Re: [Discuss] Mothballing Synology NAS

[markw]

Actually, QNAP is probably one of the worst storage system vendors. They
offer little or no support. They sat on a silent corruption bug until they
were out-ed by a blogger who went public after the company's refusal to
acknowledge the bug:

http://www.sbsfaq.com/?p=4277

I have personally had to deal with qnap as a back-end to a ZFS storage
appliance and the customer kept getting corruption errors. (He actually
did have a disk failure/replacement in his raid.) We showed him the bug
report. That system is now "retired."

Worse yet, they don't publish the systems affected by the bug, oh no! They
only published the systems NOT affected by the bug leaving you to wonder
whether or not you are affected. "Is that my system? Its close, but not
exact."

Those small closed systems aren't worth it. A moderate ECC RAM motherboard
barebones system and good SATA disks will come in at about the same price,
be faster, and be more reliable.

Or pony up for a real storage system with support and service level
agreements.

> At least QNAP offer to one-click secure your installation with a Let's
> Encrypt cert through their SSL management plugin - even though they sell
> certs through the the same plugin/admin interface.
>
> (ed. note: TLS/SSL does not prevent Spectre / Meltdown - it's just an
> indication that QNAP are not 'crap' vendors if you consider Let's Encrypt
> free certs the 'right thing' to do.)
>
> Greg Rundlett
> https://eQuality-Tech.com
> https://freephile.org
>
> On Mon, Feb 5, 2018 at 3:07 PM, Greg Rundlett (freephile) <
> g...@freephile.com> wrote:
>
>> I have a QNAP TS-231 (dual bay SMB NAS) https://static.
>> myqnapcloud.com/device_model/53466f86d6b82f5cd5295b28?r=1517796001
>>
>> QNAP offered this security advisory on Jan. 8th
>> https://www.qnap.com/en-us/security-advisory/nas-201801-08
>>
>> And have released firmware upgrades since then ( 2018/01/30 ) QTS
>> 4.3.3.0448 Build 20180126
>>
>> However, they don't mention anything in the release notes yet
>> https://www.qnap.com/en/releasenotes/ so I'm unsure if it's "in there".
>>
>> They advise:
>>
>>- Do not install applications from unknown third-party sources.
>>- Do not open or run unknown virtual machine (VM) images on your
>>device.
>>- Do not run unknown software in Container Station.
>>
>>
>>
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>


___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Mothballing Synology NAS

[markw]

This is common across the industry. EMC, Cisco, IBM, and others have said
basically the same thing. I would dump synology because its crap, but not
because of that.

> The Meltdown and Spectre vulnerabilities were publicly disclosed 3
> January.
>
> Synology posted their own security advisory 5 days later on 8 January
> listing these vulnerabilities as moderate "because these vulnerabilities
> can only be exploited via local malicious programs." As if there were no
> ways for "local malicious programs" to ever be installed or injected.
>
> As of 4 February, a month after the initial disclosure, Synology have
> yet to release fixes for these vulnerabilities.
>
> I will be mothballing my Synology NAS box as soon as I get a replacement
> for it up and running. I have the parts. I just need to assemble and
> test them, install an OS, and move the drives.
>
> --
> Rich P.
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>


___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

[Discuss] Specific RedHat kernel: kernel-3.10.0-327.62.4.el7.src.rpm

[markw]

I need a specific redhat kernel to patch an appliance that is out of
support. Does anyone have it?

kernel-3.10.0-327.62.4.el7.src.rpm

___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] 3D Printers

[markw]

I've had the 3D printer working for about a week now, I have to say its
interesting.

Some of my friends at work and I have been thinking about this.. Are they
a fad or a technology with a big future?

I'm still not sure. Yes, they can make a lot of things, but the pieces
will never be cheaper than mass production. They will probably never have
the "quality" of a molded plastic. Then there is "plastic," metal would be
nice. So assuming plastic only.That has a wide range of application, so
maybe that's enough?

One thing I did print was a Raspberry PI project box. it only took 4% of a
1kg roll of filament. The filament was on sale at Microcenter for $14.99.
The box cost about $0.60 in materials, and maybe 5~10 cents of
electricity. It 10 hours to print. About 5 hours for the top and the
bottom.

I also printed a camera holder for the Raspberry PI camera, probably $0.05
worth of filament.

So, it may make sense for people like me who like to build things.


> I recently bought an ANet A8 3D printer for 163.99 (a week ago counting
> shipping)
>
> www.gearbest.com/3d-printers-3d-printer-kits/pp_343643.html?currency=USDhttp://www.gearbest.com/3d-printers-3d-printer-kits/pp_343643.html?currency=USD=760163=CJLTpfywoNMCFduEswoddZsDaw=760163=CJLTpfywoNMCFduEswoddZsDaw
>
> I am currently printing stuff right now. Its kind of cool. I have a number
> of thing I want to print, but it will take days to get them done. 3D
> printing is not terribly fast.
>
> A co-worker of mine dismissed 3D printers as gimmicks and while I sort of
> agree, I think the technology is interesting. Here is one issue that drove
> home the issue for me.
>
> I was trying to set up a raspberry pi camera as a web cam. I was double
> sided taping the camera to a box. Then I asked myself, "I bet
> thingiverse.com" has a 3D cad of what I want, and, of course, they did!!.I
> printed the camera mount. Easy.
>
> This technology is in its infancy. It has so much potential. Anyone else
> have a 3D printer?
>
>
>
>


___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] KVM, virt-manager, and CentOS7

[markw]

> On Thu, Feb 09, 2017 at 11:40:28AM -0500, ma...@mohawksoft.com wrote:
>> Here's the problem with all this.
>>
>> 8 characters for a name. Yes, in a hypothetical sense you have
>> 2.183401056×10^14 possible passwords if you use 8 ascii alpha/numeric
>> characters with no punctuation characters, but the vast majority of that
>> space are random strings not suitable for nicknames or meaningful
>> identifiers. For instance, I can't see that any remaining meaningful
>> permutations of "john smith" could possibly be left. How many email
>> addresses do they assign a year? How many back-logged names did they
>> create at first?
>
> Let's call it 26^8 or so: 208 billion.

Actually, 62^8, [a-zA-Z0-9]{8}

>
> The real problem is the lack of human meaning and the fact that
> names are usually longer than 8 characters.
>
> How many do they assign a year? Roughly a freshman class worth,
> plus maybe a hundred more? So 1200ish.
>
> John Smith is out of luck. So is Elizabeth Jones. But still, they probably
> have better options than "bb30...@binghamton.edu" -- the login I was
> assigned so many years go, can still remember, and have absolutely no
> use for.
>
> -dsr-
>


___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] KVM, virt-manager, and CentOS7

[markw]

Here's the problem with all this.

8 characters for a name. Yes, in a hypothetical sense you have
2.183401056×10^14 possible passwords if you use 8 ascii alpha/numeric
characters with no punctuation characters, but the vast majority of that
space are random strings not suitable for nicknames or meaningful
identifiers. For instance, I can't see that any remaining meaningful
permutations of "john smith" could possibly be left. How many email
addresses do they assign a year? How many back-logged names did they
create at first?

When an alum dies, does their email address become available?


> Dan Ritter  writes:
>
>> On Wed, Feb 08, 2017 at 10:24:54AM -0500, Derek Atkins wrote:
>>> Eric Chadbourne  writes:
>>>
>>> > Off topic, warl...@mit.edu, is the best email ever.
>>>
>>> Thanks.  I've had it since 1989.
>>
>> MIT trivia: once you have a username, you can't change it.
>>
>> http://mitadmissions.org/blogs/entry/dont-screw-up-your-username
>
> Only mostly true.  I know a handful of people who successfully changed
> their usernames.  It's rare, and only done in extreme circumstances.
> But it *can* be done.
>
>> -dsr-
>
> -derek
>
> --
>Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>Member, MIT Student Information Processing Board  (SIPB)
>URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH
>warl...@mit.eduPGP key available
> ___
> Discuss mailing list
> Discuss@blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>


___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

[Discuss] KVM, virt-manager, and CentOS7

[markw]

Has anyone played with virt-manager and KVM on CentOS 7 lately?

I was surprised by a lot of the things that were difficult or at least
arcane in previous releases are fairly trivial now.

For instance, a few years ago, bridged networking was a fairly poorly
documented procedure of setting up a bridge, setting up the virtual lan,
virtual adapters, etc. Now, its just a setting on the network adapter when
you add it.

I think I can easily step away from VMWare.

___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] NAS: encryption

[markw]

 From: John Abreau [mailto:abre...@gmail.com]

 Edward Ned Harvey (blu) b...@nedharvey.com writes:

  You seem to think there's an obstacle which isn't really real -
  Encryption is very cheap computationally, so cheap indeed it can be
  done by the disks themselves.


  On Tue, Jul 7, 2015 at 1:14 PM, Derek Atkins warl...@mit.edu wrote:
 I don't trust my disks to do the encryption, mostly because there's
 really no way to verify that it's doing it correctly, and the key
 management gets a lot harder.

 The way I read it, the message wasn't that you should trust the disk to
 do the
 encryption; it's that encryption has very low overhead today, and the
 reference to disk-based encryption was merely to illustrate that point.

 It seems silly not to trust the disk to do encryption, when you'd trust
 some software that you equally haven't decompiled and inspected.


The difference is that with open source software, specifically the
crypto library in openssl, because that's how people get FIPS certified,
many people do audit the code. Maybe not you, but many, and the fact that
we have so many CVE notices means that people are.

Did *you* verify the crypto had no holes? That the random number generator
had enough entropy? That the proper key length was used, and so on. No,
you didn't, but many people have, and most importantly, have the ability
to inspect this.

The problem with internal drive encryption is getting any level of
disclosure and accountability.

___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] NAS: encryption

[markw]

 On 7/8/2015 3:19 PM, Chuck Anderson wrote:
 Sorry, I call BS.  My point was that having access to source code is a
 prerequisite.  If you don't have access to the source code, it becomes
 MUCH harder to audit because you are limited in the techniques you can
 use, such as black box testing.  If you have source code, you can read
 the code and try to understand what it is doing.

 This is why I say you don't have the qualifications. Access to the
 source code isn't worth nearly as much as you seem to think it is. There
 are classes of vulnerabilities like insecure compiler optimizations that
 are impossible to detect by examining the source code even when you do
 understand what the code is supposed to do. On the other hand, no-source
 techniques like black box testing work whether or not you have the
 source. This is why my answer to your next question is...


 And do you think we would know about those instances if the
 code/standards were closed?

 ... yes, we would.


Everyone, step back and think about encryption.

There are a lot of moving parts. Take for instance, the AES encryption
algorithm. This is a known quantity and you can trust that it works when
 given any two independent implementations of it can encrypt/decrypt.

That's just the beginning. The next step is your key value. Is your key
sufficiently random to really get the benefits of the encryption? How do
you know? Does your key generation use /dev/urandom, /dev/random, some
neat hardware entropy generation?

If your key is not sufficiently unpredictable, then no matter how good the
encryption algorithm is, it will break if the attacker knows about your
key vulnerability.

Next, how safe is your private key? Why use brute force when the key can
be had by bad programming?

trusting that a closed system like encrypted hard disks is probably OK,
but if you are paranoid, it isn't. We should all be paranoid.


___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Thin Provisioned LVM

[markw]

 From: ma...@mohawksoft.com [mailto:ma...@mohawksoft.com]

  From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
  Behalf Of ma...@mohawksoft.com
 
  says give ZFS whole disks, which is stupid.
 
  Mark, clearly you know nothing about ZFS.

 Think what you wish. Maybe I'm not explaining the problem

 You're explaining your thoughts well - it's just that you're saying a lot
 of things that demonstrate lack of understanding of ZFS.

This is something you've said, but you haven't pointed to anything that is
incorrect. I really hate when people bring a personal pejorative to a
technical discussion. The problem I have had with ZFS and its supporters
is that they don't accept their baby is is not perfect and I raised real
issues that real users have, and sink to making it personal, so be it.

Yes, if you put an SSD on the ZIL, you can improve performance, and there
are a host of tricks you can use. If I have not stated it, I will state it
now, ZFS has some features that make it a great system for a broad set of
applications, but it does have issues related to performance and resource
usage that make it unsuitable for some classes of applications and/or
environments. To deny this would be *you* having a lack of understanding
of ZFS or systems design.


 Normally I like
 to react to those kind of things in a helpful manner, but for 1, you're
 certainly writing the stuff much faster than I have time to react to, and
 for 2, based on a zillion similar things you've written here before, I
 believe you have some kind of personal bias that I don't understand,

It isn't personal bias to debate the pros and cons of a system. I'm sorry
if I offend people if I barbecue their sacred cows. ZFS is just a thing
and for the class of systems and environments I deal with, some of its
behaviors run against the design criteria of the rest of the system. A
database-like system that manages its blocks and data integrity will
generally show a degradation in performance on ZFS.

 some
 kind of personal resentment for zfs.  I don't think anything I can say is
 going to change your mind about anything, so it would also be a waste of
 time for me to react to your zfs comments for your sake.

(1) If someone could point me in the direction of documentation on how to
get ZFS to update file or zvol blocks IN PLACE, i.e. without going through
the ZIL, then cool, I would really find that helpful.

(2) If someone could point me to a property of a ZFS pool to favor re-use
of storage blocks rather than expanding the footprint of the zpool usage
on the device, I would find that very helpful.

Both these behaviors REALLY REALLY impact enterprise class systems. Saying
you are doing it wrong is not an answer because #1 is a problem for
highly performant data systems and #2 is a problem for IT in corporations
that run SAN environments which use space-efficient (thin provisioned)
volumes.

I personally
 believe each tool is a tool, and has characteristics different from each
 other, and based on those characteristic differences, each tool is better
 for certain situations.  But as I mentioned, there's *almost* no situation
 I can think of where I would choose lvm over zfs.

First, on Linux, currently, ZFS does not cluster across multiple systems,
so there's one instance. That means you can't create fully redundant
applications on Linux using ZFS.

That combined with my previous issues, really move ZFS out of the running
for a host of enterprise class applications.


 I only want to tell people don't listen to what this guy says about zfs.

Now, I seriously take offense too this. If I were to say, Edward Ned
Harvey is an idiot, on the internet, that's bad because it cached and
searchable on google for the rest of time. The ad-hominem attack is the
lowest form of debate and a clear sign that the person using it has no
real standing in the discussion.

You do not know me and have no idea what I do or do not know about
anything, and nothing I have written about ZFS is fundamentally incorrect
at this point in time. You don't even bother to debate it, you just sink
to using insults. Are you comfortable with that level of discourse? I
dislike it. Saying You are wrong about XYZ, here's why means that you
can be respectful and have a proper discussion. Saying I want to tell
people don't listen to this guy is a personal attack.

___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Thin Provisioned LVM

[markw]

 On 3/12/2015 8:46 AM, ma...@mohawksoft.com wrote:
 (1) If someone could point me in the direction of documentation on how
 to
 get ZFS to update file or zvol blocks IN PLACE, i.e. without going
 through
 the ZIL, then cool, I would really find that helpful.

 See, this is what Ned is on about. There are two things that you've
 written here that demonstrate a significant lack of understanding of ZFS.

NO, I understand this, really I do.

 First is the ZIL. ZFS always has a ZIL. On a simple system the ZIL is on
 the data vdevs. In a high performance pool the ZIL is a dedicated
 low-latency device like a RAM-based SSD (optimally a mirrored pair). But
 regardless, there's always a ZIL.

Exactly my point, by the way. I don't want ZIL for some applications. It
isn't a misunderstanding, I've looked over the code intensely looking for
some way to provide this functionality.


 Second is that you don't tell ZFS to update in place. That's not how one
 does things with ZFS.

Yes, I know this. Disagreeing with the way ZFS implements storage is not
the same as misunderstanding it.

 The ZFS way is to enable deduplication and
 compression. I *DID* point you at these and I explicitly called out
 deduplication as the solution to the rampant space gobbling problem that
 you described. You chose to brush all of it off as ZFS is stupid.

 No, it isn't.

I think you misunderstood what I was saying about space utilization.
Consider this: You are a large cloud hosting company. You have a SAN
storage system from which you allocate thin provisioned virtual luns which
you then present to ESX server virtual machines. You give each customer a
2T LUN on which to install their OS of choice. The customers are billed by
the actual amount of storage they use. Using a conservative allocation of
disk space and in-place modification, the hosted system doesn't grow on
the LUN.

This is good for two things: (1) It saves the customer money because they
are not paying for storage they are not using. (2) It allows the hosting
company to monitor and budget hardware infrastructure additions gradually.

The problem with ZFS, is that it is very aggressive at growing the pool.
It assumes there is no cost to using the whole disk. Once it writes to a
block, that block is pulled out of the SAN and allocated to the LUN, you
can't give it back in the SAN. The number of used blocks have not really
changed on the LUN, only more free space has been allocated to it. Now the
customer has to pay for that and the hosting company has to add more
storage to their SAN.

There is no way I have found to curtail this behavior and everyone just
says ZFS wants to own the disks. That's not a solution to the problem.




 First, on Linux, currently, ZFS does not cluster across multiple
 systems,
 so there's one instance. That means you can't create fully redundant
 applications on Linux using ZFS.

 I don't know where you picked up this idea but it's very wrong. I've
 designed, deployed and managed fully redundant HA systems without
 cluster-aware file systems. Cluster-aware file systems are just of
 several solutions to the problem of shared storage.

Fully redundant on linux, i.e. active-active. This is not supported on
Linux as of 3/12/2015. We have an active-passive solution, but that is
half way toward what we want to do.



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Thin Provisioned LVM

[markw]

 On 3/12/2015 12:14 PM, ma...@mohawksoft.com wrote:
 Exactly my point, by the way. I don't want ZIL for some applications. It
 isn't a misunderstanding, I've looked over the code intensely looking
 for
 some way to provide this functionality.

 I disbelieve. Globally disabling the ZIL was an unsupported tunable from
 Day 1 (it was used internally at Sun to isolate different parts of ZFS
 for performance analysis). ZIL synchronicity was implemented as a
 per-dataset option in 2010.

So, what is it?

___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Thin Provisioned LVM

[markw]

 On 3/12/2015 2:04 PM, ma...@mohawksoft.com wrote:
 sync only controls when data is written to the ZIL, not whether or not
 the
 ZIL is used at all.

 Incorrect on all counts. You can read Robert Milkowski's blog (Robert is
 the author of this piece of code) for further details. No, I'm not
 providing you with any more links. If you really care then you can
 search for it yourself.

useless

___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Thin Provisioned LVM

[markw]

 On 3/12/2015 1:51 PM, ma...@mohawksoft.com wrote:
 So, what is it?

 Ahahahahaha.

 man zfs and read. You're looking for the sync option.

sync only controls when data is written to the ZIL, not whether or not the
ZIL is used at all.

Try again.


 --
 Rich P.
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Thin Provisioned LVM

[markw]

 On 3/10/2015 11:09 PM, ma...@mohawksoft.com wrote:
 There are some very good reasons to NOT use ZFS, but this isn't the
 discussion I intended to start.

 Then all I will say on this subject at this time is that your problems
 with ZFS seem to fall under you're doing it wrong. ZFS best practices
 are thoroughly documented and those documents do address your complaints
 about ZFS.

Yes, please, oh please, put some links that describe best practices that
address my complaints as there are none that anyone I have ever known
have been able to find. Yes, there are some that claim to fix these
problems, but not really or completely dismiss the architecture of the
application.

Remember, a lot of very high quality, very high performance, applications
are designed to run on very thin disk layers, i.e. LVM, RAID, etc. ZFS
introduces I/O, latency, memory requirements, CPU utilization, and other
resource requirements that are otherwise not desirable in a product. A
high performance application which is bottle-necked by I/O and I/O
latency, will run faster against a raw disk than it will against a zvol or
file in a zfs pool.



 In re Linux LVM, well, it comes as no surprise to me that the thin
 provisioning mechanism feels like a bolted-on hack. LVM always felt
 unfinished to me compared to other offerings like AdvFS, VxVM, even the
 volume manager that IBM created to support JFS (IBM's tools and internal
 consistency made up for a lot of the shortcomings in AIX). I used LVM
 not because it was good but because it was the only volume manager that
 Linux had. These days I try to avoid using LVM for anything other than
 basic OS volumes.

 --
 Rich P.
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Thin Provisioned LVM

[markw]

 On 3/11/2015 1:13 PM, ma...@mohawksoft.com wrote:
 Yes, please, oh please, put some links that describe best practices
 that
 address my complaints as there are none that anyone I have ever known

 http://lmgtfy.com/?q=zfs+best+practices+memory
 http://lmgtfy.com/?q=zfs+best+practices+database
 http://lmgtfy.com/?q=zfs+best+practices+sparse+volumes

Again, like I said, these do not address the problems. Specifically, the
post about sparse volumes says nothing about how to keep a ZFS pool from
growing out of control on a sparse presented to it from a SAN. It merely
says give ZFS whole disks, which is stupid.

The performance best practice show how to improve performance on ZFS,
but not how to make the performance on ZFS equivalent to much thinner
volume management.

ZFS has a lot of good qualities for a number of applications, but it is
just bad for a lot of other applications.



 Was that so hard?

Yes, because it didn't have any usable information.

 --
 Rich P.
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Thin Provisioned LVM

[markw]

 From: Discuss [mailto:discuss-bounces+blu=nedharvey@blu.org] On
 Behalf Of ma...@mohawksoft.com

 says give ZFS whole disks, which is stupid.

 Mark, clearly you know nothing about ZFS.

Think what you wish. Maybe I'm not explaining the problem

Commercial SAN systems provide disks as LUNs over fibre channel or
iSCSI. These LUNs are allocated from a pool of disks in a commercial
storage system. Ideally, a number of servers would use storage from the
SAN. Each of the servers or VMs will be presented with their disks.

Now, EXT2, XFS and many other file systems keep their data allocation
conservative, opting to re-use blocks in-place instead of using new
blocks.

The problem arises when you have something like a 100 VMs, each with a 2TB
LUNs, running off a SAN with only 20TB of actual storage. Without ZFS, the
systems only use space as they need it. 100VMs with 2TB of logical storage
each, can easily come out of 20TB as long as block allocation is
conservative. When you use ZFS the 100VMs will, far more quickly than
actually needed, gobble up 2TB each and force 200TB physical storage even
though most of the VMs have largely free space used by ZFS.

This is representative of a *real* and actual problem seen in the field by
a real customer. ZFS is not compatible with this strategy, and this
strategy is common and not something the VERY LARGE customer is willing to
change.


 Also, it's clear you have an axe to grind, which makes anything you say
 about it take it with a grain of salt.

Believe what you will, I have posted nothing but real issues that myself
and other people have had.


 I've personally used a lot of zfs, and a lot of lvm, and there is barely
 any situation that I would ever consider using lvm ever again.

Agreed, ZFS does a lot of things right, unfortunately it does a lot of
things incorrectly and renders itself as a sub-optimal for a class of
applications, specifically ones which manage their own block cache and
block I/O strategy.

You can make ZFS faster, but in the configuration I describe, not as
fast as a simpler volume management system.



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

[Discuss] Thin Provisioned LVM

[markw]

As the storage wars continue, the debate of ZFS vs LVM continues. I have
been dealing with ZFS heavily for about a year now and just don't see it
as a viable file system for a lot of applications that would otherwise
benefit from its feature set.

Specifically thin provisioned volumes for virtual machines or iscsi
luns. Yes, ZFS zvols do support thin provisioning and the API is basically
correct. Unfortunately, the implementation of ZFS is too resource
intensive for much hungrier applications. LVM is much more light weight
and has better performance in applications that manage their own
journalling and data integrity (like a database).

LVM has recently gained thin provisioning of volumes, but its kind of
broken. You create a thin pool as an LVM volume and then sub-allocate
LVM volumes out of that. So, you have the volume group, the thin pool
allocated out of the volume group, and the volumes allocated out of the
thin pool.

I am not sure if this even makes sense. It is conceptually no different
than allocating a volume out of a volume group, putting a file system on
it (ETX2, say) and then putting a sparse file on it. The EXT2 file system
is performing the function of the thin pool code.

I think its kind of bogus.

Any opinions?

___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Thin Provisioned LVM

[markw]

 On 3/10/2015 1:03 PM, ma...@mohawksoft.com wrote:
 intensive for much hungrier applications. LVM is much more light weight
 and has better performance in applications that manage their own
 journalling and data integrity (like a database).


The important part of the above paragraph that was omitted was:
the implementation of ZFS is too resource intensive for much hungrier
applications

 If you're getting substantially better performance with LVM than with
 ZFS then you've done something wrong. ZFS done right is only a little
 worse than bare disk speeds assuming that you have enough physical RAM
 for I/O cache (or dedicated ZIL and L2ARC vdevs for heavy I/O loads) and
 enough CPU for raidz, compression and encryption if you are using these
 features.

I didn't want to talk about ZFS, I wanted to talk about LVM, but here we
go with ZFS.

ZFS takes significant amounts of memory. If you have high memory demands
for your application, you will be competing with ZFS and significantly
increase the cost of your application.

ZFS does not update your disk in-place, i.e. it is all copy-on-write.
For a vast number of applications, this works pretty well, but for
database class systems that manage their file blocks, this incurs extra
disk I/O and impacts performance.

ZFS is a nightmare for high-end commercial storage that present
thin-provisioned LUNs. It is a classic strategy to present systems with a
SAN LUN that grows as it is used. ZFS does not constrain itself, it grows
until it takes all available space on the lun. Even if your ZFS pool shows
that it is 99% empty, it will fully use the volume.

There are some very good reasons to NOT use ZFS, but this isn't the
discussion I intended to start.


 --
 Rich P.
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

[Discuss] Raspberry PI 2

[markw]

Quad Core 900MHZ CPU 1 1G of RAM
Solid state storage (SD Card)
DC power supply
A theoretical price of $35 (currently obtainable at $45)

Seriously, how is this not an ideal platform for 99% of computer projects?
Why isn't one embedded in every toaster in the world?

I have used a PI(b+) ind its pretty damn good. A little slow and not a lot
of RAM (700MHZ single core and 512M RAM), but you could use it as a
general purpose computer.

Maybe I'm old, but this much computing capability the size of a pack of
playing cards for $35 in quantities of one, seems like a HUGE enabling
technology for a new boom in hardware products.

___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Raspberry PI 2

[markw]

 On 2/22/2015 12:11 PM, ma...@mohawksoft.com wrote:
 Maybe I'm old, but this much computing capability the size of a pack of
 playing cards for $35 in quantities of one, seems like a HUGE enabling
 technology for a new boom in hardware products.

 You're right - you ARE old! ;-)

I am, for sure, but I don't think the size/power/cost/support have been
present until now.


 The hardware and software curves crossed about ten years ago, so it's
 logical that the hardware devices would get smaller and more
 specialized. The only thing I'm afraid of is that they're headed toward
 appliance status, where each strawberry Pi, Pecan Pi, etc. is
 limited to a single burned-in capability that can never be changed.

I would much rather see a hackable PI future than a locked down
android/ipad/xbox future.


 Bill, who is contemplating Caesar's bust on the shelf and wondering how
 many will get the reference.

 --
 E. William Horne
 339-364-8487

 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Linux project - WX

[markw]

 On 2/10/2015 12:19 PM, Nuno Sucena Almeida wrote:
 As you mention, weather stations hardware is still a bit on the
 expensive side, so for now I make do with temperature+humidity DHT22 and
 the barometric pressure sensor BMP180.

 Kids these days with their sensors and their servers. When I did weather
 recording I used an alcohol thermometer, a hair-tension hygrometer, and
 a Goethe barometer, and I recorded measurements in a spiral-bound
 notebook with a pencil.

 :)

 As a point: weather != climate. You won't observe any kind of climate
 change with your back yard weather station.

Not to be pedantic, sure he will, it will just take years to see the trends.

 --
 Rich P.
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Passwords in Source Code?? Or, How to secure interprocess communications?

[markw]

This is a common problem and there are some common guidelines that allow
you to run your program almost anywhere.

Store your passwords in an external file.
The passwords must be encrypted using at least 1024 bit encryption with
some sort of salt. AES is probably your best bet.
The file must be readable *only* by the administrator.
Do NOT roll your own encryption, use openssl.


 Related to my previous database questions...

 Normally I think of a program as trusting itself, having some integrity,
 maybe not even having gaping bugs or security holes. But what if I the
 program I am writing is talking to another, such as Postgres? Postgres
 has the ability to do passwords, so do I just put a password in my
 program source? Set Postgres to only accept local connections, and hope
 for the best? Seems wrong. Do I try to put both in a chroot or something?

 My program already has to hope that its program files are secured by the
 hosting OS, but at least if it isn't opening up a network port it stays
 a rather contained problem.

 (I want multiple programs talking to the database, so no, I can't just
 link in Sqlite.)

 Seems a general problem of securing interprocess communications.

 Thoughts?

 Thanks,

 -kb, the Kent who knows that people Google for passwords, search github
 for passwords, and get a lot of juicy results.
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Home server

[markw]

For a desktop system, I'd go debian or ubuntu. For a server, I would
seriously go CentOS.


 Hi all,

 I was thinking of making a home server that will backup my photos and
 documents, preferably one that is scheduled.

 Is there any particular distribution that is better than Ubuntu for this
 purpose.  I have a pentium D, and 2 gb of memory to work with.
 Also, any other suggestions of how to go about this are welcome.

 Thanks,
 Rohan

 --
 Only a Sith deals in absolutes
   - Obi Wan Kenobi
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] SQL discussion

[markw]

 On 1/13/2015 1:39 PM, ma...@mohawksoft.com wrote:

 SQL is a database interface language. It was designed specifically for
 use with relational tables.

 That is part of it, true, but not all of it.

 No, that's the entirety of it: SQL was developed specifically for use
 with relational data. Period. You can argue that it's not but if you're
 going to do that then I suggest taking it up with the guys at IBM who
 designed it.

Yes, the language structure was designed to facilitate relational data.
This is true, but that is the last yard so to speak. The original work
included representing data such that it could be relational. How to
represent types of data. Specifying the language and verbs on how to find
it, how to add data to the system, etc. It wasn't JUST relational.


---

 It's difficult to implement
 queries against these kinds of data with SQL.

 Why?

 Because SQL is built on two dimensional algebra. Two dimensional math
 cannot easily encompass three or more dimensions.

That's like saying you can't represent 3 dimensions on a piece of paper.
It isn't true. The number of dimensions that are represented are defined
by the number of axis used. Correct? The next question is how do you want
to structure your data to represent 3 dimensions? 3D arrays? Tables? what?
If you want 4 dimensions, just one more axis.





 Such queries are much more
 complex in SQL than their native equivalents and they are much slower
 as
 a direct consequence of this complexity.

 Why?

 With SQL you perform multiple queries and figure out how to combine the
 results. With a native multi-dimensional query you perform one query and
 receive one result.

Why must you perform multiple queries? Its all how you choose to
structure your data and how you choose to query it.



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] SQL discussion

[markw]

 On 01/13/2015 08:08 AM, ma...@mohawksoft.com wrote:

 -kb, the Kent who stands by his right to dislike some things and like
 other things.


Its funny, the like/dislike thing. I have never thought of it in this way.
SQL is what it is, just another technology.



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] SQL discussion

[markw]

 On 1/13/2015 8:08 AM, ma...@mohawksoft.com wrote:
 I'm a software engineer and I am constantly confounded by other
 engineer's
 trepidation/apprehension/dislike for the common database. SQL databases
 especially.

 This statement of yours is a lot of it. There ain't no such thing as a
 SQL database yet people like you who should know better talk and write
 like they're real things. Those who don't know better are lead down the
 path of equating SQL with 800 pound gorilla database systems. They look
 at NoSQL/NoREL databases as alternatives because they need neither the
 bulk nor the expense of big RDBMS.

 The rest of us just roll our eyes.

Semantic arguments over canonically understood terms is not a good start.
When one says a SQL database, everyone knows what is being discussed.
The argument that follows such a rhetorical instrument is usually just as
pointless.


 SQL is a database interface language. It was designed specifically for
 use with relational tables.

That is part of it, true, but not all of it.

 SQL is very good at this but it can be used
 with pretty much any underlying database technology. As I've noted
 before, most non-relational database vendors provide SQL bindings for
 their systems.

Yup, no argument.

 On the other foot, SQL is absolutely terrible for queries against
 unstructured and multi-dimensional data.

LOL, *everything* else is just as bad.

 It's difficult to implement
 queries against these kinds of data with SQL.

Why?

 Such queries are much more
 complex in SQL than their native equivalents and they are much slower as
 a direct consequence of this complexity.

Why?

Rhetorical nonsense. Assertions without explanations.

 --
 Rich P.
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

[Discuss] SQL discussion

[markw]

I'm a software engineer and I am constantly confounded by other engineer's
trepidation/apprehension/dislike for the common database. SQL databases
especially.

OK, I got it, it is another technology to learn and it isn't like we don't
have too much as it is, but SQL is really something pretty great. With all
the no-sql offerings, SQL is the most widely used data access API in the
world many times over. Why? Because it really does work, and it works
pretty well.

Think about this, SQL as a data access language is everywhere. It is in
your web browser, it it is in you smart phone. (sqlite) Your bank uses it,
your government uses it. Your doctors, lawyers, supermarkets, and trash
collection companies use it.

With sqlite, you can have from a tiny embedded database to a pretty big
stand-alone database.

With postgresql, you can go from a small database server to an absolutely
HUGE data warehouse.

Now, the no-sql technologies have a place, but I find much of what
people want to use them for would be better done in a SQL system. Even the
no-sql technologies are gaining SQL front ends, what's the point in
that?


How much of this is a reluctance to learn SQL?

___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] SQL discussion

[markw]

 On Tue, Jan 13, 2015 at 8:08 AM,  ma...@mohawksoft.com wrote:
 How much of this is a reluctance to learn SQL?

 Also, why do people who don't want to learn SQL seem fine learning
 other data access languages?


That's really not the question. SQL is a multi-vendor standard data access
language that scales from very small to very large.

If you were an engineer in charge of project that needed a data access
paradigm, wouldn't you feel obliged to learn the standard systems
available before you design? It is a crucial part of engineering to know
the options available and be able to weigh the pros and cons and choose
accordingly.

The thing about databases is that they are mature technology. Oracle,
Sybase (Micrsoft), PostgreSQL, sqlite, and others have been around for a
very long time and all more or less benefit from a history of research and
development into the data access theory. If you are trying to understand
and improve performance, you can almost certainly find a research paper on
it using your database of choice.

The no-sql offerings as well as the roll-your-own seldom, if ever,
make things easier or faster. I have written a few data/performance
intensive systems: A commercial high speed text search engine, a
commercial recommendations system, A high speed session manager for PHP as
well as some other apps, and there are times when SQL just isn't the right
tool, but it is the exception, not the rule. Even then, SQL was used on
the search engine and recommendations engine to fill in the gaps between
finding the data and presenting it to the next tier.  Even the PHP session
manager eventually had to be able to persist sessions to a SQL database.




___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] SQL discussion

[markw]

 On 01/13/2015 02:59 PM, ma...@mohawksoft.com wrote:
 Its funny, the like/dislike thing. I have never thought of it in this
 way. SQL is what it is, just another technology.

 Technology is full of aesthetic considerations!

 Macintosh vs. Windows, IOS vs. Android, emacs vs. vi, Pascal vs. C, AC
 vs. DC.

There are plenty of technical discussions that can be had here.

 Yes, there are concrete technical differences, but Edison--a level
 headed man and very practical-

Yes, Tesla was crazy, but Edison could hardly have been called practical
or level headed. And YES! his hatred of a technology kept him from using
the better tool.

-hated alternating current. He was wrong.

Yes, you are making my point.

 I think he was biased by aesthetic considerations. I think his
 brilliance was based on having really good instinct on what were good
 ideas and good approaches, and I guess that he couldn't always
 articulate why, but it served him well. Mostly.

Edison was a bright guy (no pun intended), but his genius is up for
debate. He was more a crafty business guy than huge inventor. He had lots
of help.

 Technology is deeply traditional and full of irrational rituals and
 prejudices and and things of beauty and things of horrible ugliness.  A
 lot of just another technology entrants fail because they can't get
 past all these squishy human judgments.

 -kb




___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

[Discuss] Turbotax

[markw]

If you are like me, your taxes can get kind of complicated, especially if
you do any consulting on the side. I have used turbotax for a very long
time, but I hate corporate sleeze. If you have a complicated tax
situation, your handy turbotax deluxe may no longer work for you.


http://www.nytimes.com/2015/01/10/your-money/taxes/users-say-turbotax-deluxe-is-not-as-deluxe-as-previous-versions.html


___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] No-SQL Database Recommendation?

[markw]

 On 1/11/2015 4:26 PM, ma...@mohawksoft.com wrote:
 This is absolutely wrong. A simple key/value table in SQL is perfectly
 fine. Why would anyone assert otherwise? The fact that you *can* use it
 as
 a relation is beside the point.

 As an aside...

 I don't mean key/value data. I mean N-dimensional data where N  2.
 Medical records are (can be) a relatively simple example of
 3-dimensional data: they cover patient information over time. Sparse
 array databases were developed specifically because these kinds of data
 don't fit into tables.

 My assertion stands: trying to shoe-horn non-relational data into a
 relational database is foolish.

As long as the relational refers to your database schema and not the
underlying technology or access API, I can agree.

 --
 Rich P.
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] No-SQL Database Recommendation?

[markw]

 On 01/10/2015 05:39 PM, ma...@mohawksoft.com wrote:
 There is this database religion thing that I don't get. Why at the
 specification phase do you say you would like a no-sql solution, the,
 ironically, enumerate a list of requirements that scream real database.

 I would like to find a no-SQL solution because I hate SQL, it is
 annoying. Worse, I have to program in one language for the bulk of my
 program, and then I have to embed code in a second language to talk to
 the database.

Well, just so you recognize it, that's pretty bad engineering. Avoiding a
particular technology because you hate it is a dubious starting
position.


 There might be technical reasons to cite for why some no-SQL program is
 better than some SQL program, but in my case it is pure prejudice. A bit
 like my preferring Python over Perl: there might be technical arguments
 for why Python is better than Perl, but one I like Python better. I am
 even getting kind of good at it.

The problem with this is that it isn't merely a language choice, it is a
technical strategy. A good engineer would be able to articulate pros and
cons of the various approaches.

There are voluminous discussions of this topic, internal prejudice is a
horrible reason to reject anything.


 Using a free database like PostgreSQL will EASILY handle what you want
 to do.

 Including finding the first few items in order really cheaply--without
 finding all possible items first? Okay, I'll look at PostgreSQL.

If you use something like PostgreSQL and limit your selection to [N] items
using, suprisingly, the limit keyword, it will come back after the Nth
item was found.

What's more exciting, assume you have a JSON, XML, or some other textual
aggregation technique, you can construct an index out of the result of a
parsing function!! i.e. if you have a data schema that has something like
this: prodid100/prodid. You can use a function in your index and find
data faster than any no-sql could hope too.


 Maybe there is a less painful way to use it from Python than I found
 last I looked. I have always had a soft spot for PostgreSQL over MySQL,
 and now that Oracle has taken over MySQL, even more so.

As a side note, I understand your antipathy toward to SQL, but it is
merely just anther data access grammar with individual vendor variation,
no different than using different compression libraries.



 Thanks,

 -kb




___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] No-SQL Database Recommendation?

[markw]

 On 1/10/2015 9:49 PM, ma...@mohawksoft.com wrote:
 This is so uninformed.  There is *no* difference between a table with
 key/value in a sql database and a no-sql database. Almost every SQL
 database out there has, and has had for several years, JSON, XML, and
 other compound data types.

 Which are really just arbitrary data stored in table cells. That's not
 the same thing as complex matrices. These kinds of data don't fit well
 into relational databases. You can make them fit but then you're making
 them fit which indicates that a relational database is the wrong tool.

Again, a relational database is a tool that is able to support a
relational data model. That does not mean that it MUST be relational. C++
is able tp support an object oriented data model, but that does not mean
you MUST use it as such. There are many reasons to use C++ as a better
C.

Similarly, the idea that you can join data tables in SQL does not mean
you must. Almost all databases today have aggregation/parsing functions
for JSON, XML, CSV, etc. on table data.

Calling SQL databases the wrong tool because it has a huge arsenal of
tools to examine and access data makes no sense.


 Ahh scale. What can you say about scale? Almost all people get it
 wrong
 if they have never done it, and if they have done it they know that any
 arbitrary technology is only a tool to build something that gets it
 right.

 Yep. And just so that this isn't a rag on relational databases, ALL
 databases have a point beyond which performance plummets. Where these
 points are for different technologies for given hardware and how the
 system performs under these conditions are factors that should be
 considered before choosing any technology.

 --
 Rich P.
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] No-SQL Database Recommendation?

[markw]

 On 1/11/2015 2:08 PM, ma...@mohawksoft.com wrote:
 Again, a relational database is a tool that is able to support a
 relational data model. That does not mean that it MUST be relational.

 The definition of a relational database is a database that uses the
 relational model. If it uses a different model then it's something other
 than a relational database.

SQL is nothing more than a grammar for compiling data access functions,
nothing less.

 As a point: it's not a relational model. It's the relational model.

ABSOLUTELY NOT. SQL is not a model. There are models build upon SQL, but
there is no requirement that data in the database is relational.

 Calling SQL databases the wrong tool because it has a huge arsenal of
 tools to examine and access data makes no sense.

 I'm not calling relational databases the wrong tool for this reason. I'm
 calling them the wrong tool for data that don't fit the relational
 model. Trying to shoe-horn non-relational data into a relational
 database is foolish, plain and simple.

This is absolutely wrong. A simple key/value table in SQL is perfectly
fine. Why would anyone assert otherwise? The fact that you *can* use it as
a relation is beside the point.


 As a point: SQL does not equal relational model or relational database.
 While the language was designed for use with relational databases, and
 while most relational databases use it exclusively, many (I don't have a
 list handy) non-relational databases have SQL bindings so you can use
 either native queries or SQL queries depending on your needs.

Exactly, you are the one who brought up relational and the OP only
mentioned SQL.

In this discussion, relational is an empty strawman and does nothing for
the discussion.

 --
 Rich P.
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] No-SQL Database Recommendation?

[markw]

There is this database religion thing that I don't get. Why at the
specification phase do you say you would like a no-sql solution, the,
ironically, enumerate a list of requirements that scream real database.

First misconception: A relational database supports relational data in the
same way that C++ supports object oriented programming, i.e. it completely
optional.

A good database like Oracle, DB2, and PostgreSQL have amazing durability
and AMAZING indexing and data location tools. SQLite even has some very
amazing tools. Dismissing them at the beginning makes no sense.

Using a free database like PostgreSQL will EASILY handle what you want to do.


 I have been doing some Python programming recently and needed a
 database. I tried mongodb and it is pretty easy to use, but its
 performance is terrible--I think it is because I have funny needs.

 I was hoping of one of you could point me in a better direction. (Or
 tell me to quit looking and write my own.)

 Here are my needs:

   - Open source (GPL 2, MIT, etc.), easy to use from Python, to run on
 Linux, no need for relational stuff, don't want to have to embed
 another language (would prefer no SQL).

   - Multiuser, but only a dozen-ish clients, all on the same
 machine--or possibly on the local network. Don't care about big
 transactional systems that can replicate and operate when
 partitioned, etc. This is small stuff. Maybe as small as Raspberry
 Pi to maybe as big as cheapest available x86 system.

- Durable mostly. If the machine were unplugged without warning I
 would expect to lose a little current data, but never corrupt the
 whole database.

   - Need to do bidirectional queries on one primary key: Time. My
 timeline is sparsely and irregularly populated.

   - My data items are small, likely an integer or three.

   - Queries are count-limited: so only spend time finding first N-items
 out of many, many more possible hits, where my requested count, N,
 is only dozens to hundreds out of a total set of hits that might
 otherwise be many millions.

 This is probably my most odd need, one that might be
 impossible to satisfy without writing this myself.

   - I will have locality behavior, so if a first query or insert near
 time-T takes 100-times longer normal, that's cool, providing
 subsequent transactions near time-T are fast. So first query is
 maybe approaching 1-second, but subsequent nearby queries are few
 milliseconds (and look nearly free compared to other Python
 slowness).

   - New data will typically appear in-order--but not always. New items
 might be added to the database bursting as fast as maybe a dozen
 per second (significant locality in that case), but with average
 rates maybe being lower. Data might be deleted in any order.

 Anyone have a favorite database the looks like this?

 Thanks,

 -kb

 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] No-SQL Database Recommendation?

[markw]

 On 1/10/2015 5:39 PM, ma...@mohawksoft.com wrote:
 Using a free database like PostgreSQL will EASILY handle what you want
 to do.

 Indeed. There are only two technical reasons for rejecting relational
 databases out of hand. Neither of them are in the listed requirements.

 The first is that your data doesn't fit neatly into table rows. Hospital
 patient records are my go-to example. Relational databases suck at
 storing and retrieving this kind of data. Trying to make the data fit
 into tables anyway is a recipe for disaster.

This is so uninformed.  There is *no* difference between a table with
key/value in a sql database and a no-sql database. Almost every SQL
database out there has, and has had for several years, JSON, XML, and
other compound data types.


 The second is that you need to scale beyond the capacity of the
 underlying hardware to handle relational queries. This means very large
 data sets and very complex queries. Relational database performance
 drops in proportion to data size and query complexity.

Ahh scale. What can you say about scale? Almost all people get it wrong
if they have never done it, and if they have done it they know that any
arbitrary technology is only a tool to build something that gets it right.


 --
 Rich P.
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Using sftp without a shell account

[markw]

NSS is a lot of fun, there are a number of projects that allow you to
create actual real users on a system that can be authenticated via any
system you want.

You can use openssh to create valid password hashes. You can use PAM to
add authentication if you don't want to mimic /etc/shadow passwords.

There are NSS projects to use sqlite, mssql, postgresql, and files in
another directory, which, if not mistaken, can be nfs mounted.

 On 12/29/2014 3:16 PM, Derek Martin wrote:
 On Sun, Dec 28, 2014 at 08:58:13PM -0500, Bill Horne wrote:
 I'm setting up an LDAP-based server, which will be used for file
 transfers among other things. I'd like to allow LDAP users to access
 the machine via sftp, but I can't figure out how to do that without
 giving each user a local shell account, and I'm looking for advice.
 The long and short of it is you need to make sure that OpenSSH is
 using PAM, and that your PAM configuration is correct for doing LDAP
 lookups for account info and such.  You also need to modify
 /etc/nsswitch.conf.

 I don't see an nsswitch.conf file on the machine.


 This page may or may not be useful:

https://wiki.debian.org/LDAP/NSS

 I'll check it out, thanks.


 The LDAP users can access ftp without trouble, but not sftp.
 That is potentially interesting, but there are a wide variety of ftp
 servers, and configuring authentication for them varies as well.
 Without more details about how your system is configured, I expect it
 will be difficult to provide additional useful advice.

 It's a Mac Mini, with a generic OS X Yosemite installation, and OS X
 Server 4.1 installed.

 There are a couple of local users, which are just administrative
 accounts. Everyone else is a network user, entered in Open DIrectory
 but not in the local machine. I'm hoping that Open Directory is close
 enough to OpenLDAP that I can transfer knowledge.

 Thanks for your help!

 Bill
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

[Discuss] Wireless devices, 2 Wireless Routers, local network. DD-WRT

[markw]

Here's the scenario:

I like to go camping and often times they provide wireless access, but the
camp site is often pretty far away from the wireless access point. I have
a long distance wireless-G router with a high gain antenna. I have a
second wireless-N router. Both routers are running DD-WRT.


I should be able to connect to the camp ground's wireless with the high
gain antenna using the Wireless-G router with a DHCP assign IP address. I
should then be able to NAT to my own local subnet and be able to connect
the Wireless-N to my local subnet and provide access to phones, tablets,
and laptops.

If these were standard linux boxes, this would be fairly easy, but the
standard tools don't seem available on DD-WRT's shell.

Has anyone done this? Got a good link? (I have googled, but the examples
I've found aren't quite right or don't really work.)

___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Wireless devices, 2 Wireless Routers, local network. DD-WRT

[markw]

 On 8/27/2014 8:38 AM, ma...@mohawksoft.com wrote:
 I should be able to connect to the camp ground's wireless with the high
 gain antenna using the Wireless-G router with a DHCP assign IP address.

 And here I thought camping meant getting away from things like this.

As I was writing the post, I just KNEW someone would make a crack about
camping and electronics. LOL


 But to address the question, you need two access points each with two
 wireless network interfaces. Configure AP1 wlan1 as a client to the
 site's network. Configure AP1 wlan0 as a Repeater Bridge endpoint.
 Configure AP2 wlan1 as a Repeater Bridge endpoint. Configure AP2 wlan0
 as a normal access point for your devices.

Yes, I know the basics. I could do it for two raw Linux boxes, but the
facilities in DD-WRT seem a little lacking.

I don't see how to NAT from the wireless port in the G router (the one
with the antenna) to either the LAN or WAN ports. I also don't see how to
make the DD-WRT to be a true access point.


 --
 Rich P.
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Why the dislike of X.509?

[markw]

 On 8/25/2014 3:55 PM, ma...@mohawksoft.com wrote:
 No security can withstand privileged access.

 True, but with PKI and escrow a single attack can silently compromise
 the entire domain in one go.

*any* shared or distributed authority has the same issue.

 --
 Rich P.
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Why the dislike of X.509?

[markw]

 On 8/26/2014 10:37 AM, ma...@mohawksoft.com wrote:
 *any* shared or distributed authority has the same issue.

 Shared is not distributed.

Which is why I used or between them.

 Shared means more than one entity has
 authority. Each entity is a point of compromise for the entire system.

Or at least the systems that share the authority.

 Distributed means no single entity has authority; a quorum or a
 unanimous consensus is required. Compromise of one entity does not
 compromise the entire system.

There is no such thing as a security system that has one entity, well,
perhaps a stone or a brick. There is *always* at least one mechanism that
protects and one mechanism that provides access.






 --
 Rich P.
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Why the dislike of X.509?

[markw]

 On 8/26/2014 1:01 PM, ma...@mohawksoft.com wrote:
 There is no such thing as a security system that has one entity, well,
 perhaps a stone or a brick. There is *always* at least one mechanism
 that
 protects and one mechanism that provides access.

 An example is a code signing key. In a shared system, many agents
 possess copies of this key. Each agent is an entity. Each of these
 entities is a single point of compromise.

This is basically a strawman argument because while it could be done this
way, no one in their right minds would do it this way. That does not
typify what a shared system would look like.


 In a distributed system, the code signing key is split and distributed
 among several agents. Again, each agent is an entity. Since no one
 entity has the entire key the compromise of one entity cannot compromise
 the whole key and thus the whole system.

But, the code signing is exactly the point. There is a key that signs
the code and there is another key (cert or whatever) that verifies the
code signing key.

If multiple entities can sign the code with their own key, then clients
must have copies of each cert to verify the signing key. Unless there is a
1:1 relationship between the signers and the signees (which would be
pointless) any one of the clients must maintain all the key certs, in
which case, any one system would compromise the whole.

 Does the explanation make sense?
No, not really.

 --
 Rich P.
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] vnc

[markw]

The problem is security.

If you allow SSH access to the open internet, you're more open to attack.

With openvpn you can enable two-factor authentication and a lot more
security. Then, sure, let a really trusted user open an SSH shell.

It is inarguable that SSH and a VPN is far more secure than merely SSH or
other access methods.

 On 8/25/2014 8:51 AM, ma...@mohawksoft.com wrote:
 SSH is a very BAD thing to open up to the free internet. BAD BAD BAD.
 Once in, you are in. Shell access is dangerous.

 Stop right there.

 We have been discussing securing VNC connections to X11 desktops running
 on virtual framebuffer devices. In other words: full shell access. Thus,
 none of your points are immediately relevant to the discussion at hand.
 They might be relevant to a discussion about access to private services
 other than shell access but that's a different discussion.

 --
 Rich P.
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Why the dislike of X.509?

[markw]

You are talking about browser fuckary, not openvpn. Openvpn uses the
hierarchical PKI of x509, but has no default trusted CAs.

x509 is a pretty workable system (I refuse to call it good.)

 On Mon, Aug 25, 2014 at 1:22 PM, Richard Pieri richard.pi...@gmail.com
 wrote:
 It's not that I hate OpenVPN. It's that I hate key escrow systems. Hated
 them since the early 1990s. I hate them because they're single points of
 compromise for entire systems. I hate them because compromise is
 undetectable by users.

 It's not that X.509 file format is the problem per se, it's the
 browser Root CA infrastructure that has been built upon it, that is
 used by most non-browser SSL apps too.

 In the Public CA infrastructure,  most any sub-CA cert signed by any
 cert traceable to any browser Root CA can issue a MITM cert to
 impersonate any specific FQDN or *.someone.TLD .  If the system was
 fit for purpose, should the Hong Kong Postal Authority or the
 stolen/compromised CA key be able to issue *.BLU.org certs that are
 trusted?  No. As is, would you know if they did? Not immediately,
 maybe never.

 Combine that with the weak nature of DNS and BGP security and any
 sufficiently advanced opponent -- either state-sponsored or
 organized-crime -- can beat SSL, at least against targeted or regional
 users.

 [ Add in how we like URL shorteners with cutely irrelevant 2L national
 TLDs like .LY .IE .US .CO .NU .TV that are property of governments
 that might be either amenable to official or corrupt requests, and
 it's only easier to divert traffic. ]

 Unpatched systems might still accept cancelled compromised-CA-key
 signed forgeries today.
 (The CRL won't save them, it can be blocked by an aggressive adversary
 with local or regional DNS/BGP poisoning ability, which is needed for
 most MITM anyway ! )

 --
 Bill Ricker
 bill.n1...@gmail.com
 https://www.linkedin.com/in/n1vux
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Why the dislike of X.509?

[markw]

 On 8/25/2014 1:57 PM, John Abreau wrote:
 So the problem is that in order to connect to your company's VPN, you're
 forced to trust the syadmin who administers the company's VPN server,
 since he controls the company's centralized CA root for the VPN
 server?

 More generally, even if the sysadmin is trustworthy there is no way for
 me, the user, to know if someone else has obtained unauthorized access
 to the escrow. Which is to say, I'm expected to blindly trust that the
 system hasn't been compromised by bad actors without any proof at all
 that this is the case.

This is by definition the problem with all security. Every type of
security, from bank vaults, hotel rooms, to vpns sufferer from people who
don't protect the master keys.




 The part I don't get is the claim that OpenVPN is vulnerable because
 the public infrastructure that OpenVPN DOES NOT USE is vulnerable.

 Like I wrote before, it's not the publicness of the CA; it's the
 centralness. Public or private, any CA is a single point of compromise
 for its entire domain.

*Any* security infrastructure is a central point of compromise. That's the
nature of security. You are left with either an unmanageable mess or
forced to use or create some sort of infrastructure to manage it.

ANY security system is vulnerable to bad actors that can gain access to
sensitive data. With a CA on openvpn, merely regenerate your master key
and push a new cert. When users can't connect, they have to re-validate
and obtain a new key.


 --
 Rich P.
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Why the dislike of X.509?

[markw]

 On 8/25/2014 3:11 PM, ma...@mohawksoft.com wrote:
 *Any* security infrastructure is a central point of compromise. That's
 the
 nature of security. You are left with either an unmanageable mess or
 forced to use or create some sort of infrastructure to manage it.

 This is a gross misrepresentation. When you have a master key, theft of
 the master key compromises the entire system. When you don't have master
 keys, theft of a key only compromises the entity associated with that key.

 You can have a manageable system without relying on master keys or key
 escrow. Kerberos has been doing it for decades.

Yes, but now the Kerberos system becomes your central point of
vulnerability, the argument is unchanged. You still have a central locus
vulnerable to attack.



 ANY security system is vulnerable to bad actors that can gain access to
 sensitive data. With a CA on openvpn, merely regenerate your master key
 and push a new cert. When users can't connect, they have to re-validate
 and obtain a new key.

 Merely. And how, pray tell, are YOU going to know if your private root
 certificate has been compromised when X.509 lacks a mechanism to detect
 root certificate compromises?

If your system is compromised, you can be pretty sure that the attackers
will be able to erase their tracks. This is the nature of cracking. The
only way to be sure is to monitor access via an external logging system.

No security can withstand privileged access.



 --
 Rich P.
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Why the dislike of X.509?

[markw]

 On Mon, Aug 25, 2014 at 2:20 PM,  ma...@mohawksoft.com wrote:
 You are talking about browser fuckary, not openvpn. Openvpn uses the
 hierarchical PKI of x509, but has no default trusted CAs.

 That a VPN doesn't require or apparently use the installed 'default
 trusted CAs' doesn't necessarily mean it successfully ignores them.


The openssl library knows nothing about trusted CAs in browsers. You can
look at the source code. You can trace the execution with a debugger.


 If it uses the same SSL library as a browser -- on any platform --
 that assertion has to be demonstrated to be true.

I'm not sure I agree with your logic. There is no connection between
openssl and the browsers trusted CAs, they are implemented in the browser
code. openssl provides the means by which this is implemented but contains
no implementation.


 I hope you're right.  Hope is not good enough to a security auditor. Show
 me.

Don't trust me, look at the code.


 I share Rich's concern about Key Escrow anytime, anywhere, and
 understand why VPN and/or PKI smells similar to him.

I don't like the default browser keys either, but this isn't that issue.

 But If Rich is worried about a private corporate self-hosted OPEN-VPN
 implemented with self-signed local-root CA key acting as key escrow,
 well, that is irrelevant for VPN use-case WHEN (actually) PRIVATELY
 HOSTED.
(Aside from my hypothetical inadvertent public root trust concern.)
Yeah, you trust the Admin admin running it, who gen'd and
 self-signed their key and your key too, and the Corp that owns it.
 Your bits go to their server eventually when you VPN into them anyway,
 so why not?
If Corp VPN and users exchange secret keys out of band instead of
 issuing clientserver private PKI x.509 certs out of band, the Corp is
 still in position to cough up everything.
If the Corp node in the VPN is subverted or subpoenaed, the traffic
 can be gotten at point of egress from the tunnel by the corporate
 owner (or by subverted systems) even easier. VPN usecase does NOT
 protect users from VPN host.
(Likewise with unsigned SSH RSA keys, either end-point can spill
 what's before or after the tunnel, and recipient Host can add bogus
 keys to allow Eve to log in as Alice, just as Root can make a second
 usernam/password with same numeric userid to read/write all your
 files, if there isn't second-factor auth. )

 But Rich is right that with Commercial  VPN providers (whether based
 on OpenVPN or proprietary stacks), yes, the moral equivalent of key
 escrow is a very real concern, whether X509 PKI or not, but X509
 complicates matters. Need to find out in each case if the
 nuts-and-bolts allow the Provider to answer a subpoena/NSL to cough up
 keys or implement a MITM tap without help from each client Corp's
 admin, if their PKI gives them back door, or if it requires customer
 cooperation.

 VPNs as a service have a big trust issue.
 VPNs implemented locally are locally centralized. This provides a
 single locus within the Corp for an opponent to attack by hack or by
 legal pressure, but this Centralization doesn't intrinsically change
 the trust model.
 (unless you for some reason trust your local Root ops more than Corp
 Network Operations, which would be a problem of another sort).
 (and unless the product implemented locally uses a hardware Vendor
 CA chain instead of truly local keying, in which case it isn't reall
 local, see 'as a service' above !! )

 Your bits travelling through employer are not totally protected and
 never will be, even if some courts say you have an expectation of
 privacy (for some purposes).
 Your bits travelling through a Partner's system who gives (sells) you
 VPN access into their systems for some mutual benefit aren't protected
 from them after they emerge from the tunnel either, so their having
 escrow-equivalent ability to recover/spoof/whatever your keying matter
 is pretty irrelevant.
 Both Employer and Partner entities will respond to Subpoena / NSL.
 Nobody should expect otherwise.

 (Which doesn't change that anything that smells like escrow smells
 'off' to those who care about security that really works.  From what
 Rich has said re dates, his allergy to escrow likely stems from the
 same controversy as mine.
 http://www.cryptomuseum.com/crypto/usa/clipper.htm
 http://en.wikipedia.org/wiki/Clipper_chip#Backlash
X509 PKI is not normally considered an escrow regime in normal
 usage, but Rich is quite correct that central CAs or other registries
 have *abilities* that are hard to distinguish from Escrow - even if
 they never know your private key, they can at the very least forge
 another one with the same apparent identity, and so spoof you to
 others -- or spoof someone important to you.
With a VPN or other Central registry that totally generates all
 keying matter (rather than signing public half of pub/priv key the
 client app creates), they may actually literally escrow too. But that
 would be wrong.  Moving 

Re: [Discuss] Why the dislike of X.509?

[markw]

 On Mon, Aug 25, 2014 at 4:04 PM,  ma...@mohawksoft.com wrote:
 That a VPN doesn't require or apparently use the installed 'default
 trusted CAs' doesn't necessarily mean it successfully ignores them.

 The openssl library knows nothing about trusted CAs in browsers. You can
 look at the source code.

 Good. Let's take that as stipulated, openssl doesn't know about
 browser root key store.
 ( this leaves unasked, Does it know about OS key store on OSs that
 have such?  I'll assume we stipulate that it doesn't. That requires
 each browser on that OS to hook the store, which someone might have
 optimized.)

 Did OpenVPN use openssl on all platforms ?
 Or does it #IFDEF a native binding anywhere?
 Did they cut-and-paste code from a browser proof-of-concept that will
 hoover up roots if loaded?
 Need to read the VPN code too to know there isn't a flaw. Or test it.

Anything is possible, read Trusting Trust. That being said, the range of
trust is auditing every single line of code from kernel to application
including all the libraries on one end, and trusting everything out of the
box at the other.

I have personally audited openssh, openvpn, openssl, bash, and a number of
PAM modules for security. The code you suspect might be in there is not.
It isn't even very rational to think it is. I was looking for obvious
exploits. The worst code base is openssl. It is the biggest hack-job in
the industry. Nothing else even comes close. It is very difficult to trace
code at the source level unless you have solid knowledge of the internals.
The crypto portions of openssl are solid, the TLS is the hack.

For security you need to weigh risk, cost, security, and trust.


 You can trace the execution with a debugger.

 That tells me what it does here and now, doesn't tell me what it does
 with hostile bad data until i make some hostile data.

There will always be bugs and exploits.

 If it uses the same SSL library as a browser -- on any platform --
 that assertion has to be demonstrated to be true.

 I'm not sure I agree with your logic. There is no connection between
 openssl and the browsers trusted CAs, they are implemented in the
 browser
 code. openssl provides the means by which this is implemented but
 contains
 no implementation.

 I'm not talking about openssl in isolation.
 I'm not yet even assuming OpenVPN (always) uses that lib.
 I'm not restricting myself to OpenVPN brand VPN since this thread
 restarted with X509 topic line.
 And any other brand VPNs do whatever they want.

 For extreme degree of trust, you need to know. All the way down.
 For a degree of trust on par with DNS, IPv4, BGP: what the heck, just use
 it.

It is very expensive to that amount of auditing. If you need secure,
delete the CA certs you don't like.

 I hope you're right.  Hope is not good enough to a security auditor.
 Show
 me.
 Don't trust me, look at the code.

 Yes: 'show me' means reading the code.
 And the test cases.
 We've seen enough failures in Crypto implementation that i don't even
 'Trust but Verify' with crypto.
 [ /Doveryai no Proveryai/ as Gorbachev taught us to say. It is funnier
 in the original Russian !  ]
 With crypto code, has to be Verify before any Trust.

 I will take as stipulated you've read the openssl code and that i'd
 see the same if i took the time.

 If you're certain from having read OpenVPN repo, we can also stipulate
 that OpenVPN never  #IFDEF's a native lib and didn't cut*an*paste
 initialization code from a sample baby browser that reads OS roots if
 there are any.


That kind of thing simply is not in there. People would SCREAM bloody
murder. I am more concerned about the bad programming in openssl and
carefully planted exploits in various products by bad actors. It isn't
just open source, RSA had issues as well. Microsoft has their share as
well.




 I share Rich's concern about Key Escrow anytime, anywhere, and
 understand why VPN and/or PKI smells similar to him.

 I don't like the default browser keys either, but this isn't that issue.

 You *should* be correct that default keys won't affect OpenVPN; as i
 said above, *If* you've read their code too, i'll happily stipulate
 for it you're correct.
 I hope it doesn't affect ${other}VPN either, but with closed source who
 knows !
 IIRC there are VPNs and VDTs that use browsers to frame the session;
 they may well use browser SSL implementation. Good luck with that !

 Rich's concern seems to be different, that any central store is less
 trustworthy than distributed/compartmentalized, in part due to damage
 limitation or lack thereof.
 That isn't specific to OpenVPN either.
 That's a usability vs security, choice-of-threat-weighting.
 In practicality, we'll do it anyway, but in pure security PoV, i see
 Rich's point.

A central authority is probably more secure than a decentralized system.
If you assume gaining privileged access to a system means you can
compromise it. One system is easier to guard than many.

A distributed system means a 

Re: [Discuss] vnc

[markw]

I would opt to use openvpn instead of an SSH tunnel. You have a better
control over security and ease.

 On Sun, Aug 24, 2014 at 10:29:13AM -0400, Stephen Adler wrote:
 I'm installing red hat enterprise linux on a server at home and I'm
 tweaking the vnc service setup. I've followed the instructions in
 the system admin guide, but I'm not liking the final set up.
 Basically I've enabled vncserver for a user registered on the
 system. When I reboot, the system spawns off Xvnc for the user. When
 I run vncviewer, I issue my password and then I have a vnc window of
 the desktop of the user on the system.

 My problem with this is that the password I issue to open up the
 vncviewer window to access the desktop of the user is not part of
 the /etc/passwd file, but some clear text password file. There are
 warnings in the documentation about this.

 What I would like is to be able to somehow start an Xvnc session in
 which gdm is started, and then when I run vncviewer and issue the
 password, I'm placed into a gdm login screen, at which point I
 select my user and password and log in. This is the model of the old
 Xterminals of the 1990s.

 does anyone have any tips/tricks on how to set up Xvnc or a
 vncserver set up so that I get a gdm login screen instead of going
 directly into the user's desktop?

 So, the reason you're not supposed to do that -- or be happy
 with the way vnc comes out of the box -- is that vnc is
 unencrypted.

 Set Xvnc to not listen on anything except localhost. Then back
 that up with a firewall restriction -- really, you shouldn't
 have to, because you do default deny, right?

 Run an ssh tunnel to your server, LocalForward some port to the vnc port,
 and point your vncviewer at localhost:0.

 Now that you've got that working, you can do multiuser.

 Most of the info for that is here:
 http://linuxreviews.org/howtos/xvnc/
 but the short version is, enable xdcmp listening to localhost
 for your display manager.

 -dsr-
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] vnc

[markw]

I know you can do it as I did it about 10 years ago. Today, however, I
would restrict access to an openvpn configured subnet.

That was you can issue keys to people to whom you would allow access, and
they can log in with they regular passwords.


 Hi All,

 I'm installing red hat enterprise linux on a server at home and I'm
 tweaking the vnc service setup. I've followed the instructions in the
 system admin guide, but I'm not liking the final set up. Basically I've
 enabled vncserver for a user registered on the system. When I reboot,
 the system spawns off Xvnc for the user. When I run vncviewer, I issue
 my password and then I have a vnc window of the desktop of the user on
 the system.

 My problem with this is that the password I issue to open up the
 vncviewer window to access the desktop of the user is not part of the
 /etc/passwd file, but some clear text password file. There are warnings
 in the documentation about this.

 What I would like is to be able to somehow start an Xvnc session in
 which gdm is started, and then when I run vncviewer and issue the
 password, I'm placed into a gdm login screen, at which point I select my
 user and password and log in. This is the model of the old Xterminals of
 the 1990s.

 does anyone have any tips/tricks on how to set up Xvnc or a vncserver
 set up so that I get a gdm login screen instead of going directly into
 the user's desktop?

 Thanks in advance. Steve.

 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Looking for WiFi router with certain characteristics

[markw]

A couple notes.

I NEVER, repeat, NEVER use stock software from the vendor of my wireless
router. Sorry, I don't trust fill in company name here All my routers
use DD-WRT.

Once you make that jump, then you can just hop over to their website and
look for compatible routers. The DD-WRT code has a LOT of features that
the commercial routers do not provide, including SSH access.

So, now that you can have the features that you want regardless of vendor,
just find a router that is supported at a good price.

Last year I found a DLink-N 615 router for $30. I bought two of them and
put one at each end of the house.

 Apologies to Lewis Carroll. I'm afraid the following doesn't scan as
 well as his version:

 The time has come, my router said, to talk of many things.
 Of 802.11 ac and n and g and b,
 And why Cisco updates without permission.
 And the safety of ASUS settings.

 :-)

 It's long past time for me to replace my 802.11 g router with something
 more recent.  But I have a few constraints that make it tricky to select
 the right router. So my question is, do any of you have experience with
 the ASUS RT-N66U or any other router that fits the constraints I
 describe below?  While I'm interested in recommendations of what's
 worked well for you, I'd also appreciate warnings of what to stay away
 from. advTHANKSance for your help.

 My constraints are:

 1. COVERAGE:

 The construction of the house the router will be installed in is
 problematic WRT getting signals through.  It was built before
 drywall was in common use in the U.S.  But rather than using wood
 lath, the plaster is held in place by lath.  But it's not
 traditional wood lath.  It's WIRE LATH.  Also, the heating system is
 forced hot air, which means that there's SHEET-METAL DUCTWORK
 between all the ceilings and floors.

 So all the walls, floors, and ceilings have metal in them.

 With the old router, I had to replace one of the stick antennas with
 a directional antenna aimed toward the part of the house where
 coverage was weakest.  But since 802.11 N and AC use MIMO, I believe
 that replacing one of the stick antennas with a directional antenna
 would screw up the interference pattern that MIMO depends on.

 I'm hoping that MIMO will solve the coverage problem that the
 directional antenna solved with the old router.

 Do any of you have any experience with routers in environments like
 this?  If MIMO doesn't get me the coverage I need, what are my
 options?

 2. N vs. AC:

 I have a 5 GHz cordless phone that I do not want to replace.  It
 implements features that would be difficult to find a replacement
 for, and even if I could, replacing it would be quite expensive.  So
 it was important for me to figure out whether this phone will
 interfere with an 802.11-AC router.  It took several months of
 research, but eventually I determined that it definitely will
 interfere with over half of the 5 GHz WiFi channels used in the U.S.

 Since 802.11-AC only operates in the 5 GHz band, but 802.11-N
 operates in both the 2.4 GHz and 5 GHz bands, 802.11-N seems like a
 much better choice for my circumstances.

 Furthermore, most of the computers on my network don't support
 802.11-AC, but are recent enough that I'm not likely to replace them
 anytime soon.

 So it makes sense to me to ignore 802.11-AC routers and only look at
 802.11-N.  Does this logic make sense to you?

 3. SPEED:

 Of the 802.11-N offerings, the highest aggregate speed seems to be
 450 Mbps in the 2.4 GHz band plus 450 Mbps in the 5 GHz band.  This
 is commonly known as an N900 router.  Given the potential
 interference from the 5 GHz cordless phone, I may not get the full
 450 Mbps from the 5 GHz range, but a dual band N router seems the
 choice most likely to get me the fastest throughput possible for my
 circumstances.

 4. PORTS:

 In addition to supporting WiFi, I also need the router to provide 4
 LAN Ethernet ports in addition to the 1 WAN Ethernet port for
 connecting it to my cable modem.

 5. WHAT ROUTERS CAN BE TRUSTED?

 CISCO: Given the above constraints, I was considering the Linksys
 (Cisco) EA4500, but when I Googled it, I quickly learned that about
 2 years ago, Cisco/Linksys had pushed out their Cloud Connect
 firmware to all their routers without the router owners' permission,
 and in order for the owner to continue using his own router, he had
 no choice but to sign an agreement that allows Cisco to spy on his
 Internet use, allows Cisco to sell any data they collect, and allows
 Cisco to legally lock the router's owner out of his own router
 whenever they feel like it.
 http://boingboing.net/2012/07/03/cisco-locks-customers-out-of-t.html,
 

Re: [Discuss] php dev's code with warnings and notices

[markw]

Web development is a ghetto or even, still, the wild wild west. A properly
configured and developed web site with no warning would probably only
serve static web pages. If you log nothing, you miss important errors and
warnings, if you log more, you will get stupid errors and warnings.

The real issue is the cause of the errors and warnings. Some are
important, and some, simply are not.

For what it is worth, as the new senior guy, ask why you shouldn't be
worried by the errors. See if they are aware of them and understand what
they are before you cast judgment.


 Hi All,

 I've recently been asked to work with a team of PHP developers on a
 pretty large and complex project.  The code they have submitted works,
 but it has a bunch of warnings and notices in the logs.  I personally
 think this is sloppy coding.  My question is, how strong a stand should
 I take on this issue?  I have the senior role but I am also the new
 guy.  I feel that code should have no warnings or notices.  But maybe
 this is not the norm?  Maybe there exists situations where it can't be
 avoided that I don't realize.  What do you think?

 Thanks,
 --
 Eric Chadbourne
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] share keyboard/video/mouse with 2 desktops

[markw]

I have used Synergy on Window, Linux, *and* mac at the same time.

It has worked really well for me.

 What is the easiest way to share keyboard/video/mouse with 2 desktops
 (Linux  Windows)?

 Has anyone used this synergy-project:

 http://synergy-project.org/download/

 Thanks!

 John Malloy
 jomal...@gmail.com
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] share keyboard/video/mouse with 2 desktops

[markw]

Imagine.

A windows system with a monitor, a mac laptop. a Linux system with a
monitor. Bouncing from keyboard and mouse is a PITA. Synergy allows you to
connect the mouse and keyboard to one system and seamlessly move the mouse
across all three monitors, and which ever monitor has the mouse, gets the
keyboard.

It feels like a single system from a keyboard/mouse point of view.
Granted it is not as tight as it could be, but that would be WAY more work
and be a far bigger project. Like, having windows straddle monitors would
be way cool, but that would be work down to the driver level.


 What about a USB hub and hub switch -- wouldn't that work?  

 In fact, wouldn't it also allow you to share a printer, backup drive,
 etc? 



 On Tuesday, July 8, 2014 10:14 AM, ma...@mohawksoft.com
 ma...@mohawksoft.com wrote:



 I have used Synergy on Window, Linux, *and* mac at the same time.

 It has worked really well for me.

 What is the easiest way to share keyboard/video/mouse with 2 desktops
 (Linux  Windows)?

 Has anyone used this synergy-project:

 http://synergy-project.org/download/

 Thanks!

 John Malloy
 jomal...@gmail.com
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss


___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] share keyboard/video/mouse with 2 desktops

[markw]

Ahh, so it isn't a KVM issue, per se'

http://www.ikea.com/us/en/catalog/products/60245721/


 On Tue, Jul 8, 2014 at 11:01 AM,  ma...@mohawksoft.com wrote:
 Imagine.

 A windows system with a monitor, a mac laptop. a Linux system with a
 monitor. Bouncing from keyboard and mouse is a PITA. Synergy allows you
 to
 connect the mouse and keyboard to one system and seamlessly move the
 mouse
 across all three monitors, and which ever monitor has the mouse, gets
 the
 keyboard.

 My problem with this is that you need a desk big enough for three
 displays.   If I'm going to have more then one display on my desk I
 would like to be able to sometimes have them all attached to a single
 system.   With Synergy each display is still dedicated to a single
 system.   The best possible system might be one that has a single
 keyboard/mouse and a bunch of displays (with physical monitor
 switching) which would allow me to on the fly map the physical video
 outputs from the individual systems in any way that I wanted onto the
 physical displays which are in front of me.   All while still
 retaining Synergy's ability to let me slide my mouse (and my keyboard
 input as well) from system to system across the wall of displays.
 Synergy would have to know  the current mapping of system video output
 to physical display to relay the input correctly.   If there are
 programmatically controllable multiple input/output video switching
 devices this could be done.   I suspect that the hardware required
 would be pricey though.

 Bill Bogstad



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] SELinux IPTables

[markw]

My first rule of thumb is to not use IPTables until after everything is
setup and running. Then start it and fix what breaks.

My second rule of thumb is to not enable SELinux until after everything is
setup and running. Then enable it and fix what breaks.

You really really need a working base line before you enable these things
because they can break services and applications in pretty unpredictable
ways.



 Does anyone have any suggestions for Best Practices in configuring SELinux
  IPTables for a RedHat (RHEL6)  server running Apache, PHP, and
 connecting
 to an Oracle DB (using OCI8)?

 Thanks!


 --

 John Malloy
 jomal...@gmail.com
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Unsubscribe

[markw]

 Unsubscribe

 Regards,
 Michael Webb - IT Manager
 SDMC
 10 Connector Road
 Andover, MA 02122
 978-289-5408

 NOTICE: This message is for the designated recipient only and may contain
 privileged or confidential information. If you have received it in error,
 please notify the sender immediately and delete the original. Any other
 use of this e-mail is prohibited


I want to get on this bandwagon as well.

NOTICE: I don't care WHAT you write on your email. You have NO LEGAL RIGHT
TO ASSERT ANY RESTRICTIONS ON MY ACTIONS any more than mere copyright law,
and more or less, anything I do with it, including posting it on a forum
and making comments about it, fall clearly under Fair Use.

Any additional restrictions YOU WISH TO PLACE ON ME MUST COME WITH MY
CONSENT. I have entered into no contract with you, I have no obligation to
you or your employer, and you have no right to claim that any of my
actions regarding an email I received is prohibited.

I will not contact anyone and I will not delete the original unless it I
am compensated in some way. Your mere desire to have me do something is
your problem.

I hate these disclaimers and consider them ridiculous. I guess you can
claim anything you want, like that great disclaimer that Major League
Baseball puts up. Just because someone says something doesn't mean its
true.


 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Reading Linux book

[markw]

I wouldn't touch EXT[N] for anything but a system partition.

XFS or JFS is almost a coin toss, but XFS seems like it is more active.

 Hi,
 First of all, thanks for your previous tips on the Linux box, it was very
 much appreciated.  I'm reading the different filesystems, when would you
 use XFS or JFS or ext4.  If I'm correct currently Linux uses ext4, am i
 right?  From the reading both XFS and JFS look like a great choice.

 Thanks,
 Aldo

 XFS This is a 64-bit, high-performance journaling
    filesystem that provides fast recovery and can
     handle large files efficiently.
 JFS This is a 64-bit journaling filesystem that is fast
      and reliable. It is better equipped to handle power
     failures and system crashes.
 ext4 The newest default filesystem for Linux distribu-
       tions. It is backwards-compatible with the ext2 and
      ext3 filesystems. Among ext4’s improvements over
         ext3 are journaling, support of volumes of up to
        one exbibyte (EiB) and files up to 16 tebibytes
         (TiB) in size.
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

[Discuss] Howto Challenge

[markw]

Coming off the tail of the pretty hard core Why Linux debate, anyone
want to come up with a more constructive forum?

I suggest a howto challenge. We field a number of how can I do xyz? and
we construct a concise howto based on our platform of choice. This will
accomplish far more than a debate, this will produce actual sable
knowledge and take rhetorical arguments out of the equation. Then we all
score the submissions.

I propose we score them as:

(1) Ease of implementation.
(2) Cost of implementation.
(3) Stability/Performance.


Any takers?

___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Howto Challenge

[markw]

 ma...@mohawksoft.com wrote:
 I suggest a howto challenge. We field a number of how can I do xyz?
 and
 we construct a concise howto based on our platform of choice. This
 will

 I'm inclined to decline. The way I see it, your how can I do ${task}?
 contest isn't about solving problems; it's cherry picking problems to
 showcase favorites. I don't have a favorite. I have a box of tools and a
 bag of tricks.

I wasn't thinking of choosing the tasks, I was thinking more solving
actual problems people had. More like putting your expertise where your
mouth is, sort of thing.


 --
 Rich P.
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Why use Linux? (back to original question)

[markw]

 From: ma...@mohawksoft.com [mailto:ma...@mohawksoft.com]

  And you're wrong about sparse files.  All of the above support sparse
  files.

 Yes, with enough work, you can put a V8 in a motorcycle, but that is a
 strawman argument. The Mac file system HFS does not support sparse files

 For disk containers, such as *.dmg files, or truecrypt volumes, for
 virtual machines, vmdk, vdi, etc, for every purpose that I've ever
 encountered or imagined ...  Whether the implementation is lazy
 provisioning, sparse disk image, dynamic allocation, sparse bundle, or
 sparse file is purely semantic.  So go ahead and argue that HFS does not
 support sparse files.  Just like ntfs doesn't have inodes, and ext doesn't
 have file ID's.  Semantics.


Not true at all. A sparse file is a file system construct that allows you
to create a file that has holes in it. The various virtual machine
management systems implement their own volume management for their VMs ad
that is not available to other applications.

This is a very important capability that is essential for most enterprise
level software. You can create multiple TB sized files on a much smalled
volume and grow as needed. So no, you went from Apple supports that, to it
doesn't matter. You were wrong on the first count and are wrong on the
second.





___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] In praise of X11 (Was Why use Linux)

[markw]

 From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss-
 bounces+blu=nedharvey@blu.org] On Behalf Of
 ma...@mohawksoft.com

 OK, so, I can ssh to a linux box from another linux box, and run an X
 program and use it, transparently, as if it were any other application
 on
 my desktop.

 *sigh*  Is this seriously a Linux is the best OS flame war?  Very
 uninteresting.  The honest truth is, every OS is better than every other
 OS, each in its own way.

 You've named the one positive feature of X11.  The reason it's not
 included by default with windows or mac (but installable on both) is
 because in many other ways, it's antiquated and non-performant.  They
 *actively* chose not to distribute it with the OS, and in the case of OSX,
 they formerly included it and later discontinued shipping it with the OS,
 because they're better off leaving it in the past.  But still available as
 a separate download package for those who need it.

I see a serious problem in the consumer UNIX marketplace. Because
something is not new, it is seen as obsolete. I'm not sure I fully
understand this. Maybe it is a technological deconstructionism, who knows?

All competing technologies has pros and cons, and is almost never A is
better than B. So that's why we have these discussions, because the answer
is not obvious. A is better than B in some cases and B is better than A in
others. You are left with Venn diagram from which you must choose the
features you need that are outside the most common set.

With X11, I see one downside, gaming and super fast rasterization. The
networking of the GUI is something that is so cool that when you show
Windows or Mac users what you really can do with it, it takes a minute to
register.

You can copy and paste from one application to another, no mater where
they are running. I can run GUI applications on one machine and display on
another, without having to import a whole desktop. The way the
applications communicate with the server is very well designed and works
very well.

Is X11 complicated? Yes. Is X11 source code getting harder to read, yes it
is getting very mature.  That's the nature of software. I say this,
NOTHING on the market comes close to what X11 does.

So, by abandoning X11 in Apple, they have made a system that doesn't work
well in a UNIX/X11 environment and they loose so much richness in
capability.  I actually think that this hurts the application environment
as a whole. If Android and Apple were fully X11, can you imagine the
interoperability you would have? How cool would that be to run any program
in the cloud and display its X11 on the device of your choice?




___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Why use Linux? (back to original question)

[markw]

 ma...@mohawksoft.com wrote:
 SSH does not do this on Mac easily. Yes, if you configure the
 bastardized
 X server that you can get for Mac, you might be able to get it to work,
 but not with all programs.

 XQuartz is genuine X.Org. There's nothing bastardized about it, and all
 X11 applications work over the SSH tunnel just like they do on Linux.

The language mapping is typically difficult to get right and not all Mac
programs will render to X11.



 Virtual Machines have changed the way we look at service environments.

 Doesn't change the fact that I've never needed to use QEMU on Macintosh
 and when I needed to make it work on Linux it was an abject failure.

I find that amazing and I question your truthfulness at this point. I have
been using QEMU and KVM for years for web services, software development,
and everything. Hell I have a Windows XP VM for turbotax.

Lots of people use QEMU/KVM. Its networking sack is just as good as the
commercial VMware package. With virt-manager, it really is point and
click. Its great.




 I have, many times and I see a whole lot of HFS+ does not support sparse
 files, use UFS and a lot of UFS is no longer supported.

 I don't believe you.

 Then you're deliberately missing the point. OS X does sparse file systems.

Please provide me a link because I know people who need this on a mac.

HPF does not support sparse files and UFS has not been available for a
couple years now. So, my colleagues are doing work on a Linux VMs on their
Macs because we have been unable to get sparse files to work on the Mac.
Even Apple support claims you can't do this.

Please supply a link, it would be helpful.




 --
 Rich P.
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Why NOT use Linux?

[markw]

 Ted Roche wrote:
 And if you're presenting a Pro/Con argument for Linux, clearly we've
 provided you with material for that, too. Why NOT use Linux?

 My top three:

 The state of desktops on Linux is terrible. Of the three leaders we have
 KDE which is a disaster, Unity which is a tablet UI desperately looking
 for hardware to run on, and Gnome which is trying to be the prettiest
 desktop around with just a single button that doesn't do anything. If
 you're looking for a desktop operating system then Linux is the last
 place to look. What's most unfortunate about this is that the *BSDs
 suffer just as much in this regard.

This is a subjective comment. People at work have Macs, my wife has
Windows and an iPad, and a friend has only an iPad. Seriously, I think the
Linux GUI is easier to use. Sure, the Mac looks cleaner and Windows is
more colorful (8 is a disaster), but I'm using Debian with Gnome and I
really really like how easy it is to use. It lacks a bit of eye candy,
sure, but it is clean and functional, and yes, not ugly.


 The state of file system backups is even worse. Linux has lacked native
 backup tools for its file systems since around 2002 leaving things like
 extended attributes and ALCs in the lurch. rsync has been hacked to be
 able to replicate extended attributes but that only works when going
 from like to like; you can't use it for tapes and optical storage.

Its funny, backup seems easiest on Linux. The trick is not to use tape or
traditional backups. You snapshot the LVM volume, and dedup the device to
a backup. Its better than Apple's time machine and really fast.


 Dynamic device enumeration. Ever have a node refuse to boot because the
 kernel randomly changes which disk is sda with every boot? Ever have a
 node stop responding after a reboot because the kernel swapped the first
 and second Ethernet interfaces? I have, more times than I care to
 remember. Dynamic enumeration is a stupid, stupid way to do things.

This has, in fact, not been an issue for almost 10 years. Both disk
devices and ethernet devices are persistently configured based on unique
criteria. Disk volumes use labels or UUID values and ethernet adapters are
configured by MAC address.

It the time it was a problem in Linux, it was also an issue on Windows,
Mac, and some BSD variants. All these platforms fixed this issue.


 --
 Rich P.
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Why use Linux?

[markw]

 Somehow this starts sounding like a bad Tom Cruise movie :)

bad Tom Cruise Movie is a tautology



 On Wed, Feb 12, 2014 at 9:02 AM, Bill Horne b...@horne.net wrote:

 On 2/12/2014 6:56 AM, js wrote:

 one thing you have not mentioned are any back doors put in proprietary
 operating systems by the orders of the US government. while it may not
 be relevant to many, it is relevant to some people [and i'm talking
 about whistle blowers or human rights activists instead of child porn
 merchants].


 No offense, but I don't feel one is different from another. As soon as
 we
 start to say that /some/ speech is good and /some/ speech is not, we
 lose.

 After all, a photograph of a naked child lying dead in a ditch at My Lai
 could be interpreted as  child porn - and Robert Mapplethorpe's
 photographs of partially naked children could be (and was) interpreted
 as
 having redeeming social merit.

 Porn, like beauty, is in the eye of the beholder, and the question is if
 we, as a society, should allow our government to examine what people
 /might/ say, before they say it.

 My $0.02. YMMV.

 Bill

 --
 Bill Horne
 William Warren Consulting
 http://www.william-warren.com/
 339-364-8487

 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss




 --
 ... Jack

 Whatever you do, work at it with all your heart... Colossians 3:23
 If you are not part of the solution, you are part of the precipitate -
 Henry J. Tillman
 Anyone who has never made a mistake, has never tried anything new. -
 Albert Einstein
 You don't manage people; you manage things. You lead people. - Admiral
 Grace Hopper, USN
 a nanosecond is the time it takes electrons to propigate 11.8 inches - 
 - http://youtu.be/JEpsKnWZrJ8
 Life is complex: it has a real part and an imaginary part. - Martin
 Terma
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Why use Linux?

[markw]

 The GPL has always denied some freedoms to developers, such as the
 right to exclusively make money from their work.

Ahh, there in lies the lies that lairs lie about the GPL. The GPL does not
deny any developer the right to make money from their work. Lies! It only
denies a developer from using someone else's work as if it were their own.
If I were to modify someone else's code, I should think I no right to
modify it without permission.

NOTHING forbids a developer making money from their own work. The GPL is
only involved when a developer uses someone else's work as the basis for
their own or as part of an aggregate product. The developer should not
base their work on GPL code if they do not like the conditions by which
they acquire it in the first place.

I HATE this lie every time I see someone repeat it. Not liking someone
else's license means you don't use their code. It does not forbid a
developer from making money from their own work.



 The anti-TiVo clause
 in GPLv3 is an additional constraint, and the rarely seen Affero
 license further limits developers. (Basically, the Affero license is
 GPLv3 with the additional provision that if you make software
 available as a service you have to make the source code available,
 just as you would if you distributed source or binary code for use by
 others.)

 There are times when the rights of users and the rights of developers
 are in direct opposition, and it is impossible to make the situation
 better for one group without making it worse for the other. But the
 amount of good gained by one group can exceed the amount lost by the
 other, and all developers are also users so their losses on their own
 coding are counterbalanced by their gains from the work of others.
 Almost no code is the work of one person or even one company alone;
 any program of significance contains libraries and other code that
 come from others and is developed using tools created by others.

 On balance, free software makes the world a better place than it would
 be if all software were proprietary. More free software would make it
 even better.

 On Tue, Feb 11, 2014 at 4:45 PM, Richard Pieri richard.pi...@gmail.com
 wrote:
 John Abreau wrote:

 More precisely, RMS says that he makes no distinction between users and
 developers, because developers are also users. He argues that limiting
 freedom to only a subset of users is divisive and antithetical to the
 concept of freedom.


 That's what RMS says. The anti-Tivoization clause of the GPLv3 says
 something quite different. It exists specifically to deny developers
 some of
 their freedoms to use and develop software and hardware.



 Freedom only for developers is kind of like a democracy where only
 wealthy landowners are allowed to vote.


 As if freedom only for users is any better.


 --
 Rich P.
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Why use Linux?

[markw]

 Huge thanks to everyone that has thought about this and responded.
 This is a wealth of information. I am not a newcomer to RMS or FSF
 ideologies, I just wanted to make sure I didn't miss any key items
 that are relevant to a Drupal crowd or a newcomer to programming. Many
 Drupal people have entered Drupal through a non-traditional software
 development doorway and they do not have a background in software
 development  - some are graphic designers and some are HTML and CSS
 experts, etc. that will probably learn some PHP due to their
 involvement in Drupal.

 I want to reach the people like myself - the non-programmer that
 understands  most of why free software is important, but due to many
 reasons:
 lack of knowledge about GNU/Linux
 no retail linux stores
 no Linux helpdesk (it's a new era where help is in the forums and in
 your ' extended circles')
 low use of my local OS ( personally I just used it to get to my
 servers... which run Linux)
 not understanding how to run Linux locally (how easy it is and how
 user friendly)
 lack of accessibility to try Linux (didn't know about live cd etc..)

 Due to these reasons and a few more, I found it easier to just use
 Windows for years!

These aren't really the answers to the question you asked. You asked why
which has more of a philosophical feel to it. What you should have asked
is the more direct question[s], Should I use Linux for Drupal and Do
you have any suggestions?




 Mea Culpa.



 Michele Metts
 DrupalConnection.com - Social Networks - Websites for Entrepreneurs
 617-877-1658


 On Tue, Feb 11, 2014 at 5:43 PM, John Abreau abre...@gmail.com wrote:



 On Tue, Feb 11, 2014 at 4:45 PM, Richard Pieri richard.pi...@gmail.com
 wrote:

 John Abreau wrote:

 Freedom only for developers is kind of like a democracy where only
 wealthy landowners are allowed to vote.


 As if freedom only for users is any better.



 Developers are themselves users. Saying that freedom is only for users
 is
 the same as saying freedom is restricted only to everybody.  The
 connotations of the word only in that sentence conflict with the fact
 that
 the group includes everybody, and thus using the word only in that
 sentence is .disingenuous.




 --
 John Abreau / Executive Director, Boston Linux  Unix
 Email: abre...@gmail.com / WWW http://www.abreau.net / PGP-Key-ID
 0x920063C6
 PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23  C2D0 E885 E17C 9200 63C6

 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Why use Linux?

[markw]

 Yes, developers give away some rights if they develop under GPL,

This is simply not true. If I develop my software and publish it under the
GPL, I give away NONE of my freedoms.

If I base my software on the work of others, then my work must align
itself with the original project. Its very easy to ignore the work that
comes before us. The GPL is nothing more than a mechanism for making sure
that people stay honest.

You write your code, you own it. If you take someone else's code, then you
are building on their foundation and have to live with the constraints by
which they made it available to you.

Developers do not give up rights with the GPL, they simply are forced to
decide. Developers decry the GPL because they don't want to use the
license of they code that they use but have not written/own.

___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Small website, non-technical users: Joomla, Drupal, or WordPress?

[markw]

I use Drupal. It is easy to start and there is a lot you can do.


 Thanks for reading this.

 I'm a member of the Big-8 Board, which decides what Usenet groups are
 created and deleted.  We have both technical and non-technical members,
 and we've been using MediaWiki for the board's website
 (http://www.big-8.org/) until now, but we have to move the site to a new
 server which doesn't offer it.

 So, the question is What's the best compromise between ease-of-use,
 learning curve, and maintainability if we have to choose between Joomla,
 Drupal, or WordPress?

 The new site has 300 GB of disk and unlimited data transfers, but I
 don't have shell access, just an ftp upload account.

 I appreciate your help!

 Bill

 --
 Bill Horne
 William Warren Consulting
 339-364-8487

 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Low level clustering software

[markw]

 ma...@mohawksoft.com wrote:
 I'm looking for stateless parallelization, state-full process
 distribution, and high-availability in as much as matters for re-submit
 for stateless and redundant data for state-full process distribution.

 Um. What kind of processing do you want to do? Because, honestly, you've
 thrown in so many buzzwords that it's impossible for me to tell what it
 is that you're really asking.

I was trying to be vague enough so as not to give too much away (its a
work question).

OK, so, a little more detailed info:

(1) Stateless parallelization, this is where we can take arbitrary chunks
of processing and ship it out to an arbitrary machine.

(2) state-full process distribution, this is a bit more complex. Think
about a distributed database. You need to send [n] identical query
commands to [n] databases and aggregate [n] streams into one based on some
unified ordering scheme. Then using some algorithm for partitioning, send
data to only one of the nodes (or two for redundancy) for storage.

(3) In the case of #2, is there any internal facilities to manage
replication or redundancy of data.


All being said, I have done a bunch of this stuff using MPI as a platform.
I wonder if there were more modern tools to do this sort of stuff.



 --
 Rich P.
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Dev Ops - architecture (local not cloud)

[markw]

Its hard to quantify what's going on here. Yes it is slow, and we can make
guesses as to why, but without a whole system diagnostic it is hard to
know.

NFS:
Network connectivity 100M, 1G, 10G?
Sync?
OS (Solaris, FreeBSD, [any bsd], Linux, etc.)
File System
NFS server daemon
Describe the NFS server in detail, OS, NFS server, storage, etc.

Client:
Network connectivity 100M, 1G, 10G?

Infrastructure:
How many hops?
Routers/firewall in between?

NFS is not as fast as a local disk, but it should not be that slow.

 Performance comparison:
 svn checkout single repository on old infrastructure
 real5m44.100s
 user0m36.957s
 sys 0m14.757s

 svn checkout single repository on new infrastructure, but only using NFS
 for read (local working copy stored on local disk)
 real3m15.057s
 user1m18.195s
 sys 0m53.796s

 svn checkout same repository on new infrastructure, with writes stored on
 NFS volume
 real28m53.220s
 user1m45.713s
 sys 3m26.948s


 Greg Rundlett


 On Fri, Dec 6, 2013 at 8:35 AM, Greg Rundlett (freephile) 
 g...@freephile.com wrote:

 We are replacing a monolithic software development IT infrastructure
 where
 source code control, development and compiling all take place on a
 single
 machine with something more manageable, scalable, redundant etc.  The
 goal
 is to provide more enterprise features like manageability, scalability
 with
 failover and disaster recovery.

 Let's call these architectures System A and System B.  System A is
 monolithic because everything is literally housed and managed on a
 single
 hardware platform.  System B is modular and virtualized, but still
 running
 in a traditional IT environment (aka not in the cloud).  The problem is
 that the new system does not come close to the old system in
 performance.
  I think it's pretty obvious why it's not performing: user home
 directories
 (where developers compile) should not be NFS mounted. [1]  The source
 repositories themselves should also not be stored on a NAS.

 What does your (software development) IT infrastructure look like?

 One of the specific problems that prompted this re-architecture was disk
 space.  Not the repository per se, but with 100+ developers each having
 one
 or more checkouts of the repos (home directories), we have maxed out a
 4.5TB volume.

 More specifically, here is what we have:
 system A (old system)
 single host
 standard Unix user accounts
 svn server using file:/// RA protocol
 4.5TB local disk storage (maxed out)
 NFS mounted NAS for tools - e.g. Windriver Linux for compiling our OS

 system B (new system)
 series of hosts managed by VMWare ESX 5.1 (version control host + build
 servers connected via 10GB link to EMC VNXe NAS for home directories and
 tools and source repos
 standard Unix user accounts controlled by NIS server (adds manageability
 across domain)
 svn server using http:/// RA protocol (adds repository access control
 and
 management)
 NFS mounted NAS for tools, the repositories, the home directories

 Notes:
 The repos we're dealing with are multiple large repositories eg. 2GB
 43,203 files, 2,066 directories.
 We're dealing with 100+ users



 [1]
 http://publib.boulder.ibm.com/infocenter/pseries/v5r3/index.jsp?topic=/com.ibm.aix.prftungd/doc/prftungd/misuses_nfs_perf.htm

 Greg Rundlett

 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Dev Ops - architecture (local not cloud)

[markw]

 On Fri, Dec 6, 2013 at 11:16 AM, ma...@mohawksoft.com wrote:


 NFS is not as fast as a local disk, but it should not be that slow.


 I remember the first time I set up a NetApp fileserver,back in 1999. I
 expected
 that NFS would be slower than local disk, but I was hoping the performance
 would still be acceptable.

 We had one of the heaviest users run his overnight jobs both on his local
 workstation and on the NetApp NFS share to compare times, and we
 discovered
 that the NetApp's NFS share gave much *faster* throughput than his local
 disks.

 His local desktop was a high-end Sun Ultrasparc workstation with the RAM
 maxed out and with fast SAS disks, tuned for maximum performance, yet
 over a 100Mb Ethernet, the NetApp outperformed his workstation's local
 disks.

That's impressive, especially over 100M ethernet.



 --
 John Abreau / Executive Director, Boston Linux  Unix
 Email: abre...@gmail.com / WWW http://www.abreau.net / PGP-Key-ID
 0x920063C6
 PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23  C2D0 E885 E17C 9200 63C6



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] BLU's SEO (Martin Owens)

[markw]

 hi

 On 10/22/13 15:20 , Martin Owens wrote:
 Marking is about getting attention

 isn't this a bit simplistic? marketing also wants to persuade you to
 take some action. otherwise, self-immolation could qualify as marketing.

Well, the term obtuse comes to mind. :-)

Marketing is a term used to describe strategies for generating interest
in your product. Nothing more or less. Now, there are some who will bend
the boundaries of good and wholesome conduct to do so, but this is not
required to be the case as part of the definition.

If you have an operating that is free and open source and decide to take
on the task of distribution and sell DVDs of this for $1.99, you will
need to market your distribution system. Taking out an ad in a news paper
or website that describes your service is considered marketing. You could
be 100% truthful and everything. It is still marketing.

If I plaster an ad with a picture of a cold glass orange juice, and write
Fresh Orange Juice, tastes good and is good for you with natural vitamin
C It is objectively truthful. No attempts at deception are made. Sure
SOME people may not like Orange juice, but sufficient quantities of people
like fresh cold orange juice that one can easily make the case that it is
generally truthful.

If I say, FOX News Fair and Balanced, I would be lying, unfortunately,
that's marketing too.





 i think it's the techniques used for this persuasion that put people
 off toward marketing. or maybe it's the outright lies in some cases [not
 all] ...

 also, i wouldn't say marketing has anything to do with consesus; i was
 never consulted regarding my exposure to marketing 24/7. but now, maybe
 it's my turn to be too simplistic ...

 --
 \js [http://or8.net/~johns/] : i am alive
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] BLU's SEO

[markw]

 Joseph Guarino wrote:
 With the greatest respect I have to disagree.  Your current
 understanding of Marketing is biased to say the least.  Marketing is the
 art/science of communicating value to customers.  There is nothing

 [snrk]

 Marketing is neither art nor science. It's the process of selling
 things. Communicating value to customers is corpspeak for advertising.

Marketing and advertising are very similar and there is a great deal of
overlap, but there are important differences.

It is marketing to say: Hey, we can use our product to cure cancer!
That's a great market.

It is advertising to say What color should the bikini be?

Sometimes corpspeak is a good thing. It isn't always about deception,
many times it is about communication. Some ideas have negative
connotations, sometimes it is best to create a new word or phrase. It can
be deceptive, sure, like all things, but it doesn't have to be.


 Corpspeak is fuzzy. It's ambiguous. It's used when you don't want to
 tell it straight and you don't want to lie outright. You may not be
 conscious of doing it. You may hold the best intentions. The fact
 remains: you used fuzzy, ambiguous jargon instead of plain English to
 try to sell me something. This demonstrates my statement: marketing is
 inherently unethical.

 Where you or I or anyone else draws a line for what is acceptable
 practice in marketing? That's an orthogonal issue.

 --
 Rich P.
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] BLU's SEO (Martin Owens)

[markw]

 ma...@mohawksoft.com wrote:
 If I plaster an ad with a picture of a cold glass orange juice, and
 write
 Fresh Orange Juice, tastes good and is good for you with natural
 vitamin
 C It is objectively truthful.

 Except that it isn't objectively truthful.

 What you're not saying is that orange juice is *loaded* with sugar,
 about 24 grams of sugar in in an 8oz serving. That's almost as much
 sugar per ounce as Coca-Cola (26g/8oz) or Pepsi Cola (27g/8oz). Orange
 juice also has about 10% more calories per ounce as Coke and Pepsi.

 Fruit juice is as bad for you as Coke and Pepsi in large quantities. The
 sugar and acid are bad for your teeth and the calories are bad for your
 weight and general health. Excess vitamin C intake causes indigestion
 and diarrhea. That you see orange juice = healthy in spite of these
 facts is the result of some of the most successful marketing campaigns
 of the 1950s and 1960s.

This is the real problem in this discussion, and probably on much larger
fronts as well.

All facts and truths come with caveats. There is no non-trivial thing
that can be considered universally true or false. If one were to say
Water is wet, a fundamental objective truth, it can be countered as
steam is water and steam is not wet, and ice is water and ice is not wet.
There are always conditions and states were things generally regarded as
one thing can be considered another. On top of that, the canonical
definition of water is H2O in its liquid form. So, depending on the
context, the word water can make the statement 100% true or partially
true based on how it is used and the intention of the person using it.

Life is terribly imperfect and ambiguous. We have to accept that
generalities are necessary for any meaningful conversation. If someone
wants to argue and derail conversation, all they need to do is pick apart
semantics until everyone gets fed up with the definition of is.

Fresh orange juice, with pulp, is generally a more healthy alternative to
coca cola. In excess, like anything, and it can be unhealthy.

Sugar with balanced disaccharides (glucose and fructose in equal
proportions) is not unhealthy (in fact necessary) in appropriate
quantities.





 I can't speak to your DVD advertisement since I don't know the contents
 of this hypothetical example and therefore have nothing to analyze.

 As for Faux News? 'nuff said. :)

 --
 Rich P.
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] cell phone pics

[markw]

They have done something with the USB connection and you need some FUSE
base program to access the phone on a modern Android system. Its a pain.

I use SSHDroid and use scp to get files on or off my phone or tablet




 i've got some pics on a samsung cell phone, but don't know
 how to access them.

 when i attach the cell phone, dmesg tells me:

 Oct 21 13:10:20 betelgeuse kernel: [95189.348094] usb 3-1: new full-speed
 USB device number 6 using uhci_hcd
 Oct 21 13:10:21 betelgeuse kernel: [95189.510152] usb 3-1: New USB device
 found, idVendor=04e8, idProduct=6640
 Oct 21 13:10:21 betelgeuse kernel: [95189.510168] usb 3-1: New USB device
 strings: Mfr=1, Product=2, SerialNumber=0
 Oct 21 13:10:21 betelgeuse kernel: [95189.510179] usb 3-1: Product:
 SAMSUNG CDMA Technologies
 Oct 21 13:10:21 betelgeuse kernel: [95189.510189] usb 3-1: Manufacturer:
 SAMSUNG Electronics Bo.,Ltd.
 Oct 21 13:10:21 betelgeuse kernel: [95189.512814] cdc_acm 3-1:1.0:
 ttyACM0: USB ACM device
 Oct 21 13:10:21 betelgeuse kernel: [95189.523289] qcaux 3-1:1.2: qcaux
 converter detected
 Oct 21 13:10:21 betelgeuse kernel: [95189.523715] usb 3-1: qcaux converter
 now attached to ttyUSB0
 Oct 21 13:10:21 betelgeuse mtp-probe: checking bus 3, device 6:
 /sys/devices/pci:00/:00:1d.1/usb3/3-1
 Oct 21 13:10:21 betelgeuse mtp-probe: bus: 3, device: 6 was not an MTP
 device
 Oct 21 13:10:21 betelgeuse modem-manager[823]: info  (ttyUSB0) opening
 serial port...
 Oct 21 13:10:21 betelgeuse modem-manager[823]: warn  (ttyUSB0): port
 attributes not fully set
 Oct 21 13:10:21 betelgeuse modem-manager[823]: info  (ttyACM0) opening
 serial port...
 Oct 21 13:10:24 betelgeuse modem-manager[823]: info  (ttyACM0) closing
 serial port...
 Oct 21 13:10:24 betelgeuse modem-manager[823]: info  (ttyACM0) serial
 port closed
 Oct 21 13:10:24 betelgeuse modem-manager[823]: info  (Generic): CDMA
 modem /sys/devices/pci:00/:00:1d.1/usb3/3-1 claimed port ttyACM0

 where do i go from here?  (running ubuntu 12.04.)

 tia,
 ole dan

 j. daniel moylan
 84 harvard ave
 brookline, ma 02446-6202
 617-232-2360 (tel)
 j...@moylan.us
 www.moylan.us
 [avoid html waste.]
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] [OT RTFM]Quick SQL quesiton

[markw]

I have been doing SQL for a *long* time, but I don't do it consistently
enough to know the esoterica off the top of my head.

There is a left join, a right join, and a full join.

A full join returns null for empty elements from both sides. The left and
right joins do what you'd expect.


 On Fri, Oct 4, 2013 at 12:25 PM, Tim Callaghan
 tmcallag...@gmail.comwrote:

  but, inner joins only produce matching records, and outer joins only
 give
  the compete set of records from one table or the other, not both.


 FULL OUTER JOIN?

 Gordon
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] our friend the nsa

[markw]

I think we all agree that he *must* have been approached. The fact that he
nodded his head yes bead said no is clear as to what happened.  It should
be clear that the fact that he was asked means a few things:

(1) He has not said he did not put in a back door.
(2) Others in the community were probably asked as well.
(3) There are probably NSA agents involved in the Linux community covertly.
(4) It is quite likely there are multiple backdoors in Linux.


 I wonder how much to make of this?

 quote

 NSA Backdoor
 Torvalds was also asked if he had ever been approached by the U.S.
 government to insert a backdoor into Linux.

 Torvalds responded no while shaking his head yes, as the audience
 broke into spontaneous laughter.

 /quote

 http://www.eweek.com/developer/linus-torvalds-talks-linux-development-at-linuxcon.html

 --
 Eric Chadbourne
 617.249.3377
 http://themnemeproject.org/

 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] our friend the nsa

[markw]

 On 9/19/13 9:36 , Eric Chadbourne wrote:
 I wonder how much to make of this?

 think about open source for a moment. also, i do not think linus [or
 linux] can be subject to an NSA security letter as he is not a US citizen.

He is on U.S. soil thus U.S. law applies to him. This is complete
nonsense. Do you think that non-citizens are not subject to U.S. law in
the U.S.?


 but it would be easy to fork any open source project and make the
 modifications you would like on it.

*easy* is a relative term.

 --
 \js [http://or8.net/~johns/] : i am alive
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] our friend the nsa

[markw]

 On Thu, Sep 19, 2013 at 01:33:25PM -0400, ma...@mohawksoft.com wrote:
  as i understand it, darwin is a fork of freebsd.

 It's not:

 http://en.wikipedia.org/wiki/Darwin_(operating_system)#History

 darwin is pretty dead. Apple stopped providing updates a long time
 ago.

 They didn't:

 http://opensource.apple.com/release/mac-os-x-1084/

 Everybody's got an axe to grind...

Not at all. Those are the GPL packages they are required to provide or
parts that make sense for isvs. The darwin project, as a full OS as the
basis of the Mac, is a parrot.



 -b

 --
 a woman is like a tea bag; she never knows how strong she is until she's
 in hot water.eleanor roosevelt



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] our friend the nsa

[markw]

 On 9/19/13 11:46 , Richard Pieri wrote:
 Darwin, the Unix layer of OS X, is FreeBSD and the source code is very
 much publicly available.

 as i understand it, darwin is a fork of freebsd. apple has some non-open
 stuff in there too.

darwin is pretty dead. Apple stopped providing updates a long time ago.

 --
 \js [http://or8.net/~johns/] : i am alive
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Encrypt Everything?

[markw]

 From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss-
 bounces+blu=nedharvey@blu.org] On Behalf Of Jerry Feldman

 The main issue is that assuming you encrypt all your outgoing emails,
 and most of your respondents encrypt email to you if someone with enough
 compute power wanted to decrypt your emails they can do it. And,
 essentially it comes down to the cost vs reward. So, the federal
 government has the resources but very few criminal enterprises would
 invest that much for us.

 enough compute power is basically a millenium of the entire energy
 output of our sun.  If you're using strong encryption, which is a given.
 There isn't any implementation of weak encryption supported in email
 encryption anymore - only weak key management.  Not even the government
 has the compute power to decrypt (in general) something you encrypted with
 a modern digital ID and S/MIME.  (The lowest key strength startcom will
 accept is 2048 bit RSA, and they recommend 4096 bit).

Yes, well that assumes a lot of things that I would have assumed a few
months ago and no longer trust.

Random number generators may be more predictable than we once thought,
specifically if the NSA has artificially limited there effectiveness. We
know SHA1 has been broken. We know that MD5 is long gone. We know that
SHA2 may be close to being broken.

Those are the most expensive methodologies. If as hinted by the Snowden
info, the NSA has surreptitious weakened encryption systems you may have
a far less encrypted data stream than you expect.

For instance, most software engineers and even the more experienced ones,
cryptography takes a lot of in brain ram knowledge to understand what's
going on. It would be fairly strait forward to artificially limit the size
and diversity of the shared secret generated in an SSL system to a known
quantity of testable secrets that could never be detected by anyone's QA
department. If the NSA had a list of known secrets, i.e. say 1,000,000
possible secrets out of 2^1024 then it would make quick work of any
encrypted application as long as both sides have been modified.

We trust that a lot of the software we use works as we expect it does.
The Snowden story should make us question these trusts.



 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

[Discuss] Software Development (OT?)

[markw]

I have been developing software for a long time now. I'm finding it is
getting very difficult. Not for the coding and designing, but for the
process. I find that software development has become so process
focused that actual architecture and code barely gets evaluated.

I find it kind of depressing.


___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] how to contract correctly?

[markw]

 From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss-
 bounces+blu=nedharvey@blu.org] On Behalf Of Eric Chadbourne

 Before you take a client, ask your accountant if you should do the 1099 or
 W2 with them.  The answer should be either No, you don't do it at all, or
 Business 1099, where you do the 1099 using your business name and business
 EIN.  The whole point is, maintain your LLC as a layer in between you and
 your client.  You definitely need an accountant.

Don't go W2! If you are an independent contractor, W2 defeats your tax
advantages. A W2 means you are an employee.


 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] how to contract correctly?

[markw]

 Good morning most awesome BLUers.  Question for you contractors.  How do
 you bill your clients?

 About a month ago I resigned from my job, paid my bills a few months in
 advance, and have decided I want to and be an independent contractor.  I
 have never done anything like this before.  So far I have been very
 fortunate in picking up more business than I can handle just by talking
 with people and using craigslist.  I've been charging by the hour though
 I notice clients seem to prefer charging by the project or milestone.
 What's the best way to go about billing folks?  Increments of a certain
 dollar amount?  How do you do it?

 A second concern is if my luck does not continue and I have to go
 several months without any clients.  How do you stay busy?  Do you
 partner with other contractors and share when you have to much work?

Get a federal employment ID and open a bank account. Something like EC
Enterprises. You'll need it. A lot of companies don't like to pay SSNs.

Second, get a contract written that the entity to which you provide
services must sign. Make sure it states something to the effect that
although you provide professional services and take reasonable efforts to
avoid copyright and/or patent infringement, there is no way you can be
100% certain that you have not inadvertently violated patents or infringed
on copyright and that you can not be held liable.

If you don't, you can get screwed pretty easily.

Third, no contract is just a standard contract all contracts are written
from a one sided perspective: screw you and protect them. Getting a
contract is a negotiation and you can and should cross out clauses in the
contract that you believe are unfair or unreasonable. Make sure it does
not give them rights they sign away on the second step.

You need to protect yourself. Walk away from business if you can't
negotiate a reasonable situation. It only takes one nightmare customer
ruin a good year or two of your life.




 Thanks,

 --
 Eric Chadbourne


 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Effort to repeal Mass Tax on Software Services

[markw]

 On Thu, Aug 15, 2013 at 1:27 PM, Greg Rundlett (freephile) 
 g...@freephile.com wrote:

 Gordon, what is your response to this new legislation?  I haven't heard
 arguments in support of it.

 I think most people, and virtually all people on this list, would view
 this tax as both unjust and counterproductive.  It certainly damages the
 tech sector of the MA economy.

 Unjust is pretty rich, coming from a white guy complaining about taxes.
 There are much greater miscarriages of justice accepted without comment or
 complaint (and sometimes, even with approval!) on a daily basis by members
 of this list.

 In a world where we've accepted the idea of income tax, sales tax, and
 business-profit-tax (there's probably a better word for this), it seems a
 little farfetched to say that software services is the red line that
 taxes can't cross.

 There's a larger conversation to be had about taxation in general, the
 role
 of government, etc., but that's even farther off-topic. :--)

While I largely agree with your take on the tax issue, I think the larger
point is the autonomy and freedom to own your work.

By making it very difficult to be independent, it directly affects my
rights to own my work. I *own* a lot of code I wrote whilst I was
contracting and was able to license that code to the client. I now work
full time at a company and do not own my work.


 Gordon
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] encrypted basic cable

[markw]

 Daniel Barrett wrote:
 I found a similar no-set-top-box plan on FIOS for even less money,
 $10/month, switched, and never had a problem again.

 You're referring to a plan that only covers the retransmission of local
 broadcast stations (and probably public access stations), right?

 Are you using it with digital or analog tuners?

 At one time, and perhaps still currently, FIOS optical network terminals
 (ONTs) actually provided the basic channels as analog video. Something
 Comcast got rid of years ago. Given the architecture of Comcast's
 network, they had more incentive to do so, as it ate up shared bandwidth
 on their system.

 Now that the FCC has ruled that cable companies have no obligation to
 provide the basic tier as unencrypted digital, I wonder how long you'll
 be able to continue using this service without a converter box. (A
 converter box the FCC says you can be charged for, after 2 years.)

This is why conventional cable companies are going away and being replaced
by the likes of netflix and youtube.

The cable companies are forcing people to rent equipment to watch
conventional TV that is increasingly valueless. I mean, have you looked at
prime time TV lately? There is nothing on that's really entertaining, the
news is a joke, and there are so many commercials there is almost no
actual show.

I have basic cable and internet. If basic cable goes away, I'll buy an
antenna. It will be cheaper and more flexible than their set-top box, and
won't have any less content.


___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] On Btrfs raid and odd-count disks

[markw]

Its funny, but I never considered an odd number of drives as viable for
raid1. I guess its simple enough Dn + D(n+1 = N ? 0 : n+1), but doesn't
feel right.


 Today I ran into a problem that I hadn't expected but I should have
 expected.

 Remember that Btrfs raid replicates file data and metadata, not disk
 blocks. If you have three disks in a raid1 configuration then any file
 written to one disk will have a replica written to another disk. If you
 have 3 times 500G disks then you have ~700G usable capacity. df reports
 this as 1.2T since it doesn't fully understand Btrfs.

 Mostly.

 Say you have 500G disks in a 3-disk raid set, and you've stored 150G of
 data. df will show 300G used and 1.1T free. That's 550G usable after
 dividing by half for mirroring. The largest file that you can write is
 still only 400G. This assumes even balancing of that 300G across all of
 the disks in the set. If that 300G is a single 150G file which is
 replicated across two disks in the set then the largest file that can be
 written is 350G -- the space available on those two disks.

 And if you do fill up one of the disks, such as by using dd like I did,
 then you will start getting file system full errors despite df showing
 plenty of usable space.

 --
 Rich P.
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] cluster DNS servers

[markw]

For the caching solution you don't need to cluster. For the service
issue, I use mydns with PostgreSQL.

So, using mydns to serve dns and using postgresql slow replication to keep
them in sync.


 Hello all,

 Any suggestion for the cluster DNS servers?


 Thanks,

 Dave
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] [OT] Smart Phones

[markw]

 Mark Woodward ma...@mohawksoft.com wrote:
I think I was the last human being above the age of 16 to get a smart
phone.

 You're not the last. I still don't own one and perhaps never will.  My
 days
 are already jam-packed with technology; the last thing I desire is to
 carry
 more technology around with me.

 #define LIFESTYLE_GENTLE_RANT 1

 Other than GPS (which I have in my car), I have yet to encounter a single
 smartphone app that would make my life *happier*. This is not a troll so
 please don't respond with your dozen favorite apps. :-) My priorities are
 just different.

Well, my reason for getting was a family vacation. I needed to be able to
answer email. We are on a tight release schedule, but there is more...

As I own it, I realize that it is actually less of a phone and more of a
consolidation of various utilities.

GPS for car, don't need it.
Bike computer for bicycle, don't need it
Laptop or tablet for quick email, don't need it
Small notebook for shopping lists and contacts, don't need it.

It isn't life changing in as much as that term means, but it does allow
me to travel lighter.



 If I'm standing in a long, boring line waiting for something, I don't want
 to whip out a phone and surf the web or play a game. I'd rather think
 interesting thoughts, compose music in my head, read a book, or harangue
 the person responsible for the long delay. (I'd chat with the person next
 to me, but he's playing with his smartphone.)

You can read a book on a smart phone.

 Work is insanely busy. So when I'm not at work, I like living slowly,
 cultivating patience.  Enjoying a meal without the beep of a text
 message. I understand that others need to stay in contact with work
 24x7. I've chosen not to live that way, and to accept whatever compromises
 come with that choice. (Even so, I'm having a successful career in the
 tech
 industry. It's a balancing act.)

True most of the time, but any job with responsibilities has the
occasional need to intrude on personal life.

 The only tough part is not having mobile access to my calendar. This means
 every so often, I make an appointment for a time that's already booked, so
 I have to phone later to change it. It's a small price to pay to stay
 unhooked.

 --
 Dan Barrett
 dbarr...@blazemonger.com
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Death, and other cheery topics

[markw]

 On Thu, May 10, 2012 at 7:57 PM, Eric Chadbourne
 eric.chadbou...@gmail.com wrote:
 2. The knowledge that when you die, there's no conceivable way your
 family could understand or operate this system, even if they are
 smart.

 I don't have a complex computing environment either.  I just have a
 Windows laptop with a text file on the desktop titled Open If I Die.
  Every so often I go through and update it.

Open if I die?

Something to think of

___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] ssl certs

[markw]

 Guys,

 I got sucked into buying an ssl certificate from godaddy for $12.99 a
 month which it turns out is for the first one and then it goes to
 $70/year after that. What's the cheapest ssl certificate I can get?
 Besides a self signed one.

 Thanks for the advice.


A couple of years ago, my previous company got a godady cert, which
worked fine and all, but not all the customer's browsers recognized it. We
eventually had to pony up for a Network Solutions cert.

The moral of the story: look at the ssl authorities your projected
customers accept (based on age of the browsers and OS)  and pick from one
of those. If it is a web site, you sort of need to pay the cash. If it is
just your stuff, roll an Inno Setup to install your cert on Windows.

Seriously, I think the whole ssl authority model is fucked up, but that is
a whole new level of discussion.

 Cheers. Steve.

 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

[Discuss] LVM vs File system file for KVM Virtual Machines?

[markw]

Hopefully without getting into an augment about the pros and cons of LVM
vs btrfs or zfs, does anyone want to discuss the pros and cons of LVM
device for a virtual machine vs a file on a file system for a virtual
machine?

So, do you create a 30G file on a file system, like EXT3, jfs, or xfs and
use that or do you create a 30G LVM device and use it directly? There are
some benefits to using LVM and with the 3.x kernel, you could even use a
thin provisioned device.

Which do you suspect would be more resource efficient? Which do you think
would have faster I/O?

I've set up two systems, one on a jfs file system and one on an old
style LVM partition. (Fully allocated). I don't see much of a difference.
I suspect the LVM based system should be more efficient because it does
not have to go through the intermediate file system layer to get to the
device layer. Internally, the VM sees the LVM device as its own device.

___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] LVM vs File system file for KVM Virtual Machines?

[markw]

 Mark,

 Think about it this way:  when using a file on the file system the VM has
 a whole extra layer of indirection that it has to go through, because it
 has to go through the FS layer in the VM, then the block layer in the VM,
 then the VM system storage layer, and then the FS layer in the host, then
 block layer in the host..   Whereas if it's just an LVM container then you
 can bypass the FS layer in the host completely.  So I would always expect
 the direct LVM container to be faster and more resource efficient.

I think that was my assumption to begin with. Great minds think alike!
That being said, there is caching in the file system layer that we
wouldn't get with LVM, but that may hinder more than help. There may be a
little more I/O involved with a file because not only would the VM be
managing the file system, the host would have to manage the meta-data for
the file. Not too much, I don't think, because the file based vm would be
more or less fixed in size.




 -derek

 On Thu, March 29, 2012 10:49 am, ma...@mohawksoft.com wrote:
 Hopefully without getting into an augment about the pros and cons of LVM
 vs btrfs or zfs, does anyone want to discuss the pros and cons of LVM
 device for a virtual machine vs a file on a file system for a virtual
 machine?

 So, do you create a 30G file on a file system, like EXT3, jfs, or xfs
 and
 use that or do you create a 30G LVM device and use it directly? There
 are
 some benefits to using LVM and with the 3.x kernel, you could even use a
 thin provisioned device.

 Which do you suspect would be more resource efficient? Which do you
 think
 would have faster I/O?

 I've set up two systems, one on a jfs file system and one on an old
 style LVM partition. (Fully allocated). I don't see much of a
 difference.
 I suspect the LVM based system should be more efficient because it does
 not have to go through the intermediate file system layer to get to the
 device layer. Internally, the VM sees the LVM device as its own device.

 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



 --
Derek Atkins 617-623-3745
de...@ihtfp.com www.ihtfp.com
Computer and Internet Security Consultant




___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] I think my server is running out of something

[markw]

I had a similar problem with an older machine. What is the power rating of
your power supply?


 Quick overview of ground zero:

 Home-built server/firewall/mail server/web server/MythTV back end/makes
 coffee.
 Motherboard: Abit IP35 Pro with Intel Core2Duo E6750  @ 2.66GHz
 eth0 -- cablemodem
 eth1 -- intranet
 6 sata ports on motherboard (JBOD, not RAID)
   1 sata drive for root
   4 sata drives for MythTV recordings
   1 sata DVD-RW

 I decided to add another 1TB drive for MythTV recordings, so I bought a
 WD Caviar Black sata drive.  I plug it into the 6th and last sata port
 and power back up, and the server won't boot.  Unplug the new drive, and
 it boots.

 I got an idea of trying to disconnect the DVD-RW drive and plug the new
 drive back into sata port 6, and the server boots.  Spooky.  So once
 again I unhook the new drive, plug in the DVD-RW drive again, and it
 boots.

 Then I discovered that eth1 was dark.  No signal, lights aren't lighting
 up.  So my server can get to the internet, but the rest of the house was
 SOL.  I reboot, and then eth1 works, but eth0 is dark, so I can get to
 my server from my other computers, but nothing can get out to the
 internet.  I reboot AGAIN and finally both ethernet jacks are live.  I
 backed away slowly thinking clean thoughts.  Again, this is several
 reboots with no changes to hardware getting different results.

 Current status is that the system is back up with all the original hard
 drives working, and both ethernet ports working, but my brand spankin
 new hard drive is staring at me longingly waiting to be deployed.

 I have a theory that my server is running out of something
 (interrupts?  DMAs?), and the luck of the draw is determining what
 devices get what they need.  I can't think of another scenario where
 devices would randomly work or not at boot, and adding a device disables
 others.  What do you think?

 What can I look at?
 What can I try?
 Thanks in advance.

 Side note: I stick labels on all my drives with the install date.
 Apparently some of my MythTV drives have been spinning almost
 continuously since 2007.  That is impressive.  And scary.
 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

[Discuss] Next AMD FX-8120 update

[markw]

I finally got my AMD FX-8120 8 core system and have migrated to it. My old
system, an AMD Athlon Dual Core, 8G RAM is now powered off waiting for a
new job. My initial problem was a bad motherboard and my biggest obstacle
to migration was wife and family and the responsibilities there of.

So, quick summary:
AMD FX-8120 8 core CPU
16 Gig RAM
1TB Boot drive (new)
1.5TB Data drive (removed from previous machine)
Ubuntu 12.04

My first impression was that it is not much faster than the old Dual Core
Athlon when running a single task, but that turned out to be false. It
does seem faster than the previous machine. I only have anecdotal
information.

Does anyone know of a good Linux benchmark?

At work we have IBM servers using XEON Westmere processors, running
similar clock speeds, the inexpensive AMD calculated SHA1 hashes faster
than the XEON. I was surprised.

The big win, of course, is multiple processes and threads. With the extra
RAM, I am able to create good sized virtual machines with multiple CPUs.

The processor itself is interesting. It isn't quite 8 true processors,
but it isn't quite as useless as Intel's Hyperthreaded cores either. I
will need to find time time to really test it.



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Next AMD FX-8120 update

[markw]

Here is an output from sysbench:

FX-8120:
markw@snoopy:~$ sysbench --test=cpu --cpu-max-prime=2 --num-threads=8 run
sysbench 0.4.12:  multi-threaded system evaluation benchmark

Running the test with following options:
Number of threads: 8

Doing CPU performance benchmark

Threads started!
Done.

Maximum prime number checked in CPU test: 2


Test execution summary:
total time:  3.2178s
total number of events:  1
total time taken by event execution: 25.7120
per-request statistics:
 min:  2.23ms
 avg:  2.57ms
 max:  4.94ms
 approx.  95 percentile:   2.71ms

Threads fairness:
events (avg/stddev):   1250./1.87
execution time (avg/stddev):   3.2140/0.00

AMD Phenom(tm) II X4 925 Processor
markw@huey:~$ sysbench --test=cpu --cpu-max-prime=2 --num-threads=4 run
sysbench 0.4.10:  multi-threaded system evaluation benchmark

Running the test with following options:
Number of threads: 4

Doing CPU performance benchmark

Threads started!
Done.

Maximum prime number checked in CPU test: 2


Test execution summary:
total time:  8.3527s
total number of events:  1
total time taken by event execution: 33.4005
per-request statistics:
 min:  3.28ms
 avg:  3.34ms
 max: 10.62ms
 approx.  95 percentile:   3.35ms

Threads fairness:
events (avg/stddev):   2500./35.81
execution time (avg/stddev):   8.3501/0.00



 I finally got my AMD FX-8120 8 core system and have migrated to it. My old
 system, an AMD Athlon Dual Core, 8G RAM is now powered off waiting for a
 new job. My initial problem was a bad motherboard and my biggest obstacle
 to migration was wife and family and the responsibilities there of.

 So, quick summary:
 AMD FX-8120 8 core CPU
 16 Gig RAM
 1TB Boot drive (new)
 1.5TB Data drive (removed from previous machine)
 Ubuntu 12.04

 My first impression was that it is not much faster than the old Dual Core
 Athlon when running a single task, but that turned out to be false. It
 does seem faster than the previous machine. I only have anecdotal
 information.

 Does anyone know of a good Linux benchmark?

 At work we have IBM servers using XEON Westmere processors, running
 similar clock speeds, the inexpensive AMD calculated SHA1 hashes faster
 than the XEON. I was surprised.

 The big win, of course, is multiple processes and threads. With the extra
 RAM, I am able to create good sized virtual machines with multiple CPUs.

 The processor itself is interesting. It isn't quite 8 true processors,
 but it isn't quite as useless as Intel's Hyperthreaded cores either. I
 will need to find time time to really test it.



 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

Re: [Discuss] Next AMD FX-8120 update

[markw]

 On 03/18/2012 12:02 PM, Richard Pieri wrote:
 What you will typically find is that if your threads are CPU bound then
 you will see better performance over the long term with HT disabled.
 The reason is that the phantom CPUs that HT provides need to share cache
 and memory bandwidth and there is some extra switching overhead.  The
 upshot is that if you have 1 CPU with 2 HT threads and 4 CPU-bound jobs
 to run, the total time to run all 4 jobs will be less with HT disabled.
 As an aside for anyone running a Condor pool, disabling HT is
 recommended for this reason.

 On the other hand, if you are not CPU-bound across all of your threads,
 or in environments where concurrency is more important than throughput,
 then HT may be a win.

 AMD's Bulldozer architecture has less resource contention than Intel's
 HT implementations (less overhead) but two threads on 1 core still have
 to share some resources and you will usually see results similar to what
 I described.
 In Toronto they always turn off HT. I ran a quick test and found that
 the RiskWatch application runs better with no HT. There is certainly
 some benefit to HT under some circumstances.

The problem isn't with hyperthreads per se' it is a problem with system
schedulers not knowing the difference or how to use them. Hyperthreads are
sort of a micro-NUMA environment. Sometimes, it is best to put a HT
semi-core to sleep instead of using it because there is no appropriate job
for it to run and running another job would affect its peer.

One of the things I was concerned about the FX-8120 was the shared
resources of the cores. So far it doesn't seem too bad. Even though core
pairs share a numeric processor and some caching, they seem to schedule
fairly well independently.

So, like I said, they aren't truly full cores, but they don't seem
similarly limited.

 --
 Jerry Feldman g...@blu.org
 Boston Linux and Unix
 PGP key id:3BC1EB90
 PGP Key fingerprint: 49E2 C52A FC5A A31F 8D66  C0AF 7CEA 30FC 3BC1 EB90


 ___
 Discuss mailing list
 Discuss@blu.org
 http://lists.blu.org/mailman/listinfo/discuss



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss

[Discuss] Looking for a user space NFS implementation

[markw]

For reasons beyond the scope of this message I am looking for a well
supported user-space NFS implementation. The only somewhat viable one I
have seen is unfs3, and it appears it hasn't been modified since 2009.

Does anyone know of anything being actively developed?

Additionally, does anyone know of a user space NFS server that will follow
symlinks instead of presenting as symlinks?



___
Discuss mailing list
Discuss@blu.org
http://lists.blu.org/mailman/listinfo/discuss