From strata at virtual.net Wed Sep 1 11:01:58 2004 From: strata at virtual.net (Strata R. Chalup) Date: Wed, 01 Sep 2004 11:01:58 -0700 Subject: Sep 2 BayLISA Board Meeting: Pho Hoa, Mountain View, 7pm In-Reply-To: References: Message-ID: <41360E96.2030401@virtual.net> (If someone wants to volunteer office space with a speakerphone, that would work better. Otherwise, we'll do Pho Hoa again and try to find a spot that is less noisy (yeah, right!)) Pho Hoa, 220 Castro St., Mountain View Tel: (650) 969-5805 Arrive by 7pm; begin meeting 7:30pm [Note: November is rapidly approaching. If you are thinking of running for the Board, please make a point of coming to a Board meeting sometime between now and the November general meeting! Or even if you're not, you are still welcome.] Not usually crowded. You can get a good cheap dinner there-- chicken, seafood, or veggie pho, plus a small selection of non-pho items for those who don't like vietnamese rice-noodle soup with beefy bits. -- ======================================================================== Strata Rose Chalup [KF6NBZ] strata "@" virtual.net VirtualNet Consulting http://www.virtual.net/ ** Project Management & Architecture for ISP/ASP Systems Integration ** ========================================================================= From rsr at inorganic.org Tue Sep 14 11:27:25 2004 From: rsr at inorganic.org (Roy S. Rapoport) Date: Tue, 14 Sep 2004 11:27:25 -0700 Subject: Going to be One Of Those Days Message-ID: <20040914182725.GA2266@puppy.inorganic.org> I'm currently working on testing an appliance. The goal is to take nightly builds of this appliance (which result in an ISO that installs a Linux plus the appliance code) and install them in a VMWare box. No problem so far. Today I identified a desire to have my (real physical) box have two network interface. No problem -- ask the hardware folks for an ethernet card, take down my box, open it, install the ethernet card next to the video card (open PCI slot), boot box. Hmm. No video. That's not good. OK, move PCI Ethernet card to another slot. Maybe there's some wonky conflict. Hmm. No video. That's not good. OK, take PCI Ethernet card out of box. Maybe there's some REALLY wonky conflict. Hmm. No video. That's quite ungood. Did I fry the video card? Oh well. Go to the hardware folks, request a replacement video card. They're a little incredulous and, in fact, come over to install it for me. Hmm. No video. This is getting a little worse ... So they take out one of the two RAM modules (which had just been installed). Hmm. No video. Dear God, did I just lose this machine by installing an ethernet card? So they take out the _other_ RAM module and put the first one in. At which point, watching them, I say "you know ... I think I'd like to check the VGA cable connection to the back of the monitor just ... in ... case." Yeah. It's like that. -roy From jxh at jxh.com Tue Sep 14 13:53:45 2004 From: jxh at jxh.com (Jim Hickstein) Date: Tue, 14 Sep 2004 15:53:45 -0500 Subject: Going to be One Of Those Days In-Reply-To: <20040914182725.GA2266@puppy.inorganic.org> References: <20040914182725.GA2266@puppy.inorganic.org> Message-ID: <19787EC8408172686219D9F8@[10.9.18.3]> > At which point, watching them, I say "you know ... I think I'd like to > check the VGA cable connection to the back of the monitor just ... in ... > case." But PCs are still crap. :-) From rsr at inorganic.org Tue Sep 14 14:31:39 2004 From: rsr at inorganic.org (Roy S. Rapoport) Date: Tue, 14 Sep 2004 14:31:39 -0700 Subject: Going to be One Of Those Days In-Reply-To: <19787EC8408172686219D9F8@[10.9.18.3]> References: <20040914182725.GA2266@puppy.inorganic.org> <19787EC8408172686219D9F8@[10.9.18.3]> Message-ID: <20040914213139.GA11022@puppy.inorganic.org> On Tue, Sep 14, 2004 at 03:53:45PM -0500, Jim Hickstein wrote: > > At which point, watching them, I say "you know ... I think I'd like to > > check the VGA cable connection to the back of the monitor just ... in ... > > case." > > But PCs are still crap. Bang-for-buck-wise, they ain't bad. -roy From guy at extragalactic.net Tue Sep 14 22:59:42 2004 From: guy at extragalactic.net (Guy B. Purcell) Date: Tue, 14 Sep 2004 22:59:42 -0700 Subject: Going to be One Of Those Days In-Reply-To: <20040914213139.GA11022@puppy.inorganic.org> References: <20040914182725.GA2266@puppy.inorganic.org> <19787EC8408172686219D9F8@[10.9.18.3]> <20040914213139.GA11022@puppy.inorganic.org> Message-ID: <7020AB09-06DC-11D9-8BEA-0030657CE32A@extragalactic.net> On Sep 14, 2004, at 14:31, Roy S. Rapoport wrote: > On Tue, Sep 14, 2004 at 03:53:45PM -0500, Jim Hickstein wrote: >>> At which point, watching them, I say "you know ... I think I'd like >>> to >>> check the VGA cable connection to the back of the monitor just ... >>> in ... >>> case." >> >> But PCs are still crap. > > Bang-for-buck-wise, they ain't bad. I'm not so sure. I'd _love_ to see a real study done that takes into account all the relevant factors (or as close to that as is practical)--including extra HW required for remote reboot, and extra sysadmin time to assemble the ultra-cheap build-it-yourself boxes, and to replace cheap HW as it dies under stress, etc.. At $CURRENT_JOB, we "upgraded" from sturdy-but-old SPARC boxes to Intel HW from Sun. The HW wasn't any cheaper than similar SPARC boxes (V60x's vs. V210's), and it has held up well under load so far, but also has required almost $1,000 extra in manageable power strips, the OS support ($BOSS requires OS support) fees are more than they were for Solaris, and I had to add the optional bits (second CPU, second disk, more RAM--stuff my VAR should have done, if I had a decent one; don't ask--we can't switch) to each one (a significant time cost for around 40 boxes). We originally went with much cheaper Intel HW, but it broke seriously under load, so decided that "you get what you pay for" is somewhat close to correct. I have this uncomfortable feeling that that adage is deeper than typically interpreted, and that "cheap" HW ends up costing the same as or more than the "expensive" stuff in the long run. -Guy From rsr at inorganic.org Wed Sep 15 08:32:34 2004 From: rsr at inorganic.org (Roy S. Rapoport) Date: Wed, 15 Sep 2004 08:32:34 -0700 Subject: Going to be One Of Those Days In-Reply-To: <7020AB09-06DC-11D9-8BEA-0030657CE32A@extragalactic.net> References: <20040914182725.GA2266@puppy.inorganic.org> <19787EC8408172686219D9F8@[10.9.18.3]> <20040914213139.GA11022@puppy.inorganic.org> <7020AB09-06DC-11D9-8BEA-0030657CE32A@extragalactic.net> Message-ID: <20040915153234.GA24984@puppy.inorganic.org> I hesitate to enter into this discussion because I suspect we'll be coming up on people's religious biases (including my own -- I'm a Solaris guy, and I know exactly the pleasure that is working on Sparc platforms). Nonetheless, I'll make a few comments. On Tue, Sep 14, 2004 at 10:59:42PM -0700, Guy B. Purcell wrote: > I'm not so sure. I'd _love_ to see a real study done that takes into > account all the relevant factors (or as close to that as is > practical)--including extra HW required for remote reboot, and extra > sysadmin time to assemble the ultra-cheap build-it-yourself boxes, and > to replace cheap HW as it dies under stress, etc.. Two notes: PCs can serve in, generally, two capacities: Desktops and servers. I've seen companies move from Sparcs on the desk to PCs on the desk and more centralized UNIX systems at the center. In that case, things like remote booting and serial communications become less critical. Putting PCs at the client side also allows for some cool things -- current workplace issues notebooks to EVERYONE, which allows anyone who wants to take their work home. From work's perspective, this is a good thing. We won't get into Tadpole's Sparc notebook offerings :) On the server side, we can again differentiate between critical one-off servers and undifferentiated server farms. In the case of undifferentiated server farms, issues like serial communication and remote unwedging become a lot less critical. You need X machines to serve something; you've got X+N. If Y ( At $CURRENT_JOB, we "upgraded" from sturdy-but-old SPARC boxes to Intel > HW from Sun. The HW wasn't any cheaper than similar SPARC boxes > (V60x's vs. V210's), and it has held up well under load so far, but > also has required almost $1,000 extra in manageable power strips, the > OS support ($BOSS requires OS support) fees are more than they were for > Solaris, and I had to add the optional bits (second CPU, second disk, > more RAM--stuff my VAR should have done, if I had a decent one; don't > ask--we can't switch) to each one (a significant time cost for around > 40 boxes). > > We originally went with much cheaper Intel HW, but it broke seriously > under load, so decided that "you get what you pay for" is somewhat > close to correct. I have this uncomfortable feeling that that adage is > deeper than typically interpreted, and that "cheap" HW ends up costing > the same as or more than the "expensive" stuff in the long run. I spent about an hour last night trying to figure out why a drive I had put into a PC running RHEL3 caused my bootup to get horked. Answer: Because it came from another system and had some of the same volume labels as my main drive. Being used to "put it in, make sure it's not an existing SCSI ID; reboot with -r; format; newfs," this was a ... lackluster experience. In fact, I'll go further and say it was lame. So hey, _I'm_ not going to come out and say that PC hardware is the way to go. I will note that buying PCs from Sun seems ... well, it seems a little silly to me, if your goal is to save money. Hell, buying _anything_ from Sun seems a little silly to me, if your goal is to save money :). My perception is, and I'd want to see hard numbers if you intend to disprove it, that for most workloads, you can get cheaper hardware, from an initial investment perspective (we're not talking TCO here), to serve the needs on PC rather than the premium UNIX platforms. The parts costs for replacing broken hardware (we probably want to address service offerings, but it seems that while Sun continues to request you bend over every time you negotiate a service contract with them, their quality has dropped, from what I hear) seem consistently lower. So the issue then is time. Inexpensive, decent Linux engineers seem to be easier to find than inexpensive, decent Sun engineers. I do know people who use PCs in a corporate environment and who seem to have done the financial legwork to prove to themselves that it was the right way to do things. My favorite search engine, for one. -roy From npc at gangofone.com Wed Sep 15 09:16:31 2004 From: npc at gangofone.com (Nick Christenson) Date: Wed, 15 Sep 2004 09:16:31 -0700 (PDT) Subject: Going to be One Of Those Days In-Reply-To: <7020AB09-06DC-11D9-8BEA-0030657CE32A@extragalactic.net> Message-ID: <200409151616.i8FGGVIT024965@prometheus.gangofone.com> > >> But PCs are still crap. They are, indeed. > > Bang-for-buck-wise, they ain't bad. This also seems to be true. Economics unfailingly moves towards commodities. > I'm not so sure. I'd _love_ to see a real study done that takes into > account all the relevant factors [...] I would too, but I'm coming to the opinion that there will never be one, and that any circumstances under which one would be done in a truly fair manner would be too narrowly defined to be useful to a general audience. Generally, I've stopped reading TCO studies (except for those my boss specifically asks me to analyze) 'cuz I haven't read one in the last decade that wasn't written by someone with an agenda that becomes manifestly clear in the study itself. When I have to read one of these, I generally do it at home now lest I disturb my work neighbors with my swearing. Summary: They're all worse than crap. > [...] so decided that "you get what you pay for" is somewhat > close to correct. I have this uncomfortable feeling that that adage is > deeper than typically interpreted, and that "cheap" HW ends up costing > the same as or more than the "expensive" stuff in the long run. There is a lot of truth to this, but there are many cases where the costs are compelling. A later poster does a pretty good analysis of cheap vs. rock-solid scenarios that I largely agree with. In the business world of the 21st century, so far inexpensive generally is winning out over high-quality in the IT space by a wide margin. Is this foolish? In many cases, perhaps. Is the tide reversible? I guess I don't see how. Consequently, the argument in the long term might be moot. Here's a question for the list. Does anyone here think Solaris has a long-term viable future? You could also ask the question about HP-UX, I suppose, but I expect there to be consensus that the other proprietary Unices definitely have no long-term. This is not to say that Solaris doesn't have a lot of years left in it, I believe it does. Heck, look how long it is taking IRIX to completely die. Moreover, does Solaris on Sparc (arguably less-crappy hardware than the PC world) have any real future? My predictions: I believe that Solaris on Sparc has about five years before it "feels" like, say, IRIX or AIX of today, merely in maintenance mode. I believe that Solaris on Sparc has ten years before it's dead for all intents and purposes, although some vestige of it may limp along. As we all know, Sun plans to Open Source Solaris, starting with Solaris 10. Good for them. Does Open Source Solaris (on x86) have a future, or is it just a matter of time before the PC hardware world is running Windows, Linux, or a hobby? I'm guessing Solaris on x86 dies at the same rate at Solaris on Sparc does, but I'm less sure of this. Other opinions? -- Nick Christenson npc at gangofone.com From rsr at inorganic.org Wed Sep 15 10:03:48 2004 From: rsr at inorganic.org (Roy S. Rapoport) Date: Wed, 15 Sep 2004 10:03:48 -0700 Subject: Going to be One Of Those Days In-Reply-To: <200409151616.i8FGGVIT024965@prometheus.gangofone.com> References: <7020AB09-06DC-11D9-8BEA-0030657CE32A@extragalactic.net> <200409151616.i8FGGVIT024965@prometheus.gangofone.com> Message-ID: <20040915170348.GC29136@puppy.inorganic.org> On Wed, Sep 15, 2004 at 09:16:31AM -0700, Nick Christenson wrote: > Generally, I've stopped reading TCO studies (except for those my boss > specifically asks me to analyze) 'cuz I haven't read one in the last > decade that wasn't written by someone with an agenda that becomes > manifestly clear in the study itself. When I have to read one of these, > I generally do it at home now lest I disturb my work neighbors with > my swearing. Summary: They're all worse than crap. We need a TCO study of TCO studies. One of the worst problems IT people occasionally deal with is analysis paralysis -- lets carefully analyze all our possible options before making a move. In the end, I suspect that the 'premium v. commodity' discussion is not going to come down, clearly, on one side or another. If it doesn't, it may be that we can make a quick, approximate decision that feels right and move on with business, safe in the knowledge that even if we're wrong, we're probably not very wrong. (This is, IMHO, one of the things that differentiates IT people who are artisans from IT people who are scientists -- I've been known to decide to do or design something because it feels right. I personally tend to go with my gut. One of my most powerful tools is my intuition). > My predictions: I believe that Solaris on Sparc has about five years > before it "feels" like, say, IRIX or AIX of today, merely in maintenance Solaris is dying. Netcraft confirms Solaris is dying... :) (I don't actually disagree with you, by the way) -roy From hunt at frostypenguin.net Wed Sep 15 10:20:53 2004 From: hunt at frostypenguin.net (Jeremy Hunt) Date: Wed, 15 Sep 2004 10:20:53 -0700 Subject: Going to be One Of Those Days In-Reply-To: <7020AB09-06DC-11D9-8BEA-0030657CE32A@extragalactic.net> References: <20040914182725.GA2266@puppy.inorganic.org> <19787EC8408172686219D9F8@[10.9.18.3]> <20040914213139.GA11022@puppy.inorganic.org> <7020AB09-06DC-11D9-8BEA-0030657CE32A@extragalactic.net> Message-ID: <414879F5.2080303@frostypenguin.net> I used to be a huge Sun supporter. Unfortunately, times have changed and Sun has not. At least not for the better. Guy B. Purcell wrote: > > I'm not so sure. I'd _love_ to see a real study done that takes into > account all the relevant factors (or as close to that as is > practical)--including extra HW required for remote reboot, and extra > sysadmin time to assemble the ultra-cheap build-it-yourself boxes, and > to replace cheap HW as it dies under stress, etc.. > > At $CURRENT_JOB, we "upgraded" from sturdy-but-old SPARC boxes to > Intel HW from Sun. The HW wasn't any cheaper than similar SPARC boxes > (V60x's vs. V210's), and it has held up well under load so far, but > also has required almost $1,000 extra in manageable power strips, the > OS support ($BOSS requires OS support) fees are more than they were > for Solaris We skip the off the shelf stuff and stick with feature rich servers like HP's DL series. It gives us more manageability than Sun offers on most of their servers and we have far fewer problems than we do with the SPARC servers. The built in iLo card allows you to use a browser, ssh, or conserver to get to the console. From that same console you can power off the server, reboot it whatever. And they've been rock solid. I agree RedHat's (or whoever's) fees are too high. > , and I had to add the optional bits (second CPU, second disk, more > RAM--stuff my VAR should have done, if I had a decent one; don't > ask--we can't switch) to each one (a significant time cost for around > 40 boxes). You might want to find a new VAR. Sun actually has a nice little trick they've been pulling lately that is even worse than that. We ordered a server that came with 512MB DIMMs by default. We ordered a memory config that required 1GB DIMMs. Did they install them? Nope. They shipped us both but with an RMA box so that after we installed the 1GB DIMMs ourselves we had to then ship the original memory back to them. > We originally went with much cheaper Intel HW, but it broke seriously > under load, so decided that "you get what you pay for" is somewhat > close to correct. I have this uncomfortable feeling that that adage > is deeper than typically interpreted, and that "cheap" HW ends up > costing the same as or more than the "expensive" stuff in the long run. > > -Guy > Good x86 boxes aren't really much cheaper than say SPARC anymore but you get way more bang for the buck. I would definitely not call Sun's hardware reliable. At least not the CPU's. We had another one go yesterday. But performance-wise we have some jobs that run on dual proc Intel boxes that are about 3x faster than on a 280R. With the Opteron that's jumped to 5x in some cases. That's huge. Also Sun's hardware is so dated. A V880 comes with 7 - 33Mhz PCI slots. Wow. How about some ISA slots since you're being so generous? I work for a SAN company so we may have higher requirements ( we use lots of dual ported HBA's) but all Intel hardware has PCI-x slots these days. And for my final hardware gripe, have you ever tried to push a Gig link on a Solaris box? Shamefully even Windows is much better. So basically we're all going to be forced down the x86 path if we care about any sort of performance because the old server architectures are just that - old. From jxh at jxh.com Wed Sep 15 12:40:31 2004 From: jxh at jxh.com (Jim Hickstein) Date: Wed, 15 Sep 2004 14:40:31 -0500 Subject: _JPEG_ exploit?! Message-ID: This is a dandy one: What are they _smoking_ up there? Remember when "catching viruses by reading email" was preposterous, and a prima facie hoax? They fixed that.... From rick at linuxmafia.com Wed Sep 15 13:47:12 2004 From: rick at linuxmafia.com (Rick Moen) Date: Wed, 15 Sep 2004 13:47:12 -0700 Subject: _JPEG_ exploit?! In-Reply-To: References: Message-ID: <20040915204712.GF21483@linuxmafia.com> Quoting Jim Hickstein (jxh at jxh.com): > This is a dandy one: > > > > What are they _smoking_ up there? > > Remember when "catching viruses by reading email" was preposterous, and a > prima facie hoax? They fixed that.... I'll give you 100:1 odds that it's not _really_ a JPEG exploit: If it follows the usual pattern, this is a Microsoft-doesn't-do-MIME-competently exploit. The Microsoft page, as usual, says nothing at all about the vulnerability's mechanism. -- Cheers, Ceterum censeo, Caldera delenda est. Rick Moen rick at linuxmafia.com From jxh at jxh.com Wed Sep 15 15:25:45 2004 From: jxh at jxh.com (Jim Hickstein) Date: Wed, 15 Sep 2004 17:25:45 -0500 Subject: _JPEG_ exploit?! In-Reply-To: <20040915204712.GF21483@linuxmafia.com> References: <20040915204712.GF21483@linuxmafia.com> Message-ID: <2452CF7A4D493F1C56DDFE62@[10.9.18.3]> > I'll give you 100:1 odds that it's not _really_ a JPEG exploit: If it > follows the usual pattern, this is a > Microsoft-doesn't-do-MIME-competently exploit. Well, lots of other programs are implicated, that don't (I suppose) touch MIME. Something I saw said "buffer overrun", which does start to add up. From rick at linuxmafia.com Wed Sep 15 15:32:47 2004 From: rick at linuxmafia.com (Rick Moen) Date: Wed, 15 Sep 2004 15:32:47 -0700 Subject: _JPEG_ exploit?! In-Reply-To: <2452CF7A4D493F1C56DDFE62@[10.9.18.3]> References: <20040915204712.GF21483@linuxmafia.com> <2452CF7A4D493F1C56DDFE62@[10.9.18.3]> Message-ID: <20040915223247.GW15832@linuxmafia.com> Quoting Jim Hickstein (jxh at jxh.com): > Well, lots of other programs are implicated, that don't (I suppose) touch > MIME. You'd think, but that might well not be the case: Lots of other programs tend to be dragged in through MS's component-software facilities. > Something I saw said "buffer overrun", which does start to add up. Pity the "FAQ" doesn't address any of the questions that one would reasonably ask. From strata at virtual.net Wed Sep 15 19:43:23 2004 From: strata at virtual.net (Strata R. Chalup) Date: Wed, 15 Sep 2004 19:43:23 -0700 Subject: _JPEG_ exploit?! In-Reply-To: <20040915223247.GW15832@linuxmafia.com> References: <20040915204712.GF21483@linuxmafia.com> <2452CF7A4D493F1C56DDFE62@[10.9.18.3]> <20040915223247.GW15832@linuxmafia.com> Message-ID: <4148FDCB.1050707@virtual.net> I think it's likely to have something to do with extension shuffling, or misleading extension types. Remember that flap about how one could have attachments whose display name was foo.jpg and whose (?)resource(?) name was foo.jpg but whose (?) file_handler name was foo.exe? Eg, looking at the file, for large values of 'looking' cause one to see an innocuous extension, but when the file was passed off to the file handler to be opened by an application, it was actually an executable or similar. A quick google got me this helpful page, which while not immediately up to date gives the gist of the problem quite clearly: http://www.geocities.com/ResearchTriangle/Lab/1131/eng/safe.html cheers, Strata Rick Moen wrote: > Quoting Jim Hickstein (jxh at jxh.com): > > >>Well, lots of other programs are implicated, that don't (I suppose) touch >>MIME. > > > You'd think, but that might well not be the case: Lots of other programs > tend to be dragged in through MS's component-software facilities. > > >>Something I saw said "buffer overrun", which does start to add up. > > > Pity the "FAQ" doesn't address any of the questions that one would > reasonably ask. > > -- ======================================================================== Strata Rose Chalup [KF6NBZ] strata "@" virtual.net VirtualNet Consulting http://www.virtual.net/ ** Project Management & Architecture for ISP/ASP Systems Integration ** ========================================================================= From strata at virtual.net Wed Sep 15 20:21:48 2004 From: strata at virtual.net (Strata R. Chalup) Date: Wed, 15 Sep 2004 20:21:48 -0700 Subject: Linked-In for BayLISA folks Message-ID: <414906CC.1040005@virtual.net> I've been using linkedin.com for a while, and found it helpful. Various folks from the SAGE community have discovered it, and people are starting to link up. The way the site is designed, one lists employment or contract positions and folks can endorse you. What I'm finding is that I want to endorse folks whose connection is via SAGE or BayLISA, rather than through a common employer, and that the site seems to have no way to add an endorsement except specific to a position. So, duh, I created a 'position' for both BayLISA and SAGE and added those to my CV on Linked In. Start date is when I became a member. I list any committees or board positions or volunteer work. This gives me a place to hang an endorsement from that otherwise wouldn't fit. It also gives us a way to look for each other in the search feature, especially folks who are list participants and contributors but who don't see each other at the meetings very often. I'm happy to endorse folks I've worked with on BayLISA projects or activities if you add a BayLISA position to your profile. Don't be shy-- it's another way I can thank some of you who have put in so much effort over the past years! cheers, Strata -- ======================================================================== Strata Rose Chalup [KF6NBZ] strata "@" virtual.net VirtualNet Consulting http://www.virtual.net/ ** Project Management & Architecture for ISP/ASP Systems Integration ** ========================================================================= From strata at virtual.net Thu Sep 16 00:48:31 2004 From: strata at virtual.net (Strata R. Chalup) Date: Thu, 16 Sep 2004 00:48:31 -0700 Subject: *TONIGHT* BayLISA: 9/16/04: Forests & Trees: Building Open Source Discovery with XML, Philippe Ombredanne Message-ID: <4149454F.8080907@virtual.net> BayLISA Monthly Technical Talk & General Meeting Please RSVP to rsvp at baylisa.org so that we can get an idea of how many will be attending. This event is open to the general public. You do not need to be a member to attend. -------- Where: Apple Computer, Town Hall Auditorium Addr: Four Infinite Loop, Cupertino, CA http://www.baylisa.org/locations/current.html -------- Date: Thursday, 16 September 2004 Time: 7:30pm - 9:30pm PST Forests and Trees: Building an Open Source Discovery & Management Tool with XML Philippe Ombredanne In a an ideal world everything on the network would have a simple management interface, and every tool could access it. Well, in our real world, large shops typically have at least one version of every major network equipment, hardware, and software produced in the last ten years.... As sysadmins, we rely on a mixture of commercial and open source network management tools and a lot of scripting and elbow grease to accomplish our magic. What about an open source system where all management data could be accessed remotely, without an agent to install on your 1000 servers and all protocols could be used with a friendly URL, and return standardized data that could queried and combined together regardless of where they are coming from? The recipe? Put a dose of ssh, sftp, http, nmap, smb, snmp, wbem, wmi, nfs, webdav, dns, dhcp, smtp, wins, ldap, sql, mibs, mofs, ping, arp and a couple other in a large pot. Stir well your alphabet soup, throw in a couple RFCs for spice, then add a pinch of URI, XML, Xpath and Xquery, some scripting, heat up to a gentle boil, and you get something that might taste good, or at least different. In this presentation, we will walk through design issues and trade-offs for such an open source system, and show new ways to extend the web and XML to network management, using existing tools, techniques, and skills. Some live demo will be made of the kind of weird and funny capabilities that are exposed. Philippe Ombredanne is the CTO of nexB, a developer of open source enterprise applications, the last frontier for open source. He was previously at BearingPoint, Accenture, and McDonnell Douglas, where he worked as a sysadmin, developer, and consultant. -------- BayLISA meets every month on the 3rd Thursday of the month. A short period of announcements of general interest to the sysadmin community is presented, followed by a technical talk. Anyone may make an announcement; typical are upcoming presentations, user group meetings, employment offers, etc. For further information on BayLISA, check out our web site: http://www.baylisa.org/ Directions and details about the current meeting and future events: http://www.baylisa.org/events/ BayLISA makes video tapes of the meetings available to members. Tape library is often available at the general meeting, or for more information on available videos, please send email to "video at baylisa.org". If you have suggestions for speakers, or would like to volunteer to present a talk at one of our meetings, please email the Board and Working Group at "blw at baylisa.org". Thanks! -------- -- ======================================================================== Strata Rose Chalup [KF6NBZ] strata "@" virtual.net VirtualNet Consulting http://www.virtual.net/ ** Project Management & Architecture for ISP/ASP Systems Integration ** ========================================================================= From rick at linuxmafia.com Thu Sep 16 14:27:44 2004 From: rick at linuxmafia.com (Rick Moen) Date: Thu, 16 Sep 2004 14:27:44 -0700 Subject: _JPEG_ exploit?! In-Reply-To: <4148FDCB.1050707@virtual.net> References: <20040915204712.GF21483@linuxmafia.com> <2452CF7A4D493F1C56DDFE62@[10.9.18.3]> <20040915223247.GW15832@linuxmafia.com> <4148FDCB.1050707@virtual.net> Message-ID: <20040916212744.GJ21483@linuxmafia.com> Quoting Strata R. Chalup (strata at virtual.net): > I think it's likely to have something to do with extension shuffling, or > misleading extension types. Exactly what I had in mind. Microsoft Corp. has a longstanding habit of relying on filename extensions of untrustworthy files received from remote to determine what to consider those files to contain (and what viewer / editor to hand them off to) rather than either examining the file directly or using MIME type information. This has gotten them into deep trouble repeatedly, and I'd be not at all surprised to hear that it's still happening. The practice is _obviously_ incompetent, but as we know, their capacity for corrective embarrassment at such things is slim to none. I'd also not be at all surprised to find out that a "security advisory" deliberely obscures that fact (if such turns out to be the case). From pombredanne at nexb.com Fri Sep 17 01:21:25 2004 From: pombredanne at nexb.com (Philippe Ombredanne) Date: Fri, 17 Sep 2004 01:21:25 -0700 Subject: BayLISA slides for download - Forests and Trees: Building an Open Source Discovery & Management Tool with XML Message-ID: <002101c49c8f$57afec60$0f02a3c0@computer> All, thanks for giving me the opportunity to present our little open source project tonight, I enjoyed it quite a bit. Many folks asked for the slides. Since they are quite big, I posted the for download at: http://sourceforge.net/projects/nexb both in open office and powerpoint format. -- Cheers Philippe philippe ombredanne | nexB - Open IT Asset Management 1 650 799 0949 | pombredanne at nexb.com http://www.nexb.com From dannyman at toldme.com Fri Sep 17 06:03:41 2004 From: dannyman at toldme.com (Danny Howard) Date: Fri, 17 Sep 2004 06:03:41 -0700 Subject: _JPEG_ exploit?! In-Reply-To: <20040916212744.GJ21483@linuxmafia.com> References: <20040915204712.GF21483@linuxmafia.com> <2452CF7A4D493F1C56DDFE62@[10.9.18.3]> <20040915223247.GW15832@linuxmafia.com> <4148FDCB.1050707@virtual.net> <20040916212744.GJ21483@linuxmafia.com> Message-ID: <20040917130341.GS2850@ratchet.nebcorp.com> On Thu, Sep 16, 2004 at 02:27:44PM -0700, Rick Moen wrote: > Quoting Strata R. Chalup (strata at virtual.net): > > > I think it's likely to have something to do with extension > > shuffling, or misleading extension types. > > Exactly what I had in mind. > > Microsoft Corp. has a longstanding habit of relying on filename > extensions of untrustworthy files received from remote to determine > what to consider those files to contain (and what viewer / editor to > hand them off to) rather than either examining the file directly or > using MIME type information. Uhhhh, *scratches head* ... but, how is an untrusted MIME header less threatening than an untrusted file extension? (And yeah, we all know about the exploit.jpg.exe silliness.) > This has gotten them into deep trouble repeatedly, and I'd be not at > all surprised to hear that it's still happening. I thought it was maybe writing to memory without bounds-checking that might get them in trouble, and this activity being a byproduct of their questionable architectural choices, meshing the web browser with the Operating System. But I am not a software engineer, and I do not work for Microsoft. ;) -danny -- http://dannyman.toldme.com/ From holland at guidancetech.com Thu Sep 16 13:23:18 2004 From: holland at guidancetech.com (Rich Holland) Date: Thu, 16 Sep 2004 16:23:18 -0400 Subject: 1996 Keynote presentation Message-ID: <20040916202245.78DD9138EAA@puzzle.pobox.com> I keep trying to teach Windows guys about Unix, and find myself constantly going back to a presentation I saw in 1996. Van Jacobson gave the keynote at the Usenix technical conference that year (http://www.usenix.org/publications/library/proceedings/sd96/) and had a very eloquent way of describing the language of unix, how it's fundamentally built of little tools that do one thing and do it well, and how you build "sentences" up using pipes.... I can't seem to find anything on the 'net other than that he gave that presentation.... Does anyone have a video tape of it, or know where to find a transcription, or speaker notes, or anything? Thanks! Rich -- Rich Holland (913) 645-1950 SAP Technical Consultant print unpack("u","92G5S\=\"!A;F]T:&5R(\'!E References: <20040915204712.GF21483@linuxmafia.com> <2452CF7A4D493F1C56DDFE62@[10.9.18.3]> <20040915223247.GW15832@linuxmafia.com> <4148FDCB.1050707@virtual.net> <20040916212744.GJ21483@linuxmafia.com> <20040917130341.GS2850@ratchet.nebcorp.com> Message-ID: <20040917154042.GV21483@linuxmafia.com> Quoting Danny Howard (dannyman at toldme.com): > Uhhhh, *scratches head* ... but, how is an untrusted MIME header less > threatening than an untrusted file extension? I certainly did not mean that all faith should be placed in a MIME header. From greg.edwards at lmco.com Fri Sep 17 11:46:37 2004 From: greg.edwards at lmco.com (Edwards, Greg) Date: Fri, 17 Sep 2004 11:46:37 -0700 Subject: Discount for UC Santa Cruz Extension Internet Security Courses Message-ID: <982A2933712F3740921D842654ED470D09157B95@emss01m12.us.lmco.com> Discount for UC Santa Cruz Extension Internet Security Courses The University of California Santa Cruz Extension offers a wide variety of computer, network, and Internet security courses tailored to meet the specific needs of security professionals in Silicon Valley. A wide range of on-line, lecture, and lab-based courses are offered, including courses suitable for students new to the profession, experienced security professionals, management, and those students aiming for a security certification. New courses are continually being developed and existing courses updated, in order to keep pace with the changing needs and expanded security threat to Corporations, small businesses, Government, and home users. BayLisa members receive a 10% discount on tuition at registration for the classes listed below. To receive this discount, please call registration at (800) 660-UNEX (8639) and tell them you are a member of BayLisa. Courses offered in the September - December 2004 time frame include: Wireless Security: 802.11b and Other Protocols (Lecture) - September 22 - October 20 Firewall and Access Controls (On-line) - September 27 - December 6 Enterprise Security/Security+ Certification Training (On-line) - September 27 - December 6 Intrusion Detection (Lecture/Lab) - October 23 - November 13 Details of UCSC Extension Internet Security Classes: http://www.ucsc-extension.edu/main/tech/internet_sec.html From pombredanne at nexb.com Mon Sep 20 12:43:17 2004 From: pombredanne at nexb.com (Philippe Ombredanne) Date: Mon, 20 Sep 2004 12:43:17 -0700 Subject: BayLISA talk - software available for download - Forests and Trees: Building an Open Source Discovery & Management Tool with XML In-Reply-To: <002101c49c8f$57afec60$0f02a3c0@computer> Message-ID: <00cf01c49f4a$1e205c10$0f02a3c0@computer> All, In case you want to play with the software, I made a release last night specially for you with the same stuff I used for the live demo I made during the talk. This is version 0.4.1 Get it from http://sourceforge.net/projects/nexb -- Cheers Philippe philippe ombredanne | nexB - Open IT Asset Management 1 650 799 0949 | pombredanne at nexb.com http://www.nexb.com > -----Original Message----- > From: owner-baylisa at baylisa.org > [mailto:owner-baylisa at baylisa.org] On Behalf Of Philippe Ombredanne > Sent: Friday, September 17, 2004 1:21 AM > To: baylisa at baylisa.org > Cc: mjh at nexb.com; fg at nexb.com > Subject: BayLISA slides for download - Forests and Trees: > Building an Open Source Discovery & Management Tool with XML > > > All, > thanks for giving me the opportunity to present our little open source > project tonight, I enjoyed it quite a bit. > Many folks asked for the slides. > Since they are quite big, I posted the slides for download at: > http://sourceforge.net/projects/nexb > both in open office and powerpoint format. > > -- > Cheers > Philippe > > philippe ombredanne | nexB - Open IT Asset Management > 1 650 799 0949 | pombredanne at nexb.com > http://www.nexb.com > > > > > From Kristyn.Greenwood at oracle.com Tue Sep 21 14:05:45 2004 From: Kristyn.Greenwood at oracle.com (Kristyn Greenwood) Date: Tue, 21 Sep 2004 14:05:45 -0700 Subject: SF Bay Area: Usability Activity Invitation for Email Administrators Message-ID: <415097A9.9050508@oracle.com> Earn Starbucks Gift Certificates. I am looking for email administrators in the San Francisco Bay Area to participate in a usability study. We are looking for individuals whose primary role is to administer and maintain their organization's electronic mail system; regardless of the type of email system administered or the tools used. Participants may be system administrators, database administrators, network administrator as long as 50% of their time is spent working on the electronic mail systems. As a thank you for participating in the study, we are providing $20 Starbucks gift certificates to the participant, a $5 Starbucks gift certificate to their manager/VP(s), and a $5 Starbucks gift certificate to the individual who referred them. The purpose of the study is to identify the types of tasks that email administrators typically perform, and the tools that they use. It involves no travel as we would like to visit email administrators at their place of work. If you are an email administrator who would like to participate, please contact me at the address below and provide a name and phone number where you can be reached. If you know of an email administrator who might be interested, please forward this message to them. Thanks for your assistance, Kristyn Greenwood Principal Usability Engineer kristyn.greenwood at oracle.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From bill at wards.net Tue Sep 21 14:26:12 2004 From: bill at wards.net (William R Ward) Date: Tue, 21 Sep 2004 14:26:12 -0700 Subject: Peninsula Linux Users' Group, Thursday, Sep 23, 2004 Message-ID: <16720.40052.514523.394478@komodo.home.wards.net> We have a meeting of the Peninsula Linux Users' Group (PenLUG) this week! Here are the details about this meeting. For more information or directions go to http://www.penlug.org/ Our website is a TWiki; please feel free to create a user account and modify the website if you have something to contribute. Thanks! Date: Thursday, September 23, 2004 Time: 7:00 - 9:00 PM Location: 100 Oracle Parkway, Redwood Shores, CA 94065 Room 1op104 Conference Call: If you cannot attend in person, but would like to dial in and listen, please send mail to conferencecall at penlug.org and we will try to accomodate you. Agenda: ======= 7:00 - 8:30 PM: Presentation by Bill Crooke: "Using your GPS with Linux" 8:30 - 8:45 PM: Members' Minutes 8:45 - 9:00 PM: GnuPG Key Signing by Rick Moen 9:00 PM: Adjourn to IHOP (Belmont) for social & food time Presentation by Bill Crooke: "Using your GPS with Linux" ======================================================== This presentation will provide an brief introduction to GPS technology and history, a description of some of the challenges to writing GPS applications, as well as a review of useful applications and resources that will enable users to quickly begin using their own GPS with Linux. Bill Crooke is a software engineer who has worked on software automation and development methodologies for a living, and uses linux and his GPS as a hobby. Members' Minutes ================ Members will have an opportunity to take a few minutes to... * Describe their latest Linux discovery * Ask questions and get help from other members * Discuss Linux projects You can just stand up and talk, or give a short demo or presentation. If you need audio/visual support for your Members' Minute, please contact Bill in advance to arrange for your needs. We have a limited number of books courtesy of Prentice-Hall to give away as an added inducement to participate in this portion of the meeting. :-) GnuPG Key Signing by Rick Moen ============================== Rick Moen will lead a key signing party at the end of the meeting. To participate, send your PGP or GPG key to Rick and bring a printout of this Web page with you: http://linuxmafia.com/gpg/ (Don't print it until as close to the meeting time as possible, as keys will be added to it in the meantime!) For more information see our KeySigning page: http://www.penlug.org/twiki/bin/view/Home/KeySigning RSVP ==== Although it is NOT required, we like to have an idea of how many people to expect, so if possible please email rsvp at penlug.org if you are planning to attend. -- William R Ward bill at wards.net http://bill.wards.net ----------------------------------------------------------------------------- "Where a calculator like the ENIAC is equipped with 18,000 vacuum tubes and weighs 30 tons, computers in the future may have only 1,000 vacuum tubes and perhaps weigh 1 1/2 tons." - Popular Mechanics, ca. 1947 From nicole at unixgirl.com Thu Sep 23 16:51:19 2004 From: nicole at unixgirl.com (Nicole) Date: Thu, 23 Sep 2004 16:51:19 -0700 (PDT) Subject: Cisco moves even more to china. Message-ID: Lovely, Just lovely. Just heard On CNN, Lou Dobbs. (but can't find it on their site) During a Beijing news conference John Chambers (Cisco CEO) Says "We believe in giving something back and truly becoming a Chineese company." "China will become the IT center or the world" "China will become the largest economy in the world." CNN Reports: Cisco is investing 32 Million into Changi and is training 10's of thousands of Chineese university students in Cisco technology. So.. I guess we will be cranking out those H1b's...Plan to kiss your raises and or jobs bye bye to some specialized cheap imported Cisco trained networking person from China. *SIGH* Nicole -- ******* |\ __ /| (`\ ******* * * | o_o |__ ) ) * * * * // \\ * * * Blessed Be! | Powered by FreeBSD * ----------------------(((---(((-------------------------------- http://www.unixgirl.com - http://www.deviantimages.com http://www.nonsenseband.com Skepticism is only un-American if your a republican.. and or you watch FOX news. - NMH I like Nader - But I hate Bush even more - Vote Kerry 2004! -- NMH Sadly too many people can't take the truth, so instead they opt for the most appealing liar -- Bill Maher I hate to see a woman cry, but I love to hear them scream. --Dennis the Menace You really get what you pay for. The problem is finding something that is worth what you paid for it.  -- Anon From dannyman at toldme.com Fri Sep 24 05:35:02 2004 From: dannyman at toldme.com (Danny Howard) Date: Fri, 24 Sep 2004 05:35:02 -0700 Subject: Cisco moves even more to china. In-Reply-To: References: Message-ID: <20040924123502.GC60991@ratchet.nebcorp.com> > CNN Reports: Cisco is investing 32 Million into China and is training > 10's of thousands of Chineese university students in Cisco > technology. Giving jobs to hard-working, well-educated foreigners who will work for less money! Those bastards! Don't they know that American technology workers need to be able to easily find high-paying jobs! American workers are incapable of dealing with any reality other than this. As someone who has managed it through the worst of the burst, waiting tables, and slinging espresso and ultimately leaving the area to find a lower-paying job in Chicago, I find it hard to shed a tear for the "economic girly-men" remaining in California. I will note that being unemployed sure frees up your time to work as a political volunteer. I never knew that Sacramento was so acessible until I assisted a consumer group in lobbying against a utility bail-out. Enjoy your powers as a US citizen with free-time. Cisco doesn't owe the technology community anything beyond decent products at competetive prices, and good working conditions for those that it employees. Whether those employees are Chinese or Americans makes no difference. > So.. I guess we will be cranking out those H1b's...Plan to kiss your > raises and or jobs bye bye to some specialized cheap imported Cisco > trained networking person from China. Uhm, if they are working in China, they don't need H1Bs, nor are the "trained networking person(s)" being imported. The Chinese built the railroads that made the California you enjoy today. Well, they have found some more infrastructure to build. Get your butt down to the Promontory Point in time for the party! Huzzah! Sincerely, -danny -- http://dannyman.toldme.com/ From michael at halligan.org Fri Sep 24 14:54:22 2004 From: michael at halligan.org (Michael T. Halligan) Date: Fri, 24 Sep 2004 14:54:22 -0700 (PDT) Subject: Good place to sell off excess equipment? Message-ID: I'm trying to help a friend of mine sell off some hardware he got stuck with due to a dot-bomb.. 200 dual xeon boxes.. The pricing is really good (especially to buy them in a large lot).. Where is a good place to advertise to try and sell off such a large lot of hardware? ------------------- BitPusher, LLC http://www.bitpusher.com/ 1.888.9PUSHER (415) 724.7998 - Mobile From alvin at Mail.Linux-Consulting.com Fri Sep 24 15:15:05 2004 From: alvin at Mail.Linux-Consulting.com (Alvin Oga) Date: Fri, 24 Sep 2004 15:15:05 -0700 (PDT) Subject: Good place to sell off excess equipment? In-Reply-To: Message-ID: On Fri, 24 Sep 2004, Michael T. Halligan wrote: > I'm trying to help a friend of mine sell off some hardware he got stuck > with due to a dot-bomb.. 200 dual xeon boxes.. The pricing is really > good (especially to buy them in a large lot).. > > Where is a good place to advertise to try and sell off such a large lot > of hardware? isp-equipment ... or beowulf/cluster mailing list ( get permission to post first equipment for sale ) 200 is too big for ebay and probably way too much paper work to sell even 10 at a time c ya alvin From rsr at inorganic.org Fri Sep 24 15:16:30 2004 From: rsr at inorganic.org (Roy S. Rapoport) Date: Fri, 24 Sep 2004 15:16:30 -0700 Subject: Good place to sell off excess equipment? In-Reply-To: References: Message-ID: <20040924221629.GA10743@puppy.inorganic.org> On Fri, Sep 24, 2004 at 02:54:22PM -0700, Michael T. Halligan wrote: > I'm trying to help a friend of mine sell off some hardware he got stuck > with due to a dot-bomb.. 200 dual xeon boxes.. The pricing is really > good (especially to buy them in a large lot).. > > Where is a good place to advertise to try and sell off such a large lot > of hardware? BayLISA? :) -roy From cos at indeterminate.net Fri Sep 24 15:50:10 2004 From: cos at indeterminate.net (John Costello) Date: Fri, 24 Sep 2004 15:50:10 -0700 (PDT) Subject: Good place to sell off excess equipment? In-Reply-To: Message-ID: > On Fri, 24 Sep 2004, Michael T. Halligan wrote: > > > I'm trying to help a friend of mine sell off some hardware he got stuck > > with due to a dot-bomb.. 200 dual xeon boxes.. The pricing is really > > good (especially to buy them in a large lot).. > > > > Where is a good place to advertise to try and sell off such a large lot > > of hardware? DoveBid, based in the SF Bay Area, handles large auctions. I believe they will combine lots from multiple sellers into one auction. I don't know what percentage they would want or what details you would encounter. Note that they are not strictly an IT auctioneer. http://www.dovebid.com ----- John Costello - cos at indeterminate dot net "If you are afraid of butter, use cream."--Julia Child From alvin at Mail.Linux-Consulting.com Fri Sep 24 16:35:06 2004 From: alvin at Mail.Linux-Consulting.com (Alvin Oga) Date: Fri, 24 Sep 2004 16:35:06 -0700 (PDT) Subject: Good place to sell off excess equipment? In-Reply-To: Message-ID: On Fri, 24 Sep 2004, John Costello wrote: > DoveBid, based in the SF Bay Area, handles large auctions. I believe they > will combine lots from multiple sellers into one auction. those techie auction houses charges about 10% - 20% of the sale price on top of the bid price .. bidders have to be careful to include the "aution fee" in addition to their bid price - but if there is nobody there, you can find a good deal .. as a buyer most reputable auction house around here expect you to bring a letter of credit from the bank that you'd be able to pay what you bid before you can get a bid number ... but maybe things have changed since the *.com bust find one that specialize in "1u boxes" vs the ones that sells estate jewlery .. ( yahoo sold off the 1U boxes from other techie outfits they bought out .. some of the bidders came back(here) for upgrades and retrofits or missing manuals etc.. ) c ya alvin > I don't know what percentage they would want or what details you would > encounter. Note that they are not strictly an IT auctioneer. > > http://www.dovebid.com > From hso at nosneros.net Fri Sep 24 17:29:15 2004 From: hso at nosneros.net (Holt Sorenson) Date: Sat, 25 Sep 2004 00:29:15 +0000 Subject: Good place to sell off excess equipment? In-Reply-To: References: Message-ID: <20040925002915.GA28035@nosneros.net> On Fri, Sep 24, 2004 at 03:50:10PM -0700, John Costello wrote: > > On Fri, 24 Sep 2004, Michael T. Halligan wrote: > > > > > I'm trying to help a friend of mine sell off some hardware he got stuck > > > with due to a dot-bomb.. 200 dual xeon boxes.. The pricing is really > > > good (especially to buy them in a large lot).. > > > > > > Where is a good place to advertise to try and sell off such a large lot > > > of hardware? > > DoveBid, based in the SF Bay Area, handles large auctions. I believe they > will combine lots from multiple sellers into one auction. > > I don't know what percentage they would want or what details you would > encounter. Note that they are not strictly an IT auctioneer. > > http://www.dovebid.com I second the dovebid recommendation. Of course, if you friend need someone to take care of one or two of those, I'd be happy to give them a good home. :) -Holt From claw at kanga.nu Fri Sep 24 21:12:50 2004 From: claw at kanga.nu (J C Lawrence) Date: Sat, 25 Sep 2004 00:12:50 -0400 Subject: Good place to sell off excess equipment? In-Reply-To: Message from Holt Sorenson of "Sat, 25 Sep 2004 00:29:15 -0000." <20040925002915.GA28035@nosneros.net> References: <20040925002915.GA28035@nosneros.net> Message-ID: <17767.1096085570@kanga.nu> On Sat, 25 Sep 2004 00:29:15 +0000 Holt Sorenson wrote: >> http://www.dovebid.com > I second the dovebid recommendation. Also Cowan Alexander, who have the advantage of being primarily IT-related. > Of course, if you friend need someone to take care of one or two of > those, I'd be happy to give them a good home. :) Likewise... -- J C Lawrence ---------(*) Satan, oscillate my metallic sonatas. claw at kanga.nu He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. From michaelhalligan at halligan.org Sun Sep 26 11:59:50 2004 From: michaelhalligan at halligan.org (Michael T. Halligan) Date: Sun, 26 Sep 2004 11:59:50 -0700 (PDT) Subject: Good place to sell off excess equipment? In-Reply-To: References: Message-ID: The isp-equipment list was a good one, thanks! Michael On Fri, 24 Sep 2004, Alvin Oga wrote: > > On Fri, 24 Sep 2004, Michael T. Halligan wrote: > > > I'm trying to help a friend of mine sell off some hardware he got stuck > > with due to a dot-bomb.. 200 dual xeon boxes.. The pricing is really > > good (especially to buy them in a large lot).. > > > > Where is a good place to advertise to try and sell off such a large lot > > of hardware? > > isp-equipment ... or beowulf/cluster mailing list > ( get permission to post first equipment for sale ) > > 200 is too big for ebay and probably way too much paper work to > sell even 10 at a time > > c ya > alvin > > > From michaelhalligan at halligan.org Sun Sep 26 11:58:41 2004 From: michaelhalligan at halligan.org (Michael T. Halligan) Date: Sun, 26 Sep 2004 11:58:41 -0700 (PDT) Subject: Cisco moves even more to china. In-Reply-To: References: Message-ID: I personally don't see the problem with this, except for uninformed fears. China is an emerging market with what, 2 BILLION people? Did we think that american techs were going to build and maintain their infrastructures for them? If people are so concerned, they need to be forming protectionist PACs hiring lobbyists to severely limit immigration-labor. On Thu, 23 Sep 2004, Nicole wrote: > > > Lovely, Just lovely. Just heard On CNN, Lou Dobbs. (but can't find it on > their site) > > During a Beijing news conference John Chambers (Cisco CEO) Says "We believe in > giving something back and truly becoming a Chineese company." "China will > become the IT center or the world" "China will become the largest economy in the > world." > > CNN Reports: Cisco is investing 32 Million into Changi and is training > 10's of thousands of Chineese university students in Cisco technology. > > > So.. I guess we will be cranking out those H1b's...Plan to kiss your raises > and or jobs bye bye to some specialized cheap imported Cisco trained networking > person from China. > > > *SIGH* > > > Nicole > > > > > -- > ******* |\ __ /| (`\ ******* > * * | o_o |__ ) ) * * > * * // \\ * * > * Blessed Be! | Powered by FreeBSD * > ----------------------(((---(((-------------------------------- > http://www.unixgirl.com - http://www.deviantimages.com > http://www.nonsenseband.com > > > Skepticism is only un-American if your a republican.. and or you watch FOX > news. > - NMH > > I like Nader - But I hate Bush even more - Vote Kerry 2004! > -- NMH > > Sadly too many people can't take the truth, so instead they opt for the most > appealing liar > -- Bill Maher > > I hate to see a woman cry, but I love to hear them scream. > --Dennis the Menace > > You really get what you pay for. > The problem is finding something that is worth what you paid for it. >  -- Anon > > From dk+baylisa at farm.org Sun Sep 26 21:20:05 2004 From: dk+baylisa at farm.org (Dmitry Kohmanyuk =?koi8-r?B?5M3J1NLJyiDrz8jNwc7Ayw==?=) Date: Sun, 26 Sep 2004 21:20:05 -0700 Subject: Cisco moves even more to china. In-Reply-To: References: Message-ID: <20040927042005.GG17039@farm.org> On Sun, Sep 26, 2004 at 11:58:41AM -0700, Michael T. Halligan wrote: > I personally don't see the problem with this, except for uninformed fears. > > China is an emerging market with what, 2 BILLION people? Did we think that > american techs were going to build and maintain their infrastructures for them? > > If people are so concerned, they need to be forming protectionist PACs hiring lobbyists > to severely limit immigration-labor. what H1Bs? U.S. residents would be standing in line outside of China embassy to get approved for a work visa there, with good pay, benefits, and complementary classes in Mandarin. I am not joking. Wake up, people. It is over for English-speaking world to be dominant. Enjoy it while it lasts. > On Thu, 23 Sep 2004, Nicole wrote: > > > > > > > Lovely, Just lovely. Just heard On CNN, Lou Dobbs. (but can't find it on > > their site) > > > > During a Beijing news conference John Chambers (Cisco CEO) Says "We believe in > > giving something back and truly becoming a Chineese company." "China will > > become the IT center or the world" "China will become the largest economy in the > > world." > > > > CNN Reports: Cisco is investing 32 Million into Changi and is training > > 10's of thousands of Chineese university students in Cisco technology. > > > > > > So.. I guess we will be cranking out those H1b's...Plan to kiss your raises > > and or jobs bye bye to some specialized cheap imported Cisco trained networking > > person from China. > > > > > > *SIGH* > > > > > > Nicole > > > > > > > > > > -- > > ******* |\ __ /| (`\ ******* > > * * | o_o |__ ) ) * * > > * * // \\ * * > > * Blessed Be! | Powered by FreeBSD * > > ----------------------(((---(((-------------------------------- > > http://www.unixgirl.com - http://www.deviantimages.com > > http://www.nonsenseband.com > > > > > > Skepticism is only un-American if your a republican.. and or you watch FOX > > news. > > - NMH > > > > I like Nader - But I hate Bush even more - Vote Kerry 2004! > > -- NMH > > > > Sadly too many people can't take the truth, so instead they opt for the most > > appealing liar > > -- Bill Maher > > > > I hate to see a woman cry, but I love to hear them scream. > > --Dennis the Menace > > > > You really get what you pay for. > > The problem is finding something that is worth what you paid for it. > >  -- Anon > > > > From fscked at pacbell.net Mon Sep 27 11:01:55 2004 From: fscked at pacbell.net (richard childers / kg6hac) Date: Mon, 27 Sep 2004 11:01:55 -0700 Subject: Cisco moves even more to china. In-Reply-To: <20040924123502.GC60991@ratchet.nebcorp.com> References: <20040924123502.GC60991@ratchet.nebcorp.com> Message-ID: <41585593.2030608@pacbell.net> It's great to see how political discourse about the job market is allowed, or disallowed, on baylisa at baylisa.org, and how "the rules" are so quickly forgotten, when it suits those whose plaything this mailing list is. (-: More seriously, engineers made Cisco, but they allowed control of the company to slip out of their hands; either that, or they retired, and are no longer engineers, but are, instead, venture capitalists, or board members. Perhaps Cisco owes Silicon Valley something ... much like General Motors owed Flint, Michigan something. On the other hand, maybe the debt has been paid. They bootstrapped Silicon Valley to where it is today. Is it their job to continue spoon-feeding Silicon Valley's pampered multitudes, ad infinitum? I don't think so. Ultimately, if you don't like it, go start your own company, and add some tangible value. My company is developing products for, and associations with, the South American and Asian markets. If you aren't, that's your loss. There's always more work to be done than there are hands willing to do it; that's a law of human nature. Regards, -- richard Danny Howard wrote: >> CNN Reports: Cisco is investing 32 Million into China and is training >> 10's of thousands of Chineese university students in Cisco >> technology. >> >> > >Giving jobs to hard-working, well-educated foreigners who will work for >less money! Those bastards! Don't they know that American technology >workers need to be able to easily find high-paying jobs! American >workers are incapable of dealing with any reality other than this. > >As someone who has managed it through the worst of the burst, waiting >tables, and slinging espresso and ultimately leaving the area to find a >lower-paying job in Chicago, I find it hard to shed a tear for the >"economic girly-men" remaining in California. > >I will note that being unemployed sure frees up your time to work as a >political volunteer. I never knew that Sacramento was so acessible >until I assisted a consumer group in lobbying against a utility >bail-out. Enjoy your powers as a US citizen with free-time. > >Cisco doesn't owe the technology community anything beyond decent >products at competetive prices, and good working conditions for those >that it employees. Whether those employees are Chinese or Americans >makes no difference. > > > >> So.. I guess we will be cranking out those H1b's...Plan to kiss your >> raises and or jobs bye bye to some specialized cheap imported Cisco >> trained networking person from China. >> >> > >Uhm, if they are working in China, they don't need H1Bs, nor are the >"trained networking person(s)" being imported. The Chinese built the >railroads that made the California you enjoy today. Well, they have >found some more infrastructure to build. Get your butt down to the >Promontory Point in time for the party! Huzzah! > >Sincerely, >-danny > > > -- Richard Childers / Senior Engineer Daemonized Networking Services 945 Taraval Street, #105 San Francisco, CA 94116 USA [011.]1.415.759.5571 http://www.daemonized.com 'A well-schooled electorate, being necessary to the security of a free State, the right of the people to keep and read Books, shall not be infringed.' -- (Attributed to J. Neil Shulman) -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.2.4 (FreeBSD) mQGiBECGpfsRBACoPJJfIIrWAqjlW92TtYCtY//e7OW8alWylr/1ygtSQzjCCdvC Ysa0fCcx01UenlWV+5YY/zC7KPsX2rQUKAs20fqs9et74dmgMGOj0vMjTzWEs29G FyAsIRSpFioa8zzrjXEUVnU6OFaD9a9eaC+LSTCiKgXjbQySDKM5T1c+vwCg8W3Y RZ83LRIUULGMPlY6zS4fQwUEAIIiTHDdWpbE+HeREJwH+4eDpGVf76XtNlOMXrt9 tJ3ExL+9ezLulg1nCrOYodOB7TEZqzV40R7emDZSX0hI9QEBCv6nW5aDVpw/bf+q UEHwxrUvE2LBi35hoqR2QwqNlagOauSorWj8Qm/31luxJVeLVy1A1czp6B/mvG1T co03A/9a5kzEAebJ5TzWXQC2/4gu/osXQnrw9B9FFpYOtLc0MNQuAFt8VLn5yO5Q 8T58w+FQvFI5FqzI5URmjQeEyWWuyIechknk4RnwIO1UPVjgRTuNgf9/TvNNfqpa aVlbNp+AG21D6VqsFN2zJFFJeUqiYdXw6i+ESL3SZRymIhwYWrQ8UmljaGFyZCBB IENoaWxkZXJzICh3d3cuZGFlbW9uaXplZC5jb20pIDxmc2NrZWRAcGFjYmVsbC5u ZXQ+iF4EExECAB4FAkCGpfsCGwMGCwkIBwMCAxUCAwMWAgECHgECF4AACgkQjGqW TlNTP66KzQCgjf0SQbiK1rgu7hRsmLPSSaGF7X8AoL7Qw/E9kTZr0fntP0XXEnk/ q6nRuQINBECGpvkQCADFzFq+kYbk+KTIhcVBTjTWDbBnjGgmuGR3LGp9hOd6W9SJ i4GD5184ZnMbEgvDZcDEGDNgMcU+f1girwYI2v/o7QA7VQ5bpUbnfOBytzO+bvd7 uCOyJltg8AG5MFLxfhAMHofpNxGlFTEXdVp4M9xyBB+hdLHbJNJqkMGPf+iCUf1W Q86KncU2AK4Sf9I+WYBZwkjaIhi9dQzeEX1c0Um6LxXSBtkjZprIk1M13gVaIJ6E dDN6hrSMbXZL+7yURw38vHXCtRJAKEOyW178rI8MzJzvVNhobvC62uEWD9Idz8sH 5A06fqb2fKJYLQ1keGUpb/qpny7oTmAe0Hx9jOM7AAMGCACdTe1M4U++/7/OVGip 1gnWEtMhHeQQbS7KPh1w8/1kvs5Mml6uGYQI44lKTDP7OHJQ9hIT/+5tfKPHIPhU M/7Mqa8y81c/AK+WUOyY9+uZ0zUxFGMqeU9z5iqJFWSi9QR/f5q/khfmqi5RFVyQ nnVhxBMB8pY1vZHV1CoL7NLK4c/N8mpwCiZ57LTsP8pLfDMWF/OopmM2ulzlfWTr anAdxQohenq/zTgSySX/VGZYSYvyAoXTRuU4USAVGWcUQPnVooA1N7lZP3pawjNP QMSukx9jI1673BPsPXxyQZ1PmmPt9eHKI0G0hNJG+FCmSRLNT/R7hqTzTUmpgMWM yyWPiEkEGBECAAkFAkCGpvkCGwwACgkQjGqWTlNTP642KACeITHq0b42P3oMX7Nj F5U3EaqCgYoAn3HxUB7ELB6vMUugW4aSmZpBJOR6 =ZaJO -----END PGP PUBLIC KEY BLOCK----- From rick at linuxmafia.com Mon Sep 27 11:51:51 2004 From: rick at linuxmafia.com (Rick Moen) Date: Mon, 27 Sep 2004 11:51:51 -0700 Subject: Cisco moves even more to china. In-Reply-To: <41585593.2030608@pacbell.net> References: <20040924123502.GC60991@ratchet.nebcorp.com> <41585593.2030608@pacbell.net> Message-ID: <20040927185151.GA22041@linuxmafia.com> Quoting richard childers / kg6hac (fscked at pacbell.net): > It's great to see how political discourse about the job market is > allowed, or disallowed, on baylisa at baylisa.org, and how "the rules" are > so quickly forgotten, when it suits those whose plaything this mailing > list is. Wow! Notice which non-member finally figured out how to send non-HTML e-mail. Surely the end-times are upon us. -- Cheers, Rick Moen "vi is my shepherd; I shall not font." rick at linuxmafia.com -- Psalm 0.1 beta From gwen at reptiles.org Mon Sep 27 12:27:45 2004 From: gwen at reptiles.org (Gwendolynn ferch Elydyr) Date: Mon, 27 Sep 2004 15:27:45 -0400 (EDT) Subject: Cisco moves even more to china. In-Reply-To: <20040927185151.GA22041@linuxmafia.com> Message-ID: <20040927152723.C57830-100000@iguana.reptiles.org> On Mon, 27 Sep 2004, Rick Moen wrote: > Wow! Notice which non-member finally figured out how to send non-HTML > e-mail. Surely the end-times are upon us. Is -that- what those four horesmen were yelling about... ;> cheers! ========================================================================== "A cat spends her life conflicted between a deep, passionate and profound desire for fish and an equally deep, passionate and profound desire to avoid getting wet. This is the defining metaphor of my life right now." From pmm at igtc.com Tue Sep 28 04:48:45 2004 From: pmm at igtc.com (Paul M. Moriarty) Date: Tue, 28 Sep 2004 04:48:45 -0700 Subject: Cisco moves even more to china. In-Reply-To: <41585593.2030608@pacbell.net> References: <20040924123502.GC60991@ratchet.nebcorp.com> <41585593.2030608@pacbell.net> Message-ID: <20040928114845.GA1657@igtc.igtc.com> richard childers / kg6hac writes: [...] > > More seriously, engineers made Cisco, but they allowed control of the > company to slip out of their hands; either that, or they retired, and > are no longer engineers, but are, instead, venture capitalists, or board > members. > Marketing has "run" Cisco since at least 1993. I was there and remember there was actually a memo to that effect. From sigje at sigje.org Tue Sep 28 18:26:40 2004 From: sigje at sigje.org (Jennifer Davis) Date: Tue, 28 Sep 2004 18:26:40 -0700 (PDT) Subject: Upcoming November Elections Message-ID: It's that time of year again! Are you interested in shaping the future of BayLISA? Elections are coming up in November. This year we have four slots available. Interested candidates should prepare a brief statement prior to the October meeting, where they will be called upon to present their statement for up to 5 minutes. These statements will also be emailed to the general membership. Please submit your statement to blw at baylisa.org before October 18. Elections are held at the November meeting. You must be a current member to run for Board or to vote in the Board election. You can become a member right now at: http://www.baylisa.org/members/ ---------------------------------------------------------------- The following Board members terms complete on 12/31/2004: - Strata Rose Chalup - Brad Robinson - Alan Stewart - Heather Stern Board members whose terms expire this year must announce their candidacy if they wish to run for re-election. The following Board members terms complete on 12/31/2005, and will NOT be affected by this year's elections: - Jennifer Davis - Jim Hickstein - Rick Moen ------------------------------------------------------------------ The BayLISA Board is made up of seven members, elected annually by the general membership. Since an individual Board member serves for two years, the composition of the Board changes annually, electing 4 new members in even years, and 3 in odd years. The officers of the Board are elected annually by the Board members, and consist of President, Treasurer, and Secretary (usually referred to as "Arch" for historical reasons). If you are interested in becoming a candidate, please let us know via email to "blw at baylisa.org". Even if you are not interested in running for Board, as a member of the organization you are welcome to all Board meetings held on the first Thursday of every month (except for November) in San Mateo. Contact the Board at blw at baylisa.org for detailed location information. Jennifer Davis Election Commmittee BayLISA Board of Directors From rick at linuxmafia.com Wed Sep 29 14:14:58 2004 From: rick at linuxmafia.com (Rick Moen) Date: Wed, 29 Sep 2004 14:14:58 -0700 Subject: Loen moven 2 Minux. (-: In-Reply-To: <415B216D.7080409@pacbell.net> References: <20040924123502.GC60991@ratchet.nebcorp.com> <41585593.2030608@pacbell.net> <20040927185151.GA22041@linuxmafia.com> <415B216D.7080409@pacbell.net> Message-ID: <20040929211458.GE3955@linuxmafia.com> [Reply-To set.] Quoting richard childers / kg6hac (fscked at pacbell.net): > Here, again, we see how those whose power lies primarily in > interfering with others' freedoms, ignore their own rules, and engage > in specifically derogatory comments about selected individuals, AKA > "ad hominem attacks", described as specifically forbidden in BayLISA's > own posted rules. What, you _didn't_ figure out how to send non-HTML e-mail, and then I cruelly and wrongfully accused you of same in error? My apologies. I'll have to double-check my records. > Why would I invest in such a thing as BayLISA? Well, don't let the metaphorical door hit you in the ass. From strata at virtual.net Thu Sep 30 00:52:10 2004 From: strata at virtual.net (Strata R. Chalup) Date: Thu, 30 Sep 2004 00:52:10 -0700 Subject: .JPG redux Message-ID: <415BBB2A.4020801@virtual.net> We were chatting about the possible mechanism for the JPEG exploit here a few days ago, so I thought I'd mention my suggestion of the mechanism was completely *wrong*. I thought it was a file extension trick. Nope, it's a buffer overflow in the JPEG decompression code. http://www.technologyreview.com/blog/blog.asp?blogID=1587&trk=blog cheers, Strata -- ======================================================================== Strata Rose Chalup [KF6NBZ] strata "@" virtual.net VirtualNet Consulting http://www.virtual.net/ ** Project Management & Architecture for ISP/ASP Systems Integration ** ========================================================================= From rick at linuxmafia.com Thu Sep 30 08:19:16 2004 From: rick at linuxmafia.com (Rick Moen) Date: Thu, 30 Sep 2004 08:19:16 -0700 Subject: .JPG redux In-Reply-To: <415BBB2A.4020801@virtual.net> References: <415BBB2A.4020801@virtual.net> Message-ID: <20040930151916.GG22041@linuxmafia.com> Quoting Strata R. Chalup (strata at virtual.net): > I thought it was a file extension trick. Nope, it's a buffer overflow > in the JPEG decompression code. ...which runs privileged, being built into Microsoft's GDI code that it has chosen to execute in ring zero starting with NT 4.0. Why bother making it necessary to do privilege escalation when you can compromise the entire machine in one easy step from the _rendering engine_? You'll notice that Microsoft's security advisory and "FAQ" _still_ say nothing at all about how the exploit works. -- Cheers, Rick Moen This space for rant. rick at linuxmafia.com