Isaac (.ike) Levy | 22 May 18:10 2015
Picon

[talk] BEAST ssl attacks still relevant?


Hey All,

What do folks think about BEAST these days?

Stuff like this makes me wonder how relevant it really is, (and reminds 
me how the heck it even works eh...),

https://community.qualys.com/blogs/securitylabs/2013/09/10/is-beast-still-a-threat

--
How seriously are folks still taking server-side BEAST mitigations (and 
cipher massaging), seeing as it was really a client-side implementation 
issue?  I'd love to hear any/all opinions.

Best,
.ike

Pete Wright | 21 May 07:31 2015

[talk] interesting jemalloc use

pretty interesting analysis of memory management in 
low-latency/high-concurrent environments i thought people here may enjoy 
reading:

http://highscalability.com/blog/2015/3/17/in-memory-computing-at-aerospike-scale-when-to-choose-and-ho.html

run's on linux only currently, but i'd love to see what performance 
would look like on a freebsd system.  unfortunately it relies on epoll 
and there is no support for kqueue/event right now.

-pete

--

-- 
Pete Wright
pete <at> nomadlogic.org
Mark Saad | 21 May 00:57 2015

[talk] Bhyve on illumos

All
  So I stumbled on this gem , it appears that pluribus has ported bhyve to illumos for their fork os illumos
nvos. 

http://www.pluribusnetworks.com/products/open-pluribus/

What other bhyve ports fou know of out there in the wild ? 

---
Mark Saad | mark.saad <at> ymail.com
Thomas Wunderlich | 19 May 15:52 2015
Picon

[talk] IPSec vulnerability?

Hey would someone with more familiarity with IPSec comment on https://www.altsci.com/ipsec/

I've been thinking about setting up IPSec recently, but this casts serious doubts on that project.


Best,
Thomas Wunderlich

<div><div dir="ltr">Hey would someone with more familiarity with IPSec comment on&nbsp;<a href="https://www.altsci.com/ipsec/">https://www.altsci.com/ipsec/</a><div><br></div>
<div>I've been thinking about setting up IPSec recently, but this casts serious doubts on that project.<br><br><br clear="all"><div><div class="gmail_signature">Best,<br>Thomas Wunderlich<br><br>
</div></div>
</div>
</div></div>
Mark Saad | 15 May 20:19 2015

[talk] DragonflyBSD Site

All
  Anyone know why the dragonflybsd site is down ?

msaad <at> coffeeport-2:~ % nc -v www.dragonflybsd.org 80
nc: connectx to www.dragonflybsd.org port 80 (tcp) failed: Connection 
refused
nc: connectx to www.dragonflybsd.org port 80 (tcp) failed: No route to host

--

-- 
Mark Saad | msaad <at> ymail.com
Patrick McEvoy | 12 May 22:43 2015
Picon

[talk] Bitrig video posted

https://youtu.be/h4FhgBdYSUU

You may have heard already, but I wanted to post here that the Bitrig
video from last weeks NYCBug meeting has been posted.
Enjoy.
P
Isaac (.ike) Levy | 30 Apr 17:16 2015
Picon

[talk] I can't tell if this is a joke, or for real.


Hi All,

Warning: this post will waste your time.
(No code, tech, or engineering discourse- just another bloody movement).

Buzzing around me today,

   http://notcp.io

I thought it was a clever and cynical April fools joke, but some folks 
appear to be taking this seriously.  I hope you chortle your way 
through this, should you choose to read even a line or two.

Best,
.ike

Justin Dearing | 24 Apr 19:26 2015
Picon

[talk] Is anyone doing GIS stuff in FreeBSD with Python 3?

Hey all,

I've been working on some Geospatial web apps written in python 3.4 with flask. Deploying them to Centos has proven problemsome due to the GDAL libraries being old. The FreeBSD ports collection has up to date ports for the stuff I need.

Before I go building a FreeBSD box, I was wondering if there were any caveats I should worry about on FreeBSD from someone who does GIS stuff with Python in FreeBSD, and know the pain of projections being renamed and the gdal exception handler not working in python.

Justin 
<div><div dir="ltr">Hey all,<div><br></div>
<div>I've been working on some Geospatial web apps written in python 3.4 with flask. Deploying them to Centos has proven problemsome due to the GDAL libraries being old. The FreeBSD ports collection has up to date ports for the stuff I need.</div>
<div><br></div>
<div>Before I go building a FreeBSD box, I was wondering if there were any caveats I should worry about on FreeBSD from someone who does GIS stuff with Python in FreeBSD, and know the pain of projections being renamed and the gdal exception handler not working in python.</div>
<div><br></div>
<div>Justin&nbsp;</div>
</div></div>
George Rosamond | 22 Apr 03:53 2015

[talk] some notes on flashrd

flashrd (www.nmedia.net/flashrd) has been around a long long time.  It
is a light weight build system for embedded OpenBSD for flash media. It
was created and is maintained by Chris Cappuccio, among others.

The current image at images/20150320 doesn't boot due to PIE settings,
but I can provide an image if anyone's interested until it's resolved. I
also have a build script that isn't quite elegant shell (yet), but it
does simplify configuring a build. Importantly, the build machine must
match the platform, so to build i386, you need an i386 box, unless
you're using a virtualized build system.

Lots of funky features, such as switching between read-only and
read-write modes, the use of vnodes, etc.

I started hacking on it last week.  There's a certain simplicity that is
nice.  I imagine that if FreeBSD's Crochet was limited to one board, the
two build systems would have a lot in common.

My build is only using bsd*.tgz and etc*.tgz files.  Adding a swap file
is vital to do anything interesting with a Soekris of course.

What's truly impressive is that I pulled out two ancient Soekris 4801s
with that potent 266mhz CPU and 128M of RAM, and it works fine.

Remote upgrades and fallback to the previous configuration if any
problems is simple and straight-forward.

There are regular DMA errors when booting off old CF cards.  I'm having
an issues forcing PIO mode and disabling DMA, as the changes to the
kernel don't seem to stick from UKC.  Any input appreciated.

boot> boot -c

wd* flags changed to 0x0ffc and 0x0ff0, but neither sticks after a reboot.

Anyways, worth checking out as a solution for small systems.

g
Isaac (.ike) Levy | 19 Apr 19:29 2015
Picon

[talk] VPNs: Choosing between OpenVPN and L2TP/IPsec

Hi All,

So I thought folks here may have words on a topic which has hit this
list in years past: VPN choices.

Choices are great, but now I'm trying to choose one. :)

Until recently I've been able to escape the complexity altogether, but
now I have need to roll out and manage roving VPN connectivity, and I'm
in a quandary with which tech to start with- and would love to hear any
experiences or tid-bits on each.

THE CHOICES, AS I SEE IT
--

PPTP - off the table, deader than dead.

L2TP/IPsec - Contender
+ easy/reliable cert-based client integration (mostly Macs for my world)
+ well worn (many platforms, many years now)
- IPsec traffic hassles from clients in restrictive/unreliable networks
- These days I shy away from the muddled state of IPsec (1)
- Troubleshooting issues: difficult, complex and opaque in tooling.

OpenVPN - Contender
+ Robust reliability on restrictive/unreliable networks
+ Clear cert-based client integration on many platforms
- Needs third party software for most user applications
- less well worn (some sharp edges here and there for users)
+ and -, SSL based crypto transport
- OpenSSL base, (2)

ENDLESS QUESTIONS
---
What's it like for users these days?
What's it like for administrators these days?
Multi-factor auth?  Key management?
What networking 'gotchas' are folks dealing with?
Anyone rockin' IPv6 inside/outside their tunnls (I'll be trying...)?
What crypto concerns do folks here have?

Even anecdotes about life with commercial products at either end is
informative, although I'm obviously interested in open tech.

Best,
.ike

--
Footnotes:
1) IPsec is awesome, but lets face it, also muddled.  It's not
unreasonable that some major flaw could be discovered which exposes a
fundamental flaw or even intentional backdoor in coming years:
http://www.mail-archive.com/cryptography <at> metzdowd.com/msg12325.html
For the time being, IPsec holds strong with no known weaknesses- but
even the fact that it was backported from IPv6 bits makes it even more
complicated to keep track of...

2) LibreSSL, BoringSSL, and good ol' OpenSSL- a discussion deserving
it's own thread :)
http://www.libressl.org/
http://article.gmane.org/gmane.os.openbsd.tech/37174
https://boringssl.googlesource.com/boringssl/
https://www.openssl.org/

George Rosamond | 16 Apr 15:25 2015

[talk] NYC*BUG Announcements

A few things to note.

First, NYC*BUG hosts a lot of resources for the broader *BSD community,
but we tend to not publicize it widely. A few days ago, we set up a
mailing list for a new BUG in Poland.  It's the "Subcarpathian BSD Users
Group" (Podkarpacka grupa użytkowników BSD) based in southeast Poland.

http://lists.nycbug.org/mailman/listinfo/sbug

****

We have a great list of upcoming meetings set for the next few months.

May 6 - "Bitrig" John C. Vernaleo

June 3 - "FreeBSD's NUMA" John Baldwin

->June 12-13, BSDCan, Ottawa, Canada

June 18 - "mandoc: from scratch to the standard BSD documentation
toolkit in 6 years" Ingo Schwarze

June 19 - social event with Ingo (location TBA)

July 1 - "Staying in sync with the Precision Time Protocol" Steven Kreuzer

August 5 - "What's New with OpenBSD" Brian Callahan

->October 1-2, EuroBSDCon, Stockholm, Sweden

Rumor has it, another vBSDCon is being planned for the fall in Virginia.

****

All the NYC*BUG meetings are at Stone Creek, except for the special June
18th meeting with Ingo Schwarze on mandoc.  Let us know if you have any
good leads.  A place without RSVPs and with food/drinks is ideal.

The September meeting is looking like it will feature a veteran of the
Bell Labs/Bellcore days, whose work continued into Plan 9. It's a
meeting we're extremely excited for. NYC*BUG has always emphasized the
larger Unix thread that we see the *BSDs as a fundamental part of.

****

The video for Christos' Blacklistd meeting is posted at
https://youtu.be/0UKCAsezF3Q.  Huge thanks Patrick M.
_______________________________________________
talk mailing list
talk <at> lists.nycbug.org
http://lists.nycbug.org/mailman/listinfo/talk

Gmane