From michael at halligan.org Tue Nov 1 18:27:58 2005 From: michael at halligan.org (Michael T.Halligan) Date: Tue, 1 Nov 2005 18:27:58 -0800 Subject: Reliable terminal emulation in the modern age? Message-ID: <1D5C2262-B4F5-459D-BEC9-EE2E8E96117F@halligan.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Is there such a thing as a working, usable terminal emulator? I'm simply attempting to do some remote serial console work on a couple of servers, specifically in the BIOS. I'm finding this to be an almost impossible, and certainly unenjoyable experience. My main platform is OS X, on which I've tried both Terminal.app and iTerm, to no avail. Not to be outdone, I've found putty on windows, and X windows on Linux to be equally broken. Does anybody have an idea on a reliable terminal emulator for any of these three platforms, that just works, without hours and hours of fiddling? Free, commercial, if it works, I'm happy. Michael T. Halligan - ------------------------------------- BitPusher, LLC http://www.bitpusher.com/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD8DBQFDaCQywjCqooJyNAMRAieqAJsEQ9Rq5yUALpFz0zZBWzGd8GPxeQCdFUKF BLxHckztRDuDZehgzT99F1U= =Y0sj -----END PGP SIGNATURE----- From alvin at Mail.Linux-Consulting.com Tue Nov 1 19:05:00 2005 From: alvin at Mail.Linux-Consulting.com (Alvin Oga) Date: Tue, 1 Nov 2005 19:05:00 -0800 (PST) Subject: Reliable terminal emulation in the modern age? In-Reply-To: <1D5C2262-B4F5-459D-BEC9-EE2E8E96117F@halligan.org> Message-ID: On Tue, 1 Nov 2005, Michael T.Halligan wrote: > Is there such a thing as a working, usable terminal emulator? I'm > simply attempting to do some remote serial console work on a couple > of servers, specifically in the BIOS. I'm finding this to be an > almost impossible, and certainly unenjoyable experience. My main > platform > is OS X, on which I've tried both Terminal.app and iTerm, to no > avail. Not to be outdone, I've found putty on windows, and X windows > on Linux > to be equally broken what is broken ?? if you are expecting to use a remote rs232 terminal to change the bios settings, than you'd be looking at server-class motherboards vs consumer/generic stuff - you probably will not be able to change the bios setting for things like "boot from sda instead of cdrom" if you use any random consumer motherboard, you should be able to see the bios bootup messages on rs232 .. - just fiddle with nullmodems, rs232 cables, genders baudrates, stop/start bits, etc minicom/seyon just works out of the box except for rs232 baudrate and cabling stuff c ya alvin From michael at halligan.org Tue Nov 1 19:41:24 2005 From: michael at halligan.org (Michael T. Halligan) Date: Tue, 1 Nov 2005 19:41:24 -0800 Subject: Reliable terminal emulation in the modern age? In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm not doing anything with serial directly, but rather trying to deal with various makes of servers, all of which use the BMC chipset for remote LOM. Michael T. Halligan - ------------------------------------- BitPusher, LLC http://www.bitpusher.com/ On Nov 1, 2005, at 7:05 PM, Alvin Oga wrote: > On Tue, 1 Nov 2005, Michael T.Halligan wrote: > >> Is there such a thing as a working, usable terminal emulator? I'm >> simply attempting to do some remote serial console work on a couple >> of servers, specifically in the BIOS. I'm finding this to be an >> almost impossible, and certainly unenjoyable experience. My main >> platform >> is OS X, on which I've tried both Terminal.app and iTerm, to no >> avail. Not to be outdone, I've found putty on windows, and X windows >> on Linux >> to be equally broken > > what is broken ?? > > if you are expecting to use a remote rs232 terminal to change > the bios settings, than you'd be looking at server-class motherboards > vs consumer/generic stuff > - you probably will not be able to change the bios > setting for things like "boot from sda instead of cdrom" > > if you use any random consumer motherboard, you should be able > to see the bios bootup messages on rs232 .. > - just fiddle with nullmodems, rs232 cables, genders > baudrates, stop/start bits, etc > > minicom/seyon just works out of the box except for > rs232 baudrate and cabling stuff > > c ya > alvin > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD8DBQFDaDVowjCqooJyNAMRArmqAJwNms53cSp1gFRhLZunxZ2Oa8RQdgCeNwEU PcBJM3GZW0TbrEaUZ8f+WIY= =KY9t -----END PGP SIGNATURE----- From jxh at jxh.com Tue Nov 1 20:19:31 2005 From: jxh at jxh.com (Jim Hickstein) Date: Tue, 01 Nov 2005 22:19:31 -0600 Subject: Reliable terminal emulation in the modern age? In-Reply-To: <1D5C2262-B4F5-459D-BEC9-EE2E8E96117F@halligan.org> References: <1D5C2262-B4F5-459D-BEC9-EE2E8E96117F@halligan.org> Message-ID: <43683E53.4090000@jxh.com> Michael T.Halligan wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Is there such a thing as a working, usable terminal emulator? On my MacOS X machines I'm stuck with minicom, installed by fink. tip(1) is missing, and I pointed this out to Apple some time ago. Public Beta (or maybe it was in 10.0) contained the man page for remote(5), but that was removed soon thereafter. We should crank up a small project to port tip from BSD to the Mac, already. The world would appreciate it. Anyone know how to do IOKit stuff? From ulf at Alameda.net Tue Nov 1 20:48:45 2005 From: ulf at Alameda.net (Ulf Zimmermann) Date: Tue, 1 Nov 2005 20:48:45 -0800 Subject: Reliable terminal emulation in the modern age? In-Reply-To: <1D5C2262-B4F5-459D-BEC9-EE2E8E96117F@halligan.org> References: <1D5C2262-B4F5-459D-BEC9-EE2E8E96117F@halligan.org> Message-ID: <20051102044845.GG20309@evil.alameda.net> On Tue, Nov 01, 2005 at 06:27:58PM -0800, Michael T.Halligan wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Is there such a thing as a working, usable terminal emulator? I'm > simply attempting to do some remote serial console work on a couple > of servers, specifically in the BIOS. I'm finding this to be an > almost impossible, and certainly unenjoyable experience. My main > platform > is OS X, on which I've tried both Terminal.app and iTerm, to no > avail. Not to be outdone, I've found putty on windows, and X windows > on Linux > to be equally broken. Does anybody have an idea on a reliable > terminal emulator for any of these three platforms, that just works, > without hours > and hours of fiddling? Free, commercial, if it works, I'm happy. > > > > Michael T. Halligan I am very happy with SecureCRT, both for vt100 and xterm emulation. Also like it for serial console. $99 initial purchase, I upgraded since then twice, one of the best purchases I made in regards to software throughout the year. -- Regards, Ulf. --------------------------------------------------------------------- Ulf Zimmermann, 1525 Pacific Ave., Alameda, CA-94501, #: 510-865-0204 You can find my resume at: http://seven.Alameda.net/~ulf/resume.html From bobs at tellme.com Wed Nov 2 00:03:44 2005 From: bobs at tellme.com (Bob Sutterfield) Date: Wed, 2 Nov 2005 00:03:44 -0800 Subject: Reliable terminal emulation in the modern age? Message-ID: xterm(1) does a good job, and its termcap(6) entry is accurate. If you run xterm on the destination machine, with its $DISPLAY bringing the UI back to your desktop, I haven't found anything yet that breaks. Or you can run xterm locally and ssh to the destination - works fine too. If you want to run a local window and connect out through your serial port, I have always found Kermit to async handle flow and modem control as faithfully as they can be managed. From bill at wards.net Wed Nov 2 02:54:01 2005 From: bill at wards.net (Bill Ward) Date: Wed, 2 Nov 2005 02:54:01 -0800 Subject: Reliable terminal emulation in the modern age? In-Reply-To: <20051102044845.GG20309@evil.alameda.net> References: <1D5C2262-B4F5-459D-BEC9-EE2E8E96117F@halligan.org> <20051102044845.GG20309@evil.alameda.net> Message-ID: <3d2fe1780511020254m2dd0481esb249b7197cef4e3b@mail.gmail.com> On 11/1/05, Ulf Zimmermann wrote: > I am very happy with SecureCRT, both for vt100 and xterm emulation. Also > like it for serial console. $99 initial purchase, I upgraded since then twice, > one of the best purchases I made in regards to software throughout the year. SecureCRT is quite good, and I too have a license for it. Though these days when I need to ssh from a random Windoze box I typically use putty. -- Help save the San Jose Earthquakes - http://www.soccersiliconvalley.com/ From michael at halligan.org Wed Nov 2 11:08:17 2005 From: michael at halligan.org (Michael T. Halligan) Date: Wed, 2 Nov 2005 11:08:17 -0800 Subject: Reliable terminal emulation in the modern age? In-Reply-To: <3d2fe1780511020254m2dd0481esb249b7197cef4e3b@mail.gmail.com> References: <1D5C2262-B4F5-459D-BEC9-EE2E8E96117F@halligan.org> <20051102044845.GG20309@evil.alameda.net> <3d2fe1780511020254m2dd0481esb249b7197cef4e3b@mail.gmail.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 After hearing everybody's glowing recommendations for the products I was failing to use properly, I started from scratch. I realized it was the latest version of BMC's firmware which broke the terminal emulation. Terminal emulation is good, me choosing a vendor who uses BMC's broken remote management firmware, less than good! On Nov 2, 2005, at 2:54 AM, Bill Ward wrote: > On 11/1/05, Ulf Zimmermann wrote: >> I am very happy with SecureCRT, both for vt100 and xterm >> emulation. Also >> like it for serial console. $99 initial purchase, I upgraded since >> then twice, >> one of the best purchases I made in regards to software throughout >> the year. > > SecureCRT is quite good, and I too have a license for it. Though > these days when I need to ssh from a random Windoze box I typically > use putty. > > -- > Help save the San Jose Earthquakes - http:// > www.soccersiliconvalley.com/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD8DBQFDaQ6lwjCqooJyNAMRAqmvAJ94YNTPR03AeAyjHA5VrEgQDaJbvACfXR4F AaH3DtwQrSILyZJ7EMd8vkQ= =yJFi -----END PGP SIGNATURE----- From nicole at unixgirl.com Wed Nov 2 17:05:37 2005 From: nicole at unixgirl.com (Nicole) Date: Wed, 02 Nov 2005 18:05:37 -0700 (PST) Subject: Suggestions please for load balancers. Message-ID: <20051103020538.4C8E620F01@krell.webweaver.net> Hi I am working on a new project requiring a Load Balancer. I am wondering what people here have had good luck with? The requirements are pretty basic; to balance across abt 10 servers And be able to (transparently to the requester) also deal with 301 Moved responses. IE that file is now "HERE" on this other server on our network and will go and get it and pass it on to the requester. Thanks! Nicole From conley at enteka.com Thu Nov 3 11:33:28 2005 From: conley at enteka.com (James "Mike" Conley) Date: Thu, 03 Nov 2005 11:33:28 -0800 Subject: Suggestions please for load balancers. In-Reply-To: <20051103020538.4C8E620F01@krell.webweaver.net> References: <20051103020538.4C8E620F01@krell.webweaver.net> Message-ID: <436A6608.7090903@enteka.com> I've had very good luck with f5 BigIPs but I'm sure there are cheaper options. Nicole wrote: > Hi > I am working on a new project requiring a Load Balancer. I am wondering >what people here have had good luck with? The requirements are pretty basic; >to balance across abt 10 servers And be able to (transparently to the >requester) also deal with 301 Moved responses. IE that file is now "HERE" on >this other server on our network and will go and get it and pass it on to the >requester. > > > Thanks! > > > > Nicole > > > > > > From davejohanson at gmail.com Thu Nov 3 12:07:26 2005 From: davejohanson at gmail.com (Dave Johanson) Date: Thu, 3 Nov 2005 12:07:26 -0800 Subject: Suggestions please for load balancers. In-Reply-To: <436A6608.7090903@enteka.com> References: <20051103020538.4C8E620F01@krell.webweaver.net> <436A6608.7090903@enteka.com> Message-ID: <842254bf0511031207v6f85d5f4v8a243134432afa10@mail.gmail.com> Alteons are inexpensive on eBay these days. If money wasn't an issue I would buy Netscalers. Dave J. From dannyman at toldme.com Thu Nov 3 12:52:27 2005 From: dannyman at toldme.com (Danny Howard) Date: Thu, 3 Nov 2005 12:52:27 -0800 Subject: Reliable terminal emulation in the modern age? In-Reply-To: <1D5C2262-B4F5-459D-BEC9-EE2E8E96117F@halligan.org> References: <1D5C2262-B4F5-459D-BEC9-EE2E8E96117F@halligan.org> Message-ID: <20051103205227.GO18563@ratchet.nebcorp.com> FWIW, I have always been happy with FreeBSD+xterm: cu -l /dev/cuaa0 done. Assuming everything is 9600 8n with proper pinouts ... -d From michael at halligan.org Thu Nov 3 13:20:09 2005 From: michael at halligan.org (Michael T.Halligan) Date: Thu, 3 Nov 2005 13:20:09 -0800 Subject: Stupid recruiters. Message-ID: <273ADB25-393D-4F37-91F6-7A35B40BB075@halligan.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I love outsourced recruiters. It's fun to see their desperate pleas to make a sale. After politely responding to this one, asking her to take me off of her spam list, I received somewhere in the neighborhood of 6 harassing phone-calls. What I don't understand, is how these chop-shops stay in business. Has anybody here ever actually done business with one of these nameless headhunting firms? - ------------------------------------------------------------------------ - ------------------------------------------------------------------------ - ------------------------------------ Original e-mail: Please send me the resumes ASAP if you have anyone matching client requirements, This is a very urgent requirment and i can assure closure 100% for the right candidate. So please send the resumes ASAP with rate confirmation. Hi Freinds, Very Urgent Requirement with Yahoo(Direct Client) 6 month assignment. Preffered local candidates. very high priority. Need to get 3 resumes asap. This position requires 5+ years of experience in a Unix (Linux, FreeBSD and Solaris) environment. The position requires an individual with the ability to self-guide through projects, and to provide technical guidance and support as a part of the Production Operations team. Responsibilities include: remote administration and deployment of servers, systems security, and performance monitoring and analysis. This individual will also be responsible for documentation pertaining to deployment, management and administrative processes. Please send the resumes ASAP Nisha Sanger RJT compuquest Inc 866-978-0384*37 (W) Nisha at RJTcompuquest.com web:www.rjtcompuquest.com - ------------------------------------------------------------------------ - ------------------------------------------------------------------------ - ------------------------------------ Her response to my request to be taken off her spam list: From: Nisha at RJTCompuquest.com Subject: TAKE OFF YOUR RESUME FROM JOB PORTALS THEN....DO NOT MISGUIDE OTHERS THAT YOU ARE AVAILABLE FOR PROJECT EVEN THAT IS ILLEGAL Date: November 3, 2005 11:29:09 AM PST TAKE OFF YOUR RESUME FROM JOB PORTALS THEN....DO NOT MISGUIDE OTHERS THAT YOU ARE AVAILABLE FOR PROJECT EVEN THAT IS ILLEGAL Nisha Sanger RJT compuquest Inc 866-978-0384*37 (W) Nisha at RJTcompuquest.com web:www.rjtcompuquest.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD8DBQFDan8NwjCqooJyNAMRAnwmAKCbYf2Ld+lEwGEpxOJw/3Yv1dzbnwCfcqtC 5317gFLh60JY5Vl8/Eh6+gA= =yWA+ -----END PGP SIGNATURE----- From pmm at igtc.com Thu Nov 3 13:45:46 2005 From: pmm at igtc.com (Paul M. Moriarty) Date: Thu, 3 Nov 2005 13:45:46 -0800 Subject: Stupid recruiters. In-Reply-To: <273ADB25-393D-4F37-91F6-7A35B40BB075@halligan.org> References: <273ADB25-393D-4F37-91F6-7A35B40BB075@halligan.org> Message-ID: <20051103214546.GD3759@igtc.igtc.com> I'd be very careful about pissing off recruiters for any reason, even if they are idiots. You never know when one of them might get hired direct at a company you really want to work for. Then you're, how shall I put it, fucked. - Paul - From qkstart at ix.netcom.com Thu Nov 3 14:01:56 2005 From: qkstart at ix.netcom.com (David Dull) Date: Thu, 3 Nov 2005 14:01:56 -0800 (GMT-08:00) Subject: Stupid recruiters. Message-ID: <20909969.1131055316789.JavaMail.root@elwamui-karabash.atl.sa.earthlink.net> I submitted my resume to a large number of web sites about three years ago, and they have propagated into many others that I have never heard of. My general response to an email that includes "urgent request, 6+ months in outer mongolia, please send a resume" is click-delete. Sincerely, -- David Dull ddull at netcom.com http://www.DavidDull.com From dannyman at toldme.com Thu Nov 3 14:18:59 2005 From: dannyman at toldme.com (Danny Howard) Date: Thu, 3 Nov 2005 14:18:59 -0800 Subject: Stupid recruiters. In-Reply-To: <20051103214546.GD3759@igtc.igtc.com> References: <273ADB25-393D-4F37-91F6-7A35B40BB075@halligan.org> <20051103214546.GD3759@igtc.igtc.com> Message-ID: <20051103221858.GP18563@ratchet.nebcorp.com> On Thu, Nov 03, 2005 at 01:45:46PM -0800, Paul M. Moriarty wrote: > I'd be very careful about pissing off recruiters for any reason, even if > they are idiots. You never know when one of them might get hired direct > at a company you really want to work for. Then you're, how shall I put > it, fucked. Would you really want to work for a company with obnoxious recruiters? Maybe. Maybe not. But it is generally better to avoid antagonizing people if you can avoid it. Today's troll may be tomorrows hiring manager, or even internal referral for an open req ... But if you're going to screw with someone, recruiters are probably the least threatening. -danny From alvin at Mail.Linux-Consulting.com Thu Nov 3 14:21:41 2005 From: alvin at Mail.Linux-Consulting.com (Alvin Oga) Date: Thu, 3 Nov 2005 14:21:41 -0800 (PST) Subject: Stupid recruiters. In-Reply-To: <20051103214546.GD3759@igtc.igtc.com> Message-ID: On Thu, 3 Nov 2005, Paul M. Moriarty wrote: > I'd be very careful about pissing off recruiters for any reason, even if > they are idiots. You never know when one of them might get hired direct > at a company you really want to work for. Then you're, how shall I put > it, fucked. they also work with and talk to all the hr depts of most companies ... at least for startups that haven't yet gotten to the point of having hr, and outside hr staff ... we're semi-safe not to bump into xxx at bar inc why aren't they blocked in the spam filter ? - for ph# .. give them a "throw away" cell phone# since one can get free new cell phone every year now days c ya alvin From jkavitsk at Brocade.COM Thu Nov 3 14:31:27 2005 From: jkavitsk at Brocade.COM (Jim Kavitsky) Date: Thu, 3 Nov 2005 14:31:27 -0800 Subject: Stupid recruiters. Message-ID: <24BD2D5F3CEF4F4780606124741B48169976@hq-ex-7.brocade.com> It is extremely unlikely that a recruiter from an offshore recruiting sweatshop is ever going to be hired into a local company that you want to work for. If they have annoyed you, I say go ahead and antagonize them for recreational purposes. ;-) -jimk PS I particularly loved the statement about how allowing your resume to exist on a job portal when you are unavailable is illegal. -----Original Message----- From: owner-baylisa at baylisa.org [mailto:owner-baylisa at baylisa.org] On Behalf Of Danny Howard Sent: Thursday, November 03, 2005 2:19 PM To: Paul M. Moriarty Cc: Michael T.Halligan; baylisa Subject: Re: Stupid recruiters. On Thu, Nov 03, 2005 at 01:45:46PM -0800, Paul M. Moriarty wrote: > I'd be very careful about pissing off recruiters for any reason, even if > they are idiots. You never know when one of them might get hired direct > at a company you really want to work for. Then you're, how shall I put > it, fucked. Would you really want to work for a company with obnoxious recruiters? Maybe. Maybe not. But it is generally better to avoid antagonizing people if you can avoid it. Today's troll may be tomorrows hiring manager, or even internal referral for an open req ... But if you're going to screw with someone, recruiters are probably the least threatening. -danny From deirdre at deirdre.net Thu Nov 3 15:18:29 2005 From: deirdre at deirdre.net (Deirdre Saoirse Moen) Date: Thu, 3 Nov 2005 15:18:29 -0800 Subject: Stupid recruiters. In-Reply-To: <20909969.1131055316789.JavaMail.root@elwamui-karabash.atl.sa.earthlink.net> References: <20909969.1131055316789.JavaMail.root@elwamui-karabash.atl.sa.earthlink.net> Message-ID: <753F2497-66E1-45F0-9F9D-9847822885F8@deirdre.net> On Nov 3, 2005, at 2:01 PM, David Dull wrote: > I submitted my resume to a large number of web sites about three > years ago, and they have propagated into many others that I have > never heard of. My general response to an email that includes > "urgent request, 6+ months in outer mongolia, please send a resume" > is click-delete. When I'm looking, I generally write back saying what I'm looking for. You never know, that might match some keywords they hadn't thought of. :) -- _Deirdre http://deirdre.net From nicole at unixgirl.com Thu Nov 3 14:29:42 2005 From: nicole at unixgirl.com (Nicole) Date: Thu, 03 Nov 2005 15:29:42 -0700 (PST) Subject: Stupid recruiters. In-Reply-To: <20051103221858.GP18563@ratchet.nebcorp.com> Message-ID: <20051103232942.D0B9420F01@krell.webweaver.net> On 03-Nov-05 My Homeland Security "observers" reported that Danny Howard said: > On Thu, Nov 03, 2005 at 01:45:46PM -0800, Paul M. Moriarty wrote: >> I'd be very careful about pissing off recruiters for any reason, even if >> they are idiots. You never know when one of them might get hired direct >> at a company you really want to work for. Then you're, how shall I put >> it, fucked. > > Would you really want to work for a company with obnoxious recruiters? > > Maybe. > > Maybe not. > > But it is generally better to avoid antagonizing people if you can avoid > it. Today's troll may be tomorrows hiring manager, or even internal > referral for an open req ... > > But if you're going to screw with someone, recruiters are probably the > least threatening. > > -danny One of the best quotes I ever heard was from Working Girl. "Never burn bridges - todays senior prick - tommorrow's senior partner" Nicole -- Walmart - We Screw Our Employee's, To Bring You The The Best Prices! The Large Print Giveth And The Small Print Taketh Away -- Anon From alvin at Mail.Linux-Consulting.com Thu Nov 3 16:06:34 2005 From: alvin at Mail.Linux-Consulting.com (Alvin Oga) Date: Thu, 3 Nov 2005 16:06:34 -0800 (PST) Subject: Stupid recruiters. In-Reply-To: <24BD2D5F3CEF4F4780606124741B48169976@hq-ex-7.brocade.com> Message-ID: hi ya On Thu, 3 Nov 2005, Jim Kavitsky wrote: > It is extremely unlikely that a recruiter from an offshore recruiting > sweatshop is ever going to be hired into a local company that you want > to work for. in my world ... say 1/2 of the "paying" customers are offshore ... and usually have offices in the states too - i guess i'm their sweatshop .. > If they have annoyed you, I say go ahead and antagonize > them for recreational purposes. ;-) i think that was the jest of the email .. do you do that or not or do it less visibly with "black holes" or simple "rejected email notices" --------- trick question is .. - are those recruiters using spam servers or are they using their own servers .. which of them is worst ? :-) c ya alvin From michael at halligan.org Thu Nov 3 16:19:03 2005 From: michael at halligan.org (Michael T. Halligan) Date: Thu, 3 Nov 2005 16:19:03 -0800 Subject: Stupid recruiters. In-Reply-To: <20051103232942.D0B9420F01@krell.webweaver.net> References: <20051103232942.D0B9420F01@krell.webweaver.net> Message-ID: <041A3849-A32B-4DCB-A96C-F919EDA05B14@halligan.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What's still escaping me here is... Does anybody actually use these companies? I've done quite a bit of hiring, and I think once I've actually farmed out to a body shop, I've always been able to fill positions (about 30 positions at various companies over the past 10 years) through friends and colleagues. The way these recruiters try to fill positions is at best, pathetic , and at worst, criminal in the United States, and California. I literally get 10-20 emails or calls like this per day. I know that if I get an email for a websphere administrator position in timbuktu in the morning, that I'll get 4 more emails, and 2 phone calls by the end of the day. Do people actually encourage these recruiters? On Nov 3, 2005, at 2:29 PM, Nicole wrote: > > On 03-Nov-05 My Homeland Security "observers" reported that Danny > Howard said: >> On Thu, Nov 03, 2005 at 01:45:46PM -0800, Paul M. Moriarty wrote: >>> I'd be very careful about pissing off recruiters for any reason, >>> even if >>> they are idiots. You never know when one of them might get hired >>> direct >>> at a company you really want to work for. Then you're, how shall >>> I put >>> it, fucked. >> >> Would you really want to work for a company with obnoxious >> recruiters? >> >> Maybe. >> >> Maybe not. >> >> But it is generally better to avoid antagonizing people if you can >> avoid >> it. Today's troll may be tomorrows hiring manager, or even internal >> referral for an open req ... >> >> But if you're going to screw with someone, recruiters are probably >> the >> least threatening. >> >> -danny > > > One of the best quotes I ever heard was from Working Girl. > "Never burn bridges - todays senior prick - tommorrow's senior > partner" > > > Nicole > > > > > > > > > -- Walmart - We Screw Our Employee's, > To Bring You The The Best Prices! > > The Large Print Giveth And The Small Print Taketh Away > -- Anon > > > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD8DBQFDaqj7wjCqooJyNAMRAuEcAKCJyMkDhweoV4kAeVMpUcHOV2i9QgCgvwr5 mRKFN437nEwWN3LiP1K6DIc= =a0CP -----END PGP SIGNATURE----- From pmm at igtc.com Thu Nov 3 16:52:28 2005 From: pmm at igtc.com (Paul M. Moriarty) Date: Thu, 3 Nov 2005 16:52:28 -0800 Subject: Stupid recruiters. In-Reply-To: <041A3849-A32B-4DCB-A96C-F919EDA05B14@halligan.org> References: <20051103232942.D0B9420F01@krell.webweaver.net> <041A3849-A32B-4DCB-A96C-F919EDA05B14@halligan.org> Message-ID: <20051104005228.GD4706@igtc.igtc.com> Michael T. Halligan writes: [...] > > Do people actually encourage these recruiters? > Many companies will work with recruiters on a non-exclusive basis. As I have a good deal of enterprise sw listed on my resume, I get a lot of contacts for ERP implementation consultants. Kind of like Nicole, I reply saying thank you but I do not believe it would be a good fit. If they then reply asking me what would be a good fit, we can discuss further. The job market today is still pretty bleak for employees. Anything you can do to extend your network can give you an advantage when you're looking for a job. From alvin at Mail.Linux-Consulting.com Thu Nov 3 16:58:21 2005 From: alvin at Mail.Linux-Consulting.com (Alvin Oga) Date: Thu, 3 Nov 2005 16:58:21 -0800 (PST) Subject: Stupid recruiters. In-Reply-To: <041A3849-A32B-4DCB-A96C-F919EDA05B14@halligan.org> Message-ID: On Thu, 3 Nov 2005, Michael T. Halligan wrote: > What's still escaping me here is... Does anybody actually use these > companies? i got my 2nd job thru a recruiter 25+ yrs ago i got a okay job back in 95 time frame when *.com was just starting in my book, hiring companies shhould either have - $$$ for running their ads - $$$ for the employee they want ( 2x their potential salary ) - and maybe $$ for the dedicated hr staff to find the match - shared hr staff ( recruiters ) are usually NOT worth it - one ez way to get them off your back .. - i want $150K or $250K/yr for blah blah ( something you're an expert at ) and don't budge and do have a way to verify that sum you're getting because the next potential employer might want to verify it and offer more to you - it usually worked for me .. - NEVER give them names of your friends or enemies > I've done quite a bit of hiring, > and I think once I've actually farmed out to a body shop, I've always > been able to fill positions (about 30 positions > at various companies over the past 10 years) through friends and > colleagues. ah .. a friendly headhunter :-) and you probably don't take the same 30-50% of their first years salary as your fees if the hiring company paid those fees, why don't they just simply pay that same fee tothe employee, even if is vested over 2 or 4 yrs, as they'd definitely have a happier employee finding "good people" is not difficult if one knows where to look and/or who to ask > > The way these recruiters try to fill positions is at best, pathetic , > and at worst, criminal in the United States, and California. > I literally get 10-20 emails or calls like this per day. I know that > if I get an email for a websphere administrator position > in timbuktu in the morning, that I'll get 4 more emails, and 2 phone > calls by the end of the day. time for new phone and new emails - since the aggrevation and interruptions probably is counter productive > Do people actually encourage these recruiters? for the statistics that they do, the recruiters just need to make one sale year and they still make a killing on the side c ya alvin From michael at halligan.org Thu Nov 3 17:10:06 2005 From: michael at halligan.org (Michael T. Halligan) Date: Thu, 3 Nov 2005 17:10:06 -0800 Subject: Stupid recruiters. In-Reply-To: <20051104005228.GD4706@igtc.igtc.com> References: <20051103232942.D0B9420F01@krell.webweaver.net> <041A3849-A32B-4DCB-A96C-F919EDA05B14@halligan.org> <20051104005228.GD4706@igtc.igtc.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I fully agree with you from a networking point of view. Some of them, however, either deserve ridicule or going straight to a spam blacklist. I've been off of the market for years now, but based on the amount of noise I've been receiving from recruiters, I feel that the market isn't as bad as you're portraying it. Mid-level admins will never get $100k just because they can power on a pc and call it a server, but I see no reason for any employable, competent unix admin to be without a job right now. In fact, given the mass # of sysadmins that Google & Yahoo are hiring, the pool of good admins should be drying up in a way that should make it more of an employee's market. Honestly, the least employable admins I know have all found jobs in the past 6 months... If the guys who shower once a week, wear stained t-shirts and torn jeans, and have bad attitudes can get decent paying positions in the bay area, then I find it hard to believe that anybody else can't. On Nov 3, 2005, at 4:52 PM, Paul M. Moriarty wrote: > Michael T. Halligan writes: > [...] >> >> Do people actually encourage these recruiters? >> > > Many companies will work with recruiters on a non-exclusive basis. > As I > have a good deal of enterprise sw listed on my resume, I get a lot of > contacts for ERP implementation consultants. Kind of like Nicole, > I reply > saying thank you but I do not believe it would be a good fit. If > they then > reply asking me what would be a good fit, we can discuss further. > > The job market today is still pretty bleak for employees. Anything > you can > do to extend your network can give you an advantage when you're > looking for > a job. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD8DBQFDarT1wjCqooJyNAMRApvVAKCcl7x3d2tcCUv3Qyzm6hnEfG0sIgCbBKOV L9FFfN5GsYxqBHBo39S+1RQ= =RKwC -----END PGP SIGNATURE----- From jimd at starshine.org Thu Nov 3 17:25:39 2005 From: jimd at starshine.org (Jim Dennis) Date: Thu, 3 Nov 2005 17:25:39 -0800 Subject: Suggestions please for load balancers. In-Reply-To: <842254bf0511031207v6f85d5f4v8a243134432afa10@mail.gmail.com> References: <20051103020538.4C8E620F01@krell.webweaver.net> <436A6608.7090903@enteka.com> <842254bf0511031207v6f85d5f4v8a243134432afa10@mail.gmail.com> Message-ID: <20051104012539.GA4656@starshine.org> On Thu, Nov 03, 2005 at 12:07:26PM -0800, Dave Johanson wrote: > Alteons are inexpensive on eBay these days. > If money wasn't an issue I would buy Netscalers. > Dave J. If money was your prime consideration how would you feel about roll-your-own with something like IPVS (Linux Virtual Server Project)? (Just curious, haven't used one, yet) -- Jim Dennis From nicole at unixgirl.com Thu Nov 3 17:24:40 2005 From: nicole at unixgirl.com (Nicole) Date: Thu, 03 Nov 2005 18:24:40 -0700 (PST) Subject: Suggestions please for load balancers. In-Reply-To: <20051104012539.GA4656@starshine.org> Message-ID: <20051104022441.D85DA20F01@krell.webweaver.net> On 04-Nov-05 My Homeland Security "observers" reported that Jim Dennis said: > On Thu, Nov 03, 2005 at 12:07:26PM -0800, Dave Johanson wrote: >> Alteons are inexpensive on eBay these days. >> If money wasn't an issue I would buy Netscalers. > >> Dave J. > > If money was your prime consideration how would you feel about > roll-your-own with something like IPVS (Linux Virtual Server > Project)? > > (Just curious, haven't used one, yet) > > -- > Jim Dennis If a gerbal on a wheel was reliable, had good docs and worked I would use it.. assuming management was ok with it. Any good URL's for it or other versions, etc? Nicole Why do all the closed minds have open mouths? -- Sister MaryMae Himm The Large Print Giveth And The Small Print Taketh Away -- Tom Waits - "Step Right Up" From dannyman at toldme.com Fri Nov 4 09:19:38 2005 From: dannyman at toldme.com (Danny Howard) Date: Fri, 4 Nov 2005 09:19:38 -0800 Subject: Job Market In-Reply-To: <20051104005228.GD4706@igtc.igtc.com> References: <20051103232942.D0B9420F01@krell.webweaver.net> <041A3849-A32B-4DCB-A96C-F919EDA05B14@halligan.org> <20051104005228.GD4706@igtc.igtc.com> Message-ID: <20051104171938.GQ18563@ratchet.nebcorp.com> On Thu, Nov 03, 2005 at 04:52:28PM -0800, Paul M. Moriarty wrote: > The job market today is still pretty bleak for employees. Enh? You know qualified SysAdmins who need work? How about Perl developers with Mason, Postgres, and AJAX experience? Everybody is hiring and the best candidates are scarce now because, well, everybody's hiring. Maybe Google gets some credit for sucking in a lot of the most talented people in the Valley. I have seen "bleak" ... that was 2001, 2002, and 2003. In 2004 I took a new position with a 60% salary increase. (I had been underpaid.) I don't see bleak. At least, not for the really talented ... anyone else care to share their observations? Thanks, -danny -- http://dannyman.toldme.com/ From pmm at igtc.com Fri Nov 4 09:23:20 2005 From: pmm at igtc.com (Paul M. Moriarty) Date: Fri, 4 Nov 2005 09:23:20 -0800 Subject: Job Market In-Reply-To: <20051104171938.GQ18563@ratchet.nebcorp.com> References: <20051103232942.D0B9420F01@krell.webweaver.net> <041A3849-A32B-4DCB-A96C-F919EDA05B14@halligan.org> <20051104005228.GD4706@igtc.igtc.com> <20051104171938.GQ18563@ratchet.nebcorp.com> Message-ID: <20051104172320.GF9918@igtc.igtc.com> Danny Howard writes: > On Thu, Nov 03, 2005 at 04:52:28PM -0800, Paul M. Moriarty wrote: > > > The job market today is still pretty bleak for employees. > > Enh? > I'm atypical. At the top of the IT mgmt food chain, jobs are still scarce (but I have landed and am off the market). - Paul - From brian.street at bayarea.net Fri Nov 4 09:33:17 2005 From: brian.street at bayarea.net (Brian Street) Date: Fri, 4 Nov 2005 09:33:17 -0800 Subject: Job Market In-Reply-To: <20051104172320.GF9918@igtc.igtc.com> References: <20051103232942.D0B9420F01@krell.webweaver.net> <041A3849-A32B-4DCB-A96C-F919EDA05B14@halligan.org> <20051104005228.GD4706@igtc.igtc.com> <20051104171938.GQ18563@ratchet.nebcorp.com> <20051104172320.GF9918@igtc.igtc.com> Message-ID: <1131125597.436b9b5d215e5@myaccount.bayarea.net> Quoting "Paul M. Moriarty" : > Danny Howard writes: > > On Thu, Nov 03, 2005 at 04:52:28PM -0800, Paul M. Moriarty wrote: > > > > > The job market today is still pretty bleak for employees. > > > > Enh? > > > > I'm atypical. At the top of the IT mgmt food chain, jobs are still > scarce > (but I have landed and am off the market). > > - Paul - > I'm still down 20% from my peak salary in 2000. My AS degree may have something to do with that though but I would have thought my almost 20 years of experience would have made up for that. Brian. From deirdre at deirdre.net Fri Nov 4 10:04:14 2005 From: deirdre at deirdre.net (Deirdre Saoirse Moen) Date: Fri, 4 Nov 2005 10:04:14 -0800 Subject: Job Market In-Reply-To: <20051104171938.GQ18563@ratchet.nebcorp.com> References: <20051103232942.D0B9420F01@krell.webweaver.net> <041A3849-A32B-4DCB-A96C-F919EDA05B14@halligan.org> <20051104005228.GD4706@igtc.igtc.com> <20051104171938.GQ18563@ratchet.nebcorp.com> Message-ID: <87347DC1-AA49-4F06-9C2E-F97121BA1B73@deirdre.net> On Nov 4, 2005, at 9:19 AM, Danny Howard wrote: > You know qualified SysAdmins who need work? How about Perl developers > with Mason, Postgres, and AJAX experience? Everybody is hiring and > the > best candidates are scarce now because, well, everybody's hiring. > Maybe > Google gets some credit for sucking in a lot of the most talented > people > in the Valley. > > I have seen "bleak" ... that was 2001, 2002, and 2003. In 2004 I > took a > new position with a 60% salary increase. (I had been underpaid.) I > don't see bleak. At least, not for the really talented ... anyone > else > care to share their observations? In the past month, I've had two job offers over beer, rebuffed a number of recruiters. -- _Deirdre http://deirdre.net From gford at idiom.com Fri Nov 4 12:08:19 2005 From: gford at idiom.com (Glen Ford) Date: Fri, 04 Nov 2005 12:08:19 -0800 Subject: Anyone know of Thinkpad repair place in bay area Message-ID: <436BBFB3.40703@idiom.com> I have Thinkpad T21 with non-functioning lcd. Would love to get lcd fixed. Can anyone on this list recommend a local repair place? Thanks, /glen From jac at panix.com Fri Nov 4 12:56:38 2005 From: jac at panix.com (John Clear) Date: Fri, 4 Nov 2005 12:56:38 -0800 Subject: Anyone know of Thinkpad repair place in bay area In-Reply-To: <436BBFB3.40703@idiom.com> References: <436BBFB3.40703@idiom.com> Message-ID: <20051104205638.GA23854@panix.com> On Fri, Nov 04, 2005 at 12:08:19PM -0800, Glen Ford wrote: > I have Thinkpad T21 with non-functioning lcd. > Would love to get lcd fixed. > Can anyone on this list recommend a local repair place? We use A&A Computers in Santa Clara for alot of IBM laptop warranty and non-warranty work. No idea about $$$, but they are fast and responsive. http://www.anacomputers.com/contactus.asp John From michael at halligan.org Fri Nov 4 12:46:19 2005 From: michael at halligan.org (Michael T. Halligan) Date: Fri, 4 Nov 2005 12:46:19 -0800 Subject: Job Market In-Reply-To: <1131125597.436b9b5d215e5@myaccount.bayarea.net> References: <20051103232942.D0B9420F01@krell.webweaver.net> <041A3849-A32B-4DCB-A96C-F919EDA05B14@halligan.org> <20051104005228.GD4706@igtc.igtc.com> <20051104171938.GQ18563@ratchet.nebcorp.com> <20051104172320.GF9918@igtc.igtc.com> <1131125597.436b9b5d215e5@myaccount.bayarea.net> Message-ID: <5C3712F6-1EFC-4919-A947-7C8D999DE42E@halligan.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Nov 4, 2005, at 9:33 AM, Brian Street wrote: > Quoting "Paul M. Moriarty" : > >> Danny Howard writes: >>> On Thu, Nov 03, 2005 at 04:52:28PM -0800, Paul M. Moriarty wrote: >>> >>>> The job market today is still pretty bleak for employees. >>> >>> Enh? >>> >> >> I'm atypical. At the top of the IT mgmt food chain, jobs are still >> scarce >> (but I have landed and am off the market). >> >> - Paul - >> > > > I'm still down 20% from my peak salary in 2000. My AS degree may have > something to do with that though but I would have thought my almost > 20 years of experience would have made up for that. > > Brian. Brian, I don't think education has anything to do with it. I finished high school at 15 and went straight to work as a sysadmin. I've never been turned down for a position due to a lack of higher education. I did find that the more I focused on the business impact of infrastructure, and the more I focused on infrastructure, that my "value" went up. What I really found was most beneficial when I was on the market was going into every job interview, with one goal, to learn about the customer. I do my best not to talk about myself, my experience, or anything, because the customer really doesn't care. The customer cares about themselves. Businesses aren't in business to provide jobs, they're in business to make money. The more interest I showed in the customer, the more I understood about my customer's business, the easier it was to show that I could benefit them. The easier it was to put into their minds that "I can manage your assets more reliably, and more cost efficiently than anybody else you will interview" A lot of people don't know how to interview. When I've been in hiring positions, I've had people come in and brag about themselves, "me this, me that", basically patting themselves on the back. Those candidates went straight into the reject pile. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD8DBQFDa8ifwjCqooJyNAMRAqloAJkBLKRYw9VMXitsmYyDZWnvBxdKbQCfYka/ nKCmAtfmPyNHDq1pN322Mtg= =oCHE -----END PGP SIGNATURE----- From alvin at Mail.Linux-Consulting.com Fri Nov 4 20:19:22 2005 From: alvin at Mail.Linux-Consulting.com (Alvin Oga) Date: Fri, 4 Nov 2005 20:19:22 -0800 (PST) Subject: Job Market - interview In-Reply-To: <5C3712F6-1EFC-4919-A947-7C8D999DE42E@halligan.org> Message-ID: On Fri, 4 Nov 2005, Michael T. Halligan wrote: > I don't think education has anything to do with it. I finished high > school at 15 smart kid :-) > A lot of people don't know how to interview. When I've been in hiring > positions, I've > had people come in and brag about themselves, "me this, me that", but that is how you get the interview ... but once there, you do have to change to "show how you can help them" ( them this and them that ) c ya alvin From alvin at Mail.Linux-Consulting.com Mon Nov 7 18:58:11 2005 From: alvin at Mail.Linux-Consulting.com (Alvin Oga) Date: Mon, 7 Nov 2005 18:58:11 -0800 (PST) Subject: Stupid recruiters. In-Reply-To: Message-ID: hi ya On Mon, 7 Nov 2005, Michael T. Halligan wrote: > Seriously, though, have you ever responded to a job ad? for me, i replied to the 2 headhunters and i got both jobs from them .. ( it was up my alley or of interest to me ) and from what i hear, the headhunter and the hr was bickering about how much of the excessive fees the headhunter needs to get .. but, hr dept should know better ... and be able to negotiate fees w/ outsiders before they hire outside help which results in bozo's like me that get hired in > my resumes, or through friends. Mostly through friends. I got one > position once after i get most all of my jobs/work thru strangers where there was nobody i know working at the company nor by referral from buddies but now days, i just reply to their inquiry and quote something or other, where more details inquiries gets more detailed replies i haven't updated or sent out resumes in years .. other than the occassional curiousity like sending to google to see if it "catches" somebody's eyeballz the "bid-a-job and wait-n-see" ( contracting ) is lot better than pushing resume's around - xxx corp doesn't usually ask for yyy vendors corp resume or resume of their employee's - xxx corp has a problem that they need solved and already found you ... the trick is to close the sale if they have a realistic goals/expectations > Hrm, that's interesting. Do companies buy statistics from recruiters? they must be ... there's just way way too many non-xistant jobs and the junk mail for job offers for which i don't want or not qualified besides the job descriptions is pretty much identical - the same usual list of alphabet soup and fancy acronyms for the quarter - must be "Sr xxx" with 2+ yrs experience which automatically goes to /dev/null for me "Sr" to me implies 5+yrs in HW, 5+yrs in SW, 5+ years in firmware/device drivers, ... and 30+ years with people interaction :-) - the same usual list of "personality requirements" - and some pays "foreign country wages" and some gives good or bad stock options - only thing we have to distinguish xxx from yyy employer is the widget that they're making and if those alphabet soup has anything to do with the new widget c ya alvin From michael at halligan.org Mon Nov 7 18:25:58 2005 From: michael at halligan.org (Michael T. Halligan) Date: Mon, 7 Nov 2005 18:25:58 -0800 Subject: Stupid recruiters. In-Reply-To: <20051103221858.GP18563@ratchet.nebcorp.com> References: <273ADB25-393D-4F37-91F6-7A35B40BB075@halligan.org> <20051103214546.GD3759@igtc.igtc.com> <20051103221858.GP18563@ratchet.nebcorp.com> Message-ID: <739FB73F-829C-4A57-9C82-284B12CDFACB@halligan.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Danny, I have mixed feelings about this. On one hand, it's a bad thing to burn bridges, and I probably should have kicked myself before sending out the parent e-mail to this thread. On the other hand, The recruiters I return calls to today are mostly the recruiters who I returned calls to 6 years ago. We work in a very, very small industry. Everybody knows everybody. Fluff comes and goes, but the good people tend to stick around. Luckily, however, if I hurt my reputation with recruiters, I won't sweat it. I'm not likely to ever want to take a full-time position again, I'm just not the kind of person to enjoy being in W2 servitude. On Nov 3, 2005, at 2:18 PM, Danny Howard wrote: > On Thu, Nov 03, 2005 at 01:45:46PM -0800, Paul M. Moriarty wrote: >> I'd be very careful about pissing off recruiters for any reason, >> even if >> they are idiots. You never know when one of them might get hired >> direct >> at a company you really want to work for. Then you're, how shall >> I put >> it, fucked. > > Would you really want to work for a company with obnoxious recruiters? > > Maybe. > > Maybe not. > > But it is generally better to avoid antagonizing people if you can > avoid > it. Today's troll may be tomorrows hiring manager, or even internal > referral for an open req ... > > But if you're going to screw with someone, recruiters are probably the > least threatening. > > -danny -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD8DBQFDcAy9wjCqooJyNAMRAsqXAJ9Sj1o1zU3vY4eDxdlybc79zND/YQCgqWpU 8f6HPxoDRYYgID3zyyDzIoM= =INKH -----END PGP SIGNATURE----- From michael at halligan.org Mon Nov 7 18:33:12 2005 From: michael at halligan.org (Michael T. Halligan) Date: Mon, 7 Nov 2005 18:33:12 -0800 Subject: Job Market - interview In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > > On Fri, 4 Nov 2005, Michael T. Halligan wrote: > >> I don't think education has anything to do with it. I finished high >> school at 15 > > smart kid :-) No, if I was a smart kid, I'd have gone straight into business, and become a millionaire in the dot-com craze.. Instead, I got suckered in by tech purism and slaved away as a sysadmin for far too long. Cults are bad, even open-source cults! > >> A lot of people don't know how to interview. When I've been in hiring >> positions, I've >> had people come in and brag about themselves, "me this, me that", > > but that is how you get the interview ... > > but once there, you do have to change to "show how you can help them" > ( them this and them that ) I don't think you open any doors by talking about yourself. The resume is just a tool to show that you can read and write, and maybe appear in keyword searches. If you write your resume in a way that boldly says "this is what I will do for you", then you will get far more responses. Ask a marketing guy to spend a lunch-hour explaining features versus benefits to you in layman's speak. It'll change your world. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD8DBQFDcA5owjCqooJyNAMRAiHpAKCG3qO5XeFw0hfrp1G6Qz1S6i52EACeI0hV 1k/fzDWiwTXywaIdmimjklg= =CWs7 -----END PGP SIGNATURE----- From michael at halligan.org Mon Nov 7 18:30:19 2005 From: michael at halligan.org (Michael T. Halligan) Date: Mon, 7 Nov 2005 18:30:19 -0800 Subject: Stupid recruiters. In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > >> What's still escaping me here is... Does anybody actually use these >> companies? > > i got my 2nd job thru a recruiter 25+ yrs ago > i got a okay job back in 95 time frame when *.com was just starting > > in my book, hiring companies shhould either have > - $$$ for running their ads > - $$$ for the employee they want ( 2x their potential salary ) > - and maybe $$ for the dedicated hr staff to find the match > > - shared hr staff ( recruiters ) are usually NOT worth it > > - one ez way to get them off your back .. > > - i want $150K or $250K/yr for blah blah ( something you're an > expert at ) and don't budge and do have a way to verify that > sum you're getting because the next potential employer might > want to verify it and offer more to you > > - it usually worked for me .. > > - NEVER give them names of your friends or enemies > Seriously, though, have you ever responded to a job ad? I think of all the positions i've had, I got one of them by responding to an ad. The rest were recruiters finding my resumes, or through friends. Mostly through friends. I got one position once after reading about the start-up in a trade journal. I called up their CEO, told him I wanted to work there, and emailed him my resume, started the next week. >> I've done quite a bit of hiring, >> and I think once I've actually farmed out to a body shop, I've always >> been able to fill positions (about 30 positions >> at various companies over the past 10 years) through friends and >> colleagues. > > ah .. a friendly headhunter :-) and you probably don't take the > same 30-50% of their first years salary as your fees > if the hiring company paid those fees, why don't they just simply > pay that same fee tothe employee, even if is vested over 2 or 4 yrs, > as they'd definitely have a happier employee > > finding "good people" is not difficult if one knows where to look > and/or who to ask > My rule of thumb is this. If I get you a position that pays less than $75k, I expect an 8-pack of guinness. If I get you a position that pays more than $100k, I expect a keg of guinness for my kegerator. I hardly drink at all anymore, so let's just say that over the past year I have had many, many opportunities to give my friends free guinness. I like the beer economy. Recruiters on the other hand, if I think there is a value in me scratching their back, then I just remind them that I'll expect a favor some day. If I don't think there's a value, I demand a finder's fee, or don't give them a resume. >> >> The way these recruiters try to fill positions is at best, pathetic , >> and at worst, criminal in the United States, and California. >> I literally get 10-20 emails or calls like this per day. I know that >> if I get an email for a websphere administrator position >> in timbuktu in the morning, that I'll get 4 more emails, and 2 phone >> calls by the end of the day. > > time for new phone and new emails > > - since the aggrevation and interruptions probably is > counter productive > >> Do people actually encourage these recruiters? > > for the statistics that they do, the recruiters just need to make > one sale year and they still make a killing on the side Hrm, that's interesting. Do companies buy statistics from recruiters? If so, then I could see all of these loser chop-shop headhunters having some value afterall. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD8DBQFDcA27wjCqooJyNAMRAsAaAJ0V0YjYmEwWOMOqQx4HHA2NOxK89gCfZW8K qN/v8yntzgxCHLlxihaZ3lk= =7qcH -----END PGP SIGNATURE----- From vraptor at employees.org Mon Nov 7 14:20:10 2005 From: vraptor at employees.org (vraptor at employees.org) Date: Mon, 7 Nov 2005 14:20:10 -0800 (PST) Subject: Job Market In-Reply-To: <20051104171938.GQ18563@ratchet.nebcorp.com> References: <20051103232942.D0B9420F01@krell.webweaver.net> <041A3849-A32B-4DCB-A96C-F919EDA05B14@halligan.org> <20051104005228.GD4706@igtc.igtc.com> <20051104171938.GQ18563@ratchet.nebcorp.com> Message-ID: <20051107141552.R12600@willers.employees.org> On Fri, 4 Nov 2005, Danny Howard wrote: > You know qualified SysAdmins who need work? How about Perl developers > with Mason, Postgres, and AJAX experience? Everybody is hiring and the > best candidates are scarce now because, well, everybody's hiring. Maybe > Google gets some credit for sucking in a lot of the most talented people > in the Valley. > > I have seen "bleak" ... that was 2001, 2002, and 2003. In 2004 I took a > new position with a 60% salary increase. (I had been underpaid.) I > don't see bleak. At least, not for the really talented ... anyone else > care to share their observations? I'd definitely agree vis-a-vis the east coast. I've seen some of the knuckle draggers around here that pass as sys- admins who manage to get and keep jobs... How are the salaries out west, though (your situation aside)? In late 2003 when things were just starting to come back, CA salaries had seemed to have taken a 4-5 year roll-back, which was another reason I went east. I mean, it's not like the cost of living has gone down in CA. =Nadine= From jimd at starshine.org Mon Nov 7 14:15:29 2005 From: jimd at starshine.org (Jim Dennis) Date: Mon, 7 Nov 2005 14:15:29 -0800 Subject: Suggestions please for load balancers. In-Reply-To: <20051104022441.D85DA20F01@krell.webweaver.net> References: <20051104012539.GA4656@starshine.org> <20051104022441.D85DA20F01@krell.webweaver.net> Message-ID: <20051107221529.GG24218@starshine.org> On Thu, Nov 03, 2005 at 06:24:40PM -0700, Nicole wrote: > On 04-Nov-05 My Homeland Security "observers" reported that Jim Dennis said: >> On Thu, Nov 03, 2005 at 12:07:26PM -0800, Dave Johanson wrote: >>> Alteons are inexpensive on eBay these days. >>> If money wasn't an issue I would buy Netscalers. >>> Dave J. >> If money was your prime consideration how would you feel about >> roll-your-own with something like IPVS (Linux Virtual Server >> Project)? >> (Just curious, haven't used one, yet) > If a gerbal on a wheel was reliable, had good docs and worked I would > use it.. > assuming management was ok with it. Any good URL's for it or other > versions, etc? > Nicole My comment was more on the order of fishing for comments from anyone who *has* used one of these under fire. You can read more about it at: http://www.linuxvirtualserver.org/ ... but I'd make the following observations before I'd recommend them: * You might be able to download, configure and install one of these on a set of systems in about an afternoon. The price and availability are right and you don't have to deal with slick, verbose, cloying sales critters to play with one. * I wouldn't seriously consider proposing this unless you have enough spare/idle hardware to set up a three server load balancing pool and a small farm of load generators (at least three clients --- preferably at least six). * The hard part of demonstrating the feasibility of this approach is finding, installing and configuring the right software to really test its robustness and scalability. If your developers (for whatever application you want to host on the back end of this LB cluster) has developed some load tests it will help immensely. However, it's been my experience that developing good load tests is more difficult than developing the core application. * Searching the LVS (Linux Virtual Server) site on "testing" seems to generate a number of interesting hits. Read those. * Searching http://www.freshmeat.net on "load testing" generates about 25 hits and most of those are for web application load testing. * I've had minor experience with Frank Cohen's "Load" (formerly known as "TestMaker" or something like that: http://www.pushtotest.com/ptt * It's likely to take far more time developing a test harness than configuring LVS/IPVS (IPVS is the Linux kernel component of the LVS). However, you might make a reasonable case to your management that such a test harness should include LVS as the baseline. This might result in a decision to actually use LVS in production (if it surprises everyone by surpassing the competition, or if your management looks at the cost/benefit/risk analysis and decides based on that). If you do pursue this, please write up a report for all of us (or at least for me --- perhaps even for Heather as a Linux Gazette article). -- Jim Dennis From jimd at starshine.org Tue Nov 8 00:33:28 2005 From: jimd at starshine.org (Jim Dennis) Date: Tue, 8 Nov 2005 00:33:28 -0800 Subject: Options for a 24-port firewall? In-Reply-To: References: Message-ID: <20051108083328.GA27170@starshine.org> On Sat, Oct 29, 2005 at 07:20:05PM -0700, Alvin Oga wrote: > hi ya michael > On Sat, 29 Oct 2005, Michael T. Halligan wrote: >>> On Sat, Oct 29, 2005 at 01:21:53PM -0700, Michael T.Halligan wrote: >>>> I'm sitting around, analyzing my firewall needs. My needs are pretty >>>> simple. I need to be able to throw a lot of customers on their own >>>> 100mb firewall ports. Most customers >>>> will never use more than about 3 mb/s. Given this, I expect the >>>> overall throughput for 24 customers, given some flux, to be about >>>> 150mb/s. Ideally, I'd love to throw Linux or >>>> OpenBSD onto a box that has 1/2 dozen quad ethernet cards.. I'd also > motherboards with 6-pci slots is harder to find but if you're not > locked to a particular cpu or mb vendor .. its doable .. > yo'd probably want pci-x instead and there's probably not many > choices of mb for 4x or 6x 64-bit pci slot motherboards .. Why not get a $2000 white box 1U with a couple of 4-port PCI NICs (at less than $500 each)? That gives you 8 separate ethernet Interfaces, 3 or 4 drive slots (possibly hot-swappable ... SATA or SCSI ... for software or hardware RAID (depends on your preferences and motherboard). Duplicate the whole mess for redundancy and your up to $6-grand. Leaves you $1500 in your budget for doing your own installation, configuration, testing, or buying around a beers with the gang. If space is not an issue then get a couple of 3u servers with three or four PCI slots and fill those with the 4-port wonders. 12 to 16 interfaces. (I know Linux can handle those, I've done it). I wouldn't try doing complex SNORT analysis and logging on even 8 of the 100Mbps ports at once ... but simple routing and packet filtering should be possible at full line speed for those. > openbsd would be better os The proposed solution would let you pick whatever, suits your fancy. >>>> like to keep the budget per firewall under $7.5k, which rules out any >>>> commerical solution. > i'd go for 2 machines instead of 1 ... > and seems doable for the budget .. except for the "time for home brew" :-) > c ya > alvin -- Jim Dennis From bill at thecrookes.com Mon Nov 7 16:43:43 2005 From: bill at thecrookes.com (Bill Crooke) Date: Mon, 07 Nov 2005 16:43:43 -0800 Subject: Peninsula Linux Users' Group Meeting, Thursday, November 10th, 2005 Message-ID: <436FF4BF.4050207@thecrookes.com> Peninsula Linux Users' Group, Thursday, November 10th, 2005 NOTE: New meeting location this month. We have a meeting of the Peninsula Linux Users' Group (PenLUG) this week! Here are the details about the next meeting. For more information or directions go to http://www.penlug.org/ Our website is a TWiki; please feel free to create a user account and modify the website if you have something to contribute. Date: Thursday, November 10th, 2005 Time: 7:00 - 9:00 PM Location: IHOP restaurant in Belmont, CA Agenda: ======= 7:00 - 8:30 PM: Presentation by Arno Puder: "XML11 - An Abstract Windowing Protocol" 8:30 - 9:00 PM: Members' Minutes 8:45 - 9:00 PM: Adjourn to IHOP (Belmont) for social & food time Presentation by Arno Puder: "XML11 - An Abstract Windowing Protocol" ====================================================================== Arno Puder, XML11 - An Abstract Windowing Protocol Arno Puder received his masters and Ph.D. in computer science and is currently working as an Assistant Professor at San Francisco State University. He is one of the founders of the MICO CORBA implementation. His special interests include distributed systems, middleware architectures and ubiquitous computing environments. This presentation introduces XML11, an abstract windowing protocol inspired by the X11-protocol develop by MIT. XML11 is an XML-based protocol that allows asynchronous UI updates of widgets to an end-device. To overcome high-latency connections, XML11 allows migration of application logic to the end-device. The prototype implementation of XML11 runs in any standard web browser without Java capabilities on the client-side and replaces AWT/Swing on the server-side. This also allows us to expose legacy AWT/Swing applications as web applications. Ultimately XML11 can be used for writing Ajax applications without requiring any JavaScript knowledge. The prototype implementation of XML11 is released under the GPL and available at www.xml11.org Members' Minutes ================ Members will have an opportunity to take a few minutes to... * Describe their latest Linux discovery * Ask questions and get help from other members * Discuss Linux projects You can just stand up and talk, or give a short demo or presentation. If you need audio/visual support for your Members' Minute, please contact me in advance to arrange for your needs. We have a limited number of books courtesy of Prentice-Hall and O'Reilly to give away as an added inducement to participate in this portion of the meeting. :-) RSVP ==== Although it is NOT required, we like to have an idea of how many people to expect, so if possible please email rsvp at penlug.org if you are planning to attend. Bill Crooke PenLUG Speaker Coordinator From henry at vatican.com Tue Nov 8 09:19:20 2005 From: henry at vatican.com (Henry Goldwire) Date: Tue, 8 Nov 2005 12:19:20 -0500 Subject: Options for a 24-port firewall? References: <20051108083328.GA27170@starshine.org> Message-ID: <000f01c5e488$90f508b0$6a2810ac@hgoldwiredesktop> How about a linux box using the built-in gig NIC connected to a $300 24-port switch that supports 802.1q VLANs (e.g. netgear FSM726). You run linux with 8021q module and iptables. If you're feeling fancy, use two e1000s in a pair under ANS. Voila. 24 port gigabit firewall -- $1000. P.S. You will fail when you try to make this HA using VRRP. -- Henry ----- Original Message ----- From: "Jim Dennis" To: "Alvin Oga" Cc: Sent: Tuesday, November 08, 2005 3:33 AM Subject: Re: Options for a 24-port firewall? > On Sat, Oct 29, 2005 at 07:20:05PM -0700, Alvin Oga wrote: > >> hi ya michael > >> On Sat, 29 Oct 2005, Michael T. Halligan wrote: > >>>> On Sat, Oct 29, 2005 at 01:21:53PM -0700, Michael T.Halligan wrote: > >>>>> I'm sitting around, analyzing my firewall needs. My needs are pretty >>>>> simple. I need to be able to throw a lot of customers on their own >>>>> 100mb firewall ports. Most customers >>>>> will never use more than about 3 mb/s. Given this, I expect the >>>>> overall throughput for 24 customers, given some flux, to be about >>>>> 150mb/s. Ideally, I'd love to throw Linux or >>>>> OpenBSD onto a box that has 1/2 dozen quad ethernet cards.. I'd also > >> motherboards with 6-pci slots is harder to find but if you're not >> locked to a particular cpu or mb vendor .. its doable .. > >> yo'd probably want pci-x instead and there's probably not many >> choices of mb for 4x or 6x 64-bit pci slot motherboards .. > > Why not get a $2000 white box 1U with a couple of 4-port PCI NICs > (at less than $500 each)? > > That gives you 8 separate ethernet Interfaces, 3 or 4 drive slots > (possibly hot-swappable ... SATA or SCSI ... for software or hardware > RAID (depends on your preferences and motherboard). > > Duplicate the whole mess for redundancy and your up to $6-grand. > > Leaves you $1500 in your budget for doing your own installation, > configuration, testing, or buying around a beers with the gang. > > If space is not an issue then get a couple of 3u servers with three > or four PCI slots and fill those with the 4-port wonders. 12 to > 16 interfaces. (I know Linux can handle those, I've done it). > I wouldn't try doing complex SNORT analysis and logging on even 8 > of the 100Mbps ports at once ... but simple routing and packet > filtering should be possible at full line speed for those. > >> openbsd would be better os > > The proposed solution would let you pick whatever, suits your fancy. > >>>>> like to keep the budget per firewall under $7.5k, which rules out any >>>>> commerical solution. > >> i'd go for 2 machines instead of 1 ... >> and seems doable for the budget .. except for the "time for home brew" >> :-) > >> c ya >> alvin > > -- > Jim Dennis > From sigje at sigje.org Wed Nov 9 11:03:44 2005 From: sigje at sigje.org (Jennifer Davis) Date: Wed, 9 Nov 2005 11:03:44 -0800 (PST) Subject: Nov 9: BayLISA Peninsula Meeting: Email/Collaboration Tools in the Workplace In-Reply-To: References: Message-ID: Topic: Email and Collaboration Tools in the Workplace Date: Wednesday, November 9 2005, 7:30PM Where: Zimbra, Inc 1500 Fashion Island Blvd Ste 100 San Mateo, CA 94404 http://maps.google.com/maps?q=1500+Fashion+Island+Boulevard,+94404&spn=0.030477,0.047252&hl=en 7:30 pm Introductions and Announcements - Have a Job/Want a Job 7:45 pm 1st Speaker - Zimbra Inc 8:30 pm 2nd Speaker - Mirapoint Inc 9:15 Discussion/Analysis/Comments/Interact with Demos Please RSVP to rsvp at baylisa.org. Friday is the LAST day you can register for BaySUG!! Don't forget: BaySUG 2005 (Free!!) Date: Saturday November 12, 2005 Where: Computer History Musuem, 1401 N Shoreline Blvd Mtn View, CA 94043 Jeremy Allison - Samba what's new, complexities, status of the project Chris DiBona - Google's Summer of Code process and results networking, tour of the computer history museum, and reception sponsored by google Books from Addison-Wesley/Prentice Hall PTR, and O'Reilly give aways This event is free, and registration is open now at http://www.usenix.org/events/baysug05/ From ahorn at deorth.org Wed Nov 9 11:54:58 2005 From: ahorn at deorth.org (Alan Horn) Date: Wed, 9 Nov 2005 11:54:58 -0800 (PST) Subject: Election Statement Message-ID: I've thought about this for quite some time, and have finally decided to put my name up as a candidate to run for BayLISA board this year. I hope that this statement isn't arriving too late to make the ballot. For those who don't know my face (and that's most of you ;) I'm one of the folks that helps setup and teardown the monthly meetings, lay out the pizza and drinks (or doughnuts), operate the camcorder to record the meetings (although yes, we've been without camera for several months now, but when we *did* have one, I was the guy sitting next to it in the corner of the room this year). I also (via the goodwill of my employer) provide meeting space and phone conference facilities for the monthly board meetings when needed. So that's a frame of reference. Let me say a little about myself, and then why I'm running for board and what I hope to achieve. Like most of you, I'm a System Administrator. I've been doing this sort of work for about 12 years, on two different continents. At different times I've focussed on systems, networks, security, application development, even helpdesk support ;) I've done a lot over the years and thats why I understand the need for a place like BayLISA and what it brings to enrich our personal and professional lives. For the last year or so I've attended almost every board meeting, and watched the process carefully, through rough and smooth. It's been an enjoyable experience even when it wasn't so enjoyable. The personalities and people involved make it a very alive and challenging endeavour. If I'm elected to the board I would pledge to continue the good works of those who've been there before me. I would try to continue to develop the vision of the organization, making it the best example of a sysadmin organization anywhere. I would promote and continue to grow the membership through helping to provide relevant services that people need or want. It's hard to be too specific, but one thing thats come up recently is reforming the election system to be a more modern, and statistically more fair method. I would like to get involved in helping to implement that for next years elections as well. At the end of the day, I'm just a sysadmin who wants to help, and even if not elected I will continue to help because it's the members that make this organization work. Cheers, Alan From sigje at sigje.org Wed Nov 9 14:10:37 2005 From: sigje at sigje.org (Jennifer Davis) Date: Wed, 9 Nov 2005 14:10:37 -0800 (PST) Subject: Splunk + BayLISA Event: Nov 19, 2005: Camp Sys Admin Message-ID: As hinted about last month, the event is organized, and the website is up and available for registration. I would have liked some different topics (and different name :), but it's a joint effort which means having to balance what people felt was needed. The idea is to discuss 2 topics for the day.. (based on your rating of topics as to what you want to discuss). Discussions are led by a moderator, and then there is an hour summary at the end of all the discussions, and entire group discussions. Each group will have from 10-15 people in it (from my understanding) so there is a limit of 50-75 people for this event. This is an experiment.. maybe it works maybe it doesn't. If it doesn't work out, well we need to figure out what would make it better/worthwhile. Details (from the website): The goal of Camp Sys Admin is to confront the challenges facing us all as our data centers continue to grow in size and complexity. In a one day gathering, we want to create a forum for campers to dialog with other seasoned Sys Admins, data center architects and technology developers. Sessions will be moderated by experts in Open Source, systems administration and data center technologies. Breakout sessions will give campers the chance to talk about specific problems they encounter, tools and techniques they use and "wish lists" to make life in the data center easier. Participation is free, but space is limited, so register now! Each camper will have the opportunity to participate in discussions on two of the following topics in breakout sessions lead by expert moderators. 1. Issues of managing Open Source vs. proprietary infrastructure applications and infrastructure middleware. 2. Troubleshooting messaging systems. 3. Ops Collaboration: How data center gurus work together when problems cross different domains. 4. Transitioning from PBX to IP Telephony: Differences in debugging and network troubleshooting techniques. 5. J2EE Troubleshooting. Date & Location November 19, 2005 Diablo Grande Wine Gallery 669 Mission Street, San Francisco, CA 94105 www.diablogrande.com/winegallery Agenda 10 to 10:30 Check In 10:30 to 11 Introductions 11 to 12:15 Sessions Tracks 1-5 12:15 to 1:15 Lunch 1:15 to 2:30 Sessions Tracks 1-5 2:30 to 3:30 Recap 3:30 to 5 Wine Tasting and Troubleshooting Party More Details (that you can't see on the website yet) Moderators (2 of the 5 moderators): Ethan Galstad, creator of Nagios, will lead the discussion on Ops Collaboration. Brian Aker, Director of Architecture for MySQL will lead the discussion on Open Source vs. proprietary applications. I'm still getting details about the other 3 moderators. (If anyone would LIKE to moderate one of the other 3 options, please do let me know and we can set you up :) Thanks all! Jennifer From sigje at sigje.org Wed Nov 9 15:25:03 2005 From: sigje at sigje.org (Jennifer Davis) Date: Wed, 9 Nov 2005 15:25:03 -0800 (PST) Subject: Splunk + BayLISA Event: Nov 19, 2005: Camp Sys Admin In-Reply-To: References: Message-ID: Sorry folks. I forgot to give you the URL! http://www.splunk.com/index.php/camp Jennifer From deirdre at deirdre.net Thu Nov 10 15:29:34 2005 From: deirdre at deirdre.net (Deirdre Saoirse Moen) Date: Thu, 10 Nov 2005 15:29:34 -0800 Subject: Bay Area Ruby meeting tonight in Sunnyvale Message-ID: <1E43A289-D837-45D7-9761-4BC93F2983A6@deirdre.net> Tonight there's a special meeting at Kal's BBQ because the developer for Typo (a blog engine written in Ruby on Rails) is in town. This is your basic bbq place, not a lot of non-salad vegetarian options (sorry). Great for those of you on Atkins. Dinner will run $5-10 per person. 425 N. Mathilda Ave., Sunnyvale, just north of Central Expressway Take 101 to Mathilda exit, head away from the bay. Kal's is on the right a block and a half before you get to Central. It's in a standalone building with its own parking. 739-5271 is their number. 7 p.m. is the time. -- _Deirdre http://deirdre.net From deirdre at deirdre.net Thu Nov 10 15:50:20 2005 From: deirdre at deirdre.net (Deirdre Saoirse Moen) Date: Thu, 10 Nov 2005 15:50:20 -0800 Subject: Joyent: another entry for workgroup collaboration Message-ID: Recently had a discussion with a company president and sysadmin about the various groupware stuff. Zimbra was too much of a hairball. Mirapoint didn't impress them. They went with Joyent. http://joyent.com/ Maybe we should get a presentation from them at some point; they're based in San Francisco. -- _Deirdre http://deirdre.net From sigje at sigje.org Thu Nov 10 16:28:44 2005 From: sigje at sigje.org (Jennifer Davis) Date: Thu, 10 Nov 2005 16:28:44 -0800 (PST) Subject: Joyent: another entry for workgroup collaboration In-Reply-To: References: Message-ID: > Mirapoint didn't impress them. > > They went with Joyent. http://joyent.com/ > > Maybe we should get a presentation from them at some point; they're based in > San Francisco. Wow. I went to their website. It's the kind of stuff that doesn't impress me about salesforce. "you don't need an IT person to do any of this".. Jill won.t waste valuable time researching complicated hardware decisions or software choices. (from joyent.com/experience/) She plugs in the power and connects the Joyent Connector to her cable modem. No extra trips to the store required. Simple and easy, just like ordering. ordering what?? what does the little box do? what's the security? especially considering you put all your files and emails on it. She spends less money on basic computer technology and invests her technology budget growing Jill.s Company. riiiiiiiiiiiiiiiiiiiiiiiiiiiight. So email/file collaboration is a very basic computer technology. Jill.s business grows. She now has 34 employees. Time to get another Connector! ... oh that's sweet. So as you go along.. how many connectors do you have to buy? One for every 32 employees? Do they work together? And what is this "Just point your web browser to http://home.your-company-name.com" .. does that mean Joyent is doing a little magical dns redirection to the little box? oh more information! The information you store on your Joyent Connector . email, files, calendar events and more . will be backed up regularly to servers at Joyent.s data center. warning bells warning bells! they have all your data! A Single Login Identity Each user gets a single login that works across the entire Joyent system: one username and one password that works everywhere. This means more than not having to remember a handful of separate passwords; by using a single, integrated system-wide account, you can access all of your data from anywhere. can you see all your data from alternate locations? so browsing from a internet cafe do you still get access? The technical specs (it's very scant on details): To use the Joyent Connector and service, you really don.t need to know the details of the system. But. we recognize that many of you will want to know the specifications of our system before you are comfortable placing an order. That.s fine . we think you should know what you are buying: CPU: Pentium(tm) 4 equivalent chip RAM: 1 GB Hard Disk: Dual 300GiB hard drives in a mirrored configuration Networking: 2 GigE Ethernet ports and 1 802.11b/g WiFi Access Point Expansion: 3 IEEE 1394 (.FireWire.) Ports Note that the Joyent Connector doesn.t have a CD drive, mouse, keyboard, or video card because you don.t need them. All of your interaction with the Connector takes place over the web. From deirdre at deirdre.net Thu Nov 10 16:54:15 2005 From: deirdre at deirdre.net (Deirdre Saoirse Moen) Date: Thu, 10 Nov 2005 16:54:15 -0800 Subject: Joyent: another entry for workgroup collaboration In-Reply-To: References: Message-ID: On Nov 10, 2005, at 4:28 PM, Jennifer Davis wrote: > Wow. I went to their website. It's the kind of stuff that doesn't > impress me about salesforce. "you don't need an IT person to do > any of this".. But for the small company who can't afford one, it's a good option, especially for the same kind of situations mentioned in the Mirapoint use cases last night. -- _Deirdre http://deirdre.net From alvin at Mail.Linux-Consulting.com Thu Nov 10 17:48:13 2005 From: alvin at Mail.Linux-Consulting.com (Alvin Oga) Date: Thu, 10 Nov 2005 17:48:13 -0800 (PST) Subject: Joyent: another entry for workgroup collaboration In-Reply-To: Message-ID: hi ya On Thu, 10 Nov 2005, Jennifer Davis wrote: > Wow. I went to their website. It's the kind of stuff that doesn't > impress me about salesforce. sometimes ... some folks do use the "look-n-feel" of the website to make sales/buy decisions ... - why .. i donno ... > "you don't need an IT person to do any of this".. some it folks can't do fancy websites .. but one can always hire them "fancy website" folks IT, it seems, is getting into the the hands of average joe user, who makes major IT decisions and companies temporarily shutdown or lose data or lose productivity during the day because "joe user" with linux at home is (NOT) doing what most seasoned admins would do for process, proceedure, testing and backups for their company before implementing the changes and it's gonna get worst oh well... c ya alvin From dannyman at toldme.com Thu Nov 10 19:01:41 2005 From: dannyman at toldme.com (Danny Howard) Date: Thu, 10 Nov 2005 19:01:41 -0800 Subject: Joyent: another entry for workgroup collaboration In-Reply-To: References: Message-ID: <20051111030141.GG23887@ratchet.nebcorp.com> Hey, Joyent looks interesting. It looks like it may not yet be fully baked. I'm curious if they'll support standard file sharing protocols, and if and how they'll add wiki and blog features, as well as what "upgrade path" they forsee for companies that grow beyond the capabilities of a single box. I think the curmudgeony is mis-placed. If you're a small business, you likely need collaborative tools, but you don't need the $100k+ expense of a dedicated IT infrastructure. A lot of that cost is a FT employee, or a consultant, either one of which can be serious investments that can bite you in the rear far faster than an a small, tight outsource house that has built its business on not screwing up your infrastructure. I myself have thought that it might be a neat business to get into - provide hosted LDAP / e-mail / calendar plus other services, targeted at companies, who are willing to pay more than consumers for high-quality, high-availability, well-supported solutions. I think their hosted solution is probably going to work a lot better for them and for any consumer that isn't doing a lot of file-sharing ... there are fewer issues of scalability and availability that need be addressed by their customers. But then, if a business grows past the 30 customers or so they bandy about on their web site, it sounds like they can afford to invest in their own dedicated infrastructure, and outgrow the Joyent box. And, maybe they want to focus on "getting it right" in a particular space, profit off that, and not worry too much. Looks like a group of veterans who got together, and decided that instead of reinventing the wheel again and again, they could just build a better box once, and sell the kit, and lead nicer lives that way. Systems Administration for a large userbase, by automation. :) I'll put my curmudgeony here: they're very good at making a flashy, persuasive website, with a trendy blog, and all the latest web 2.0 dynamic content XSLT skins, but there's no proof the core infrastructure is any good, and the company may yet flounder as they move from R&D to having to establish revenue, while still keeping their creative / talented folks happy with what, at the end of the day, is IT infrastructure. As software goes, IT infrastructure is about as gratifying as bathroom fixtures: it is gratifying to design a set and understand how they work the first time through, but once you get them deployed then everyone will use them daily for the mundane tasks they find least interesting and not give your creation a second thought until something breaks and makes a mess. And heck forbid you should go rearranging the fixtures or how they work ... no one wants to pull the wrong lever and be surprised to discover that now you have bidet functionality. :) At my place, we have a FT sysadmin, but he is concentrating most of his energy on our production network. But there's some desire among the staff for flush-toilet style calendars, and thos folks are used to Exchange. And that's not my specialty ... so, if *I* can get a box, plug it in, and make folks happy, I say hurray Joyent, and I'm as skeptical as anyone. I'll give them points for the 60-day refund. :) Cheers, -danny From guy at extragalactic.net Thu Nov 10 23:44:46 2005 From: guy at extragalactic.net (Guy B. Purcell) Date: Thu, 10 Nov 2005 23:44:46 -0800 Subject: Candidate statement Message-ID: <54F4A7C0-2BEF-458B-AD89-370C0E5565E9@extragalactic.net> Hope this isn't too late! I've previously had a schedule conflict with the BayLISA board meetings (same night & time as my archery club's general meeting--and I'm on the board there), so I've never run for the board before. Now the conflict is going away, so I'm running. I think the current board has been doing a lot of nice things for our organization--things I'd like to see continue, such as BaySUG & bringing more visibility to our group--so I'm running for the board to help make sure those things do continue. Like most in our organization, I have no formal training in operating an organization (formally, I'm an astrophysicist :^) ), but I haven't let that stop me from helping run a couple previously, and they don't seem any worse for the experience. I don't have any pet projects I'm specifically looking to get done; rather, I will offer my $0.02 in the board meetings, and help work on the projects the board already has in the works, if elected. Thanks for listening. -Guy From sigje at sigje.org Fri Nov 11 14:28:34 2005 From: sigje at sigje.org (Jennifer Davis) Date: Fri, 11 Nov 2005 14:28:34 -0800 (PST) Subject: BaySUG 2005 - Tomorrow! Message-ID: Although you can't register via the website at this point, you still have the chance to register onsite: http://www.usenix.org/events/baysug05/ What is it: BaySUG 2005 - Jeremy Allison - Samba 3; Chris DiBona - Summer of Code Projects; Plus discussion about local groups including but not limited to topics, networking, running, sponsoring, and more. (plan for next year!) Location: Computer History Museum 1401 N Shoreline Blvd Mountain View CA 94043 Date: Saturday November 12, 2005 1pm-5pm Jennifer Davis From sigje at sigje.org Sat Nov 12 13:45:51 2005 From: sigje at sigje.org (Jennifer Davis) Date: Sat, 12 Nov 2005 13:45:51 -0800 (PST) Subject: Sys Admin Camp rescheduled to January.. Message-ID: Heads up, the Sys Admin Camp has been rescheduled to January 14 2006. Same place, same topics.. more information to come. Jennifer From jlatimer at eckersf.com Fri Nov 11 12:12:49 2005 From: jlatimer at eckersf.com (Jerry Latimer) Date: Fri, 11 Nov 2005 12:12:49 -0800 Subject: upcoming focus group for ntwork administrators Message-ID: <006101c5e6fc$5146f900$6701a8c0@e1021> [De-MIMEd & redirected to baylisa@ by postmaster@, since I thought it was of broader interest than blw@, and since I believe that SAs have somoewhat of a duty to inform vendors. -- postmaster at baylisa.org] Ecker & Associates, a Bay Area market research firm, will be conducting = a focus group in our SF office (2 blocks from the Embarcadero Bart = station) on the evening of Thursday, Dec. 1st, with network = administrators, technicians and engineers with responsibility for = testing, troubleshooting and maintaining their organization's computer = network. The discussion will last 2 hours, and the participants receive = a cash honorarium of $150. If you're interested (or know someone who = might be), please call me for more information. Thanks for your help! Jerry Latimer Ecker & Associates 650-871-6800 x3003 www.eckersf.com From jimd at starshine.org Mon Nov 14 01:40:06 2005 From: jimd at starshine.org (Jim Dennis) Date: Mon, 14 Nov 2005 01:40:06 -0800 Subject: Joyent: another entry for workgroup collaboration In-Reply-To: <20051111030141.GG23887@ratchet.nebcorp.com> References: <20051111030141.GG23887@ratchet.nebcorp.com> Message-ID: <20051114094006.GC18421@starshine.org> On Thu, Nov 10, 2005 at 07:01:41PM -0800, Danny Howard wrote: > Hey, > Joyent looks interesting. It looks like it may not yet be fully baked. > I'm curious if they'll support standard file sharing protocols, and if > and how they'll add wiki and blog features, as well as what "upgrade > path" they forsee for companies that grow beyond the capabilities of a > single box. Frankly Zimbra looks more interesting to me. Their demo is compelling since it functions about as well via AJAX/browser as a local app on the once system of mine that I tried it on. Joyent just looks like slick, cartoony marketing fluff for now. Perhaps when I see it actually running I'll be more impressed. (The fact that their "Explore" pages require Quicktime 7 is a bit of a show stopper for me on this particular computer --- I don't feel like hunting down a plug-in for my copy of Mozilla on Debian Sarge if such a beast even exists). Zimbra's choice of flash was much more savvy to the likes of me. Also Zimbra looks more interesting in that they are apparently trying to build an open source community around the core of their product. I'd like to know what's a "hairball" about it. -- Jim Dennis From deirdre at deirdre.net Mon Nov 14 05:35:46 2005 From: deirdre at deirdre.net (Deirdre Saoirse Moen) Date: Mon, 14 Nov 2005 05:35:46 -0800 Subject: Joyent: another entry for workgroup collaboration In-Reply-To: <20051114094006.GC18421@starshine.org> References: <20051111030141.GG23887@ratchet.nebcorp.com> <20051114094006.GC18421@starshine.org> Message-ID: On Nov 14, 2005, at 1:40 AM, Jim Dennis wrote: > Joyent just looks like slick, cartoony marketing fluff for now. > Perhaps when I see it actually running I'll be more impressed. > (The fact that their "Explore" pages require Quicktime 7 is a bit > of a show stopper for me on this particular computer --- I don't > feel like hunting down a plug-in for my copy of Mozilla on Debian > Sarge > if such a beast even exists). Jim, you're not the target audience. For any of it. That's the point, really. I found Zimbra ugly, cluttered, and sluggish, and, well, a design nightmare. > I'd like to know what's a "hairball" about it. 150MB of source?!? -- _Deirdre http://deirdre.net From sigje at sigje.org Mon Nov 14 11:58:43 2005 From: sigje at sigje.org (Jennifer Davis) Date: Mon, 14 Nov 2005 11:58:43 -0800 (PST) Subject: BaySUG thoughts and general impressions..Future events.. Message-ID: Wow.. So Saturday was a lot of fun. I enjoyed both talks immensely, and I do have a crappy recording (forgot the tripod) of the talks that I'll have available on DVDs at Thursdays meeting. The plan is to do another one next year (we already have interested sponsors!) So for people who went.. Would a longer day be better? More speakers/less speakers? How was the food? I didn't really see many people taking advantage of the wireless .. did we really need to provide it? For people who didn't.. Why? :) Just curious .. (was it because it's a Saturday? because the expected content? ) What do people think of a security/networking/monitoring day event? (would be on a weekend, because heck, I want to go!) I'm thinking a few sessions of all the different tools that are available with a tutorial style "How To", with maybe an end of the day hour and a half discussion period of "So we know what's available, what ELSE would be useful" type thing. I'm thinking February time period.. nmap, nessus, nagios, (it really wouldn't be an n-word day :) etc.. There is also the thought of a mini-conference March/April time frame.. this would be a low cost event coordinated with USENIX .. Friday evening registration + BoFs, Saturday, Sunday. two tracks .. maybe one day of tutorial style "How Tos" and a second day of Technical talks? Are people interested in this kind of event? We need input :) what do you sys/networking/security/storage admins want? I don't think we will have any problem getting whatever speakers people want to hear from (at least those local to the area), but we need to actually plan.. and planning takes input. And if you want to volunteer for this.. send an email to blw@ and let us know that you want to volunteer, and how you want to volunteer. thanks! Jennifer From rick at linuxmafia.com Mon Nov 14 13:44:18 2005 From: rick at linuxmafia.com (Rick Moen) Date: Mon, 14 Nov 2005 13:44:18 -0800 Subject: BaySUG thoughts and general impressions..Future events.. In-Reply-To: References: Message-ID: <20051114214418.GB5164@linuxmafia.com> Quoting Jennifer Davis (sigje at sigje.org): > Wow.. So Saturday was a lot of fun. It was. The talks were good; the catered refreshments were much appreciated. Perhaps the next one could have more of a user group meeting about it, in addition to those niceties. I was looking forward to that portion of the event (and had with me an outline of things I hoped to make sure were discussed). As far as I can tell, that session never happened. I did suggest some topics for any follow-on, on my comment card. The Usenix staff have those, I believe. From michael at halligan.org Tue Nov 15 10:07:16 2005 From: michael at halligan.org (Michael T. Halligan) Date: Tue, 15 Nov 2005 10:07:16 -0800 Subject: BaySUG thoughts and general impressions..Future events.. In-Reply-To: <20051114214418.GB5164@linuxmafia.com> References: <20051114214418.GB5164@linuxmafia.com> Message-ID: <64514089-9BFA-42A1-9D17-7A136AA537C2@halligan.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I thought the point was to make BaySUG LESS of a user group, there are already an overabundance of those. On Nov 14, 2005, at 1:44 PM, Rick Moen wrote: > Quoting Jennifer Davis (sigje at sigje.org): > >> Wow.. So Saturday was a lot of fun. > > It was. The talks were good; the catered refreshments were much > appreciated. > > Perhaps the next one could have more of a user group meeting about it, > in addition to those niceties. I was looking forward to that > portion of > the event (and had with me an outline of things I hoped to make sure > were discussed). As far as I can tell, that session never happened. > > I did suggest some topics for any follow-on, on my comment card. The > Usenix staff have those, I believe. > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD8DBQFDeiPYwjCqooJyNAMRAqQAAJ94r7KYUUkaCmvXeceJHfccGhw9aACePExV Yx7cxJ6ctL17Wn0iSZWvB7E= =8ZS4 -----END PGP SIGNATURE----- From rick at linuxmafia.com Tue Nov 15 10:41:06 2005 From: rick at linuxmafia.com (Rick Moen) Date: Tue, 15 Nov 2005 10:41:06 -0800 Subject: BaySUG thoughts and general impressions..Future events.. In-Reply-To: <64514089-9BFA-42A1-9D17-7A136AA537C2@halligan.org> References: <20051114214418.GB5164@linuxmafia.com> <64514089-9BFA-42A1-9D17-7A136AA537C2@halligan.org> Message-ID: <20051115184106.GK5164@linuxmafia.com> Quoting Michael T. Halligan (michael at halligan.org): > I thought the point was to make BaySUG LESS of a user group, there > are already an overabundance of those. Er, BaySUG was absolutely not intended to _be_ a user group, and I did not so intend. It was to be a gathering among user group folk. Quoting the particular part I had in mind: "In addition, BaySUG will provide group leaders with the opportunity to share resources in order to coordinate speakers and events, and to brainstorm about popular ideas." Towards that end, in the last 1 1/2 hours, there was intended to be a roundtable discussion among group leaders. That seem to have not happened. But it was a good event, anyway. From sigje at sigje.org Wed Nov 16 07:27:17 2005 From: sigje at sigje.org (Jennifer Davis) Date: Wed, 16 Nov 2005 07:27:17 -0800 (PST) Subject: Election Notice - Tomorrow! November 17 Message-ID: It's that time of year again! Are you interested in shaping the future of BayLISA? Elections are coming up Thursday (TOMORROW), November 17. Please show up EARLY at 7pm for Elections! This year we have five slots available. Interested candidates should prepare a brief statement and send it to baylisa at baylisa.org and blw at baylisa.org. You must be a current member to run for Board or to vote in the Board election. You can become a member right now at: http://www.baylisa.org/cgi-bin/newentry.cgi (pay via paypal, or bring a check into the meeting! :) ---------------------------------------------------------------- The following Board members terms complete on 12/31/2005: - Strata Rose Chalup - Elizabeth Zwicky - Jennifer Davis - Rick Moen - Jim Hickstein The following Board members terms complete on 12/31/2006, and will NOT be affected by this year's elections: - Heather Stern - Bruce Coston ------------------------------------------------------------------ The BayLISA Board is made up of seven members, elected annually by the general membership. Terms run for 2 years. The officers of the Board are elected annually by the Board members, and consist of President, Treasurer, and Secretary (usually referred to as "Arch" for historical reasons). Even if you are not interested in running for Board, as a member of the organization you are welcome to all Board meetings. Contact the Board at blw at baylisa.org for detailed location information. Thanks! Jennifer From rick at linuxmafia.com Wed Nov 16 10:34:18 2005 From: rick at linuxmafia.com (Rick Moen) Date: Wed, 16 Nov 2005 10:34:18 -0800 Subject: Backup MXes Message-ID: <20051116183418.GA20718@linuxmafia.com> 1. Tip: The www.dnsreport.com tests are damned useful. 2. I thought y'all might want to chew on the question of backup MXes for a bit. ----- Forwarded message from rick ----- Date: Wed, 16 Nov 2005 10:31:13 -0800 To: whois at dnsstuff.com Subject: Comment on a minor implementation flaw in your CGI, and on MXes Dear Mr. Perry: Just an observation and suggestion about the www.dnsreport.com CGI. Please note the results of running http://www.dnsreport.com/tools/dnsreport.ch?domain=linuxmafia.com , as to acceptance of mail to abuse@ : My MTA returned: >>> RCPT TO: <<< 550 Only one recipient accepted for NULL sender. I'm guessing that you were combining multiple "RCPT TO" lines in that portion of your test. My MTA, as part of its slightly paranoid anti-spam regime, while it _does_ accept mail from null sender (for DSNs), knows that implementing that RFC requirement shouldn't involve multiple recipients, and so doesn't allow such mail. You therefore might want to change your null-sender probes, accordingly. The same flaw shows up in the row for "Acceptance of domain literals", where your script shows a spurious warning claiming "One or more of your mailservers does not accept mail in the domain literal format", because my MTA said: >>> RCPT TO: <<< 550 Only one recipient accepted for NULL sender. Last, a third appearance of that flaw: linuxmafia.com got a "PASS" on "Open relay test" for, oddly, non-sequitur reasons, when my MTA replied: 550 Only one recipient accepted for NULL sender. My MTA isn't an open relay, but not for the reason shown. ;-> Comment on the "Multiple MX records" test (not a criticism): An increasing number of us sysadmins have come to regard backup MXes as more trouble than they're worth, unless you personally admin all of them and carefully place them under the exact same antispam regime. For one thing, the spammers long ago figured out that they should drop off spam preferentially at a domain's _high-numbered_ MXes, because the least-preferred MXes usually have the most lax antispam regimes, and because then the domain owner's MXes work hard to redeliver spam to the primary, leveraging the target's own network and computing resources against himself. For another, I found out repeatedly that third-party backup MX providers have a nasty tendency to shut off your relaying or otherwise screw up your mail, with you having no opportunity to find out they've done that until the worst possible moment, i.e., when your primary MTA goes offline. At that point, you'd be _much_ better off having _no_ backup MXes at all, rather than backup MXes that energetically autobounce your mail. Absent any backup MXes, delivering MTAs elsewhere will keep retrying for four days. As long as you bring online a replacement primary MX within that four-day period, you will not miss any mail. I figure I can always manage that. Thus, except in the rare, exceptional case of personally controlling one's multiple MXes, I have come to regard the existence of backup MXes as actively _undesirable_, contrary to commonly heard advice. ----- End forwarded message ----- From david at catwhisker.org Wed Nov 16 11:08:42 2005 From: david at catwhisker.org (David Wolfskill) Date: Wed, 16 Nov 2005 11:08:42 -0800 Subject: Backup MXes In-Reply-To: <20051116183418.GA20718@linuxmafia.com> References: <20051116183418.GA20718@linuxmafia.com> Message-ID: <20051116190842.GA69015@bunrab.catwhisker.org> On Wed, Nov 16, 2005 at 10:34:18AM -0800, Rick Moen wrote: [A handful of things, with most of which I am in "violent agreement." :-}] >... > Comment on the "Multiple MX records" test (not a criticism): An > increasing number of us sysadmins have come to regard backup MXes > as more trouble than they're worth, unless you personally admin > all of them and carefully place them under the exact same antispam > regime. Although in practice, that it what I end up doing I wouldn't state it quite that way. Rather, just as a sewer line needs to flow into a line that does not have a smaller diameter, the anti-spam measures must merely not become stricter as the mail passes from one relay to another. The simile is chosen purposefully. :-} > For one thing, .... In my case, the MX would probably be provided by a colleague, and since I know that my anti-spam rules fluctuate very rapidly, it's highly unlikely that the anti-spam rules at the MX would meet the above test. And my MX would probably reject at bunch of the spam, thus leaving the higher-numbered MX "holding the bag," so to speak -- which is not how I'd like to treat someone who's doing a favor for me. [Note: in case it's not clear, all of my anti-spam measures are performed during the SMTP conversation, by my MTA. The choices are: accept; silently discard; reject (either permanently or temporarily).] > ... > At that point, you'd be _much_ better off having _no_ backup MXes at all, > rather than backup MXes that energetically autobounce your mail. Absent > any backup MXes, delivering MTAs elsewhere will keep retrying for four > days. As long as you bring online a replacement primary MX within that > four-day period, you will not miss any mail. I figure I can always > manage that. That does, howevber, "assume" (ahem!) a "well-behaved" SMTP client. Then again, if the SMTP client is sufficiently ill-behaved as to lose mail in such a circumstance, whose problem is that? Probably the administrator of the client; probably the user of the client. But the administrator of the server? Maybe, but if I were forced to decide one way or the other, I'd select "not" for that case. > Thus, except in the rare, exceptional case of personally controlling > one's multiple MXes, I have come to regard the existence of backup MXes > as actively _undesirable_, contrary to commonly heard advice. I have been known to implement a variation on that theme: Have a backup MX all right, properly advertised, but as long as the primary is functioning, have the backup MX not listen to 25/tcp at all, so spammers get "connection refused." Now, if the objective were to capture spam, a variant might be to advertise a higher-numbered MX, and as long as the primary MX is working OK, accept the mail, but rather than deliver it as addressed, assume that it's spam.... After all, no legitimate SMTP client has any business sending mail to the higher-numbered MX unless the lower-numbered MX fails to respond. Peace, david -- David H. Wolfskill david at catwhisker.org Prediction is difficult, especially if it involves the future. -- Niels Bohr See http://www.catwhisker.org/~david/publickey.gpg for public key. From rick at linuxmafia.com Wed Nov 16 11:18:31 2005 From: rick at linuxmafia.com (Rick Moen) Date: Wed, 16 Nov 2005 11:18:31 -0800 Subject: (forw) [TAG] Value by acquistion cost: a case study Message-ID: <20051116191830.GV5164@linuxmafia.com> Just in case y'all need something else to chew on. ----- Forwarded message from Rick Moen ----- Date: Wed, 16 Nov 2005 11:13:51 -0800 From: Rick Moen To: tag at lists.linuxgazette.net Reply-To: The Answer Gang Subject: [TAG] Value by acquistion cost: a case study I've received, so far, no reply to this note to NOC staff at a former employer: ----- Forwarded message from rick ----- Date: Tue, 15 Nov 2005 20:34:36 -0800 To: dns-admin@[$COMPANY].com Subject: Secondary nameservice for zone linuxmafia.com: was switched off Folks, I noticed that NS1.[$COMPANY].COM, IP=[$SOME_NUMBER], recently ceased doing authoritative nameservice for my domain, linuxmafia.com, which you guys had been providing as a courtesy for many years. (My primary DNS is at NS1.LINXUMAFIA.COM, IP=198.144.195.186.) In the event that the shutoff was deliberate, then I guess we're done, though I'm quite surprised to have had no notice. In the event that it was accidental: I've always appreciated the favour, and would be delighted if you could switch it back on. All the best, Rick M. ----- End forwarded message ----- Some would call this yet another example of "You get what you pay for", using the societally near-ubiquitous assumption that things should be valued (to a first approximation) at acquisition cost. Favours you pay money for are assumed valuable; favours you pay nothing for are assumed valueless. Those assumptions are so ingrained in most people, in most circumstances, that it's common for audiences to give me the hairy eyeball when I explain the above: They start worrying that I'm about to go all Marxist (or some other form of leveller) on them. However, in the open-source world, and to some degree in the larger technical community too, the coin (or, at least, one important coin) in which we hope to get paid for our efforts is _reputation_: When we do things right in working with others, we enhance our own reputations for competence, usefulness, and reliability. Consequently, we tend to apply a _different_ value system -- valuing things (and people, and companies, and arrangements) at their _use_ value as opposed to acquisition cost. If that distinction still seems unclear, consider the Linux and *BSD kernels: Is your kernel worthless because you did (or could) acquire it free of charge? Don't you, in fact and in contrast, assign value to it on the basis of what it can be used for? I won't name the former employer, because I look after the interests of people I work with (and have worked with), and guard their confidentiality, even when they've piled up a long record of behaving like colossal prats, but let's just say that you'd be surprised that a company that well known would be so inept. (This particular firm also remains massively important to many open-source projects, which is somewhat horrifying to contemplate.) o Prior to this episode, the firm changed the hostnames of all its authoritative nameservers, when the firm changed its name -- and neglected to notify the people for who they did secondary DNS (so that zonefiles could be updated). o Then, they changed the IPs of all those nameservers, once again without notifying people for who they did secondary DNS, and breaking that nameservice. o Recently, I found out from my own rechecking that they simply shut off that secondary DNS entirely -- again, without notice. My three other secondary nameservers are run by individuals, acquaintances in the technical community. They would never have committed any of those errors, and neither would I -- because _we_ would not want to be treated that way ourselves, and because we'd not want to gain a reputation for being screw-ups. That having been said, I believe there might be an unfilled need for easily-configured cronjobs to check one's domain for (1) pending expiration, and (2) various third-party DNS and MX screwups. I need to research that issue, if only because I need to add information on the subject to the Linux User Group HOWTO, which I maintain for the Linux Documentation Project. Any suggestions will be welcomed. +-+--------------------------------------------------------------------+-+ You've asked a question of The Answer Gang, so you've been sent the reply directly as a courtesy. The TAG list has also been copied. Please send all replies to tag at lists.linuxgazette.net, so that we can help our other readers by publishing the exchange in our monthly Web magazine: Linux Gazette (http://linuxgazette.net/) +-+--------------------------------------------------------------------+-+ _______________________________________________ TAG mailing list TAG at lists.linuxgazette.net http://lists.linuxgazette.net/mailman/listinfo/tag ----- End forwarded message ----- From jxh at jxh.com Wed Nov 16 11:51:52 2005 From: jxh at jxh.com (Jim Hickstein) Date: Wed, 16 Nov 2005 13:51:52 -0600 Subject: (forw) [TAG] Value by acquistion cost: a case study In-Reply-To: <20051116191830.GV5164@linuxmafia.com> References: <20051116191830.GV5164@linuxmafia.com> Message-ID: <437B8DD8.1090703@jxh.com> Rick Moen wrote: > Just in case y'all need something else to chew on. I'd be happy to provide slave DNS service for you, Rick, and for any BayLISA member. I would expect to earn some points for my reputation, as you point out. :-) Though in their defense I have to say that renumbering nameservers is a bitch, and I try hard to avoid it. See http://www.imap-partners.net/support-faq-dns.shtml for why we think DNS is important for mail delivery. > > ----- Forwarded message from Rick Moen ----- > > Date: Wed, 16 Nov 2005 11:13:51 -0800 > From: Rick Moen > To: tag at lists.linuxgazette.net > Reply-To: The Answer Gang > Subject: [TAG] Value by acquistion cost: a case study > > I've received, so far, no reply to this note to NOC staff at a former > employer: > > ----- Forwarded message from rick ----- > > Date: Tue, 15 Nov 2005 20:34:36 -0800 > To: dns-admin@[$COMPANY].com > Subject: Secondary nameservice for zone linuxmafia.com: was switched off > > Folks, I noticed that NS1.[$COMPANY].COM, IP=[$SOME_NUMBER], recently > ceased doing authoritative nameservice for my domain, linuxmafia.com, > which you guys had been providing as a courtesy for many years. > > (My primary DNS is at NS1.LINXUMAFIA.COM, IP=198.144.195.186.) > > In the event that the shutoff was deliberate, then I guess we're done, > though I'm quite surprised to have had no notice. > > In the event that it was accidental: I've always appreciated the favour, > and would be delighted if you could switch it back on. > > All the best, > Rick M. > > ----- End forwarded message ----- > > > Some would call this yet another example of "You get what you pay for", > using the societally near-ubiquitous assumption that things should be > valued (to a first approximation) at acquisition cost. Favours you pay > money for are assumed valuable; favours you pay nothing for are assumed > valueless. > > Those assumptions are so ingrained in most people, in most > circumstances, that it's common for audiences to give me the hairy > eyeball when I explain the above: They start worrying that I'm about to > go all Marxist (or some other form of leveller) on them. > > However, in the open-source world, and to some degree in the larger > technical community too, the coin (or, at least, one important coin) in > which we hope to get paid for our efforts is _reputation_: When we do > things right in working with others, we enhance our own reputations for > competence, usefulness, and reliability. > > Consequently, we tend to apply a _different_ value system -- valuing > things (and people, and companies, and arrangements) at their _use_ > value as opposed to acquisition cost. > > If that distinction still seems unclear, consider the Linux and *BSD > kernels: Is your kernel worthless because you did (or could) acquire it > free of charge? Don't you, in fact and in contrast, assign value to it > on the basis of what it can be used for? > > I won't name the former employer, because I look after the interests of > people I work with (and have worked with), and guard their > confidentiality, even when they've piled up a long record of behaving > like colossal prats, but let's just say that you'd be surprised that a > company that well known would be so inept. (This particular firm also > remains massively important to many open-source projects, which is > somewhat horrifying to contemplate.) > > o Prior to this episode, the firm changed the hostnames of all its > authoritative nameservers, when the firm changed its name -- and > neglected to notify the people for who they did secondary DNS > (so that zonefiles could be updated). > o Then, they changed the IPs of all those nameservers, once again > without notifying people for who they did secondary DNS, and > breaking that nameservice. > o Recently, I found out from my own rechecking that they simply > shut off that secondary DNS entirely -- again, without notice. > > My three other secondary nameservers are run by individuals, > acquaintances in the technical community. They would never have > committed any of those errors, and neither would I -- because _we_ > would not want to be treated that way ourselves, and because > we'd not want to gain a reputation for being screw-ups. > > > That having been said, I believe there might be an unfilled need > for easily-configured cronjobs to check one's domain for (1) pending > expiration, and (2) various third-party DNS and MX screwups. I need to > research that issue, if only because I need to add information on the > subject to the Linux User Group HOWTO, which I maintain for the Linux > Documentation Project. Any suggestions will be welcomed. > > > +-+--------------------------------------------------------------------+-+ > You've asked a question of The Answer Gang, so you've been sent the reply > directly as a courtesy. The TAG list has also been copied. Please send > all replies to tag at lists.linuxgazette.net, so that we can help our other > readers by publishing the exchange in our monthly Web magazine: > Linux Gazette (http://linuxgazette.net/) > +-+--------------------------------------------------------------------+-+ > _______________________________________________ > TAG mailing list > TAG at lists.linuxgazette.net > http://lists.linuxgazette.net/mailman/listinfo/tag > > ----- End forwarded message ----- From rick at linuxmafia.com Wed Nov 16 12:51:33 2005 From: rick at linuxmafia.com (Rick Moen) Date: Wed, 16 Nov 2005 12:51:33 -0800 Subject: Backup MXes Message-ID: <20051116205133.GV5140@linuxmafia.com> ----- Forwarded message from "R. Scott Perry" ----- Date: Wed, 16 Nov 2005 14:49:53 -0500 From: "R. Scott Perry" To: Rick Moen Subject: Re: Comment on a minor implementation flaw in your CGI, and on MXes >Just an observation and suggestion about the www.dnsreport.com CGI. >Please note the results of running >http://www.dnsreport.com/tools/dnsreport.ch?domain=linuxmafia.com , >as to acceptance of mail to abuse@ : My MTA returned: > > >>> RCPT TO: > <<< 550 Only one recipient accepted for NULL sender. > >I'm guessing that you were combining multiple "RCPT TO" lines in that >portion of your test. My MTA, as part of its slightly paranoid anti-spam >regime, while it _does_ accept mail from null sender (for DSNs), knows >that implementing that RFC requirement shouldn't involve multiple >recipients, and so doesn't allow such mail. > >You therefore might want to change your null-sender probes, accordingly. Actually, we have code that looks for "bounce messages", "single envelope recipient", or "multi-recipient" in the response (to which "one recipient accepted" is being added), in which case the following will be added: --- NOTE: It appears that one or more of your mailservers rejects E-mail to domain literals if the return address is <> and there are multiple recipients. The RFCs say that mailservers are required to accept E-mail to the abuse@ account, and do not say that it is acceptable to block E-mail from <> with multiple recipients. Although it is unlikely this will prevent legitimate E-mail from being blocked, it does prevent testing tools from detecting that your mailserver accepts E-mail to domain literals (the only way we can work around this is by making multiple partial E-mail attempts, which could trigger anti-spam software). --- >The same flaw shows up in the row for "Acceptance of domain literals", >where your script shows a spurious warning claiming "One or more of your >mailservers does not accept mail in the domain literal format", because >my MTA said: > > >>> RCPT TO: > <<< 550 Only one recipient accepted for NULL sender. FYI, so you know, it is impossible to accurately distinguish that response from "550 Recipient does not exist". A 550 response is a 550 response is a 550 response, per the RFCs. :) >Last, a third appearance of that flaw: linuxmafia.com got a "PASS" >on "Open relay test" for, oddly, non-sequitur reasons, when my MTA >replied: > > 550 Only one recipient accepted for NULL sender. > >My MTA isn't an open relay, but not for the reason shown. ;-> My above comment applies here too: 550 == 550. :) >Comment on the "Multiple MX records" test (not a criticism): An >increasing number of us sysadmins have come to regard backup MXes >as more trouble than they're worth, unless you personally admin >all of them and carefully place them under the exact same antispam >regime. > >For one thing, the spammers long ago figured out that they should >drop off spam preferentially at a domain's _high-numbered_ MXes, >because the least-preferred MXes usually have the most lax antispam >regimes, and because then the domain owner's MXes work hard to redeliver >spam to the primary, leveraging the target's own network and computing >resources against himself. Good point. I've been considering changing that from a warning response to an "informational" response, and have just gone ahead and done so (which will take effect when the site is next reloaded, tomorrow morning). I'm still a fan of multiple mailservers in most cases, especially now that many mailservers have significantly reduced the amount of time they will keep re-trying E-mails, but otherwise the advantages of multiple mailservers are dwindling (such as when the backup has too strict anti-spam, causing E-mails to "disappear"). >Absent >any backup MXes, delivering MTAs elsewhere will keep retrying for four >days. As long as you bring online a replacement primary MX within that >four-day period, you will not miss any mail. Actually, that isn't true. I believe the de-facto standard back in the 1990s was 2 days. But in my experience, few mailservers will re-try more than 1 day. And some won't even re-try a single time, and will bounce the message immediately. -Scott ----- End forwarded message ----- ----- Forwarded message from Rick Moen ----- Date: Wed, 16 Nov 2005 12:49:56 -0800 From: Rick Moen To: "R. Scott Perry" Subject: Re: Comment on a minor implementation flaw in your CGI, and on MXes Hi, Scott. > Actually, we have code that looks for "bounce messages", "single > envelope recipient", or "multi-recipient" in the response (to which "one > recipient accepted" is being added), in which case the following will be > added: > > --- > NOTE: It appears that one or more of your mailservers rejects E-mail to > domain literals if the return address is <> and there are multiple > recipients. The RFCs say that mailservers are required to accept E-mail > to the abuse@ account, and do not say that it is acceptable to block > E-mail from <> with multiple recipients. Although it is unlikely this > will prevent legitimate E-mail from being blocked, it does prevent > testing tools from detecting that your mailserver accepts E-mail to > domain literals (the only way we can work around this is by making > multiple partial E-mail attempts, which could trigger anti-spam software). Interesting. My MTA didn't trigger that response, in any event. > > >>> RCPT TO: > > <<< 550 Only one recipient accepted for NULL sender. > > FYI, so you know, it is impossible to accurately distinguish that > response from "550 Recipient does not exist". A 550 response is a 550 > response is a 550 response, per the RFCs. :) Sure. As with the "Open relay test" anomaly, my point was solely that that, if your postmaster@ test either weren't part of a test using NULL as sender, or didn't specify multiple recipients, it wouldn't have generated that false positive. (Maybe you could have a pair of mail probes to postmaster@ and abuse@, with "MAIL FROM: postmaster at dnsreport.com"? I doubt that would trigger anti-spam software, but happily defer to your experience if I'm wrong on that.) Not a big thing. I'm just such a fan of your CGI, I'd like to help it become even better. ;-> > >Absent any backup MXes, delivering MTAs elsewhere will keep retrying > >for four days. As long as you bring online a replacement primary MX > >within that four-day period, you will not miss any mail. > > Actually, that isn't true. I believe the de-facto standard back in > the 1990s was 2 days. But in my experience, few mailservers will > re-try more than 1 day. And some won't even re-try a single time, and > will bounce the message immediately. The canonical examples of "won't even retry a single time" would probably be desktop applications that attempt outbound SMTP on their own and certain MUAs that aspire do more than stub-MTA handoffs to a nearby smarthost. Regarding one day: Interesting. Thanks. Four days was what I remembered as the sendmail default, and is what my sendmail-geek friends tell me is still the default timeout for that MTA. In any event, I wouldn't not rely on four days -- or one day, either. I figure anyone who cannot bring online (or have a friend deploy as a favour) a replacement MTA in four _hours_ somewhere in the world has no business calling himself a sysadmin. ;-> Also, I have a couple of friends on speed-dial who are willing to do temporary MX (spooling up my mail for a day) on no notice at all, so the retry period need only be about a minute longer than that telephone call and my zonefile refresh. ----- End forwarded message ----- From hal at deer-run.com Wed Nov 16 12:56:18 2005 From: hal at deer-run.com (Hal Pomeranz) Date: Wed, 16 Nov 2005 12:56:18 -0800 Subject: (forw) [TAG] Value by acquistion cost: a case study In-Reply-To: <437B8DD8.1090703@jxh.com> References: <20051116191830.GV5164@linuxmafia.com> <437B8DD8.1090703@jxh.com> Message-ID: <20051116205618.GI13526@deer-run.com> > I'd be happy to provide slave DNS service for you, Rick, and for any > BayLISA member. Me too, btw. It's really no problem. Though I'm likely to be renumbering my primary name server in the next month or so as I change hosting providers. -- Hal Pomeranz, Founder/CEO Deer Run Associates hal at deer-run.com Network Connectivity and Security, Systems Management, Training From rick at linuxmafia.com Wed Nov 16 14:10:41 2005 From: rick at linuxmafia.com (Rick Moen) Date: Wed, 16 Nov 2005 14:10:41 -0800 Subject: (forw) [TAG] Value by acquistion cost: a case study Message-ID: <20051116221040.GY5164@linuxmafia.com> End of that story. ----- Forwarded message from Rick Moen ----- Date: Wed, 16 Nov 2005 14:08:47 -0800 From: Rick Moen To: tag at lists.linuxgazette.net Reply-To: The Answer Gang Subject: [TAG] Value by acquistion cost: a case study OK, their IT Dept.'s low man on the totem pole _did_ get back to me. At least he was nice about it, although his "we tried to notify everyone" is manifestly doubtful: I'm very reachable, and the simple fact is that they screwed up. Repeatedly. ----- Forwarded message from Rick Moen ----- Date: Wed, 16 Nov 2005 13:53:34 -0800 From: Rick Moen To: [guy in the IT Dept.] Subject: Re: [NetOps] Secondary nameservice for zone linuxmafia.com: was switched off Quoting [guy in the IT Dept.]: > Unfortunately it was intentional, as we've radically redone our IT > infrastructure; discontinuing secondary service for non-employee > domains was a policy decision made by management. We tried to notify > everyone on the list - either we had the wrong email address for you, > or your name slipped through the cracks. Sorry about the > inconvenience. :( Ah well. Thanks for the explanation. > On the upside, I have a personal colo system hosted at Savvis if > you're looking for somewhere to host your secondary DNS. Let me know > if you're interested - [corporate e-mail] or [personal e-mail] - and > I'll set it up for ya. Appreciate the offer. I'm pretty well covered. Would be glad to do secondary for you, if you need it, I should mention. Something that works for me: I've been in the habit of inserting comment lines into /etc/bind/named.conf.local's allow-transfer sections, holding the hostnames that go with those IPs, plus out-of-band positive-contact information for the admins of those systems. That way, if I have to get in touch with them, the information's right there. ----- End forwarded message ----- +-+--------------------------------------------------------------------+-+ You've asked a question of The Answer Gang, so you've been sent the reply directly as a courtesy. The TAG list has also been copied. Please send all replies to tag at lists.linuxgazette.net, so that we can help our other readers by publishing the exchange in our monthly Web magazine: Linux Gazette (http://linuxgazette.net/) +-+--------------------------------------------------------------------+-+ _______________________________________________ TAG mailing list TAG at lists.linuxgazette.net http://lists.linuxgazette.net/mailman/listinfo/tag ----- End forwarded message ----- From rick at linuxmafia.com Wed Nov 16 19:13:41 2005 From: rick at linuxmafia.com (Rick Moen) Date: Wed, 16 Nov 2005 19:13:41 -0800 Subject: Backup MXes In-Reply-To: <20051116190842.GA69015@bunrab.catwhisker.org> References: <20051116183418.GA20718@linuxmafia.com> <20051116190842.GA69015@bunrab.catwhisker.org> Message-ID: <20051117031341.GD5164@linuxmafia.com> Quoting David Wolfskill (david at catwhisker.org): > Rather, just as a sewer line needs to flow into a line that does > not have a smaller diameter, the anti-spam measures must merely not > become stricter as the mail passes from one relay to another. Yes, lower-numbered MXes must be no _more_ restrictive than higher ones. Saying they should all have the same policy is just my Procrustean solution. > [Note: in case it's not clear, all of my anti-spam measures are > performed during the SMTP conversation, by my MTA. The choices are: > accept; silently discard; reject (either permanently or temporarily).] Ditto. > That does, howevber, "assume" (ahem!) a "well-behaved" SMTP client. > Then again, if the SMTP client is sufficiently ill-behaved as to lose > mail in such a circumstance, whose problem is that? Probably the > administrator of the client; probably the user of the client. But the > administrator of the server? Maybe, but if I were forced to decide one > way or the other, I'd select "not" for that case. As I said separately, I'd expect to have a substitute MX for my one-and-only-MTA online within much less than four _hours_, never mind four days -- and figure I can live with the few not-well-behaved senders that reject immediately instead of resending within very brief time periods. > I have been known to implement a variation on that theme: Have a > backup MX all right, properly advertised, but as long as the primary > is functioning, have the backup MX not listen to 25/tcp at all, so > spammers get "connection refused." > > Now, if the objective were to capture spam, a variant might be to > advertise a higher-numbered MX, and as long as the primary MX is > working OK, accept the mail, but rather than deliver it as addressed, > assume that it's spam.... After all, no legitimate SMTP client has > any business sending mail to the higher-numbered MX unless the > lower-numbered MX fails to respond. I like both these ideas. The latter sounds like a dandy setup for a spamtrap host -- if you have the bandwidth and patience for such things. From sigje at sigje.org Wed Nov 16 19:56:31 2005 From: sigje at sigje.org (Jennifer Davis) Date: Wed, 16 Nov 2005 19:56:31 -0800 (PST) Subject: CDP.. Message-ID: Continuous Data Protection.. I'd never heard of this term before.. Was just reading about Lasso CDP and I keep thinking "Caltech Day Planner" (that's what we called the calendaring service we rolled out so it would be easy for users to remember. It also couldn't conflict with the official caltech calendar which was what PR used to announce caltech events). http://www.lassologic.com/ It doesn't seem to have much technical information on the website. Anyone heard of this before? From bagio at genesyslab.com Wed Nov 16 21:27:31 2005 From: bagio at genesyslab.com (Sergey Galitskiy) Date: Wed, 16 Nov 2005 21:27:31 -0800 Subject: CDP.. Message-ID: Jennifer, Here is link to recent article about CDP in STORAGE magazine http://storagemagazine.techtarget.com/magPrintFriendly/0,293813,sid35_gc i1138827,00.html One of CDP implementation (overview and some technical details): http://www.falconstor.com/timemarkataglance.asp It's definitely not a freeware though :) > -----Original Message----- > From: owner-baylisa at baylisa.org [mailto:owner-baylisa at baylisa.org] On > Behalf Of Jennifer Davis > Sent: Wednesday, November 16, 2005 7:57 PM > To: baylisa at baylisa.org > Subject: CDP.. > > > Continuous Data Protection.. I'd never heard of this term before.. Was > just reading about Lasso CDP and I keep thinking "Caltech Day Planner" > (that's what we called the calendaring service we rolled out so it would > be easy for users to remember. It also couldn't conflict with the official > caltech calendar which was what PR used to announce caltech events). > > http://www.lassologic.com/ > > It doesn't seem to have much technical information on the website. Anyone > heard of this before? From iennae at gmail.com Wed Nov 16 22:23:07 2005 From: iennae at gmail.com (Jennifer Davis) Date: Wed, 16 Nov 2005 22:23:07 -0800 Subject: Fwd: SVOSUG - Tues, November 22nd - ZFS, the last word in filesystems In-Reply-To: <200511162221.13451.Alan.DuBoff@Sun.Com> References: <200511162221.13451.Alan.DuBoff@Sun.Com> Message-ID: ZFS! ---------- Forwarded message ---------- From: Alan DuBoff Date: Nov 16, 2005 10:21 PM Subject: SVOSUG - Tues, November 22nd - ZFS, the last word in filesystems To: Alan DuBoff Ok, I know this the holiday season and some folks were wondering if there would be a meeting this month since Thanksgiving is upon us. Well, the answer is yes, the show must go on. This months meeting is very special, as it offers a perspective into a technology that offers a magnitude of possibilities of what will be done with it. ZFS, the zettabyte file system offers us a 128-bit filesystem on top of our beloved Solaris, both x86/AMD64 and SPARC. Please join our meeting this month and meet some of the ZFS team to explain to you what exactly it is that this new filesystem can do for you, and will continue to do for you into the ever so distant future. This is truely amazing technology, which has been released into the OpenSolaris community already. You can download a build of OpenSolaris which has ZFS in it from the Sun Download Center for free. Yes, you can see this technology for yourself and understand how easy it is to use. We're extremely happy to showcase ZFS to the Silicon Valley Open Solaris User Group this month, and would like to give a big round of applause to the entire ZFS team, including but not limited to: Jeff Bonwick Bill Moore Matt Ahrens Eric Schrock Lori Alt Bill Baker Rich Brown Eric Kustarz Tabriz Leman Lin Ling Mark Maybee Neil Perrin Bill Ricker Mark Shellenbaum Steve Talley And if you haven't seen Dan Price's most excellent online flash presentation for ZFS, do yourself a favor and click to your nearest opensolaris.org site and get a glimpse of it. Dan did a real kick @$$ job on this, I must say. http://www.opensolaris.org/os/community/zfs/demos/basics/ What: ZFS - The last word in filesystems Where: Sun Santa Clara campus auditorium (upstairs) When: Tuesday, November 22nd Time: 7:30pm - 10:00pm Map: http://blogs.sun.com/roller/resources/aland/scasj_dirmap.pdf No RSVP required, just show up! Everyone is welcome! -- Alan DuBoff - Sun Microsystems Solaris x86 Engineering -- Jennifer Davis From michael at halligan.org Thu Nov 17 00:49:35 2005 From: michael at halligan.org (Michael T. Halligan) Date: Thu, 17 Nov 2005 00:49:35 -0800 Subject: Backup MXes In-Reply-To: <20051116183418.GA20718@linuxmafia.com> References: <20051116183418.GA20718@linuxmafia.com> Message-ID: <524B6824-0CEC-4B08-8C75-763740BE1B53@halligan.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rick, I'm missing the point of this e-mail? Is it really backup MXs, or a reason to publically flog dnsreport's toolset? On Nov 16, 2005, at 10:34 AM, Rick Moen wrote: > 1. Tip: The www.dnsreport.com tests are damned useful. > 2. I thought y'all might want to chew on the question of backup MXes > for a bit. > > ----- Forwarded message from rick ----- > > Date: Wed, 16 Nov 2005 10:31:13 -0800 > To: whois at dnsstuff.com > Subject: Comment on a minor implementation flaw in your CGI, and on > MXes > > Dear Mr. Perry: > > Just an observation and suggestion about the www.dnsreport.com CGI. > Please note the results of running > http://www.dnsreport.com/tools/dnsreport.ch?domain=linuxmafia.com , > as to acceptance of mail to abuse@ : My MTA returned: > >>>> RCPT TO: > <<< 550 Only one recipient accepted for NULL sender. > > I'm guessing that you were combining multiple "RCPT TO" lines in that > portion of your test. My MTA, as part of its slightly paranoid > anti-spam > regime, while it _does_ accept mail from null sender (for DSNs), knows > that implementing that RFC requirement shouldn't involve multiple > recipients, and so doesn't allow such mail. > > You therefore might want to change your null-sender probes, > accordingly. > > The same flaw shows up in the row for "Acceptance of domain literals", > where your script shows a spurious warning claiming "One or more of > your > mailservers does not accept mail in the domain literal format", > because > my MTA said: > >>>> RCPT TO: > <<< 550 Only one recipient accepted for NULL sender. > > Last, a third appearance of that flaw: linuxmafia.com got a "PASS" > on "Open relay test" for, oddly, non-sequitur reasons, when my MTA > replied: > > 550 Only one recipient accepted for NULL sender. > > My MTA isn't an open relay, but not for the reason shown. ;-> > > > > Comment on the "Multiple MX records" test (not a criticism): An > increasing number of us sysadmins have come to regard backup MXes > as more trouble than they're worth, unless you personally admin > all of them and carefully place them under the exact same antispam > regime. > > For one thing, the spammers long ago figured out that they should > drop off spam preferentially at a domain's _high-numbered_ MXes, > because the least-preferred MXes usually have the most lax antispam > regimes, and because then the domain owner's MXes work hard to > redeliver > spam to the primary, leveraging the target's own network and computing > resources against himself. > > For another, I found out repeatedly that third-party backup MX > providers > have a nasty tendency to shut off your relaying or otherwise screw up > your mail, with you having no opportunity to find out they've done > that > until the worst possible moment, i.e., when your primary MTA goes > offline. > > At that point, you'd be _much_ better off having _no_ backup MXes > at all, > rather than backup MXes that energetically autobounce your mail. > Absent > any backup MXes, delivering MTAs elsewhere will keep retrying for four > days. As long as you bring online a replacement primary MX within > that > four-day period, you will not miss any mail. I figure I can always > manage that. > > Thus, except in the rare, exceptional case of personally controlling > one's multiple MXes, I have come to regard the existence of backup > MXes > as actively _undesirable_, contrary to commonly heard advice. > > > ----- End forwarded message ----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD8DBQFDfEQrwjCqooJyNAMRAqHPAJ9yA0vy+Q1UB7uETrEvUtkZIPGaqACgmxok hHgdTwORBSqJevSsmIKwCXI= =uZ2w -----END PGP SIGNATURE----- From rick at linuxmafia.com Thu Nov 17 01:00:40 2005 From: rick at linuxmafia.com (Rick Moen) Date: Thu, 17 Nov 2005 01:00:40 -0800 Subject: Backup MXes In-Reply-To: <524B6824-0CEC-4B08-8C75-763740BE1B53@halligan.org> References: <20051116183418.GA20718@linuxmafia.com> <524B6824-0CEC-4B08-8C75-763740BE1B53@halligan.org> Message-ID: <20051117090040.GI5140@linuxmafia.com> Quoting Michael T. Halligan (michael at halligan.org): > I'm missing the point of this e-mail? Is it really backup MXs, or a > reason to publically flog dnsreport's toolset? I thought people might be interested, in particular, in my post's second half's comments about backup MXes, and disadvantages thereof. The reason this is connected to dnsreport.com's CGI is that it (currently) advises those (like me) having only a single MX that "there is a chance that mail may have troubles reaching you", implying that this is an undesirable and dangerous MTA configuration. That advice is given frequently enough that I thought my reasons for profoundly disagreeing would be of interest. If I erred, then my apologies for the intrusion. From sigje at sigje.org Thu Nov 17 06:41:34 2005 From: sigje at sigje.org (Jennifer Davis) Date: Thu, 17 Nov 2005 06:41:34 -0800 (PST) Subject: Backup MXes In-Reply-To: <20051117090040.GI5140@linuxmafia.com> References: <20051116183418.GA20718@linuxmafia.com> <524B6824-0CEC-4B08-8C75-763740BE1B53@halligan.org> <20051117090040.GI5140@linuxmafia.com> Message-ID: > If I erred, then my apologies for the intrusion. I found it interesting. :) I actually found the tool itself pretty useful. Thanks! Jennifer From sigje at sigje.org Thu Nov 17 12:23:51 2005 From: sigje at sigje.org (Jennifer Davis) Date: Thu, 17 Nov 2005 12:23:51 -0800 (PST) Subject: Nov 17 TONIGHT: BayLISA General Monthly meeting: ELECTIONS! In-Reply-To: References: Message-ID: Date: Thursday, November 17 2005 Where: Apple Campus DeAnza Three off of Mariani Ave/DeAnza Blvd in Cupertino, CA Free and Open to the General Public! 7:00 pm Elections! BayLISA members vote for the 2006-2007 Board members 7:30 pm Introductions and announcements 7:45 pm Guru Session: Bob Camors "Legal Implications of Email" 8:15 pm Formal Presentation: Jennifer Granick (Lawyer in Ciscogate!) "Public Interest Internet law" post meeting - Mirapoint Sponsored Pizza + beer Bash!!! Jennifer From sigje at sigje.org Thu Nov 17 15:54:21 2005 From: sigje at sigje.org (Jennifer Davis) Date: Thu, 17 Nov 2005 15:54:21 -0800 (PST) Subject: Mozilla folks at Stanford tomorrow: "Creating Simple Software in a Geek-driven Culture" Message-ID: ----- Forwarded message from Rashmi Sinha ----- Date: Thu, 17 Nov 2005 15:15:32 -0800 From: Rashmi Sinha Subject: [sprint] talk on open source usability This talk Creating Simple Software in a Geek-driven Culture Blake Ross and Asa Dotzler, Mozilla Foundation at Stanford tomorrow might be of interest to some in the Bay Area. More information here: http://hci.stanford.edu/seminar/abstracts/05-06/051118-ross.html Abstract: Two years ago, the Mozilla Foundation resembled most other open-source organizations: it was slow, technology-oriented, and allergic to consumers. Today, the Mozilla Corporation develops, distributes and promotes the first open-source product ever to penetrate the mainstream: Firefox was downloaded over 100 million times in less than one year. We will look at how Mozilla transformed its development practices, economic models?basically its entire culture?to change from a technology-focused to a people-focused organization in such a short time. From david at catwhisker.org Thu Nov 17 20:30:34 2005 From: david at catwhisker.org (David Wolfskill) Date: Thu, 17 Nov 2005 20:30:34 -0800 Subject: Location of tonight's meeting: DeAnza 3 Message-ID: <20051118043034.GM69015@bunrab.catwhisker.org> Please note that tonight's meeting is at DeAnza 3 -- not Infinite Loop 4. And we have had 7 ballots cast so far tonight. Peace, david (current hat: BayLISA ballot-counter) -- David H. Wolfskill david at catwhisker.org It is courteous to reduce quoted text to just that needed to establish context. See http://www.catwhisker.org/~david/publickey.gpg for my public key. From alvin at Mail.Linux-Consulting.com Fri Nov 18 01:07:55 2005 From: alvin at Mail.Linux-Consulting.com (Alvin Oga) Date: Fri, 18 Nov 2005 01:07:55 -0800 (PST) Subject: mtg followup Message-ID: hi ya blw.. good talks... the 2 speaker format, and it's even better with pizza & beer --- a followup ... ( my dumb ideas ) assuming our jobs, or at least say my job is to protect corp data, i think it is fairly simple to take some preventative steps to prevent unauthorized trade secrets from leaking out to the world or unknowingly receiving competitor's secrets i typically, list these "security risks" as a major problem if the company wants to protect themself against "oops, we shoulda known better" after the fact, and at the same time, still be able to do productive work without running into legal issues ( lawyers are expensive ) some of the security risks.. a) create a clear and explicit corp security policies b) i disallow dhcp .. i want to know who is using what ip# c) i disallow home networks from connecting into the local corp lan, because we do not get to monitor and secure the employee's home network d) i disallow wireless ... i think it's too ez to sniff the data e) i disallow laptops .. there is nothing on an individuals laptop that is so important to the company's survival - and if it is important, it needs to be backed up along with the regular backups ( at night ) - biggest problems with laptop is it gets lost/stolen and/or the disk crashes, and thus a major corp leak of info - traveling sales and out-of-office presentations is where laptops is useful ... f) the company should provide the computer, media, ( disks ) and laptops .. so they have total control of how its used for corp use and can erase and/or maintain it as needed - disable things like usb/firewire ports too, otherwise, one is inviting trouble ... and if people like to fiddle and tamper with it, oh well, it'd be time to bring in "the donald" g) how much info/work is done at home ?? vs the risk of loss of trade secrets and important data losses to the company - think about how many xxx,xxx of credit card numbers were lost within the last year ... why was the credit card numbers on the laptops ?? for what purpose ?? there's obviously an endless list of "how to minimize trade secret leakage or 'unknowingly' inheriting trade secrets" - there's not many people with photographic memory that they can take all that important info out if all electronic devices including paper is not available to them if anything goes wrong, guess who gets to stay up till 3am or 6am to fix the usually avoidable problems during the after hours when you rather be at the kids birthday party or somewhere else and yes ... i worked in places that have policy and proceedures that have senstive area .. some requiring gov't clearances - walk in with empty hands/pockets.. do your magic ... than walk out with empty hands/pockets ... - it's nice to see they do not allow laptops/wifi/dhcp .. etc, etc ... - but they do allow vpn from home to start/stop/view multi-day weekend jobs on the clusters, oh well, we can't close all the doors/windoze/air-vents data security with risk analysis is a fun/interesting subject and highly flammable w/ multiple dozen different solutions there's no clear answer to keep everybody happy ... but there is lots of common sense reasons for both approaches of allowing and disallowing certain "activities" ...there .. that feels better .. :-) have fun alvin From pmm at igtc.com Fri Nov 18 07:25:43 2005 From: pmm at igtc.com (Paul M. Moriarty) Date: Fri, 18 Nov 2005 07:25:43 -0800 Subject: mtg followup In-Reply-To: References: Message-ID: <20051118152543.GF8973@igtc.igtc.com> Alvin Oga writes: > [...] > e) i disallow laptops .. there is nothing on an individuals > laptop that is so important to the company's survival > > - and if it is important, it needs to be backed up > along with the regular backups ( at night ) > > - biggest problems with laptop is it gets > lost/stolen and/or the disk crashes, and thus > a major corp leak of info > > - traveling sales and out-of-office presentations > is where laptops is useful ... Many companies have people that travel regularly that are not in sales. In my last company, as head of IT, I spent 18 weeks on the road in 2004. There are many whole-disk encryption products on the market. I use the one from PGP. - Paul - From bill at wards.net Fri Nov 18 10:49:26 2005 From: bill at wards.net (Bill Ward) Date: Fri, 18 Nov 2005 10:49:26 -0800 Subject: mtg followup In-Reply-To: References: Message-ID: <3d2fe1780511181049n6e7be715r5dd08315d623f98a@mail.gmail.com> On 11/18/05, Alvin Oga wrote: > assuming our jobs, or at least say my job > is to protect corp data, i think it > is fairly simple to take some preventative > steps to prevent unauthorized trade secrets > from leaking out to the world or unknowingly receiving > competitor's secrets [...] > b) i disallow dhcp .. i want to know who is using > what ip# > > c) i disallow home networks from connecting into > the local corp lan, because we do not get > to monitor and secure the employee's home network > > d) i disallow wireless ... i think it's too ez to sniff the data > > e) i disallow laptops .. there is nothing on an individuals > laptop that is so important to the company's survival [...] These ideas are certainly going to protect corporate data, but I think it's a copout to simply disallow anything that may pose a risk. There are legitimate business cases to be made for most of the things you are disallowing. - dhcp makes it trivial to get a host on the net without fuss - home networks allow telecommuting, thus greater availability of staff - wireless and laptops allow mobility, thus greater availability also If you need someone to physically come in to the office to use a machine that's been properly blessed by IT security staff, then you will be wasting countless hours of time that could otherwise be spent on productive work. The benefit isn't worth the cost. Instead you need to allow these kinds of things AND provide good security using tools like a well-configured VPN system. That's what makes security in IT hard. Anyone can just disallow stuff. Allowing it while providing an acceptable level of security is hard, but if it can be done it will greatly improve productivity at an acceptable level of risk. Security is about managing risk, not eliminating it. --Bill. From rick at linuxmafia.com Fri Nov 18 13:23:31 2005 From: rick at linuxmafia.com (Rick Moen) Date: Fri, 18 Nov 2005 13:23:31 -0800 Subject: Missing glue for a nameserver Message-ID: <20051118212331.GW5140@linuxmafia.com> Attention, DNS weenies: I have an interesting anomaly concerning "linuxmafia.com". Using OpenSRS's management CGI, I added an additional (fifth) nameserver, David Wolfskill's "ns.catwhisker.org". (Thank you, David.) It got saved into the authoritative list, but _without any IP_. So, the revised nameserver roster is: ns.catwhisker.org ns1.linuxmafia.com 198.144.195.186 ns.primate.net 198.144.194.12 ns.on.primate.net 207.44.185.143 ns1.thecoop.net 216.218.255.165 The only pragmatic effect, since David's server isn't in-domain for me, is a tiny performance loss (extra lookup when loading the cache), but I'm wondering why, and if it's fixable. Cross-checking at http://www.dnsreport.com/tools/dnsreport.ch?domain=catwhisker.org shows that it _is_ possible to have glue records for that nameserver. I _think_ I see what's going on: It's the only .org in my list, and thus not handled by the *.gtld-servers.net servers that handle linuxmafia.com's parent zone. (Those handle .com/.net.) Is the only fix for me to stick to .com/.net nameservers for my ".com" domains, or is there some way to cluebat the .com TLD's config? From rick at linuxmafia.com Fri Nov 18 14:45:04 2005 From: rick at linuxmafia.com (Rick Moen) Date: Fri, 18 Nov 2005 14:45:04 -0800 Subject: Missing glue for a nameserver In-Reply-To: <20051118212331.GW5140@linuxmafia.com> References: <20051118212331.GW5140@linuxmafia.com> Message-ID: <20051118224504.GO30072@linuxmafia.com> I wrote: > Using OpenSRS's management CGI, I added an additional (fifth) nameserver, > David Wolfskill's "ns.catwhisker.org". (Thank you, David.) It got > saved into the authoritative list, but _without any IP_. OK, I think I've figured this out, for myself. ns.catwhisker.org is "out of bailiwick" (outside the limits of authority) for the .com/.org GLTD servers. Therefore, any glue "A" record that hypothetically _could_ be created in the *.gltd-servers.net records would be improper, and the data _should_ be ignored by any cache that happened to receive it. So, in this particular case, having no glue record in my parent zone is The Right Thing. From basem at bingojones.net Fri Nov 18 14:56:24 2005 From: basem at bingojones.net (basem moussa) Date: Fri, 18 Nov 2005 14:56:24 -0800 Subject: waterlogged hard drive recovery Message-ID: <41EAEB95-8A94-42AC-A21E-5D00614648CB@bingojones.net> I've got a friend working for a national nonprofit with a branch in New Orleans. She posed the following question. Anyone ever recover data from waterlogged drives? > Our New Orleans Organizer was able to do some more digging in the > office now > that the live power lines have been cleared. She called today and was > wondering if there's any possibility of getting data out of completely > water-logged computers. Any ideas? There are people hawking all > sorts of > shit down there, including lots that are advertising the ability to > recover > data from flooded computers -- but it seems like that's gotta be a > scam. > What do you all think? basem From pmm at igtc.com Fri Nov 18 15:22:30 2005 From: pmm at igtc.com (Paul M. Moriarty) Date: Fri, 18 Nov 2005 15:22:30 -0800 Subject: waterlogged hard drive recovery In-Reply-To: <41EAEB95-8A94-42AC-A21E-5D00614648CB@bingojones.net> References: <41EAEB95-8A94-42AC-A21E-5D00614648CB@bingojones.net> Message-ID: <20051118232230.GH10368@igtc.igtc.com> basem moussa writes: > I've got a friend working for a national nonprofit with a branch in > New Orleans. She posed the following question. Anyone ever recover > data from waterlogged drives? Why not call one of the reputable places like Drivesavers and ask them? - Paul - From william.ward at gmail.com Fri Nov 18 15:40:46 2005 From: william.ward at gmail.com (William Ward gmail) Date: Fri, 18 Nov 2005 15:40:46 -0800 Subject: waterlogged hard drive recovery In-Reply-To: <41EAEB95-8A94-42AC-A21E-5D00614648CB@bingojones.net> References: <41EAEB95-8A94-42AC-A21E-5D00614648CB@bingojones.net> Message-ID: <3d2fe1780511181540v4bf8f26bmfeff76413014b0a9@mail.gmail.com> I would expect the drive mechanism is watertight, but the circuitry on the outside may be ruined. So maybe by getting another drive of the exact same model and switching the circuitboards, one could get one to work? Seems logical to me at least but I know nothing of the data recovery business. On 11/18/05, basem moussa wrote: > I've got a friend working for a national nonprofit with a branch in > New Orleans. She posed the following question. Anyone ever recover > data from waterlogged drives? > > > Our New Orleans Organizer was able to do some more digging in the > > office now > > that the live power lines have been cleared. She called today and was > > wondering if there's any possibility of getting data out of completely > > water-logged computers. Any ideas? There are people hawking all > > sorts of > > shit down there, including lots that are advertising the ability to > > recover > > data from flooded computers -- but it seems like that's gotta be a > > scam. > > What do you all think? > > > basem > -- Help save the San Jose Earthquakes - http://www.soccersiliconvalley.com/ From jkavitsk at Brocade.COM Fri Nov 18 15:45:33 2005 From: jkavitsk at Brocade.COM (Jim Kavitsky) Date: Fri, 18 Nov 2005 15:45:33 -0800 Subject: waterlogged hard drive recovery Message-ID: <24BD2D5F3CEF4F4780606124741B48169981@hq-ex-7.brocade.com> Plug the string "disk drive data recovery" into google. There are a lot of firms doing this. The internals of the HDA are fairly well protected, and it is likely that they will be able to recover information from waterlogged drives, even when the drive control circuits are toast. It is not likely to be very cheap, however. -jimk -----Original Message----- From: owner-baylisa at baylisa.org [mailto:owner-baylisa at baylisa.org] On Behalf Of basem moussa Sent: Friday, November 18, 2005 2:56 PM To: baylisa at baylisa.org Subject: waterlogged hard drive recovery I've got a friend working for a national nonprofit with a branch in New Orleans. She posed the following question. Anyone ever recover data from waterlogged drives? > Our New Orleans Organizer was able to do some more digging in the > office now > that the live power lines have been cleared. She called today and was > wondering if there's any possibility of getting data out of completely > water-logged computers. Any ideas? There are people hawking all > sorts of > shit down there, including lots that are advertising the ability to > recover > data from flooded computers -- but it seems like that's gotta be a > scam. > What do you all think? basem From cos at indeterminate.net Fri Nov 18 16:16:30 2005 From: cos at indeterminate.net (John Costello) Date: Fri, 18 Nov 2005 16:16:30 -0800 (PST) Subject: waterlogged hard drive recovery In-Reply-To: <3d2fe1780511181540v4bf8f26bmfeff76413014b0a9@mail.gmail.com> Message-ID: On Fri, 18 Nov 2005, William Ward gmail wrote: > I would expect the drive mechanism is watertight, but the circuitry on > the outside may be ruined. So maybe by getting another drive of the > exact same model and switching the circuitboards, one could get one to > work? Seems logical to me at least but I know nothing of the data > recovery business. > > On 11/18/05, basem moussa wrote: > > I've got a friend working for a national nonprofit with a branch in > > New Orleans. She posed the following question. Anyone ever recover > > data from waterlogged drives? [snip] On Fri, 18 Nov 2005, Paul M. Moriarty wrote: > > Why not call one of the reputable places like Drivesavers and ask them? I'm combining responses to 3 emails into one reply. I have used Drivesavers twice through a previous company and have a high view of them. They are located in Novato, CA, and are quite friendly to the most grizzled, tired, and unbathed sysadmin. Web site is http://www.drivesavers.com/. They can and will take the platters out of a hard drive and attempt to recover data from the platters themselves. The question to ask yourself is: How much are you willing to pay to recover the data? I believe a laptop hard drive recovery was several thousand dollars in 2000. (We took the gamble that the heads hadn't crashed onto the platters and lost the gamble, but we viewed that as an acceptable risk.) Mr. Ward's approach is reasonable if you are comfortable taking apart hard drives. I'm not comfortable with that level of mucking about, unless it is extremely important data and I'm paying, but that's my opinion. I would at the least give drive savers a call or try the google search that Jim Kavitsky suggested. Disclaimer: I have no affiliation with Drive Savers, other than the very expensive coffee mug that is sitting in my cupboard at home. ----- John Costello - cos at indeterminate dot net "You cannot propel yourself forward by patting yourself on the back."--Unknown From alvin at Mail.Linux-Consulting.com Fri Nov 18 17:38:48 2005 From: alvin at Mail.Linux-Consulting.com (Alvin Oga) Date: Fri, 18 Nov 2005 17:38:48 -0800 (PST) Subject: mtg followup In-Reply-To: <3d2fe1780511181049n6e7be715r5dd08315d623f98a@mail.gmail.com> Message-ID: hi ya On Fri, 18 Nov 2005, Bill Ward wrote: > There > are legitimate business cases to be made for most of the things you > are disallowing. yup.. there is lots of reasons for and against "any securtity risks" > If you need someone to physically come in to the office to use a > machine that's been properly blessed by IT security staff, and how many laptops have been blessed/issued by the company, gets plugged in at home, picks up a virus at home, and brought into work and spread out thru the company ?? - very very common problem and occurs fairly often > That's what makes security in IT hard. IT is easy ... security and data policy management is not easy > Allowing > it while providing an acceptable level of security is hard, but if it > can be done it will greatly improve productivity at an acceptable > level of risk. Security is about managing risk, not eliminating it. i'm sure we've all heard all that too .. and the problem is managing risk is fine, and as you said, at what costs in terms of $$$ and productive of the staff and cleanup costs in case of incidences and of the folks that is traveling vs folks that want to work from home lots of possible solutions ... my point is i see lots of easy targets of "corp data" being lost or sneaking out and/or competitors info coming in when the company didn't know or want that data ( very comon problem too ) - people will tend to copy their old rolodex at the new company ... ( esp sales folks when they are now selling what was the competitors widgets ) - in etiher case .. fun stuff c ya alvin From alvin at Mail.Linux-Consulting.com Fri Nov 18 17:42:20 2005 From: alvin at Mail.Linux-Consulting.com (Alvin Oga) Date: Fri, 18 Nov 2005 17:42:20 -0800 (PST) Subject: mtg followup - data In-Reply-To: <20051118152543.GF8973@igtc.igtc.com> Message-ID: On Fri, 18 Nov 2005, Paul M. Moriarty wrote: > Many companies have people that travel regularly that are not in sales. In > my last company, as head of IT, I spent 18 weeks on the road in 2004. There > are many whole-disk encryption products on the market. I use the one from > PGP. that's the whole point isn't it ?? .. to protect the data .. c ya alvin From ahorn at deorth.org Fri Nov 18 18:00:51 2005 From: ahorn at deorth.org (Alan Horn) Date: Fri, 18 Nov 2005 18:00:51 -0800 (PST) Subject: mtg followup In-Reply-To: References: Message-ID: > and how many laptops have been blessed/issued by the company, > gets plugged in at home, picks up a virus at home, and > brought into work and spread out thru the company ?? > - very very common problem and occurs fairly often In two years of laptop deployment at my previous company this has not occured. We followed a simple policy : All laptops pass through the hands of IT before they hit the company network in any way. All laptops were setup with appropriate anti virus and anti spyware and windows update configs. We used eset technologies nod32 for antivirus on the desktop and the mailserver. It seemed to do the job just fine. We received many viruses every day from the outside world, nothing seemed to get through to infest us. We committed to a one day turnaround on laptops that reached us, this allowed the users ot have faith in the process and not be impacted in their daily work. So yes, its a risk management question, but that particularly problem isn't too difficult to solve. At the company before that we used an active defense mechanism with IDS sensors deployed across the network and switch ports being shut down quickly once malicious signatures were noted. Fundamentally, you have to care about fixing the problem and keeping the users working as well :) But the problems are for the most part a solved issue I think. Cheers, Al From alvin at Mail.Linux-Consulting.com Fri Nov 18 18:13:25 2005 From: alvin at Mail.Linux-Consulting.com (Alvin Oga) Date: Fri, 18 Nov 2005 18:13:25 -0800 (PST) Subject: mtg followup - laptops In-Reply-To: Message-ID: hi ya On Fri, 18 Nov 2005, Alan Horn wrote: > In two years of laptop deployment at my previous company this has not > occured. we on the other hand ... had about 1/3 of the laptops "lost, dropped, stolen, etc, etc" out of say 100 of um over the course of 3 yrs - if the company keeps replacing the laptops, it will grow leggs and the company has since gone the way of *.com ( aquired and disappeared ) > We followed a simple policy : always good to have written down policies ... which makes it easier for the managers to enforce > All laptops pass through the hands of IT before they hit the company > network in any way. just to play the devil, again, does that mean all incoming laptops after its been traveling or coming from the employee's home, gets to go to IT and "cleaned" before it gets plugged back into the corp lan ?? - i doubt that it would be but... one never knows each time the laptop leaves the corp lan, it can pick up the nasty's and bring it inside those that had to deal with outbreaks know where that problems was after the fact .. and hopefully, management changed the policies - usually nothing will change for the "better/tighter controls" until something happened where the "risk was higher" than one initially thought as acceptable have fun alvin From bill at wards.net Fri Nov 18 18:24:08 2005 From: bill at wards.net (Bill Ward) Date: Fri, 18 Nov 2005 18:24:08 -0800 Subject: waterlogged hard drive recovery In-Reply-To: References: <3d2fe1780511181540v4bf8f26bmfeff76413014b0a9@mail.gmail.com> Message-ID: <3d2fe1780511181824x6b636319x6b8b135002d9e195@mail.gmail.com> On 11/18/05, John Costello wrote: > On Fri, 18 Nov 2005, William Ward gmail wrote: > > I would expect the drive mechanism is watertight, but the circuitry on > > the outside may be ruined. So maybe by getting another drive of the > > exact same model and switching the circuitboards, one could get one to > > work? Seems logical to me at least but I know nothing of the data > > recovery business. > > Mr. Ward's approach is reasonable if you are comfortable taking apart har= d > drives. I'm not comfortable with that level of mucking about, unless it > is extremely important data and I'm paying, but that's my opinion. I wasn't advocating a DIY approach, just describing a way that might be used by such a service to fix the thing. DIY is a possibility but you know how firmware versions and chipsets are always changing around these days in wifi devices without telling us; I expect the same is true of HDD's. But maybe not. YMMV naturally. --Bill. From cos at indeterminate.net Fri Nov 18 18:38:23 2005 From: cos at indeterminate.net (John Costello) Date: Fri, 18 Nov 2005 18:38:23 -0800 (PST) Subject: waterlogged hard drive recovery In-Reply-To: <3d2fe1780511181824x6b636319x6b8b135002d9e195@mail.gmail.com> Message-ID: On Fri, 18 Nov 2005, Bill Ward wrote: > I wasn't advocating a DIY approach, just describing a way that might > be used by such a service to fix the thing. DIY is a possibility but > you know how firmware versions and chipsets are always changing around > these days in wifi devices without telling us; I expect the same is > true of HDD's. But maybe not. YMMV naturally. Naturally. I was expressing my opinions of the situation. I agree with the YMMV. If someone could show me the DIY, that would be pretty neat. Then again, I do have a couple of old dead hard drives around the house. Hmm. > --Bill. John ----- John Costello - cos at indeterminate dot net "You cannot propel yourself forward by patting yourself on the back."--Unknown From alvin at Mail.Linux-Consulting.com Fri Nov 18 19:14:59 2005 From: alvin at Mail.Linux-Consulting.com (Alvin Oga) Date: Fri, 18 Nov 2005 19:14:59 -0800 (PST) Subject: waterlogged hard drive recovery In-Reply-To: Message-ID: hi ya On Fri, 18 Nov 2005, John Costello wrote: > Naturally. I was expressing my opinions of the situation. I agree > with the YMMV. If someone could show me the DIY, that would be pretty > neat. Then again, I do have a couple of old dead hard drives around the > house. Hmm. the diy ... you need a special screw driver to unscreww the pcb from the disk drive you might need to desolder the 4 wires from the disk drive going to the disk controller board or unplug it if you're lucky do the same to the new disk controller and reverse the order to use the new disk controller -- the problem is ... - most disk has air vents on the disks so its NOT waterproof and sometimes its vaccuum so you will need a special room to remove the heads/platters you may or may not need to rotate the exposed platters on your test rig to read the data off the platters ( depends on how the head floats on the platters ) -- most all of the data on the platter can be read by just about any disk scontroller that follows the same st-504(?) standards about head gaps, data gaps, sync, and bunch of other junk for the pll to resync itself on each revolution and each sector - the wiring and heads will be different on different models c ya alvin From cos at indeterminate.net Fri Nov 18 19:43:43 2005 From: cos at indeterminate.net (John Costello) Date: Fri, 18 Nov 2005 19:43:43 -0800 (PST) Subject: waterlogged hard drive recovery In-Reply-To: Message-ID: On Fri, 18 Nov 2005, Alvin Oga wrote: > hi ya > On Fri, 18 Nov 2005, John Costello wrote: > -- the problem is ... > - most disk has air vents on the disks so its NOT waterproof > and sometimes its vaccuum so you will need a special room > to remove the heads/platters Makes sense. Drive Savers has such a room, IIRC, and I would expect similar places to have such rooms. From "Wolfgang S. Rupprecht" at wsrcc.com Fri Nov 18 19:50:36 2005 From: "Wolfgang S. Rupprecht" at wsrcc.com ("Wolfgang S. Rupprecht" at wsrcc.com) Date: Fri, 18 Nov 2005 19:50:36 -0800 Subject: waterlogged hard drive recovery References: <41EAEB95-8A94-42AC-A21E-5D00614648CB@bingojones.net>, <3d2fe1780511181540v4bf8f26bmfeff76413014b0a9@mail.gmail.com> Message-ID: <87psoxfg8j.fsf@bonnet.wsrcc.com> > I would expect the drive mechanism is watertight, but the circuitry on > the outside may be ruined. So maybe by getting another drive of the > exact same model and switching the circuitboards, one could get one to > work? Seems logical to me at least but I know nothing of the data > recovery business. Actually, I wouldn't even expect the electronics to have any problems unless someone turned them on the unit before it was cleaned. Rinsing a PC boards in water with a detergent (like Formula 409) is the first step most real repair places used to do, back when things came with schematics and you could really troubleshoot the circuit. I watched the pro's "fix" flood-damaged tv's by the dozens. The steps were always the same. Hose off the boards, spray with '409, hosed off again, dry with compressed air, let sit overnight to finish drying and then plug in to test. Normally the units just worked. The ones that someone turned on while filled with mud were often toast since higher voltages often shorted to low-voltage items. The only step left before the units were sent back out was to re-lubricated all the connectors and the pot's wipers with tuner-cleaner. The units were then good to go for another year till the spring floods submerged them again the next time around. ;-) -wolfgang -- Wolfgang S. Rupprecht http://www.wsrcc.com/wolfgang/ From pmm at igtc.com Fri Nov 18 20:31:07 2005 From: pmm at igtc.com (Paul M. Moriarty) Date: Fri, 18 Nov 2005 20:31:07 -0800 Subject: mtg followup - data In-Reply-To: References: <20051118152543.GF8973@igtc.igtc.com> Message-ID: <20051119043107.GG8973@igtc.igtc.com> Alvin Oga writes: > > On Fri, 18 Nov 2005, Paul M. Moriarty wrote: > > > Many companies have people that travel regularly that are not in sales. In > > my last company, as head of IT, I spent 18 weeks on the road in 2004. There > > are many whole-disk encryption products on the market. I use the one from > > PGP. > > that's the whole point isn't it ?? .. to protect the data .. Yes, but it is a different approach from not permitting employees who work in the workplace to have laptops, one that may result in having happier and potentially more productive employees. - Paul - From pmm at igtc.com Fri Nov 18 20:35:24 2005 From: pmm at igtc.com (Paul M. Moriarty) Date: Fri, 18 Nov 2005 20:35:24 -0800 Subject: mtg followup In-Reply-To: References: <3d2fe1780511181049n6e7be715r5dd08315d623f98a@mail.gmail.com> Message-ID: <20051119043524.GH8973@igtc.igtc.com> Alvin Oga writes: > [...] > > and how many laptops have been blessed/issued by the company, > gets plugged in at home, picks up a virus at home, and > brought into work and spread out thru the company ?? > - very very common problem and occurs fairly often Modern, corporate version A/V systems come passwd protected such that end-users (even those with admin rights) cannot disable them. Security = 1/Convenience It's a hard balance, but balance is what needs to be strived for. From david at catwhisker.org Fri Nov 18 20:55:09 2005 From: david at catwhisker.org (David Wolfskill) Date: Fri, 18 Nov 2005 20:55:09 -0800 Subject: mtg followup In-Reply-To: <20051119043524.GH8973@igtc.igtc.com> References: <3d2fe1780511181049n6e7be715r5dd08315d623f98a@mail.gmail.com> <20051119043524.GH8973@igtc.igtc.com> Message-ID: <20051119045509.GL69015@bunrab.catwhisker.org> On Fri, Nov 18, 2005 at 08:35:24PM -0800, Paul M. Moriarty wrote: > ... > Security = 1/Convenience It's a hard balance, but balance is what needs to > be strived for. I was planning on avoiding this discussion... but I must respectfully point out that there are significant exceptions to that (pseudo-)equation. For example: with but few exceptions, I access all machines on which I work from my laptop (which runs FreeBSD, thankyouverymuch) via ssh. Now, I *could* use reusable passwords for authentication, but while that is better than (say) non-Kerberized telnet, I find it is a great deal more convenient, as well as better security, to use public key authentication. So I set up ~/.xsession to run ssh-agent & ssh-add at the beginning (and exit if the valid passphrase is not entered). That done, I have very convenient, PK-authenticated, encrypted access to the machines in question. (No, it's not perfect security, whatever that might mean in any context; it is reasonably good, and it's definitely both better and more convenient than non-Kerberized telnet -- which is the sole point I am making.) This, of course, is quite aside from the "inconvenience" of coping with the results of an insufficient applpication of appropriate security practices: some of that stuff can ruin one's whole day. :-{ Peace, david -- David H. Wolfskill david at catwhisker.org It is courteous to reduce quoted text to just that needed to establish context. See http://www.catwhisker.org/~david/publickey.gpg for my public key. From alvin at Mail.Linux-Consulting.com Fri Nov 18 21:10:21 2005 From: alvin at Mail.Linux-Consulting.com (Alvin Oga) Date: Fri, 18 Nov 2005 21:10:21 -0800 (PST) Subject: mtg followup - data In-Reply-To: <20051119043107.GG8973@igtc.igtc.com> Message-ID: hi ya On Fri, 18 Nov 2005, Paul M. Moriarty wrote: > > that's the whole point isn't it ?? .. to protect the data .. > > Yes, but it is a different approach from not permitting employees the point too, is that how to make sure that all the laptops coming into and going out of the corp lan is "secure" - if people and plug it anytime and remove anytime, there's been many cases where their "important presentation" was never backed up ... the whole point, is not permitting it, requires some paperwork and some paper trails, and you're on notice, that will hopefully have everybody playing by the same rules .. vs total chaos of stuff coming in and leaving without "management" approval x> Security = 1/Convenience It's a hard balance there's a missing fudgeFactor(1/convenience ) in the equation :-) c ya alvin From jxh at jxh.com Fri Nov 18 21:17:42 2005 From: jxh at jxh.com (Jim Hickstein) Date: Fri, 18 Nov 2005 21:17:42 -0800 (PST) Subject: waterlogged hard drive recovery Message-ID: <20051118211742.ADQ80347@m1.imap-partners.net> >I watched the pro's "fix" flood-damaged tv's by the dozens. The steps >were always the same. Hose off the boards, spray with '409, hosed off >again, dry with compressed air, let sit overnight to finish drying and >then plug in to test. Normally the units just worked. Back in 1980 I had a job repairing terminals. A few of them came in contaminated inside and out with very fine ash. Think of a major volcano in the northwestern US in 1980. It was upwind of some of our locations. Water did the trick on all but one. But an ADM-1A with through-hole TTL is a damn sight harder to damage than a disk drive from 2005. YMMV, verily. From wolfgang+gnus-baylisa at dailyplanet.dontspam.wsrcc.com Fri Nov 18 22:06:33 2005 From: wolfgang+gnus-baylisa at dailyplanet.dontspam.wsrcc.com (Alison Chaiken) Date: 18 Nov 2005 22:06:33 -0800 Subject: waterlogged hard drive recovery References: , Message-ID: <868xvlb28m.fsf@capsicum.wsrcc.com> alvin at Mail.Linux-Consulting.com (Alvin Oga) writes: > -- the problem is ... > - most disk has air vents on the disks so its NOT waterproof True. > and sometimes its vaccuum so you will need a special room > to remove the heads/platters You're thinking of a clean room with low particle count, not a vacuum room. While it's true that bunny suits can be very claustrophic, at least we don't have to wear SCBA while we're inside (not yet anyway). BTW, disk drives never have vacuum inside. One of the major innovations of the disk drive is the "flying" head. That is, the read/write head is an aerodynamic design whose shape causes lift when the disk rotates. The head-platter spacing is automatically controlled by the rotation speed and does not have to be actively servoed! ObSysAdmin stuff: I really like the Mozilla Calendar program. It supports the Ical standard so that the various useful calendars on the net can be automatically imported and updated. Gee, imagine how useful it would be if the Bay Area Linux Events calendar were available in the Ical format. -- Alison Chaiken "From:" address above is valid. (650) 236-2231 [daytime] http://www.wsrcc.com/alison/ Predators fail often; prey fail only once. -- Tom Evslin From holland at guidancetech.com Sat Nov 19 07:01:10 2005 From: holland at guidancetech.com (Rich Holland) Date: Sat, 19 Nov 2005 10:01:10 -0500 Subject: waterlogged hard drive recovery In-Reply-To: <87psoxfg8j.fsf@bonnet.wsrcc.com> Message-ID: <20051119150137.56DD989@orb.sasl.smtp.pobox.com> Wolfgang S Rupprech wrote: > Actually, I wouldn't even expect the electronics to have any problems > unless someone turned them on the unit before it was cleaned. Rinsing > a PC boards in water with a detergent (like Formula 409) is the first > step most real repair places used to do, back when things came with > schematics and you could really troubleshoot the circuit. I've done something similar with a keyboard. A friend spilled a tall tumbler of orange juice & bourbon on his keyboard. We unplugged it, rinsed under running water, ran it through his dishwasher, and let it sit out for a couple of days to dry out completely. It worked fine afterward. Of course, a new keyboard is like $50, so we weren't really risking much. :-) -- Rich Holland (913) 645-1950 SAP Technical Consultant print unpack("u","92G5S\=\"!A;F]T:&5R(\'!E References: <87psoxfg8j.fsf@bonnet.wsrcc.com> <20051119150137.56DD989@orb.sasl.smtp.pobox.com> Message-ID: <20051119170223.GA25811@boogeyman> My girlfriend spilled a glass of chocolate milk once and her dad had the same notion, albeit to run it through the dishwasher and pull it out before the drying phase. That worked well enough and to dry it, he put the oven on a low temperature and threw the keyboard in. As luck would have it, my girlfriend watched these proceedings and said, "If you forget the keyboard, can I have it?" "I'm not going to forget it." "I know. But if you do?" "I'm not going to forget it. But OK." He says it would've worked if he hadn't gotten distracted. http://www.chiliahedron.com/main.php?gal1=pictures/misc&pict=37 I suppose it might've. The theory's sound, but all the same, I can't quite bring myself to stop teasing him and egging him on by saying it wouldn't have. ; ) -Phil/CERisE On Sat, Nov 19, 2005 at 10:01:10AM -0500, Rich Holland wrote: > I've done something similar with a keyboard. A friend spilled a tall > tumbler of orange juice & bourbon on his keyboard. We unplugged it, rinsed > under running water, ran it through his dishwasher, and let it sit out for a > couple of days to dry out completely. It worked fine afterward. Of course, > a new keyboard is like $50, so we weren't really risking much. :-) > -- > Rich Holland (913) 645-1950 SAP Technical Consultant > print unpack("u","92G5S\=\"!A;F]T:&5R(\'!E From woolsey at jlw.com Sat Nov 19 10:11:32 2005 From: woolsey at jlw.com (Jeff Woolsey) Date: Sat, 19 Nov 2005 10:11:32 -0800 Subject: waterlogged hard drive recovery In-Reply-To: Message from cerise@armory.com of "Sat, 19 Nov 2005 09:02:23 PST." <20051119170223.GA25811@boogeyman> Message-ID: <200511191811.jAJIBWNW010967@folderol.jlw.com> > My girlfriend spilled a glass of chocolate milk once And I spilled moo juice on a powered firewire NTSC tuner, which kept working ok for a while but wouldn't turn back on later. The milk dripped through the vent holes and onto the circuit board. I had let it sit overnight and then opened it up (they hide the screws pretty well) and managed to clean the crud out with a pin, water, alcohol, a loupe, and some tissues. It needed meticulous attention to get everything out from between all those tiny pins. The operation was a success, and the patient didn't die! Not something I want to do everyday (unless the price is right). -- Jeff Woolsey {woolsey,jlw}@{jlw,jxh}.com,first.last at gmail.com "And Leon's getting laaaarrger!" -Johnny "I didn't get a 'Harrumph!' out of _that_ guy." -Gov Le Petomaine "A toy robot!!!!" -unlucky Japanese scientist "Delete! Delete! OK!" -Dr. Bronner on disk space management From ddowdle at leopard.net Sat Nov 19 12:07:29 2005 From: ddowdle at leopard.net (David M. Dowdle) Date: Sat, 19 Nov 2005 12:07:29 -0800 (PST) Subject: Backup MXes In-Reply-To: <20051116190842.GA69015@bunrab.catwhisker.org> References: <20051116183418.GA20718@linuxmafia.com> <20051116190842.GA69015@bunrab.catwhisker.org> Message-ID: >> one's multiple MXes, I have come to regard the existence of backup MXes >> as actively _undesirable_, contrary to commonly heard advice. > > I have been known to implement a variation on that theme: Have a backup > MX all right, properly advertised, but as long as the primary is > functioning, have the backup MX not listen to 25/tcp at all, so spammers > get "connection refused." > > Now, if the objective were to capture spam, a variant might be to > advertise a higher-numbered MX, and as long as the primary MX is > working OK, accept the mail, but rather than deliver it as addressed, > assume that it's spam.... After all, no legitimate SMTP client has > any business sending mail to the higher-numbered MX unless the > lower-numbered MX fails to respond. > This assumes that the primary MX has working routes from ALL mailservers that the backup does, unfortuantly this is not always true. A peer and I are backup MXes for each other. I see an estemated 2% of normal mail hits the backup MX on any normal day. From william.ward at gmail.com Sat Nov 19 12:40:41 2005 From: william.ward at gmail.com (William Ward gmail) Date: Sat, 19 Nov 2005 12:40:41 -0800 Subject: waterlogged hard drive recovery In-Reply-To: <200511191811.jAJIBWNW010967@folderol.jlw.com> References: <20051119170223.GA25811@boogeyman> <200511191811.jAJIBWNW010967@folderol.jlw.com> Message-ID: <3d2fe1780511191240rf08a9a9le7b11d43b2c6dd1a@mail.gmail.com> Another similar story. When I was in highschool in the late 80's some friends and I used to buy computer stuff that was then going obsolete from various surplus places. One friend of mine had a small pile of VT100 terminals that were dead, so he stacked them by the garage and forgot about them. After being rained on and otherwise abused by the elements for a couple of years, he tried them out and several of them now worked just fine! From alvin at Mail.Linux-Consulting.com Sat Nov 19 13:45:43 2005 From: alvin at Mail.Linux-Consulting.com (Alvin Oga) Date: Sat, 19 Nov 2005 13:45:43 -0800 (PST) Subject: waterlogged hard drive recovery - dishwasher In-Reply-To: <20051119150137.56DD989@orb.sasl.smtp.pobox.com> Message-ID: hi ya On Sat, 19 Nov 2005, Rich Holland wrote: > under running water, ran it through his dishwasher, pcb has whacky chemicals used to manufacture it .. ( lead, acetone and bunch of other not so healthy stuff ) c ya alvin From alvin at Mail.Linux-Consulting.com Sun Nov 20 20:05:19 2005 From: alvin at Mail.Linux-Consulting.com (Alvin Oga) Date: Sun, 20 Nov 2005 20:05:19 -0800 (PST) Subject: sbay wifi In-Reply-To: Message-ID: hi ya the sbay wifi tower is now up on the mountain top http://www.svwux.org/ it's essid is "svwux", so if you see it, please note how far away you are, i'm curious if folks in SF/san mateo can see it it's been seen from milpitas ( range of about 15 miles away ) you probably will need an RF wifi amp to get pass all the local noise in your neighborhoods ( blasting over everybody ) c ya alvin - i'll be ordering some long range wifi toys for xmas .. From samlb at am-cath.org Sun Nov 20 20:37:43 2005 From: samlb at am-cath.org (Sam'l B.) Date: Sun, 20 Nov 2005 20:37:43 -0800 Subject: sbay wifi In-Reply-To: References: Message-ID: <43814F17.7010800@am-cath.org> Can _NOT_ see it from Hwy 17/Bascom in San Jose/Santa Clara Alvin Oga wrote: >hi ya > >the sbay wifi tower is now up on the mountain top > > http://www.svwux.org/ > >it's essid is "svwux", so if you see it, please note >how far away you are, i'm curious if folks in SF/san mateo >can see it > >it's been seen from milpitas ( range of about 15 miles away ) > >you probably will need an RF wifi amp to get pass all the >local noise in your neighborhoods ( blasting over everybody ) > >c ya >alvin >- i'll be ordering some long range wifi toys for xmas .. > > > From alvin at Mail.Linux-Consulting.com Sun Nov 20 20:43:45 2005 From: alvin at Mail.Linux-Consulting.com (Alvin Oga) Date: Sun, 20 Nov 2005 20:43:45 -0800 (PST) Subject: sbay wifi In-Reply-To: <43814F17.7010800@am-cath.org> Message-ID: hi ya sam On Sun, 20 Nov 2005, Sam'l B. wrote: > Can _NOT_ see it from Hwy 17/Bascom in San Jose/Santa Clara thanx for the info, but i assume, since you didnt say, that you did not use any extrenal wifi antenna and amp - the svwux.org wifi site is supposed to be a freebie and for wifi experiments,,, - whether it has an uplink to the net is another issue c ya alvin From sigje at sigje.org Mon Nov 21 16:04:54 2005 From: sigje at sigje.org (Jennifer Davis) Date: Mon, 21 Nov 2005 16:04:54 -0800 (PST) Subject: FAST conference.. Message-ID: Before we go talk to USENIX about possible discount to FAST, is anyone interested in this conference? It's in San Francisco, Dec 13-16 http://www.usenix.org/events/fast05/fast05.html. I've never been so I don't know what it's like. I think it's relevant to people who care about storage and accessing storage (NAS/SAN/cifs/nfs..). The technical session look more researcher/engineer oriented.. but there looks like there are a couple of very interesting tutorial sessions.. T3 - NFS Version 4 (The Inside Story) .. (interesting to me as someone who has had to debug where problem was with regards to nfs..) and T4 - SNIA TUTORIALS: SAS, SATA, FIBRE CHANNEL, AND SCSI STORAGE PROTOCOLS .. Let me know! Thanks! Jennifer From cerise at armory.com Mon Nov 21 19:31:06 2005 From: cerise at armory.com (cerise at armory.com) Date: Mon, 21 Nov 2005 19:31:06 -0800 Subject: FAST conference.. In-Reply-To: References: Message-ID: <20051122033106.GA14903@boogeyman> I certainly am. 8) I presented at FAST ~3 years ago or so with the SSRC (Storage Systems Research Center) at UCSC. The paper we presented was effectively a SAN, although it was before I'd ever heard the acronym bandied about. I learned a lot from that conference. That was the first place I'd heard of schemes that just might work for accessing MRAM with the same relative constraints as a hard disk. -Phil/CERisE On Mon, Nov 21, 2005 at 04:04:54PM -0800, Jennifer Davis wrote: > > Before we go talk to USENIX about possible discount to FAST, is anyone > interested in this conference? It's in San Francisco, Dec 13-16 > http://www.usenix.org/events/fast05/fast05.html. I've never been so I > don't know what it's like. I think it's relevant to people who care about > storage and accessing storage (NAS/SAN/cifs/nfs..). The technical session > look more researcher/engineer oriented.. but there looks like there are a > couple of very interesting tutorial sessions.. > T3 - NFS Version 4 (The Inside Story) .. (interesting to me as someone who > has had to debug where problem was with regards to nfs..) > and > T4 - SNIA TUTORIALS: SAS, SATA, FIBRE CHANNEL, AND SCSI STORAGE > PROTOCOLS .. > > Let me know! > > Thanks! > > Jennifer From jimd at starshine.org Tue Nov 22 09:10:19 2005 From: jimd at starshine.org (Jim Dennis) Date: Tue, 22 Nov 2005 09:10:19 -0800 Subject: mtg followup - data In-Reply-To: References: <20051119043107.GG8973@igtc.igtc.com> Message-ID: <20051122171019.GA14940@starshine.org> On Fri, Nov 18, 2005 at 09:10:21PM -0800, Alvin Oga wrote: > hi ya > On Fri, 18 Nov 2005, Paul M. Moriarty wrote: >>> that's the whole point isn't it ?? .. to protect the data .. >> >> Yes, but it is a different approach from not permitting employees > the point too, is that how to make sure that all the laptops > coming into and going out of the corp lan is "secure" > - if people and plug it anytime and remove anytime, > there's been many cases where their "important presentation" > was never backed up ... > the whole point, is not permitting it, requires some paperwork > and some paper trails, and you're on notice, that will hopefully have > everybody playing by the same rules .. vs total chaos of stuff coming in > and leaving without "management" approval > x> Security = 1/Convenience It's a hard balance > there's a missing fudgeFactor(1/convenience ) in the equation :-) > c ya > alvin I suspect that your ratio (security is the inverse of convenience) can be mitigated with some constant for intelligent IT choices and effort. If not then we're all in a futile business. There might be a very reasonable argument in favor of configuring the building wiring so that all laptops can only be plugged into a "red" (untrusted) LAN segment. So, effectively, all wireless and mobile devices can only access the company networks via VPN. So far the only meaningful wifi security model seems to be to trap the wifi segments on their own non-routable nets which can only access the company VPN nodes. This makes such a segment basically useless to war drivers and crackers since they can only see one another on the segment --- given that we use decent forms of crypto for authentication and session data among all approved devices on that wifi segment. (By encryption I'm NOT referring to any WEP or WPA crap in the card firmware: IPSec, OpenVPN/SSL, or ssh) So I'm just saying that the policy might be extended to all wired nodes in all conference rooms and to the wired nodes into which all cubicle and office docking stations are plugged. By isolating those segments from the company LANs and from the Internet at large you also mitigate some of the risks posed by viruses and spyware. (Personally I refer to mitigate that much further by refraining from running Windows). (Actually you might find it necessary to put the conference rooms on a segment which is routed or NAT'd to the 'net; so that visiting business associates, guests and customers can access their remote resources therefrom). One can also make an argument in favor of VMware for reducing the virus and spyware risks. If you get people off of Outlook then you minimize their chance of infection via e-mail vectors. (Woe is me! They'll have to use two different applications for messaging and scheduling!). However, VMware has to be used with aggressive snapshot branching to be useful for this purpose; and it's probably too much to expect to train a significant number of employees in how to use it for that effect. -- Jim Dennis From windsor at warthog.com Tue Nov 22 11:45:08 2005 From: windsor at warthog.com (Rob Windsor) Date: Tue, 22 Nov 2005 13:45:08 -0600 Subject: mtg followup - laptops In-Reply-To: References: Message-ID: <43837544.9030705@warthog.com> Alvin Oga wrote: > always good to have written down policies ... which makes it > easier for the managers to enforce >>All laptops pass through the hands of IT before they hit the company >>network in any way. > just to play the devil, again, does that mean all incoming laptops after > its been traveling or coming from the employee's home, gets to go to IT > and "cleaned" before it gets plugged back into the corp lan ?? > - i doubt that it would be but... one never knows > each time the laptop leaves the corp lan, it can pick up the nasty's > and bring it inside I agree with Alvin. To add to this, forcing laptops to use software-VPN often effectively puts them on the corporate LAN anyway. If you have tools that IT can use manually, there are bound to be automatic equivalents of those that you can install on every laptop. (Ignoring visiting [outside non-managed laptops]....) IMO, Your best first line of protection for 'bad' laptops is on-board detection software. To keep worms/viruses from propagating, pick up an IDS-like device that monitors network traffic looking for infected hosts. I know that Check Point and McAfee both make such network devices. The best network infrastructure I've seen is the two-DMZ model. There are two DMZs, one of which is only accessable via VPN or internal networks (i.e. mail server sits in this one). This gives VPN folks access to their data and an infected VPN'd device cannot infect the corporate LAN. Also, the VPN policy on the laptops did not let two VPN'd laptops see each other, so it cannot spread to other remote users. On the subject of visiting laptops, everyone has their wireless on an "external" network segment already, yes? :P Rob++ -- Internet: windsor at warthog.com __o Life: Rob at Carrollton.Texas.USA.Earth _`\<,_ (_)/ (_) "They couldn't hit an elephant at this distance." -- Major General John Sedgwick From dannyman at toldme.com Tue Nov 22 19:37:29 2005 From: dannyman at toldme.com (Danny Howard) Date: Tue, 22 Nov 2005 19:37:29 -0800 Subject: mtg followup - laptops In-Reply-To: <43837544.9030705@warthog.com> References: <43837544.9030705@warthog.com> Message-ID: <20051123033729.GS57382@ratchet.nebcorp.com> If you make assumptions that all the hosts on your network are "clean" you are making a mistake. Even in a small organization, you have ... how many platforms? How many versions of Windows? How many versions of Unix? How many versions of printers, fax machines, etc? And you have expertise at securing all of those? Put your NFS and insecure auth mechanisms on a "trusted" network, and assume a lower degree of trust outside of that network, and keep all of that behind a firewall. :) And of course, make the modest investment in anti-virus on the clients ... MacAfee ASAP works awfully well for me, in that you buy a three-license subscription, and its good for any number of clients, the clients update their profiles automatically, without the Norton "can I update? Can I connect to the Internet? Can I do a DNS lookup? Hey, can I download each of these seven updates?" model ... Er, anyway, nevermind me ... the wife is gone so I have to drink my dinner beer alone. But, anyway, even if you're a paranoid fascist with your desktop OS, your people are still going to take their laptops home, download porn, and get viruses, that destroy things. The porn is kind of funny, but the viruses are not. They suck for the user and they suck when you ask yourself "Why didn't IT help protect me?" http://www.theonion.com/content/node/42823 -- hilarious because its true. :) -danny -- http://dannyman.toldme.com/ From luke at madstop.com Tue Nov 22 14:06:12 2005 From: luke at madstop.com (Luke Kanies) Date: Tue, 22 Nov 2005 16:06:12 -0600 (CST) Subject: [SAGE] ANNOUNCE: Puppet Beta Two Message-ID: http://reductivelabs.com/projects/puppet/news/beta2 After far too long, a new release of Puppet is out. What Is Puppet? Puppet is a next-generation server automation framework, capable of functioning as an abstraction layer between you and the messy details of all of the operating systems you maintain. It lets you centrally manage every important aspect of your system using a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, and files. Puppet's simple declarative specification language provides powerful classing abilities for drawing out the similarities between hosts while allowing them to be as specific as necessary, and it handles dependency and prerequisite relationships between objects clearly and explicitly. Changes * An external cfengine module for simple cfengine integration, allowing a gradual migration from cfengine to Puppet. * User and Group management on most major platforms * Cronjob management * Significant enhancements to package management in most cases * Addition of the node syntax * File search paths and many more. Puppet is only still in Beta because it has not been installed at enough locations that I am confident it is sufficiently bug-free to be considered a full release. Although there are still plenty of planned feature updates, none of these are so critical that they are keeping the release back. I am hoping to build some system packages of Puppet at some point soon, but for now you can either use tarballs or gems to install the latest release. And I've also published a November Status Update: http://reductivelabs.com/projects/puppet/news/novemberstatus An update on the world of Puppet and Reductive Labs I know it's been a long time since I produced an update in the Puppet world. The lack of updates have not been because of idleness, though; I've been busy adding lots of functionality to Puppet and working on getting the word out about it. The language is both simpler and more powerful than it was on the last release, and Puppet now manages the most important of the NSS-style elements like users and groups, which provides a clear path to manage the rest of them. Beta Two The most important new item in the Puppet world is that there is a new beta release out. There were a few critical features keeping this release back, such as the cfengine module and the file copying search paths, but they're all in place now and can be read about on the beta's announcement page. At this point, the Puppet framework itself is comfortably ready for use, and it is straightforward (and sometimes even easy) to add new functionality to Puppet without modifying the rest of the framework. Upcoming ;login; Article I have written an article on Puppet for USENIX's ;login: magazine. It details all of my nefarious plans for Puppet. Once it is in its final copy state, I will do what I can to make sure a copy is available for public download. Puppet Presentations I presented Puppet to the Atlanta Unix Users Group, and will be presenting it on November 30th to the Nashville Linux Users Group. BayLISA has also contacted me about presenting to them but I do not currently have plans to be in the Bay Area again soon, so if you are interested in sponsoring a trip to the Bay Area so I can present, please contact me. I will also be running a Puppet BoF at LISA, in addition to the configuration management BoF that I have run the last few years. Ongoing Conversations I have been maintaining a blog about my conversations with myself about Puppet. It is a great place to get an idea of the thinking that goes into Puppet's development and to get the latest announcements about Puppet. There is also a Puppet channel on irc.freenode.net on #puppet; please join in. -- A motion to adjourn is always in order. --Robert Heinlein --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com From jxh at jxh.com Wed Nov 23 07:23:59 2005 From: jxh at jxh.com (Jim Hickstein) Date: Wed, 23 Nov 2005 09:23:59 -0600 Subject: mtg followup - data In-Reply-To: <20051122171019.GA14940@starshine.org> References: <20051119043107.GG8973@igtc.igtc.com> <20051122171019.GA14940@starshine.org> Message-ID: <4384898F.4020208@jxh.com> > (Actually you might find it necessary to put the conference rooms > on a segment which is routed or NAT'd to the 'net; so that visiting > business associates, guests and customers can access their remote > resources therefrom). This solicitude seems to be peculiar to the US. In most other places I've been in the world (and a minority even inside the US), I was either not permitted to connect to a network at all (or sometimes only after installing antivirus software, and "It's a Mac!" didn't cut it*), or I had to (a) run Windows, AND (b) authenticate myself to their outbound firewall as an employee or authorized guest, to get out. And most of the time they didn't authorize guests. Whatever I needed to do had to wait until I got back to my hotel. I hate to say this, but maybe we should follow their lead, here, especially if mystery laptops are causing an active problem on one's network. Tell them to use their cellphones. :-) Metro wireless will be here soon enough, right? * I downloaded, but somehow neglected to install, some free AV software to get around this one. From alvin at Mail.Linux-Consulting.com Wed Nov 23 13:01:30 2005 From: alvin at Mail.Linux-Consulting.com (Alvin Oga) Date: Wed, 23 Nov 2005 13:01:30 -0800 (PST) Subject: mtg followup - data - bingo !! In-Reply-To: <4384898F.4020208@jxh.com> Message-ID: hi ya jim On Wed, 23 Nov 2005, Jim Hickstein wrote: > This solicitude seems to be peculiar to the US. In most other places > I've been in the world (and a minority even inside the US), I was either > not permitted to connect to a network at all (or sometimes only after > installing antivirus software, and "It's a Mac!" didn't cut it*), or I > had to (a) run Windows, AND (b) authenticate myself to their outbound > firewall as an employee or authorized guest, to get out. And most of > the time they didn't authorize guests. Whatever I needed to do had to > wait until I got back to my hotel. > > I hate to say this, but maybe we should follow their lead, here, yup.... exactly ... ( people are getting to used to the total freedom and flexibility, without understanding the consequences ) - it's the company's livelyhood, to show that is tries very hard to protects its IP ... - "the company" cannot assume that people will do the right thing especially when "the free key" goes traveling to hotels, airports, wifi and other insecure places disallowing things will allow the company to reassert that *you* are responsible for what *you* take out and what *you* bring into the company and it is there to help assure both sides are doing it "right" within the constraints fo security and productivity and ease and all the toher mumble/jumble > especially if mystery laptops are causing an active problem on one's > network. Tell them to use their cellphones. :-) Metro wireless will be > here soon enough, right? secure places i know .. doesn't allow cell phones either .. - empty hands .. empty pocket policy ... don't eat too much have fun alvin