL. >> >> Why? > > Because SQL is built on two dimensional algebra. Two dimensional math > cannot easily encompass three or more dimensions. That's like saying you can't represent 3 dimensions on a piece of paper. It isn't true. The number of dimensions that are represented are defined by the number of axis used. Correct? The next question is how do you want to structure your data to represent 3 dimensions? 3D arrays? Tables? what? If you want 4 dimensions, just one more axis. > > >>> Such queries are much more >>> complex in SQL than their native equivalents and they are much slower >>> as >>> a direct consequence of this complexity. >> >> Why? > > With SQL you perform multiple queries and figure out how to combine the > results. With a native multi-dimensional query you perform one query and > receive one result. Why must you perform "multiple queries?" Its all how you choose to structure your data and how you choose to query it. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] SQL discussion
> On 01/13/2015 02:59 PM, ma...@mohawksoft.com wrote: >> Its funny, the like/dislike thing. I have never thought of it in this >> way. SQL is what it is, just another technology. > > Technology is full of aesthetic considerations! > > Macintosh vs. Windows, IOS vs. Android, emacs vs. vi, Pascal vs. C, AC > vs. DC. There are plenty of technical discussions that can be had here. > > Yes, there are concrete technical differences, but Edison--a level > headed man and very practical- Yes, Tesla was crazy, but Edison could hardly have been called practical or level headed. And YES! his hatred of a technology kept him from using the better tool. >-hated alternating current. He was wrong. Yes, you are making my point. > I think he was biased by aesthetic considerations. I think his > brilliance was based on having really good instinct on what were good > ideas and good approaches, and I guess that he couldn't always > articulate why, but it served him well. Mostly. Edison was a bright guy (no pun intended), but his "genius" is up for debate. He was more a crafty business guy than huge inventor. He had lots of help. > > Technology is deeply traditional and full of irrational rituals and > prejudices and and things of beauty and things of horrible ugliness. A > lot of "just another technology" entrants fail because they can't get > past all these squishy human judgments. > > -kb > > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] SQL discussion
> On 01/13/2015 08:08 AM, ma...@mohawksoft.com wrote: > -kb, the Kent who stands by his right to dislike some things and like > other things. > Its funny, the like/dislike thing. I have never thought of it in this way. SQL is what it is, just another technology. > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] SQL discussion
> On 1/13/2015 8:08 AM, ma...@mohawksoft.com wrote: >> I'm a software engineer and I am constantly confounded by other >> engineer's >> trepidation/apprehension/dislike for the common database. SQL databases >> especially. > > This statement of yours is a lot of it. There ain't no such thing as a > SQL database yet people like you who should know better talk and write > like they're real things. Those who don't know better are lead down the > path of equating SQL with 800 pound gorilla database systems. They look > at NoSQL/NoREL databases as alternatives because they need neither the > bulk nor the expense of big RDBMS. > > The rest of us just roll our eyes. Semantic arguments over canonically understood terms is not a good start. When one says "a SQL database," everyone knows what is being discussed. The argument that follows such a rhetorical instrument is usually just as pointless. > > SQL is a database interface language. It was designed specifically for > use with relational tables. That is part of it, true, but not all of it. > SQL is very good at this but it can be used > with pretty much any underlying database technology. As I've noted > before, most non-relational database vendors provide SQL bindings for > their systems. Yup, no argument. > > On the other foot, SQL is absolutely terrible for queries against > unstructured and multi-dimensional data. LOL, *everything* else is just as bad. > It's difficult to implement > queries against these kinds of data with SQL. Why? > Such queries are much more > complex in SQL than their native equivalents and they are much slower as > a direct consequence of this complexity. Why? Rhetorical nonsense. Assertions without explanations. > > -- > Rich P. > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] SQL discussion
> On Tue, Jan 13, 2015 at 8:08 AM, wrote: >> How much of this is a reluctance to learn SQL? > > Also, why do people who don't want to learn SQL seem fine learning > other data access languages? > That's really not the question. SQL is a multi-vendor standard data access language that scales from very small to very large. If you were an engineer in charge of project that needed a data access paradigm, wouldn't you feel obliged to learn the standard systems available before you design? It is a crucial part of engineering to know the options available and be able to weigh the pros and cons and choose accordingly. The thing about databases is that they are mature technology. Oracle, Sybase (Micrsoft), PostgreSQL, sqlite, and others have been around for a very long time and all more or less benefit from a history of research and development into the data access theory. If you are trying to understand and improve performance, you can almost certainly find a research paper on it using your database of choice. The "no-sql" offerings as well as the "roll-your-own" seldom, if ever, make things easier or faster. I have written a few data/performance intensive systems: A commercial high speed text search engine, a commercial recommendations system, A high speed session manager for PHP as well as some other apps, and there are times when SQL just isn't the right tool, but it is the exception, not the rule. Even then, SQL was used on the search engine and recommendations engine to fill in the gaps between finding the data and presenting it to the next tier. Even the PHP session manager eventually had to be able to persist sessions to a SQL database. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] SQL discussion
I'm a software engineer and I am constantly confounded by other engineer's trepidation/apprehension/dislike for the common database. SQL databases especially. OK, I got it, it is another technology to learn and it isn't like we don't have too much as it is, but SQL is really something pretty great. With all the "no-sql" offerings, SQL is the most widely used data access API in the world many times over. Why? Because it really does work, and it works pretty well. Think about this, SQL as a data access language is everywhere. It is in your web browser, it it is in you smart phone. (sqlite) Your bank uses it, your government uses it. Your doctors, lawyers, supermarkets, and trash collection companies use it. With sqlite, you can have from a tiny embedded database to a pretty big stand-alone database. With postgresql, you can go from a small database server to an absolutely HUGE data warehouse. Now, the "no-sql" technologies have a place, but I find much of what people want to use them for would be better done in a SQL system. Even the "no-sql" technologies are gaining SQL front ends, what's the point in that? How much of this is a reluctance to learn SQL? ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] Turbotax
If you are like me, your taxes can get kind of complicated, especially if you do any consulting on the side. I have used turbotax for a very long time, but I hate corporate sleeze. If you have a complicated tax situation, your handy turbotax deluxe may no longer work for you. http://www.nytimes.com/2015/01/10/your-money/taxes/users-say-turbotax-deluxe-is-not-as-deluxe-as-previous-versions.html ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] No-SQL Database Recommendation?
> On 1/11/2015 4:26 PM, ma...@mohawksoft.com wrote: >> This is absolutely wrong. A simple key/value table in SQL is perfectly >> fine. Why would anyone assert otherwise? The fact that you *can* use it >> as >> a relation is beside the point. > > As an aside... > > I don't mean key/value data. I mean N-dimensional data where N > 2. > Medical records are (can be) a relatively simple example of > 3-dimensional data: they cover patient information over time. Sparse > array databases were developed specifically because these kinds of data > don't fit into tables. > > My assertion stands: trying to shoe-horn non-relational data into a > relational database is foolish. As long as the "relational" refers to your database schema and not the underlying technology or access API, I can agree. > > -- > Rich P. > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] No-SQL Database Recommendation?
> On 1/11/2015 2:08 PM, ma...@mohawksoft.com wrote: >> Again, a "relational database" is a tool that is able to support a >> relational data model. That does not mean that it MUST be relational. > > The definition of a relational database is a database that uses the > relational model. If it uses a different model then it's something other > than a relational database. SQL is nothing more than a grammar for compiling data access functions, nothing less. > > As a point: it's not "a" relational model. It's "the" relational model. ABSOLUTELY NOT. SQL is not a model. There are models build upon SQL, but there is no requirement that data in the database is relational. > >> Calling SQL databases the "wrong tool" because it has a huge arsenal of >> tools to examine and access data makes no sense. > > I'm not calling relational databases the wrong tool for this reason. I'm > calling them the wrong tool for data that don't fit the relational > model. Trying to shoe-horn non-relational data into a relational > database is foolish, plain and simple. This is absolutely wrong. A simple key/value table in SQL is perfectly fine. Why would anyone assert otherwise? The fact that you *can* use it as a relation is beside the point. > > As a point: SQL does not equal relational model or relational database. > While the language was designed for use with relational databases, and > while most relational databases use it exclusively, many (I don't have a > list handy) non-relational databases have SQL bindings so you can use > either native queries or SQL queries depending on your needs. Exactly, you are the one who brought up "relational" and the OP only mentioned SQL. In this discussion, "relational" is an empty strawman and does nothing for the discussion. > > -- > Rich P. > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] No-SQL Database Recommendation?
> On 1/10/2015 9:49 PM, ma...@mohawksoft.com wrote: >> This is so uninformed. There is *no* difference between a table with >> key/value in a sql database and a no-sql database. Almost every SQL >> database out there has, and has had for several years, JSON, XML, and >> other compound data types. > > Which are really just arbitrary data stored in table cells. That's not > the same thing as complex matrices. These kinds of data don't fit well > into relational databases. You can make them fit but then you're making > them fit which indicates that a relational database is the wrong tool. Again, a "relational database" is a tool that is able to support a relational data model. That does not mean that it MUST be relational. C++ is able tp support an object oriented data model, but that does not mean you MUST use it as such. There are many reasons to use C++ as a "better C." Similarly, the idea that you can "join" data tables in SQL does not mean you must. Almost all databases today have aggregation/parsing functions for JSON, XML, CSV, etc. on table data. Calling SQL databases the "wrong tool" because it has a huge arsenal of tools to examine and access data makes no sense. > > >> Ahh "scale." What can you say about scale? Almost all people get it >> wrong >> if they have never done it, and if they have done it they know that any >> arbitrary technology is only a tool to build something that gets it >> right. > > Yep. And just so that this isn't a rag on relational databases, ALL > databases have a point beyond which performance plummets. Where these > points are for different technologies for given hardware and how the > system performs under these conditions are factors that should be > considered before choosing any technology. > > -- > Rich P. > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] No-SQL Database Recommendation?
> On 01/10/2015 05:39 PM, ma...@mohawksoft.com wrote: >> There is this database religion thing that I don't get. Why at the >> specification phase do you say you would like a no-sql solution, the, >> ironically, enumerate a list of requirements that scream real database. > > I would like to find a no-SQL solution because I hate SQL, it is > annoying. Worse, I have to program in one language for the bulk of my > program, and then I have to embed code in a second language to talk to > the database. Well, just so you recognize it, that's pretty bad engineering. Avoiding a particular technology because you "hate it" is a dubious starting position. > > There might be technical reasons to cite for why some no-SQL program is > better than some SQL program, but in my case it is pure prejudice. A bit > like my preferring Python over Perl: there might be technical arguments > for why Python is better than Perl, but one I like Python better. I am > even getting kind of good at it. The problem with this is that it isn't merely a language choice, it is a technical strategy. A good engineer would be able to articulate pros and cons of the various approaches. There are voluminous discussions of this topic, internal prejudice is a horrible reason to reject anything. > >> Using a free database like PostgreSQL will EASILY handle what you want >> to do. > > Including finding the first few items in order really cheaply--without > finding all possible items first? Okay, I'll look at PostgreSQL. If you use something like PostgreSQL and limit your selection to [N] items using, suprisingly, the "limit" keyword, it will come back after the Nth item was found. What's more exciting, assume you have a JSON, XML, or some other textual aggregation technique, you can construct an index out of the result of a parsing function!! i.e. if you have a data schema that has something like this: 100. You can use a function in your index and find data faster than any "no-sql" could hope too. > > Maybe there is a less painful way to use it from Python than I found > last I looked. I have always had a soft spot for PostgreSQL over MySQL, > and now that Oracle has taken over MySQL, even more so. As a side note, I understand your antipathy toward to SQL, but it is merely just anther data access grammar with individual vendor variation, no different than using different compression libraries. > > Thanks, > > -kb > > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] No-SQL Database Recommendation?
> On 1/10/2015 5:39 PM, ma...@mohawksoft.com wrote: >> Using a free database like PostgreSQL will EASILY handle what you want >> to do. > > Indeed. There are only two technical reasons for rejecting relational > databases out of hand. Neither of them are in the listed requirements. > > The first is that your data doesn't fit neatly into table rows. Hospital > patient records are my go-to example. Relational databases suck at > storing and retrieving this kind of data. Trying to make the data fit > into tables anyway is a recipe for disaster. This is so uninformed. There is *no* difference between a table with key/value in a sql database and a no-sql database. Almost every SQL database out there has, and has had for several years, JSON, XML, and other compound data types. > > The second is that you need to scale beyond the capacity of the > underlying hardware to handle relational queries. This means very large > data sets and very complex queries. Relational database performance > drops in proportion to data size and query complexity. Ahh "scale." What can you say about scale? Almost all people get it wrong if they have never done it, and if they have done it they know that any arbitrary technology is only a tool to build something that gets it right. > > -- > Rich P. > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] No-SQL Database Recommendation?
There is this database religion thing that I don't get. Why at the specification phase do you say you would like a no-sql solution, the, ironically, enumerate a list of requirements that scream real database. First misconception: A relational database supports relational data in the same way that C++ supports object oriented programming, i.e. it completely optional. A good database like Oracle, DB2, and PostgreSQL have amazing durability and AMAZING indexing and data location tools. SQLite even has some very amazing tools. Dismissing them at the beginning makes no sense. Using a free database like PostgreSQL will EASILY handle what you want to do. > I have been doing some Python programming recently and needed a > database. I tried mongodb and it is pretty easy to use, but its > performance is terrible--I think it is because I have funny needs. > > I was hoping of one of you could point me in a better direction. (Or > tell me to quit looking and write my own.) > > Here are my needs: > > - Open source (GPL 2, MIT, etc.), easy to use from Python, to run on > Linux, no need for relational stuff, don't want to have to embed > another language (would prefer no SQL). > > - Multiuser, but only a dozen-ish clients, all on the same > machine--or possibly on the local network. Don't care about big > transactional systems that can replicate and operate when > partitioned, etc. This is small stuff. Maybe as small as Raspberry > Pi to maybe as big as cheapest available x86 system. > >- Durable mostly. If the machine were unplugged without warning I > would expect to lose a little current data, but never corrupt the > whole database. > > - Need to do bidirectional queries on one primary key: Time. My > timeline is sparsely and irregularly populated. > > - My data items are small, likely an integer or three. > > - Queries are count-limited: so only spend time finding first N-items > out of many, many more possible hits, where my requested count, N, > is only dozens to hundreds out of a total set of hits that might > otherwise be many millions. > > This is probably my most odd need, one that might be > impossible to satisfy without writing this myself. > > - I will have locality behavior, so if a first query or insert near > time-T takes 100-times longer normal, that's cool, providing > subsequent transactions near time-T are fast. So first query is > maybe approaching 1-second, but subsequent nearby queries are few > milliseconds (and look nearly free compared to other Python > slowness). > > - New data will typically appear in-order--but not always. New items > might be added to the database bursting as fast as maybe a dozen > per second (significant locality in that case), but with average > rates maybe being lower. Data might be deleted in any order. > > Anyone have a favorite database the looks like this? > > Thanks, > > -kb > > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Using sftp without a shell account
NSS is a lot of fun, there are a number of projects that allow you to create actual "real" users on a system that can be authenticated via any system you want. You can use openssh to create valid password hashes. You can use PAM to add authentication if you don't want to mimic "/etc/shadow" passwords. There are NSS projects to use sqlite, mssql, postgresql, and files in another directory, which, if not mistaken, can be nfs mounted. > On 12/29/2014 3:16 PM, Derek Martin wrote: >> On Sun, Dec 28, 2014 at 08:58:13PM -0500, Bill Horne wrote: >>> I'm setting up an LDAP-based server, which will be used for file >>> transfers among other things. I'd like to allow LDAP users to access >>> the machine via sftp, but I can't figure out how to do that without >>> giving each user a local shell account, and I'm looking for advice. >> The long and short of it is you need to make sure that OpenSSH is >> using PAM, and that your PAM configuration is correct for doing LDAP >> lookups for account info and such. You also need to modify >> /etc/nsswitch.conf. > > I don't see an nsswitch.conf file on the machine. > >> >> This page may or may not be useful: >> >>https://wiki.debian.org/LDAP/NSS > > I'll check it out, thanks. > >> >>> The LDAP users can access ftp without trouble, but not sftp. >> That is potentially interesting, but there are a wide variety of ftp >> servers, and configuring authentication for them varies as well. >> Without more details about how your system is configured, I expect it >> will be difficult to provide additional useful advice. > > It's a Mac Mini, with a generic OS X Yosemite installation, and OS X > Server 4.1 installed. > > There are a couple of "local" users, which are just administrative > accounts. Everyone else is a "network" user, entered in Open DIrectory > but not in the local machine. I'm hoping that Open Directory is "close > enough" to OpenLDAP that I can transfer knowledge. > > Thanks for your help! > > Bill > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Wireless devices, 2 Wireless Routers, local network. DD-WRT
> On 8/27/2014 8:38 AM, ma...@mohawksoft.com wrote: >> I should be able to connect to the camp ground's wireless with the high >> gain antenna using the Wireless-G router with a DHCP assign IP address. > > And here I thought "camping" meant getting away from things like this. As I was writing the post, I just KNEW someone would make a crack about camping and electronics. LOL > > But to address the question, you need two access points each with two > wireless network interfaces. Configure AP1 wlan1 as a client to the > site's network. Configure AP1 wlan0 as a Repeater Bridge endpoint. > Configure AP2 wlan1 as a Repeater Bridge endpoint. Configure AP2 wlan0 > as a normal access point for your devices. Yes, I know the basics. I could do it for two raw Linux boxes, but the facilities in DD-WRT seem a little lacking. I don't see how to NAT from the wireless port in the G router (the one with the antenna) to either the LAN or WAN ports. I also don't see how to make the DD-WRT to be a true access point. > > -- > Rich P. > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] Wireless devices, 2 Wireless Routers, local network. DD-WRT
Here's the scenario: I like to go camping and often times they provide wireless access, but the camp site is often pretty far away from the wireless access point. I have a long distance wireless-G router with a high gain antenna. I have a second wireless-N router. Both routers are running DD-WRT. I should be able to connect to the camp ground's wireless with the high gain antenna using the Wireless-G router with a DHCP assign IP address. I should then be able to NAT to my own local subnet and be able to connect the Wireless-N to my local subnet and provide access to phones, tablets, and laptops. If these were standard linux boxes, this would be fairly easy, but the standard tools don't seem available on DD-WRT's shell. Has anyone done this? Got a good link? (I have googled, but the examples I've found aren't quite right or don't really work.) ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Why the dislike of X.509?
> On 8/26/2014 1:01 PM, ma...@mohawksoft.com wrote: >> There is no such thing as a security system that has "one" entity, well, >> perhaps a stone or a brick. There is *always* at least one mechanism >> that >> protects and one mechanism that provides access. > > An example is a code signing key. In a shared system, many agents > possess copies of this key. Each agent is an entity. Each of these > entities is a single point of compromise. This is basically a strawman argument because while it could be done this way, no one in their right minds would do it this way. That does not typify what a shared system would look like. > > In a distributed system, the code signing key is split and distributed > among several agents. Again, each agent is an entity. Since no one > entity has the entire key the compromise of one entity cannot compromise > the whole key and thus the whole system. But, the code signing is exactly the point. There is a "key" that signs the code and there is another key (cert or whatever) that verifies the code signing key. If multiple entities can sign the code with their own key, then clients must have copies of each cert to verify the signing key. Unless there is a 1:1 relationship between the signers and the signees (which would be pointless) any one of the clients must maintain all the key certs, in which case, any one system would compromise the whole. > > Does the explanation make sense? No, not really. > > -- > Rich P. > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Why the dislike of X.509?
> On 8/26/2014 10:37 AM, ma...@mohawksoft.com wrote: >> *any* shared or distributed authority has the same issue. > > Shared is not distributed. Which is why I used "or" between them. > Shared means more than one entity has > authority. Each entity is a point of compromise for the entire system. Or at least the systems that share the authority. > > Distributed means no single entity has authority; a quorum or a > unanimous consensus is required. Compromise of one entity does not > compromise the entire system. There is no such thing as a security system that has "one" entity, well, perhaps a stone or a brick. There is *always* at least one mechanism that protects and one mechanism that provides access. > > -- > Rich P. > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Why the dislike of X.509?
> On 8/25/2014 3:55 PM, ma...@mohawksoft.com wrote: >> No security can withstand privileged access. > > True, but with PKI and escrow a single attack can silently compromise > the entire domain in one go. *any* shared or distributed authority has the same issue. > > -- > Rich P. > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Why the dislike of X.509?
> On Mon, Aug 25, 2014 at 4:04 PM, wrote:
>>> That a VPN doesn't require or apparently use the installed 'default
>>> "trusted" CAs' doesn't necessarily mean it successfully ignores them.
>
>> The openssl library knows nothing about trusted CAs in browsers. You can
>> look at the source code.
>
> Good. Let's take that as stipulated, openssl doesn't know about
> browser root key store.
> ( this leaves unasked, Does it know about OS key store on OSs that
> have such? I'll assume we stipulate that it doesn't. That requires
> each browser on that OS to hook the store, which someone might have
> optimized.)
>
> Did OpenVPN use openssl on all platforms ?
> Or does it #IFDEF a native binding anywhere?
> Did they cut-and-paste code from a browser proof-of-concept that will
> hoover up roots if loaded?
> Need to read the VPN code too to know there isn't a flaw. Or test it.
Anything is possible, read "Trusting Trust." That being said, the range of
trust is auditing every single line of code from kernel to application
including all the libraries on one end, and trusting everything out of the
box at the other.
I have personally audited openssh, openvpn, openssl, bash, and a number of
PAM modules for security. The code you suspect might be in there is not.
It isn't even very rational to think it is. I was looking for obvious
exploits. The worst code base is openssl. It is the biggest hack-job in
the industry. Nothing else even comes close. It is very difficult to trace
code at the source level unless you have solid knowledge of the internals.
The crypto portions of openssl are solid, the TLS is the hack.
For security you need to weigh risk, cost, security, and trust.
>
>> You can trace the execution with a debugger.
>
> That tells me what it does here and now, doesn't tell me what it does
> with hostile bad data until i make some hostile data.
There will always be bugs and exploits.
>
>>> If it uses the same SSL library as a browser -- on any platform --
>>> that assertion has to be demonstrated to be true.
>
>> I'm not sure I agree with your logic. There is no connection between
>> openssl and the browsers trusted CAs, they are implemented in the
>> browser
>> code. openssl provides the means by which this is implemented but
>> contains
>> no implementation.
>
> I'm not talking about openssl in isolation.
> I'm not yet even assuming OpenVPN (always) uses that lib.
> I'm not restricting myself to OpenVPN brand VPN since this thread
> restarted with X509 topic line.
> And any other brand VPNs do whatever they want.
>
> For extreme degree of trust, you need to know. All the way down.
> For a degree of trust on par with DNS, IPv4, BGP: what the heck, just use
> it.
It is very expensive to that amount of auditing. If you need secure,
delete the CA certs you don't like.
>
>>> I hope you're right. Hope is not good enough to a security auditor.
>>> Show
>>> me.
>> Don't trust me, look at the code.
>
> Yes: 'show me' means reading the code.
> And the test cases.
> We've seen enough failures in Crypto implementation that i don't even
> 'Trust but Verify' with crypto.
> [ /Doveryai no Proveryai/ as Gorbachev taught us to say. It is funnier
> in the original Russian ! ]
> With crypto code, has to be Verify before any Trust.
>
> I will take as stipulated you've read the openssl code and that i'd
> see the same if i took the time.
>
> If you're certain from having read OpenVPN repo, we can also stipulate
> that OpenVPN never #IFDEF's a native lib and didn't cut*an*paste
> initialization code from a sample baby browser that reads OS roots if
> there are any.
That kind of thing simply is not in there. People would SCREAM bloody
murder. I am more concerned about the bad programming in openssl and
carefully planted exploits in various products by "bad actors." It isn't
just open source, RSA had issues as well. Microsoft has their share as
well.
>
>>> I share Rich's concern about Key Escrow anytime, anywhere, and
>>> understand why VPN and/or PKI smells similar to him.
>
>> I don't like the default browser keys either, but this isn't that issue.
>
> You *should* be correct that default keys won't affect OpenVPN; as i
> said above, *If* you've read their code too, i'll happily stipulate
> for it you're correct.
> I hope it doesn't affect ${other}VPN either, but with closed source who
> knows !
> IIRC there are VPNs and VDTs that use browsers to frame the session;
> they may well use browser SSL implementation. Good luck with that !
>
> Rich's concern seems to be different, that any central store is less
> trustworthy than distributed/compartmentalized, in part due to damage
> limitation or lack thereof.
> That isn't specific to OpenVPN either.
> That's a usability vs security, choice-of-threat-weighting.
> In practicality, we'll do it anyway, but in pure security PoV, i see
> Rich's point.
A central authority is probably more secure than a decentralized system.
If you assume gaining "privileged access" to a system means
Re: [Discuss] Why the dislike of X.509?
> On Mon, Aug 25, 2014 at 2:20 PM, wrote: >> You are talking about browser fuckary, not openvpn. Openvpn uses the >> hierarchical PKI of x509, but has no default "trusted" CAs. > > That a VPN doesn't require or apparently use the installed 'default > "trusted" CAs' doesn't necessarily mean it successfully ignores them. The openssl library knows nothing about trusted CAs in browsers. You can look at the source code. You can trace the execution with a debugger. > > If it uses the same SSL library as a browser -- on any platform -- > that assertion has to be demonstrated to be true. I'm not sure I agree with your logic. There is no connection between openssl and the browsers trusted CAs, they are implemented in the browser code. openssl provides the means by which this is implemented but contains no implementation. > > I hope you're right. Hope is not good enough to a security auditor. Show > me. Don't trust me, look at the code. > > I share Rich's concern about Key Escrow anytime, anywhere, and > understand why VPN and/or PKI smells similar to him. I don't like the default browser keys either, but this isn't that issue. > > But If Rich is worried about a private corporate self-hosted OPEN-VPN > implemented with self-signed local-root CA key acting as key escrow, > well, that is irrelevant for VPN use-case WHEN (actually) PRIVATELY > HOSTED. >(Aside from my hypothetical inadvertent public root trust concern.) >Yeah, you trust the Admin admin running it, who gen'd and > self-signed their key and your key too, and the Corp that owns it. > Your bits go to their server eventually when you VPN into them anyway, > so why not? >If Corp VPN and users exchange secret keys out of band instead of > issuing client&server private PKI x.509 certs out of band, the Corp is > still in position to cough up everything. >If the Corp node in the VPN is subverted or subpoenaed, the traffic > can be gotten at point of egress from the tunnel by the corporate > owner (or by subverted systems) even easier. VPN usecase does NOT > protect users from VPN host. >(Likewise with unsigned SSH RSA keys, either end-point can spill > what's before or after the tunnel, and recipient Host can add bogus > keys to allow Eve to log in as Alice, just as Root can make a second > usernam/password with same numeric userid to read/write all your > files, if there isn't second-factor auth. ) > > But Rich is right that with Commercial VPN providers (whether based > on OpenVPN or proprietary stacks), yes, the moral equivalent of key > escrow is a very real concern, whether X509 PKI or not, but X509 > complicates matters. Need to find out in each case if the > nuts-and-bolts allow the Provider to answer a subpoena/NSL to cough up > keys or implement a MITM tap without help from each client Corp's > admin, if their PKI gives them back door, or if it requires customer > cooperation. > > VPNs as a service have a big trust issue. > VPNs implemented locally are locally centralized. This provides a > single locus within the Corp for an opponent to attack by hack or by > legal pressure, but this Centralization doesn't intrinsically change > the trust model. > (unless you for some reason trust your local Root ops more than Corp > Network Operations, which would be a problem of another sort). > (and unless the product "implemented locally" uses a hardware Vendor > CA chain instead of truly local keying, in which case it isn't reall > local, see 'as a service' above !! ) > > Your bits travelling through employer are not totally protected and > never will be, even if some courts say you have an expectation of > privacy (for some purposes). > Your bits travelling through a Partner's system who gives (sells) you > VPN access into their systems for some mutual benefit aren't protected > from them after they emerge from the tunnel either, so their having > escrow-equivalent ability to recover/spoof/whatever your keying matter > is pretty irrelevant. > Both Employer and Partner entities will respond to Subpoena / NSL. > Nobody should expect otherwise. > > (Which doesn't change that anything that smells like escrow smells > 'off' to those who care about security that really works. From what > Rich has said re dates, his allergy to escrow likely stems from the > same controversy as mine. > http://www.cryptomuseum.com/crypto/usa/clipper.htm > http://en.wikipedia.org/wiki/Clipper_chip#Backlash >X509 PKI is not normally considered an escrow regime in normal > usage, but Rich is quite correct that central CAs or other registries > have *abilities* that are hard to distinguish from Escrow - even if > they never know your private key, they can at the very least forge > another one with the same apparent identity, and so spoof you to > others -- or spoof someone important to you. >With a VPN or other Central registry that totally generates all > keying matter (rather than signing public half of pub/priv key the > client app creates), they may
Re: [Discuss] Why the dislike of X.509?
> On 8/25/2014 3:11 PM, ma...@mohawksoft.com wrote: >> *Any* security infrastructure is a central point of compromise. That's >> the >> nature of security. You are left with either an unmanageable mess or >> forced to use or create some sort of infrastructure to manage it. > > This is a gross misrepresentation. When you have a master key, theft of > the master key compromises the entire system. When you don't have master > keys, theft of a key only compromises the entity associated with that key. > > You can have a manageable system without relying on master keys or key > escrow. Kerberos has been doing it for decades. Yes, but now the Kerberos system becomes your central point of vulnerability, the argument is unchanged. You still have a central locus vulnerable to attack. > > >> ANY security system is vulnerable to bad actors that can gain access to >> sensitive data. With a CA on openvpn, merely regenerate your master key >> and push a new cert. When users can't connect, they have to re-validate >> and obtain a new key. > > "Merely". And how, pray tell, are YOU going to know if your private root > certificate has been compromised when X.509 lacks a mechanism to detect > root certificate compromises? If your system is compromised, you can be pretty sure that the attackers will be able to erase their tracks. This is the nature of cracking. The only way to be sure is to monitor access via an external logging system. No security can withstand privileged access. > > -- > Rich P. > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Why the dislike of X.509?
> On 8/25/2014 1:57 PM, John Abreau wrote: >> So the problem is that in order to connect to your company's VPN, you're >> forced to trust the syadmin who administers the company's VPN server, >> since he controls the company's "centralized" CA root for the VPN >> server? > > More generally, even if the sysadmin is trustworthy there is no way for > me, the user, to know if someone else has obtained unauthorized access > to the escrow. Which is to say, I'm expected to blindly trust that the > system hasn't been compromised by bad actors without any proof at all > that this is the case. This is by definition the problem with all security. Every type of security, from bank vaults, hotel rooms, to vpns sufferer from people who don't protect the master keys. > > >> The part I don't get is the claim that OpenVPN is vulnerable because >> the public infrastructure that OpenVPN DOES NOT USE is vulnerable. > > Like I wrote before, it's not the publicness of the CA; it's the > centralness. Public or private, any CA is a single point of compromise > for its entire domain. *Any* security infrastructure is a central point of compromise. That's the nature of security. You are left with either an unmanageable mess or forced to use or create some sort of infrastructure to manage it. ANY security system is vulnerable to bad actors that can gain access to sensitive data. With a CA on openvpn, merely regenerate your master key and push a new cert. When users can't connect, they have to re-validate and obtain a new key. > > -- > Rich P. > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Why the dislike of X.509?
You are talking about browser fuckary, not openvpn. Openvpn uses the hierarchical PKI of x509, but has no default "trusted" CAs. x509 is a pretty workable system (I refuse to call it "good.") > On Mon, Aug 25, 2014 at 1:22 PM, Richard Pieri > wrote: >> It's not that I hate OpenVPN. It's that I hate key escrow systems. Hated >> them since the early 1990s. I hate them because they're single points of >> compromise for entire systems. I hate them because compromise is >> undetectable by users. > > It's not that X.509 file format is the problem per se, it's the > browser Root CA infrastructure that has been built upon it, that is > used by most non-browser SSL apps too. > > In the Public CA infrastructure, most any sub-CA cert signed by any > cert traceable to any browser Root CA can issue a MITM cert to > impersonate any specific FQDN or *.someone.TLD . If the system was > fit for purpose, should the Hong Kong Postal Authority or the > stolen/compromised CA key be able to issue *.BLU.org certs that are > trusted? No. As is, would you know if they did? Not immediately, > maybe never. > > Combine that with the weak nature of DNS and BGP security and any > sufficiently advanced opponent -- either state-sponsored or > organized-crime -- can beat SSL, at least against targeted or regional > users. > > [ Add in how we like URL shorteners with cutely irrelevant 2L national > TLDs like .LY .IE .US .CO .NU .TV that are property of governments > that might be either amenable to official or corrupt requests, and > it's only easier to divert traffic. ] > > Unpatched systems might still accept cancelled compromised-CA-key > signed forgeries today. > (The CRL won't save them, it can be blocked by an aggressive adversary > with local or regional DNS/BGP poisoning ability, which is needed for > most MITM anyway ! ) > > -- > Bill Ricker > bill.n1...@gmail.com > https://www.linkedin.com/in/n1vux > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] vnc
The problem is security. If you allow SSH access to the open internet, you're more open to attack. With openvpn you can enable two-factor authentication and a lot more security. Then, sure, let a really trusted user open an SSH shell. It is inarguable that SSH and a VPN is far more secure than merely SSH or other access methods. > On 8/25/2014 8:51 AM, ma...@mohawksoft.com wrote: >> SSH is a very BAD thing to open up to the free internet. BAD BAD BAD. >> Once in, you are in. Shell access is dangerous. > > Stop right there. > > We have been discussing securing VNC connections to X11 desktops running > on virtual framebuffer devices. In other words: full shell access. Thus, > none of your points are immediately relevant to the discussion at hand. > They might be relevant to a discussion about access to private services > other than shell access but that's a different discussion. > > -- > Rich P. > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] vnc
> On 8/24/2014 12:22 PM, ma...@mohawksoft.com wrote: >> I would opt to use openvpn instead of an SSH tunnel. You have a better >> control over security and "ease." > > Meh. Shell access is an on/off toggle. Changing how you flip this toggle > doesn't offer better or worse security, nor does it make anything > intrinsically easier or more difficult. One can just as easily manage > access with PAM and LDAP groups. SSH is a very BAD thing to open up to the free internet. BAD BAD BAD. Once in, you are in. Shell access is dangerous. Lets break it down: SSH opens a hole through which many security exploits can come through. SSH tunnels don't allow proper accounting of who is accessing resources. SSH only recently supports a PKI that allows a single master cert, unfortunately, you have no way to expire keys, and no one knows how to use it and all the non-openssh clients don't support it. Because of the previous problem, you need to add a key to every server or maintain passwords in the form of LDAP or some PAM module. (yuck) (One caveat to these statements is that much can be done with a pam module, but openvpn does these things and WAY more out of the box.) openvpn has a PKI that allows properly authorized keys to be issued without touching target servers. openvpn allows secure access to the network, then you can add more security at the service level. openvpn operates on its own network and virtual adapter. This clearly identifies the origin of the connection and can allow proper firewalling. openvpn can log every user access with an assigned ip address so that breaches can be tracked. Access from an SSH client only shows its host's IP address. > > I think of it this way: If users need access to everything on an > isolated network then a VPN usually is the better choice. Otherwise SSH > is the better choice. Right tool for the job and all that. I really hate "right tool for right job" arguments because once you read one, it is usually an excuse for doing something wrong or being lazy. An ssl session, by definition, opens up network access to everything. Why not then use a VPN to do it right? > > That said, I'd avoid using OpenVPN. I don't like X.509. I want X.509 to > die in a fire. I want it to die painfully and permanently and never > bother anyone ever again. For Linux to Linux I'd use Layer 3 tunneling > over SSH using sshuttle to handle the heavy lifting. Well, the security industry did the work long ago and VPN is the more secure way to allow access. You can hack around with SSH, and if its just your home server, "Farewell and adieu to you, fair Spanish ladies." If you want a professional access system that can be deployed securely, ssh will be laughed out of the room. > > -- > Rich P. > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] vnc
I know "you can do it" as I did it about 10 years ago. Today, however, I would restrict access to an openvpn configured subnet. That was you can issue keys to people to whom you would allow access, and they can log in with they regular passwords. > Hi All, > > I'm installing red hat enterprise linux on a server at home and I'm > tweaking the vnc service setup. I've followed the instructions in the > system admin guide, but I'm not liking the final set up. Basically I've > enabled vncserver for a user registered on the system. When I reboot, > the system spawns off Xvnc for the user. When I run vncviewer, I issue > my password and then I have a vnc window of the desktop of the user on > the system. > > My problem with this is that the password I issue to open up the > vncviewer window to access the desktop of the user is not part of the > /etc/passwd file, but some clear text password file. There are warnings > in the documentation about this. > > What I would like is to be able to somehow start an Xvnc session in > which gdm is started, and then when I run vncviewer and issue the > password, I'm placed into a gdm login screen, at which point I select my > user and password and log in. This is the model of the old Xterminals of > the 1990s. > > does anyone have any tips/tricks on how to set up Xvnc or a vncserver > set up so that I get a gdm login screen instead of going directly into > the user's desktop? > > Thanks in advance. Steve. > > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] vnc
I would opt to use openvpn instead of an SSH tunnel. You have a better control over security and "ease." > On Sun, Aug 24, 2014 at 10:29:13AM -0400, Stephen Adler wrote: >> I'm installing red hat enterprise linux on a server at home and I'm >> tweaking the vnc service setup. I've followed the instructions in >> the system admin guide, but I'm not liking the final set up. >> Basically I've enabled vncserver for a user registered on the >> system. When I reboot, the system spawns off Xvnc for the user. When >> I run vncviewer, I issue my password and then I have a vnc window of >> the desktop of the user on the system. >> >> My problem with this is that the password I issue to open up the >> vncviewer window to access the desktop of the user is not part of >> the /etc/passwd file, but some clear text password file. There are >> warnings in the documentation about this. >> >> What I would like is to be able to somehow start an Xvnc session in >> which gdm is started, and then when I run vncviewer and issue the >> password, I'm placed into a gdm login screen, at which point I >> select my user and password and log in. This is the model of the old >> Xterminals of the 1990s. >> >> does anyone have any tips/tricks on how to set up Xvnc or a >> vncserver set up so that I get a gdm login screen instead of going >> directly into the user's desktop? > > So, the reason you're not supposed to do that -- or be happy > with the way vnc comes out of the box -- is that vnc is > unencrypted. > > Set Xvnc to not listen on anything except localhost. Then back > that up with a firewall restriction -- really, you shouldn't > have to, because you do default deny, right? > > Run an ssh tunnel to your server, LocalForward some port to the vnc port, > and point your vncviewer at localhost:0. > > Now that you've got that working, you can do multiuser. > > Most of the info for that is here: > http://linuxreviews.org/howtos/xvnc/ > but the short version is, enable xdcmp listening to localhost > for your display manager. > > -dsr- > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Looking for WiFi router with certain characteristics
A couple notes. I NEVER, repeat, NEVER use stock software from the vendor of my wireless router. Sorry, I don't trust All my routers use DD-WRT. Once you make that jump, then you can just hop over to their website and look for compatible routers. The DD-WRT code has a LOT of features that the commercial routers do not provide, including SSH access. So, now that you can have the features that you want regardless of vendor, just find a router that is supported at a good price. Last year I found a DLink-N 615 router for $30. I bought two of them and put one at each end of the house. > Apologies to Lewis Carroll. I'm afraid the following doesn't scan as > well as his version: > > "The time has come," my router said, "to talk of many things. > Of 802.11 ac and n and g and b, > And why Cisco updates without permission. > And the safety of ASUS settings." > > :-) > > It's long past time for me to replace my 802.11 g router with something > more recent. But I have a few constraints that make it tricky to select > the right router. So my question is, do any of you have experience with > the ASUS RT-N66U or any other router that fits the constraints I > describe below? While I'm interested in recommendations of what's > worked well for you, I'd also appreciate warnings of what to stay away > from. advTHANKSance for your help. > > My constraints are: > > 1. COVERAGE: > > The construction of the house the router will be installed in is > problematic WRT getting signals through. It was built before > drywall was in common use in the U.S. But rather than using wood > lath, the plaster is held in place by lath. But it's not > traditional wood lath. It's WIRE LATH. Also, the heating system is > forced hot air, which means that there's SHEET-METAL DUCTWORK > between all the ceilings and floors. > > So all the walls, floors, and ceilings have metal in them. > > With the old router, I had to replace one of the stick antennas with > a directional antenna aimed toward the part of the house where > coverage was weakest. But since 802.11 N and AC use MIMO, I believe > that replacing one of the stick antennas with a directional antenna > would screw up the interference pattern that MIMO depends on. > > I'm hoping that MIMO will solve the coverage problem that the > directional antenna solved with the old router. > > Do any of you have any experience with routers in environments like > this? If MIMO doesn't get me the coverage I need, what are my > options? > > 2. N vs. AC: > > I have a 5 GHz cordless phone that I do not want to replace. It > implements features that would be difficult to find a replacement > for, and even if I could, replacing it would be quite expensive. So > it was important for me to figure out whether this phone will > interfere with an 802.11-AC router. It took several months of > research, but eventually I determined that it definitely will > interfere with over half of the 5 GHz WiFi channels used in the U.S. > > Since 802.11-AC only operates in the 5 GHz band, but 802.11-N > operates in both the 2.4 GHz and 5 GHz bands, 802.11-N seems like a > much better choice for my circumstances. > > Furthermore, most of the computers on my network don't support > 802.11-AC, but are recent enough that I'm not likely to replace them > anytime soon. > > So it makes sense to me to ignore 802.11-AC routers and only look at > 802.11-N. Does this logic make sense to you? > > 3. SPEED: > > Of the 802.11-N offerings, the highest aggregate speed seems to be > 450 Mbps in the 2.4 GHz band plus 450 Mbps in the 5 GHz band. This > is commonly known as an N900 router. Given the potential > interference from the 5 GHz cordless phone, I may not get the full > 450 Mbps from the 5 GHz range, but a dual band N router seems the > choice most likely to get me the fastest throughput possible for my > circumstances. > > 4. PORTS: > > In addition to supporting WiFi, I also need the router to provide 4 > LAN Ethernet ports in addition to the 1 WAN Ethernet port for > connecting it to my cable modem. > > 5. WHAT ROUTERS CAN BE TRUSTED? > > CISCO: Given the above constraints, I was considering the Linksys > (Cisco) EA4500, but when I Googled it, I quickly learned that about > 2 years ago, Cisco/Linksys had pushed out their Cloud Connect > firmware to all their routers without the router owners' permission, > and in order for the owner to continue using his own router, he had > no choice but to sign an agreement that allows Cisco to spy on his > Internet use, allows Cisco to sell any data they collect, and allows > Cisco to legally lock the router's owner out of his own router > whenever they feel like it. > http://boingboing.net/2012/07/03/cisco-locks-customers-out-of-t.html, > http://www.computerwor
Re: [Discuss] php dev's code with warnings and notices
Web development is a ghetto or even, still, the wild wild west. A properly configured and developed web site with no warning would probably only serve static web pages. If you log nothing, you miss important errors and warnings, if you log more, you will get stupid errors and warnings. The real issue is the cause of the errors and warnings. Some are important, and some, simply are not. For what it is worth, as the new senior guy, ask why you shouldn't be worried by the errors. See if they are aware of them and understand what they are before you cast judgment. > Hi All, > > I've recently been asked to work with a team of PHP developers on a > pretty large and complex project. The code they have submitted works, > but it has a bunch of warnings and notices in the logs. I personally > think this is sloppy coding. My question is, how strong a stand should > I take on this issue? I have the senior role but I am also the "new > guy". I feel that code should have no warnings or notices. But maybe > this is not the norm? Maybe there exists situations where it can't be > avoided that I don't realize. What do you think? > > Thanks, > -- > Eric Chadbourne > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] share keyboard/video/mouse with 2 desktops
Ahh, so it isn't a KVM issue, per se' http://www.ikea.com/us/en/catalog/products/60245721/ > On Tue, Jul 8, 2014 at 11:01 AM, wrote: >> Imagine. >> >> A windows system with a monitor, a mac laptop. a Linux system with a >> monitor. Bouncing from keyboard and mouse is a PITA. Synergy allows you >> to >> connect the mouse and keyboard to one system and seamlessly move the >> mouse >> across all three monitors, and which ever monitor has the mouse, gets >> the >> keyboard. > > My problem with this is that you need a desk big enough for three > displays. If I'm going to have more then one display on my desk I > would like to be able to sometimes have them all attached to a single > system. With Synergy each display is still dedicated to a single > system. The best possible system might be one that has a single > keyboard/mouse and a bunch of displays (with physical monitor > switching) which would allow me to on the fly map the physical video > outputs from the individual systems in any way that I wanted onto the > physical displays which are in front of me. All while still > retaining Synergy's ability to let me slide my mouse (and my keyboard > input as well) from system to system across the wall of displays. > Synergy would have to know the current mapping of system video output > to physical display to relay the input correctly. If there are > programmatically controllable multiple input/output video switching > devices this could be done. I suspect that the hardware required > would be pricey though. > > Bill Bogstad > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] share keyboard/video/mouse with 2 desktops
Imagine. A windows system with a monitor, a mac laptop. a Linux system with a monitor. Bouncing from keyboard and mouse is a PITA. Synergy allows you to connect the mouse and keyboard to one system and seamlessly move the mouse across all three monitors, and which ever monitor has the mouse, gets the keyboard. It "feels" like a single system from a keyboard/mouse point of view. Granted it is not as tight as it could be, but that would be WAY more work and be a far bigger project. Like, having windows straddle monitors would be way cool, but that would be work down to the driver level. > What about a USB hub and hub switch -- wouldn't that work? > > In fact, wouldn't it also allow you to share a printer, backup drive, > etc? > > > > On Tuesday, July 8, 2014 10:14 AM, "ma...@mohawksoft.com" > wrote: > > > > I have used Synergy on Window, Linux, *and* mac at the same time. > > It has worked really well for me. > >> What is the easiest way to share keyboard/video/mouse with 2 desktops >> (Linux & Windows)? >> >> Has anyone used this synergy-project: >> >> http://synergy-project.org/download/ >> >> Thanks! >> >> John Malloy >> jomal...@gmail.com >> ___ >> Discuss mailing list >> Discuss@blu.org >> http://lists.blu.org/mailman/listinfo/discuss >> > > > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] share keyboard/video/mouse with 2 desktops
I have used Synergy on Window, Linux, *and* mac at the same time. It has worked really well for me. > What is the easiest way to share keyboard/video/mouse with 2 desktops > (Linux & Windows)? > > Has anyone used this synergy-project: > > http://synergy-project.org/download/ > > Thanks! > > John Malloy > jomal...@gmail.com > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] bluetooth headphones ubuntu 14.04 lts
> Hi All, I have had several bluetooth headphones and they all seem to have the same behavior. I haven't figured out the right sequence of events to get them to work. It usually takes me several tries to get it to work. Generally unpair/repair each time Connect to both "audio sink" and "headphone service" That usually works Sometimes I need to restart bluetooth for it to even work. > > I'm trying to get a set of philips shb4000 bluetooth headphones to work > with my Ubuntu laptop but no luck. They appear to pair but it's never > listed in sound settings. When I use blueman to sink audio it fails > saying "connection failed: stream setup failed". > > Google shows lots of people complaining about the same issue. Anybody > know how to get something like this working? Clues welcome! > > Thanks, > -- > Eric Chadbourne > http://nonprofit-crm.org/ > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] SELinux & IPTables
My first rule of thumb is to not use IPTables until after everything is setup and running. Then start it and fix what breaks. My second rule of thumb is to not enable SELinux until after everything is setup and running. Then enable it and fix what breaks. You really really need a working base line before you enable these things because they can break services and applications in pretty unpredictable ways. > Does anyone have any suggestions for Best Practices in configuring SELinux > & IPTables for a RedHat (RHEL6) server running Apache, PHP, and > connecting > to an Oracle DB (using OCI8)? > > Thanks! > > > -- > > John Malloy > jomal...@gmail.com > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Unsubscribe
> Unsubscribe > > Regards, > Michael Webb - IT Manager > SDMC > 10 Connector Road > Andover, MA 02122 > 978-289-5408 > > NOTICE: This message is for the designated recipient only and may contain > privileged or confidential information. If you have received it in error, > please notify the sender immediately and delete the original. Any other > use of this e-mail is prohibited I want to get on this bandwagon as well. NOTICE: I don't care WHAT you write on your email. You have NO LEGAL RIGHT TO ASSERT ANY RESTRICTIONS ON MY ACTIONS any more than mere copyright law, and more or less, anything I do with it, including posting it on a forum and making comments about it, fall clearly under "Fair Use." Any additional restrictions YOU WISH TO PLACE ON ME MUST COME WITH MY CONSENT. I have entered into no contract with you, I have no obligation to you or your employer, and you have no right to claim that any of my actions regarding an email I received is "prohibited." I will not contact anyone and I will not delete the original unless it I am compensated in some way. Your mere desire to have me do something is your problem. I hate these disclaimers and consider them ridiculous. I guess you can claim anything you want, like that great disclaimer that Major League Baseball puts up. Just because someone says something doesn't mean its true. > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Redundant array of inexpensive servers: clustering?
> ma...@mohawksoft.com wrote: >> OK, that's a pretty stupid thing to do. Who would do that? That's the > > DRDB does precisely this. That will teach me to come in mid-thread. Yes, I have looked at that before. That isn't a backup, per se' that's a HA fail-over mechanism. In the case of "A" being corrupted, "B" must also be corrupted identically for DRDB to be feature compliant. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Redundant array of inexpensive servers: clustering?
> ma...@mohawksoft.com wrote: >> I currently work at a fairly high end deduplicated backup/recovery >> system >> company. In a deduplicated system, a "new" backup should not ever be >> able >> to trash an old backup. Period. Only "new" data is added to a >> deduplicated >> pool and old references are untouched. Old data is not over-written. You >> can see this behavior in almost any deduplication strategy, including >> Windows NTFS and ZFS. > > You're missing the point. > > Say you have disk A and disk B. Every block written to A is replicated to > B. > > Data on blocks on A are damaged. > > Damaged data blocks on A are replicated to B. > > B is now a 1:1 replica of the trashed data on A. OK, that's a pretty stupid thing to do. Who would do that? That's the worse of both worlds. Not only are you backing up EVERY block, you aren't even preserving old data. Hell you aren't even excluding uninitialized disk blocks. So, even if you only have 500G on a 2TB drive used, you have to copy 2TB each time. I agree, just dumb. > > -- > Rich P. > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Redundant array of inexpensive servers: clustering?
> Bill Ricker wrote: >> I've seen a big-name commercial block-replication solution duplicate >> trashed data to the cold spare ... wasn't pretty ! > > Another great example of how replication is not backup. I call FUD! that is more of an example of how a bad program can corrupt data. I currently work at a fairly high end deduplicated backup/recovery system company. In a deduplicated system, a "new" backup should not ever be able to trash an old backup. Period. Only "new" data is added to a deduplicated pool and old references are untouched. Old data is not over-written. You can see this behavior in almost any deduplication strategy, including Windows NTFS and ZFS. The problem with "backup" is that a petabyte is hard to backup and it is very expensive. The best solution is a "live" site and a "replication target." This will protect you from natural disasters. The MTBF of tape is far shorter than disk, and not much cheaper, if it is cheaper per TB than tape at all. > > -- > Rich P. > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Reading Linux book
I wouldn't touch EXT[N] for anything but a system partition. XFS or JFS is almost a coin toss, but XFS seems like it is more active. > Hi, > First of all, thanks for your previous tips on the Linux box, it was very > much appreciated. Â I'm reading the different filesystems, when would you > use XFS or JFS or ext4. Â If I'm correct currently Linux uses ext4, am i > right? Â From the reading both XFS and JFS look like a great choice. > > Thanks, > Aldo > > XFS This is a 64-bit, high-performance journaling > Â Â filesystem that provides fast recovery and can > Â Â handle large files efficiently. > JFS This is a 64-bit journaling filesystem that is fast > Â Â Â and reliable. It is better equipped to handle power > Â Â failures and system crashes. > ext4 The newest default filesystem for Linux distribu- > Â Â Â tions. It is backwards-compatible with the ext2 and > Â Â Â ext3 filesystems. Among ext4âs improvements over > Â Â Â Â ext3 are journaling, support of volumes of up to > Â Â Â Â one exbibyte (EiB) and files up to 16 tebibytes > Â Â Â Â (TiB) in size. > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Linux book
> Hi, > I would like a suggestion for a Linux book. I follow this group for a > little while and I would like to learn more about Linux. I'm not looking > for a specific OS but for a book that does not get me to sleep, goes thru > the command lines, compiling the kernel. Ideally a book that is hard copy > but has also a book in PDF. The one that I'm trying to read is specific > to Linux exam, it goes all over the place with the topics, > very confusing and boring. Linux books are so 20th century. The internet has a plurality of information sources and can be a lot more entertaining. Just avoid the "russian bride" sites, no matter how much the come up next to Linux in google search. Here's an interesting start: http://www.linux.org/forums/beginner-tutorials.53/ > > Thanks, > Aldo > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Howto Challenge
> ma...@mohawksoft.com wrote:
>> I suggest a howto challenge. We field a number of "how can I do xyz?"
>> and
>> we construct a concise "howto" based on our platform of choice. This
>> will
>
> I'm inclined to decline. The way I see it, your "how can I do ${task}?"
> contest isn't about solving problems; it's cherry picking problems to
> showcase favorites. I don't have a favorite. I have a box of tools and a
> bag of tricks.
I wasn't thinking of choosing the tasks, I was thinking more solving
actual problems people had. More like putting your expertise where your
mouth is, sort of thing.
>
> --
> Rich P.
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>
___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss
[Discuss] Howto Challenge
Coming off the tail of the pretty hard core "Why Linux" debate, anyone want to come up with a more constructive forum? I suggest a howto challenge. We field a number of "how can I do xyz?" and we construct a concise "howto" based on our platform of choice. This will accomplish far more than a debate, this will produce actual sable knowledge and take rhetorical arguments out of the equation. Then we all score the submissions. I propose we score them as: (1) Ease of implementation. (2) Cost of implementation. (3) Stability/Performance. Any takers? ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Why use Linux? (back to original question)
> "I've never needed to use QEMU on Macintosh. Therefore QEMU works great on > Macintosh, and anyone whose experience says differently is wrong." > > Interesting logic. Whom are you quoting? > > > On Thu, Feb 13, 2014 at 9:58 AM, wrote: > >> > ma...@mohawksoft.com wrote: >> >> SSH does not do this on Mac easily. Yes, if you configure the >> >> bastardized >> >> X server that you can get for Mac, you might be able to get it to >> work, >> >> but not with all programs. >> > >> > XQuartz is genuine X.Org. There's nothing bastardized about it, and >> all >> > X11 applications work over the SSH tunnel just like they do on Linux. >> >> The language mapping is typically difficult to get right and not all Mac >> programs will render to X11. >> >> > >> > >> >> Virtual Machines have changed the way we look at service >> environments. >> > >> > Doesn't change the fact that I've never needed to use QEMU on >> Macintosh >> > and when I needed to make it work on Linux it was an abject failure. >> >> I find that amazing and I question your truthfulness at this point. I >> have >> been using QEMU and KVM for years for web services, software >> development, >> and everything. Hell I have a Windows XP VM for turbotax. >> >> Lots of people use QEMU/KVM. Its networking sack is just as good as the >> commercial VMware package. With virt-manager, it really is point and >> click. Its great. >> >> >> > >> > >> >> I have, many times and I see a whole lot of HFS+ does not support >> sparse >> >> files, use UFS and a lot of UFS is no longer supported. >> >> >> >> I don't believe you. >> > >> > Then you're deliberately missing the point. OS X does sparse file >> systems. >> >> Please provide me a link because I know people who need this on a mac. >> >> HPF does not support sparse files and UFS has not been available for a >> couple years now. So, my colleagues are doing work on a Linux VMs on >> their >> Macs because we have been unable to get sparse files to work on the Mac. >> Even Apple support claims you can't do this. >> >> Please supply a link, it would be helpful. >> >> >> >> > >> > -- >> > Rich P. >> > ___ >> > Discuss mailing list >> > Discuss@blu.org >> > http://lists.blu.org/mailman/listinfo/discuss >> > >> >> >> ___ >> Discuss mailing list >> Discuss@blu.org >> http://lists.blu.org/mailman/listinfo/discuss >> > > > > -- > John Abreau / Executive Director, Boston Linux & Unix > Email j...@blu.org / WWW http://www.abreau.net / 2013 PGP-Key-ID > 0x920063C6 > 2013 / ID 0x920063C6 / FP A5AD 6BE1 FEFE 8E4F 5C23 C2D0 E885 E17C 9200 > 63C6 > 2011 / ID 0x32A492D8 / FP 7834 AEC2 EFA3 565C A4B6 9BA4 0ACB AD85 32A4 > 92D8 > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] In praise of X11 (Was Why use Linux)
> ma...@mohawksoft.com wrote: >> So, by abandoning X11 in Apple, > > Mark, > Would you KINDLY stop with the FUD? Apple didn't abandon XQuartz. It is not FUD. It is fact. Yes, Apple Mac supplies an X11 server that runs on their platform, but this is different than supporting X11. I can not, for instance, ssh into a Mac and run its settings control panel and have it display on my X server. It won't happen. The VNC sharing that Mac does have is atrocious. This makes it difficult to use Macs remotely. Apple abandoned the UNIX X11 layer for their applications. > > -- > Rich P. > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Why NOT use Linux?
> Ted Roche wrote: >> And if you're presenting a Pro/Con argument for Linux, clearly we've >> provided you with material for that, too. Why NOT use Linux? > > My top three: > > The state of desktops on Linux is terrible. Of the three leaders we have > KDE which is a disaster, Unity which is a tablet UI desperately looking > for hardware to run on, and Gnome which is trying to be the prettiest > desktop around with just a single button that doesn't do anything. If > you're looking for a desktop operating system then Linux is the last > place to look. What's most unfortunate about this is that the *BSDs > suffer just as much in this regard. This is a subjective comment. People at work have Macs, my wife has Windows and an iPad, and a friend has only an iPad. Seriously, I think the Linux GUI is easier to use. Sure, the Mac looks cleaner and Windows is more colorful (8 is a disaster), but I'm using Debian with Gnome and I really really like how easy it is to use. It lacks a bit of eye candy, sure, but it is clean and functional, and yes, not ugly. > > The state of file system backups is even worse. Linux has lacked native > backup tools for its file systems since around 2002 leaving things like > extended attributes and ALCs in the lurch. rsync has been hacked to be > able to replicate extended attributes but that only works when going > from like to like; you can't use it for tapes and optical storage. Its funny, backup seems easiest on Linux. The trick is not to use tape or traditional backups. You snapshot the LVM volume, and dedup the device to a backup. Its better than Apple's time machine and really fast. > > Dynamic device enumeration. Ever have a node refuse to boot because the > kernel randomly changes which disk is sda with every boot? Ever have a > node stop responding after a reboot because the kernel swapped the first > and second Ethernet interfaces? I have, more times than I care to > remember. Dynamic enumeration is a stupid, stupid way to do things. This has, in fact, not been an issue for almost 10 years. Both disk devices and ethernet devices are persistently configured based on unique criteria. Disk volumes use labels or UUID values and ethernet adapters are configured by MAC address. It the time it was a problem in Linux, it was also an issue on Windows, Mac, and some BSD variants. All these platforms fixed this issue. > > -- > Rich P. > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Why use Linux? (back to original question)
> ma...@mohawksoft.com wrote: >> SSH does not do this on Mac easily. Yes, if you configure the >> bastardized >> X server that you can get for Mac, you might be able to get it to work, >> but not with all programs. > > XQuartz is genuine X.Org. There's nothing bastardized about it, and all > X11 applications work over the SSH tunnel just like they do on Linux. The language mapping is typically difficult to get right and not all Mac programs will render to X11. > > >> Virtual Machines have changed the way we look at service environments. > > Doesn't change the fact that I've never needed to use QEMU on Macintosh > and when I needed to make it work on Linux it was an abject failure. I find that amazing and I question your truthfulness at this point. I have been using QEMU and KVM for years for web services, software development, and everything. Hell I have a Windows XP VM for turbotax. Lots of people use QEMU/KVM. Its networking sack is just as good as the commercial VMware package. With virt-manager, it really is point and click. Its great. > > >> I have, many times and I see a whole lot of HFS+ does not support sparse >> files, use UFS and a lot of UFS is no longer supported. >> >> I don't believe you. > > Then you're deliberately missing the point. OS X does sparse file systems. Please provide me a link because I know people who need this on a mac. HPF does not support sparse files and UFS has not been available for a couple years now. So, my colleagues are doing work on a Linux VMs on their Macs because we have been unable to get sparse files to work on the Mac. Even Apple support claims you can't do this. Please supply a link, it would be helpful. > > -- > Rich P. > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] In praise of X11 (Was Why use Linux)
>> From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss- >> bounces+blu=nedharvey@blu.org] On Behalf Of >> ma...@mohawksoft.com >> >> OK, so, I can ssh to a linux box from another linux box, and run an X >> program and use it, transparently, as if it were any other application >> on >> my desktop. > > *sigh* Is this seriously a "Linux is the best OS" flame war? Very > uninteresting. The honest truth is, every OS is better than every other > OS, each in its own way. > > You've named the one positive feature of X11. The reason it's not > included by default with windows or mac (but installable on both) is > because in many other ways, it's antiquated and non-performant. They > *actively* chose not to distribute it with the OS, and in the case of OSX, > they formerly included it and later discontinued shipping it with the OS, > because they're better off leaving it in the past. But still available as > a separate download package for those who need it. I see a serious problem in the "consumer" UNIX marketplace. Because something is not new, it is seen as obsolete. I'm not sure I fully understand this. Maybe it is a technological deconstructionism, who knows? All competing technologies has pros and cons, and is almost never A is better than B. So that's why we have these discussions, because the answer is not obvious. A is better than B in some cases and B is better than A in others. You are left with Venn diagram from which you must choose the features you need that are outside the most common set. With X11, I see one downside, gaming and super fast rasterization. The networking of the GUI is something that is so cool that when you show Windows or Mac users what you really can do with it, it takes a minute to register. You can copy and paste from one application to another, no mater where they are running. I can run GUI applications on one machine and display on another, without having to import a whole desktop. The way the applications communicate with the server is very well designed and works very well. Is X11 complicated? Yes. Is X11 source code getting harder to read, yes it is getting very mature. That's the nature of software. I say this, NOTHING on the market comes close to what X11 does. So, by abandoning X11 in Apple, they have made a system that doesn't work well in a UNIX/X11 environment and they loose so much richness in capability. I actually think that this hurts the application environment as a whole. If Android and Apple were fully X11, can you imagine the interoperability you would have? How cool would that be to run any program in the cloud and display its X11 on the device of your choice? ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Why use Linux? (back to original question)
>> From: ma...@mohawksoft.com [mailto:ma...@mohawksoft.com] >> >> > And you're wrong about sparse files. All of the above support sparse >> > files. >> >> Yes, with enough work, you can put a V8 in a motorcycle, but that is a >> strawman argument. The Mac file system HFS does not support sparse files > > For disk containers, such as *.dmg files, or truecrypt volumes, for > virtual machines, vmdk, vdi, etc, for every purpose that I've ever > encountered or imagined ... Whether the implementation is lazy > provisioning, sparse disk image, dynamic allocation, sparse bundle, or > sparse file is purely semantic. So go ahead and argue that HFS does not > support sparse files. Just like ntfs doesn't have inodes, and ext doesn't > have file ID's. Semantics. > Not true at all. A sparse file is a file system construct that allows you to create a file that has "holes" in it. The various virtual machine management systems implement their own volume management for their VMs ad that is not available to other applications. This is a very important capability that is essential for most enterprise level software. You can create multiple TB sized files on a much smalled volume and grow as needed. So no, you went from Apple supports that, to it doesn't matter. You were wrong on the first count and are wrong on the second. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Why use Linux? (back to original question)
> ma...@mohawksoft.com wrote: >> I don't think I said Mac didn't come with these, it may have sounded >> implied. That was a "why linux" not a why not mac. > > The implication is that Linux is better than $ALTERNATIVE because it has > all these things that $ALTERNATIVE lacks. OK, so, I can ssh to a linux box from another linux box, and run an X program and use it, transparently, as if it were any other application on my desktop. SSH does not do this on Mac easily. Yes, if you configure the bastardized X server that you can get for Mac, you might be able to get it to work, but not with all programs. > >>> QEMU: OS X doesn't ship with it but it's installable via MacPorts. >> Not really supported by the qemu guys. How's the version updates? > > Dunnow, I don't use it. Never saw the need. Virtual Machines have changed the way we look at service environments. > > >> This must be new because we've never see it work. Give me a link to a >> howto because I don't believe it. > > Ask Google about sparse images and sparse bundles. I have, many times and I see a whole lot of HFS+ does not support sparse files, use UFS and a lot of UFS is no longer supported. I don't believe you. > > Oh, and I can see the cries of "cheat" or the like. As if Linux never > did anything differently from MINIX. That's not the point. Does Mac have a file system that supports sparse files? The answer is no. > > >> Yes, if MinGW is considered "supported" then I think we do not have >> enough >> common ground to discuss. > > Depends on what you mean by "supported". Supported by Microsoft? Then > again, there is a vast array of things you can install on Ubuntu that > Canonical does not directly support. Fair is fair. I mean that Cygwin and MinGW are not fully Windows programs. They are far more kludgy that they need to be. They are hacks that kind of work, but are not suited for any real production use. Cygwin emulates "fork" (badly) and MinGW won't run programs correctly that depend on fork. > > -- > Rich P. > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Why use Linux? (back to original question)
> ma...@mohawksoft.com wrote: >> In a web environment you should be using Linux, hands down. I'll amplify >> this assertion a little bit as well, you should make sure your web >> service >> environment is in a virtual machine on Linux. > > What's wrong with *BSD? As a matter of fact, for security I'd suggest > using OpenBSD first and go with a Linux distribution when there is a > specific need not addressed by the BSDs. > >> The shear number of tools available on Linux is just simply amazing. >> Screen, ssh, PAM, qemu, libvirt, virt-manager, X, and yes, I said it, >> The >> X Window Manager. > > Screen: OS X ships with it. > SSH: OS X ships with it. > PAM: OS X ships with it. I don't think I said Mac didn't come with these, it may have sounded implied. That was a "why linux" not a why not mac. > QEMU: OS X doesn't ship with it but it's installable via MacPorts. Not really supported by the qemu guys. How's the version updates? > libvirt: Just like QEMU. > virt-manager: Not in MacPorts but it may be compiled separately. ditto. > X11: OS X used to ship with XQuartz but Apple separated it from the OS X is important. > distribution to ease development and updates. > Sparse files: OS X's VFS layer supports sparse files. This must be new because we've never see it work. Give me a link to a howto because I don't believe it. > Oh, and by the way? Windows can do all of these, too, courtesy of Cygwin > and MinGW. Yes, if MinGW is considered "supported" then I think we do not have enough common ground to discuss. > > -- > Rich P. > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Why use Linux? (back to original question)
>> From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss- >> bounces+blu=nedharvey@blu.org] On Behalf Of >> >> In a web environment you should be using Linux, hands down. I'll amplify >> this assertion a little bit as well, you should make sure your web >> service >> environment is in a virtual machine on Linux. > > Everything you said can be done on any environment, mac, linux, unix > (solaris, various BSD's), and windows. > > And you're wrong about sparse files. All of the above support sparse > files. Yes, with enough work, you can put a V8 in a motorcycle, but that is a strawman argument. The Mac file system HFS does not support sparse files and the Unix UFS file system has not been available with a standard system for some time now. I call that "does not support sparse files." QEMU and KVM are standard in most main stream Linux distros. This blows every other system out of the water. In debian, it is merely "apt-get install ..." The networking with QEMU and support packages is better than most proprietary systems on Windows and Mac. My argument is that Linux is easier because these things are at your fingertips, where as on other platforms they are mostly unreasonably difficult to get and/or setup. > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Why use Linux? (back to original question)
Yes, back on topic is good. In a web environment you should be using Linux, hands down. I'll amplify this assertion a little bit as well, you should make sure your web service environment is in a virtual machine on Linux. The shear number of tools available on Linux is just simply amazing. Screen, ssh, PAM, qemu, libvirt, virt-manager, X, and yes, I said it, The X Window Manager. On Linux you can support sparse files, to you can do something like this: touch myvmsystem.img truncate -s 64G myvmsystem.img That gives you thin provisioning on your VMs. If your file system is created on an LVM volume, you can expand it, snapshot it for backup, or what ever. NOT available on Mac. (You can do this with ZFS as well, zfsonlinux.org) I could go on and on, but if your computer is doing more than checking email, going to facebook, or watching netflix, you should be using Linux. > A discussion of the ethics of Apache/MIT license vs GPL, however > interesting, has long since departed from Micky's requested topic still on > the Subject: line, which was motivated as, how to sell (Gnu/)Linux as > alternative to Windows Server as host for Drupal. > > So can i rephrase OP's question as , > > *What are the (dis)advantages for set-up and administration of Drupal [or > other similar packaged FLOSS software] served from a Unix-oid OS, vs. > Windows Server ?* > > * I'd say SSH and screen or other text terminal mux are big wins for > Unix/Linux here. >But ease of working remote commandline presumes the skills to do so as > well. > > * For "admins" needing to use non-web remote fullscreen admin > tools (whether due to lack of CL skill or lack of CL tools to admin a > commercial package), Windows remote desktop tools may be easier than > arranging X-window forwarding, especially if they don't usually have > X-windows at their desktop otherwise (which has odd security concerns most > happily ignore). > Some packages have Windows native admin tools that can run remote > against a Linux edition of the package (mySQL/mariaDB), but this is the > exception. > > * Most Linux distros will install all prereqs for Drupal with Drupal, and > can be set to auto-update all layers for security patches, top to bottom > with one mechanism. On Windows, MS layers patch monthly and Drupal and its > dependencies will patch differently on their own schedules. > > > ( One might ask further, how does it change if virtualized vs on dedicated > hardware ? ) > > Only after answering that should one maybe delve into differences between > Proprietary Unix (AIX, HPUX, Solaris, True64, Mac Server = > BSD/Mach-Darwin) > and FLOSS (Gnu/Linux, Gnu/Herd, *BSD, RedHat, Ubuntu, Debian, Gentoo, etc, > etc. ) > But in reality, most hosting providers offer pretty much the same > shortlist of Windows and Linux variants and don't offer Unix, and why > would > you at Collo or at home either, unless a big AIX or Solaris shop > otherwise. > Certainly there are security advantages to using Gentoo, NetBSD, or > particularly FreeBSD in exposed Colo environment ! > > > - Bill > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Why use Linux?
> ma...@mohawksoft.com wrote: >>> Somehow this starts sounding like a bad Tom Cruise movie :) >> >> "bad Tom Cruise Movie" is a tautology > > There's "Risky Business". :) I stand by my assertion. :-) > > But seriously, "why use Linux" as an euphemism for "why use Free > Software" is a question of philosophy over utility. Yes and no. Seriously, at work I have a Mac. I don't use it. On a preponderance of the evidence, I am more productive and able to do more on Linux. The Mac is almost unusable. Even if you get your function keys mapped right, it is still difficult to do most software development tasks. Linux has a better grep and find. USB tools on Linux are better. FUSE is amazing and not on a Mac. Mac's file system does not allow sparse files. I can look at almost *any* type of file system on Linux. ISCSI just works on Linux (if it can be said to work at all). The development tools on the latest macs are a mess. Multiplatform GCC software had to be modified for the latest MACOS becausethe C compiler generates 32bit code by default. The networking stack is difficult to work with. The virtualization tools are lacking. The virtualized network support for virtual machines is lacking unless you pay A LOT for vmware. Volume management is lacking. The latest gdb is not supported easily. I could go on, but these are number of my reasons, beyond mere preference, for using Linux. Seriously, for the work that I do for "work" and "fun" Nothing cuts it like Linux. As for the free software politic. I don't want to go there. That is a philosophical debate that does not lend itself to resolution. > Free Software often > isn't the best choice -- or even a good one -- in the real world. > Sometimes the added value of non-free components like Tivo, Android and > Firewall-1 are more important in day to day operation than the > philosophy of Free Software. Ideology is all well and good but at the > end of the day it doesn't get the job done. > > -- > Rich P. > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Why use Linux?
> Somehow this starts sounding like a bad Tom Cruise movie :) "bad Tom Cruise Movie" is a tautology > > > On Wed, Feb 12, 2014 at 9:02 AM, Bill Horne wrote: > >> On 2/12/2014 6:56 AM, js wrote: >> >>> one thing you have not mentioned are any back doors put in proprietary >>> operating systems by the orders of the US government. while it may not >>> be relevant to many, it is relevant to some people [and i'm talking >>> about whistle blowers or human rights activists instead of child porn >>> merchants]. >>> >> >> No offense, but I don't feel one is different from another. As soon as >> we >> start to say that /some/ speech is "good" and /some/ speech is not, we >> lose. >> >> After all, a photograph of a naked child lying dead in a ditch at My Lai >> could be interpreted as "child porn" - and Robert Mapplethorpe's >> photographs of partially naked children could be (and was) interpreted >> as >> having redeeming social merit. >> >> Porn, like beauty, is in the eye of the beholder, and the question is if >> we, as a society, should allow our government to examine what people >> /might/ say, before they say it. >> >> My $0.02. YMMV. >> >> Bill >> >> -- >> Bill Horne >> William Warren Consulting >> http://www.william-warren.com/ >> 339-364-8487 >> >> ___ >> Discuss mailing list >> Discuss@blu.org >> http://lists.blu.org/mailman/listinfo/discuss >> > > > > -- >><> ... Jack > > "Whatever you do, work at it with all your heart"... Colossians 3:23 > "If you are not part of the solution, you are part of the precipitate" - > Henry J. Tillman > "Anyone who has never made a mistake, has never tried anything new." - > Albert Einstein > "You don't manage people; you manage things. You lead people." - Admiral > Grace Hopper, USN > "a nanosecond is the time it takes electrons to propigate 11.8 inches" - " > - http://youtu.be/JEpsKnWZrJ8 > "Life is complex: it has a real part and an imaginary part." - Martin > Terma > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Why use Linux?
> Yes, developers give away some rights if they develop under GPL, This is simply not true. If I develop my software and publish it under the GPL, I give away NONE of my freedoms. If I base my software on the work of others, then my work must align itself with the original project. Its very easy to ignore the work that comes before us. The GPL is nothing more than a mechanism for making sure that people stay honest. You write your code, you own it. If you take someone else's code, then you are building on their foundation and have to live with the constraints by which they made it available to you. Developers do not give up rights with the GPL, they simply are forced to decide. Developers decry the GPL because they don't want to use the license of they code that they use but have not written/own. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Why use Linux?
> Huge thanks to everyone that has thought about this and responded. > This is a wealth of information. I am not a newcomer to RMS or FSF > ideologies, I just wanted to make sure I didn't miss any key items > that are relevant to a Drupal crowd or a newcomer to programming. Many > Drupal people have entered Drupal through a non-traditional software > development doorway and they do not have a background in software > development - some are graphic designers and some are HTML and CSS > experts, etc. that will probably learn some PHP due to their > involvement in Drupal. > > I want to reach the people like myself - the non-programmer that > understands most of why free software is important, but due to many > reasons: > lack of knowledge about GNU/Linux > no retail linux stores > no Linux helpdesk (it's a new era where help is in the forums and in > your ' extended circles') > low use of my local OS ( personally I just used it to get to my > servers... which run Linux) > not understanding how to run Linux locally (how easy it is and how > user friendly) > lack of accessibility to try Linux (didn't know about live cd etc..) > > Due to these reasons and a few more, I found it easier to just use > Windows for years! These aren't really the answers to the question you asked. You asked why which has more of a philosophical feel to it. What you should have asked is the more direct question[s], "Should I use Linux for Drupal" and "Do you have any suggestions?" > > Mea Culpa. > > > > Michele Metts > DrupalConnection.com - Social Networks - Websites for Entrepreneurs > 617-877-1658 > > > On Tue, Feb 11, 2014 at 5:43 PM, John Abreau wrote: >> >> >> >> On Tue, Feb 11, 2014 at 4:45 PM, Richard Pieri >> wrote: >> >>> John Abreau wrote: >>> Freedom only for developers is kind of like a democracy where only wealthy landowners are allowed to vote. >>> >>> >>> As if freedom only for users is any better. >>> >>> >> >> Developers are themselves users. Saying that freedom is "only" for users >> is >> the same as saying freedom is restricted "only" to everybody. The >> connotations of the word "only" in that sentence conflict with the fact >> that >> the group includes everybody, and thus using the word "only" in that >> sentence is .disingenuous. >> >> >> >> >> -- >> John Abreau / Executive Director, Boston Linux & Unix >> Email: abre...@gmail.com / WWW http://www.abreau.net / PGP-Key-ID >> 0x920063C6 >> PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23 C2D0 E885 E17C 9200 63C6 >> > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Why use Linux?
> The GPL has always denied some freedoms to developers, such as the > right to exclusively make money from their work. Ahh, there in lies the lies that lairs lie about the GPL. The GPL does not deny any developer the right to make money from their work. Lies! It only denies a developer from using someone else's work as if it were their own. If I were to modify someone else's code, I should think I no right to modify it without permission. NOTHING forbids a developer making money from their own work. The GPL is only involved when a developer uses someone else's work as the basis for their own or as part of an aggregate product. The developer should not base their work on GPL code if they do not like the conditions by which they acquire it in the first place. I HATE this lie every time I see someone repeat it. Not liking someone else's license means you don't use their code. It does not forbid a developer from making money from their own work. > The anti-TiVo clause > in GPLv3 is an additional constraint, and the rarely seen Affero > license further limits developers. (Basically, the Affero license is > GPLv3 with the additional provision that if you make software > available as a service you have to make the source code available, > just as you would if you distributed source or binary code for use by > others.) > > There are times when the rights of users and the rights of developers > are in direct opposition, and it is impossible to make the situation > better for one group without making it worse for the other. But the > amount of good gained by one group can exceed the amount lost by the > other, and all developers are also users so their losses on their own > coding are counterbalanced by their gains from the work of others. > Almost no code is the work of one person or even one company alone; > any program of significance contains libraries and other code that > come from others and is developed using tools created by others. > > On balance, free software makes the world a better place than it would > be if all software were proprietary. More free software would make it > even better. > > On Tue, Feb 11, 2014 at 4:45 PM, Richard Pieri > wrote: >> John Abreau wrote: >>> >>> More precisely, RMS says that he makes no distinction between users and >>> developers, because developers are also users. He argues that limiting >>> freedom to only a subset of users is divisive and antithetical to the >>> concept of freedom. >> >> >> That's what RMS says. The "anti-Tivoization" clause of the GPLv3 says >> something quite different. It exists specifically to deny developers >> some of >> their freedoms to use and develop software and hardware. >> >> >> >>> Freedom only for developers is kind of like a democracy where only >>> wealthy landowners are allowed to vote. >> >> >> As if freedom only for users is any better. >> >> >> -- >> Rich P. >> ___ >> Discuss mailing list >> Discuss@blu.org >> http://lists.blu.org/mailman/listinfo/discuss > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Why use Linux?
The "why use Linux" question is a variant of any "why use xyz?" "Luke, you will find that many of the truths we cling to depend greatly on our own point of view. " The only real answer to such questions are an address of the pros and cons of various solution and by a weighing of fact and opinion, you come to a conclusion. There are currently 4 high level operating systems options: Windows, Apple, Linux, BSD. There are a few specialized options: Solaris, AIX, etc. To answer "Why Use Linux" you need to quantify why, on a preponderance of the evidence, is it better than any of the others. It isn't an easy question, like it or not, many of the reasons we say we use Linux amount to personal preference. We can site many technical facts, but most of them do not directly apply to any one task or group of tasks, and for every "pro" we have for Linux, someone can come up with a "con" and a "pro" for [fill in the blank]. I prefer Linux because of the usability. (subjective) I prefer Linux command line base with a serviceable GUI on top. (subjective) I prefer Linux networking capabilities. (subjective, but defensible) I "feel" it is easier to do things on Linux because of the wealth of tools and programs for it. (subjective, but defensible) I think that the TCO for Linux is less, once you are past the "come up to speed" hurdle that any technology change has. (opinion based on facts) I think that, for my usage, the stability of Linux surpasses Windows and Mac, but probably lags behind BSD. (opinion based on facts) Tread lightly, being "absolutist" means you will convince no one and are merely singing to the choir. If you are fair and balance the facts, give credit where credit is due, open minded people will hear you. > I have a request for the group - > > I am speaking at the GLADcamp Drupal conference in Los Angeles next > month and wish to have part of my talk cover the benefits of Linux. I > have started a riseup.net pad here: > https://pad.riseup.net/p/linux > > I would love it if anyone has some things to add that I may have > overlooked. > So far I plan to mention fsf.org and the groups on meetup. If you have > any wisdom to add, please do share! > > Thanks for all of your help with this and with inspiring me to teach > others how to install Linux locally. > > -- > > Michele Metts > DrupalConnection.com - Social Networks - Websites for Entrepreneurs > 617-877-1658 > > > --- > This email is free from viruses and malware because avast! Antivirus > protection is active. > http://www.avast.com > > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] learn or teach programs
I have an issue with trying to get people to program or develop software. You don't see lawyers saying we need more lawyers. You don't see many professions trying to actively recruit people. People who want to program gravitate toward it. They don't need help. Conversely, people who have neither interest nor aptitude won't do it no matter what. Personally, and maybe a little selfishly, our profession could use fewer engineers who could have just as easily been MBAs to make room for hackers who could change the world. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] Are SQL/NoSQL databases dead?
'm not saying they are "dead" as in no one is using them, I'm more thinking they are dead with regard to feature development. PostgreSQL and MySQL and the commercial databases just seem less "important" these days with things like MongoDB and Cassandra. Don't get me wrong, I think the NoSQL crowd are fairly delusional because eventually these NoSQL databases will all have SQL front ends and ACID characteristics are vital to any real database. (but I digress) Traditional ACID SQL databases have more or less peaked. Data stores like the NoSQL ilk are pretty much done feature wise as well. Stonebreaker's next project is getting very little traction. Have databases become just another "word processor" like application where almost all the standard offerings are really good enough? I mean, jeez, tomcat, apache, php, etc. are all jus good enough and there are no new "must have" features as well. I guess the real question is what's left or are infrastructure components pretty much done? ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Small website, non-technical users: Joomla, Drupal, or WordPress?
I use Drupal. It is easy to start and there is a lot you can do. > Thanks for reading this. > > I'm a member of the Big-8 Board, which decides what Usenet groups are > created and deleted. We have both technical and non-technical members, > and we've been using MediaWiki for the board's website > (http://www.big-8.org/) until now, but we have to move the site to a new > server which doesn't offer it. > > So, the question is "What's the best compromise between ease-of-use, > learning curve, and maintainability if we have to choose between Joomla, > Drupal, or WordPress"? > > The new site has 300 GB of disk and unlimited data transfers, but I > don't have shell access, just an ftp upload account. > > I appreciate your help! > > Bill > > -- > Bill Horne > William Warren Consulting > 339-364-8487 > > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Low level clustering software
> ma...@mohawksoft.com wrote: >> I'm looking for stateless parallelization, state-full process >> distribution, and high-availability in as much as matters for re-submit >> for stateless and redundant data for state-full process distribution. > > Um. What kind of processing do you want to do? Because, honestly, you've > thrown in so many buzzwords that it's impossible for me to tell what it > is that you're really asking. I was trying to be vague enough so as not to give too much away (its a work question). OK, so, a little more detailed info: (1) Stateless parallelization, this is where we can take arbitrary chunks of processing and ship it out to an arbitrary machine. (2) state-full process distribution, this is a bit more complex. Think about a distributed database. You need to send [n] identical query commands to [n] databases and aggregate [n] streams into one based on some unified ordering scheme. Then using some algorithm for partitioning, send data to only one of the nodes (or two for redundancy) for storage. (3) In the case of #2, is there any internal facilities to manage replication or redundancy of data. All being said, I have done a bunch of this stuff using MPI as a platform. I wonder if there were more modern tools to do this sort of stuff. > > -- > Rich P. > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
[Discuss] Low level clustering software
Its been a few years, but I was using LAM-MPI for doing some parallel distributed processing code. Obviously, the world moves on and I'm curious. What are the cool kids using these days? I'm looking for stateless parallelization, state-full process distribution, and high-availability in as much as matters for re-submit for stateless and redundant data for state-full process distribution. ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Dev Ops - architecture (local not cloud)
> On Fri, Dec 6, 2013 at 11:16 AM, wrote: > >> >> NFS is not as fast as a local disk, but it should not be that slow. >> > > I remember the first time I set up a NetApp fileserver,back in 1999. I > expected > that NFS would be slower than local disk, but I was hoping the performance > would still be acceptable. > > We had one of the heaviest users run his overnight jobs both on his local > workstation and on the NetApp NFS share to compare times, and we > discovered > that the NetApp's NFS share gave much *faster* throughput than his local > disks. > > His local desktop was a high-end Sun Ultrasparc workstation with the RAM > maxed out and with fast SAS disks, tuned for maximum performance, yet > over a 100Mb Ethernet, the NetApp outperformed his workstation's local > disks. That's impressive, especially over 100M ethernet. > > > -- > John Abreau / Executive Director, Boston Linux & Unix > Email: abre...@gmail.com / WWW http://www.abreau.net / PGP-Key-ID > 0x920063C6 > PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23 C2D0 E885 E17C 9200 63C6 > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] Dev Ops - architecture (local not cloud)
Its hard to quantify what's going on here. Yes it is slow, and we can make guesses as to why, but without a whole system diagnostic it is hard to know. NFS: Network connectivity 100M, 1G, 10G? Sync? OS (Solaris, FreeBSD, [any bsd], Linux, etc.) File System NFS server daemon Describe the NFS server in detail, OS, NFS server, storage, etc. Client: Network connectivity 100M, 1G, 10G? Infrastructure: How many hops? Routers/firewall in between? NFS is not as fast as a local disk, but it should not be that slow. > Performance comparison: > svn checkout single repository on old infrastructure > real5m44.100s > user0m36.957s > sys 0m14.757s > > svn checkout single repository on new infrastructure, but only using NFS > for "read" (local working copy stored on local disk) > real3m15.057s > user1m18.195s > sys 0m53.796s > > svn checkout same repository on new infrastructure, with writes stored on > NFS volume > real28m53.220s > user1m45.713s > sys 3m26.948s > > > Greg Rundlett > > > On Fri, Dec 6, 2013 at 8:35 AM, Greg Rundlett (freephile) < > g...@freephile.com> wrote: > >> We are replacing a monolithic software development IT infrastructure >> where >> source code control, development and compiling all take place on a >> single >> machine with something more manageable, scalable, redundant etc. The >> goal >> is to provide more enterprise features like manageability, scalability >> with >> failover and disaster recovery. >> >> Let's call these architectures System A and System B. System A is >> "monolithic" because everything is literally housed and managed on a >> single >> hardware platform. System B is modular and virtualized, but still >> running >> in a traditional IT environment (aka not in the cloud). The problem is >> that the new system does not come close to the old system in >> performance. >> I think it's pretty obvious why it's not performing: user home >> directories >> (where developers compile) should not be NFS mounted. [1] The source >> repositories themselves should also not be stored on a NAS. >> >> What does your (software development) IT infrastructure look like? >> >> One of the specific problems that prompted this re-architecture was disk >> space. Not the repository per se, but with 100+ developers each having >> one >> or more checkouts of the repos (home directories), we have maxed out a >> 4.5TB volume. >> >> More specifically, here is what we have: >> system A (old system) >> single host >> standard Unix user accounts >> svn server using file:/// RA protocol >> 4.5TB local disk storage (maxed out) >> NFS mounted NAS for "tools" - e.g. Windriver Linux for compiling our OS >> >> system B (new system) >> series of hosts managed by VMWare ESX 5.1 (version control host + build >> servers connected via 10GB link to EMC VNXe NAS for home directories and >> tools and source repos >> standard Unix user accounts controlled by NIS server (adds manageability >> across domain) >> svn server using http:/// RA protocol (adds repository access control >> and >> management) >> NFS mounted NAS for "tools", the repositories, the home directories >> >> Notes: >> The repos we're dealing with are multiple "large" repositories eg. 2GB >> 43,203 files, 2,066 directories. >> We're dealing with 100+ users >> >> >> >> [1] >> http://publib.boulder.ibm.com/infocenter/pseries/v5r3/index.jsp?topic=/com.ibm.aix.prftungd/doc/prftungd/misuses_nfs_perf.htm >> >> Greg Rundlett >> > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] BLU's SEO (Martin Owens)
> ma...@mohawksoft.com wrote: >> If I plaster an ad with a picture of a cold glass orange juice, and >> write >> "Fresh Orange Juice, tastes good and is good for you with natural >> vitamin >> C" It is objectively truthful. > > Except that it isn't objectively truthful. > > What you're not saying is that orange juice is *loaded* with sugar, > about 24 grams of sugar in in an 8oz serving. That's almost as much > sugar per ounce as Coca-Cola (26g/8oz) or Pepsi Cola (27g/8oz). Orange > juice also has about 10% more calories per ounce as Coke and Pepsi. > > Fruit juice is as bad for you as Coke and Pepsi in large quantities. The > sugar and acid are bad for your teeth and the calories are bad for your > weight and general health. Excess vitamin C intake causes indigestion > and diarrhea. That you see orange juice = healthy in spite of these > facts is the result of some of the most successful marketing campaigns > of the 1950s and 1960s. This is the real problem in this discussion, and probably on much larger fronts as well. All facts and truths come with caveats. There is no "non-trivial" thing that can be considered universally true or false. If one were to say "Water is wet," a fundamental objective truth, it can be countered as steam is water and steam is not wet, and ice is water and ice is not wet. There are always conditions and states were things generally regarded as one thing can be considered another. On top of that, the canonical definition of "water" is H2O in its liquid form. So, depending on the context, the word "water" can make the statement 100% true or partially true based on how it is used and the intention of the person using it. Life is terribly imperfect and ambiguous. We have to accept that generalities are necessary for any meaningful conversation. If someone wants to argue and derail conversation, all they need to do is pick apart semantics until everyone gets fed up with the definition of "is." Fresh orange juice, with pulp, is generally a more healthy alternative to coca cola. In excess, like anything, and it can be unhealthy. Sugar with balanced disaccharides (glucose and fructose in equal proportions) is not unhealthy (in fact necessary) in appropriate quantities. > > I can't speak to your DVD advertisement since I don't know the contents > of this hypothetical example and therefore have nothing to analyze. > > As for Faux News? 'nuff said. :) > > -- > Rich P. > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] BLU's SEO
> Joseph Guarino wrote: >> With the greatest respect I have to disagree. Your current >> understanding of Marketing is biased to say the least. Marketing is the >> art/science of communicating value to customers. There is nothing > > [snrk] > > Marketing is neither art nor science. It's the process of selling > things. "Communicating value to customers" is corpspeak for advertising. Marketing and advertising are very similar and there is a great deal of overlap, but there are important differences. It is marketing to say: "Hey, we can use our product to cure cancer! That's a great market." It is advertising to say "What color should the bikini be?" Sometimes "corpspeak" is a good thing. It isn't always about deception, many times it is about communication. Some ideas have negative connotations, sometimes it is best to create a new word or phrase. It can be deceptive, sure, like all things, but it doesn't have to be. > > Corpspeak is fuzzy. It's ambiguous. It's used when you don't want to > tell it straight and you don't want to lie outright. You may not be > conscious of doing it. You may hold the best intentions. The fact > remains: you used fuzzy, ambiguous jargon instead of plain English to > try to sell me something. This demonstrates my statement: marketing is > inherently unethical. > > Where you or I or anyone else draws a line for what is acceptable > practice in marketing? That's an orthogonal issue. > > -- > Rich P. > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] BLU's SEO (Martin Owens)
> hi > > On 10/22/13 15:20 , Martin Owens wrote: >> Marking is about getting attention > > isn't this a bit simplistic? marketing also wants to "persuade" you to > take some action. otherwise, self-immolation could qualify as marketing. Well, the term obtuse comes to mind. :-) "Marketing" is a term used to describe strategies for generating interest in your product. Nothing more or less. Now, there are some who will bend the boundaries of good and wholesome conduct to do so, but this is not required to be the case as part of the definition. If you have an operating that is free and open source and decide to take on the task of distribution and "sell" DVDs of this for $1.99, you will need to market your distribution system. Taking out an ad in a news paper or website that describes your service is considered marketing. You could be 100% truthful and everything. It is still marketing. If I plaster an ad with a picture of a cold glass orange juice, and write "Fresh Orange Juice, tastes good and is good for you with natural vitamin C" It is objectively truthful. No attempts at deception are made. Sure SOME people may not like Orange juice, but sufficient quantities of people like fresh cold orange juice that one can easily make the case that it is generally truthful. If I say, "FOX News Fair and Balanced," I would be lying, unfortunately, that's marketing too. > > i think it's the techniques used for this "persuasion" that put people > off toward marketing. or maybe it's the outright lies in some cases [not > all] ... > > also, i wouldn't say marketing has anything to do with consesus; i was > never consulted regarding my exposure to marketing 24/7. but now, maybe > it's my turn to be too simplistic ... > > -- > \js [http://or8.net/~johns/] : i am alive > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] cell phone pics
They have done something with the USB connection and you need some FUSE base program to access the phone on a modern Android system. Its a pain. I use SSHDroid and use scp to get files on or off my phone or tablet > > i've got some pics on a samsung cell phone, but don't know > how to access them. > > when i attach the cell phone, dmesg tells me: > > Oct 21 13:10:20 betelgeuse kernel: [95189.348094] usb 3-1: new full-speed > USB device number 6 using uhci_hcd > Oct 21 13:10:21 betelgeuse kernel: [95189.510152] usb 3-1: New USB device > found, idVendor=04e8, idProduct=6640 > Oct 21 13:10:21 betelgeuse kernel: [95189.510168] usb 3-1: New USB device > strings: Mfr=1, Product=2, SerialNumber=0 > Oct 21 13:10:21 betelgeuse kernel: [95189.510179] usb 3-1: Product: > SAMSUNG CDMA Technologies > Oct 21 13:10:21 betelgeuse kernel: [95189.510189] usb 3-1: Manufacturer: > SAMSUNG Electronics Bo.,Ltd. > Oct 21 13:10:21 betelgeuse kernel: [95189.512814] cdc_acm 3-1:1.0: > ttyACM0: USB ACM device > Oct 21 13:10:21 betelgeuse kernel: [95189.523289] qcaux 3-1:1.2: qcaux > converter detected > Oct 21 13:10:21 betelgeuse kernel: [95189.523715] usb 3-1: qcaux converter > now attached to ttyUSB0 > Oct 21 13:10:21 betelgeuse mtp-probe: checking bus 3, device 6: > "/sys/devices/pci:00/:00:1d.1/usb3/3-1" > Oct 21 13:10:21 betelgeuse mtp-probe: bus: 3, device: 6 was not an MTP > device > Oct 21 13:10:21 betelgeuse modem-manager[823]: (ttyUSB0) opening > serial port... > Oct 21 13:10:21 betelgeuse modem-manager[823]: (ttyUSB0): port > attributes not fully set > Oct 21 13:10:21 betelgeuse modem-manager[823]: (ttyACM0) opening > serial port... > Oct 21 13:10:24 betelgeuse modem-manager[823]: (ttyACM0) closing > serial port... > Oct 21 13:10:24 betelgeuse modem-manager[823]: (ttyACM0) serial > port closed > Oct 21 13:10:24 betelgeuse modem-manager[823]: (Generic): CDMA > modem /sys/devices/pci:00/:00:1d.1/usb3/3-1 claimed port ttyACM0 > > where do i go from here? (running ubuntu 12.04.) > > tia, > ole dan > > j. daniel moylan > 84 harvard ave > brookline, ma 02446-6202 > 617-232-2360 (tel) > j...@moylan.us > www.moylan.us > [avoid html waste.] > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] [OT RTFM]Quick SQL quesiton
I have been doing SQL for a *long* time, but I don't do it consistently enough to know the esoterica off the top of my head. There is a left join, a right join, and a full join. A full join returns null for empty elements from both sides. The left and right joins do what you'd expect. > On Fri, Oct 4, 2013 at 12:25 PM, Tim Callaghan > wrote: > >> > but, inner joins only produce matching records, and outer joins only >> give >> > the compete set of records from one table or the other, not both. >> > > FULL OUTER JOIN? > > Gordon > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
Re: [Discuss] our friend the nsa
> On 9/19/13 11:46 , Richard Pieri wrote: >> Darwin, the Unix layer of OS X, is FreeBSD and the source code is very >> much publicly available. > > as i understand it, darwin is a fork of freebsd. apple has some non-open > stuff in there too. "darwin" is pretty dead. Apple stopped providing updates a long time ago. > > -- > \js [http://or8.net/~johns/] : i am alive > ___ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > ___ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
