NYC*BUG Meetings and Events

Using Xapian to Index your Ports Tree, Matthew Story

Much of the existing search software out there is overly complex, bloated with features that you may or may not need, difficult to configure and hard to customize. The xapian library (xapian.org) provides a light-weight alternative with minimal dependencies and a simple programmable interface that is made available in nearly all higher-level languages through swig (swig.org).

Install xapian and the python bindings before the meeting, and over the course of an hour we'll have you indexing and searching your local ports tree, and updating your local index as ports are added, modified or removed on your BSD of choice.

About the speaker:
Matt is Director of the Axial Corps of Engineers, where he first began using Xapian to substantially increase the speed and reduce the complexity of several core systems. Matt is a contributor to the FreeBSD project; xargs(1) is his favorite program (especially with -P).

Ansible, Brian Coca
[nycbug-2013-05-01.mp3] [ansible_config_mgmt.pdf]
(Audio generously recorded and processed by Nikolai Fetissov)

Swiss army knife orchestration

About the speaker:
I've been a programmer/sysadmin/dba/analyst/architect and sometimes consultant for 15+ years. I've touched many platforms and languages, going from VB on Windows to Magic on AS/400 and perl/python/php on various Linuxi? and FreeBSD. I have tried to automate myself out of a job every day, which I recently discovered lables me as DevOps though I always thought 'Mad Hatter' or 'Tech Janitor' are more appropriate.

MIPS on OpenBSD, Brian Callahan
[nycbug-2013-04-03.mp3] [bcallah-nycbugtalk.odp]
(Audio generously recorded and processed by Nikolai Fetissov)

Everyone knows the BSDs provide a stable, feature-rich Operating System for the big name and "in the news" CPUs. What you may not know is that you can expect an equally excellent experience on the lesser-known CPUs.

This talk will provide an in-depth look at the Loongson CPU, a mips64el CPU, on OpenBSD. We'll explore its history on OpenBSD and its support for third-party software through OpenBSD's excellent ports system. We'll examine the unique challenges that come with ports and packages on lesser-used CPUs. Finally, we'll discuss the future of MIPS support, including embedded MIPS.

About the speaker:
Brian is a graduate student at Monmouth University studying Anthropology. He is an OpenBSD developer, working primarily on mips64el (Loongson) ports.

BeagleBone with FreeBSD, Brett Wynkoop
[nycbug-2013-03-06.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

About the speaker:
Brett Wynkoop fell in love with computers while a Freshman at the United States Merchant Marine Academy, where he almost flunked out his first term by spending too much time playing with Dartmouth Time Sharing on a model 33 teletype at 110 baud, instead of studying marine engineering and navigation.

His first Unix job was administering an AT&T Dimension PBX which used tape for random access....ls took a long time! His first BSD experience was on a PDP 11/70 and he has been a BSD lover ever since.

His once wrote a web server in /bin/sh, just because he could http://prd4.wynn.com:8080/.

He was a member of the technical staff at BSDI and is currently a systems engineer with the Internet Systems Consortium and is working on the BIND 10 project.

How SMPng Works and Why It Doesn't Work The Way You Think, John Baldwin
[nycbug-2013-02-06.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

Modern x86 CPUs have hit a wall in frequency scaling and are now expanding sideways by adding more cores. Adding more cores does not magically multiply performance, however. John talks about some of the reasons that it doesn't.

In 2000, FreeBSD launched a project to multithread its kernel to more fully take advantage of modern SMP machines. This talk will give an overview of that project's history and continuing work on improving scalability.

About the speaker:
John first started using FreeBSD in 1996 and has been an active kernel developer since 2000. He has worked for various companies that use FreeBSD including The Weather Channel and Yahoo!. John lives in New Jersey with his wife and three kids.

What's New with FreeBSD, Eitan Adler
[nycbug-2013-01-09.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

This will be an open-ended Q&A-style talk covering some new of recent enhancements to FreeBSD as well some of the experimental upcoming changes. By the end of the talk you should have heard about one FreeBSD technology you hadn't heard of before.

About the speaker:
Eitan is a third year student at SUNY Binghamton studying Computer Science. He has been using FreeBSD since 6.2. He is a src, ports, and doc developer and is part of the BugBusting team.

Another Holiday Party,

NYC*BUG has joined with LispNYC, NY Haskell, the New York Linux User
Group (NYLUG), PuppetNYC and LOPSA-NY to hold a holiday party on
Tuesday, December 11, 2012 from 7:00 PM until it's over.

It will be at the House of Brews (http://www.houseofbrewsny.com/) at 302
W 51st street in the upstairs room.

*NOTE* Our unHoliday Meeting is still taking place on December 5th.
This is an additional event with the wider technical community in NYC.

There are some sponsors, and we're querying some additional ones, so
some beer and hors d'oeuvres will be provided.

Various registrations via Meetup are posted:

http://www.meetup.com/LispNYC/events/67586702/
http://www.meetup.com/nylug-meetings/events/91284032/
http://www.meetup.com/puppetnyc-meetings/events/91818352/
http://www.meetup.com/NY-Haskell/events/92090222/

NYC*BUG doesn't have an RSVP system up for the event, so pick one of the
above sites.  RSVPs will be given priority if capacity is met, which is
possible.

If you are interested in sponsoring, or have a lead for one, please ping
us offline at admin@

Details are in flux, but we are sure this will be a great social and
networking event.

unHoliday Meeting: Be a Grinch about Your Tech Gripe, Various
[nycbug-2012-12-05.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

For the past several years, our holiday party has been filled with the notion of giving back to the community: your tips, your hacks, your thoughts.

So many people have proved selfless and assisted others that we feel it's time for a change. Let's be honest, we need a time to vent, and there's no reason the holiday season should be immune.

What are your gripes in technology? What do you hate dealing with at your job? Is it some high- (or low-) level scripting language? Some clunky and un-Unix-like application? Dealing with an underdocumented and buggy non-BSD operating system?

Well, here's your chance to let others know how you feel. Prepare a ten minute or so presentation, with maybe a slide or two, and make your case. Be coherent and to-the-point, and maybe others will jump aboard with your argument.

Ping admin@ with your idea, and we look forward to having a meeting which let's us vent out very unholiday season gripes.

Informal Discussion, none

Informal Discussion, none

Due to unforeseen scheduling conflicts in the meeting room, we bumped things up and most people remained for just a plain gathering of like-minded people.

Trying to shoehorn FreeBSD onto embedded devices - why it's not as easy as it could be., Adrian Chadd
[nycbug-2012-09-05.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

Adrian has been putting FreeBSD onto some small embedded Atheros MIPS devices for quite some time - with varying levels of success. In this talk he will cover what FreeBSD-embedded looks like today, how small can you get your kernel and userland, where the bloat is, and what challenges lie ahead.

About the speaker:
Adrian has been tinkering in open source since high school. He now works at Qualcomm Atheros on their internal driver infrastructure. In his spare time, Adrian is working on 802.11n support, maintains the Atheros wifi driver in FreeBSD as well as co-maintains the FreeBSD net80211 stack. Adrian lives in San Jose with no wife, no children, no pets and a rather large collection of embedded devices (most of which run FreeBSD).

NAS: From Scratch, Henry Mendez
[nycbug-2012-08-01.mp3] [meeting_2012-08-01.odp]
(Audio generously recorded and processed by Nikolai Fetissov)

This talk will be on how to build and configure a Network Attached Storage device. The first half will cover hardware purchasing tips, steps to build the computer yourself, and common problems that you might encounter along the way. The second half will cover how to setup your disks (using RAID, ZFS), and configure the required network services to get you up and running quickly.

About the speaker:
Henry Mendez is a Systems Administrator for Tablet, and an avid NYC*BUG attendee. He has been building computers since he was 15.

FreeBSD Bugathon, none

NYC*BSD is sponsoring a FreeBSD Bugathon along with the Bay Area FreeBSD User Group in California. It's a great opportunity to mingle and coordinate with FreeBSD developers locally and beyond.

http://wiki.freebsd.org/Bugathons/2012July

A basic outline includes: 

o Docs updating and validation
  a. What do the other BSD's say?
  b. Is it it accurate?
  c. Improvements
  d. New docs / examples

o Porting help for creating new ports

o Ports bug busting
  a. Confirming PR's
  b. Fixes to open PR's
  c. Testing various config options (i.e. can I set var=yes in make.conf
     and get useful results?)

We'll also be on efnet #nycbug for coordinating beyond NYC.

Bring a Box, Rock Your tmux(1), Matthew Story
[nycbug-2012-07-11.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

A good terminal multiplexer is a vital part of the UNIX Developer and Systems Engineer toolkit. For the better part of a decade, I installed GNU screen(1) on each and everyone of my machines, dealing with the lack of useful features, over-abundance of useless features, complex configuration mini-language, and it's preference to setuid to root. Then along came the OpenBSD project's tmux(1), and everything changed.

Core to the idea of tmux(1) is a command interface, used for both configuration and run-time, making it a simple, easy-to-learn and easy-to-use (and configure) tool. In addition to this, tmux(1) gives you vertical and horizontal panes, pane templates, simple pane resizing, and so much more. If you're a screen(1) user, consider this a Screen User's Anonymous session; if you have refused to engage a terminal multiplexer to this point, and your monitor is cluttered daily with 20 - 30 terminal windows ... consider this your salvation; either way, bring your box and we'll get you rocking with tmux(1) in a couple of hours.

About the speaker:
Matthew Story is Director of the AxialMarket Corps of Engineers, and a contributor to the FreeBSD project. He regularly uses the small gun; xargs(1) is his favorite program (especially with -P).

Networking by Example with the Packet Construction Set, George Neville-Neil
[nycbug-2012-06-06.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

PCS is a set of Python classes and libraries that is currently used for network security and conformance testing. The purpose of PCS is to allow the programmer to express themselves more naturally in network code. All of the bit shifting and low level manipulation usually associated with network programming is handled by the library, allowing the programmer to treat packets as objects, with fields that directly mirror the ones described in IETF and IEEE documents.

To date PCS has been used to test several protocols, including IGMPv3, IPv4, IPv6, The Precision Time Protocol, Yahoo Messenger and several others.

In this talk I will cover the basics of PCS, how to get started with it, and how to use it in your own work.

About the speaker:
George Neville-Neil works on networking and operating system code for fun and profit. He also teaches various course on subjects related to computer programming. His professional areas of interest include code spelunking, operating systems, networking and security. He is the co-author with Marshall Kirk McKusick of _The Design and Implementaion of the FreeBSD operating system_ and is the columnist behind ACM Queue's "Kode Vicious."

The Useless Use of *, Jan Schaumann
[nycbug-2012-05-02.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

A brief look at common shell commands and pipelines found in most engineers' scripts, this talk aims to illustrate how the appropriate use of the various flexible unix tools might allow for more efficient execution and argues against the premature dismissal of the shell as a scalable programming environment.

Originally given in 2007 at the Southern California Linux Expo, this updated version of the talk will also diverge into the direction of premature optimization and overuse of "the big gun" for simple problems.

About the speaker:
Jan Schaumann currently works as a Senior Network Security Engineer at Etsy. Prior to that, Jan was a Senior System Administrator, Systems Architect and finally Principal Paranoid at Yahoo! Inc. He is also an adjunct professor of Computer Science at Stevens Institute of Technology, where he teaches classes in System Administration and UNIX Programming.

With this unique background in both a small scale academic as well as a massive industry-leader corporate enterprise environment, Jan has over 10 years of extensive real-world experience in the practice and teaching of System Administration. He has given presentations on various topics at both national and international venues.

At the moment, Jan is working on a course book on System Administration, to be published by Wiley & Sons in 2013. He lives with his wife and two daughters in New York City, where you may find him riding a large skateboard. You may feel free to buy him a beer anytime.

The journey from user to contributor, Eitan Adler
[nycbug-2012-04-04.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

This will be an open-ended Q&A-style talk covering contributing to FreeBSD. By the end of the talk you should know what makes a good problem report, how to best interact with FreeBSD developers, and how the project handles PRs and anything else that may be relevant.

About the speaker:
Eitan is a second year student at SUNY Binghamton studying Computer Science. He has been using FreeBSD since 6.2. He is a src and ports committer and is part of the X11 and BugBusting teams.

TCL, Marc Spitzer
[nycbug-2012-03-07.mp3] [meeting_2012-03-07.pdf]
(Audio generously recorded and processed by Nikolai Fetissov)

TCL is a language that is well handy to know and a very good choice for a system admin to know. It has the following things going for it:

• Simple to learn and very stable over time
• embedded in Cisco IOS
• expect, all of your command line is belonging to me
• start kits, or how to deploy fat multi-platform binaries
• helpful community
• Code is data so you can do very powerful things
• Unicode since 8.0, long time ago
• TK
• you can create your own control structures
• very consistent language things work pretty much the same everywhere
• Did I mention the event loop?

About the speaker:
Marc Spitzer has been working as a system administrator on Unix systems for long enough that he does not want to think about it. He likes things that quietly work allowing him to do other stuff, FreeBSD comes to mind here. He is also rather fond of good bourbon and rye whiskey. Since he does not like self promotion, he shall stop now.

BSD Networking Topics, Open Forum
[nycbug-2012-02-01.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

Several times a year, we open the floor for more NYC*BUG attendees to speak in brief about a networking related topic of general interest to an array of people.

Topics this time will include:

• keeping FreeBSD ports updated
• ucspi-tcp
• CARP
• lagg(4)

There`s always room for more, so come prepared. Remember, these are brief overviews of topics related to BSD networking on a day-to-day basic, not full-blown presentations. There is no need to prepare anything broad and comprehensive.

Cassandra LAN Party, NYC Cassandra User Group

Media6 Degrees

37 East 18th Street , New York, NY

map

This is a special event held by the NYC Cassandra User Group which we're participating in.

This is a BYOL (Bring Your Own Laptop) event! Rather doing a presentation we will setup a multi-datacenter, multi-node environment in a confined lab environment. Cassandra NYC will provide the switches, the virtual machine image, the soda, and chips. We will then use our laptops to set up a 3 datacenter (simulating New York, Japan, France) cassandra cluster with as many laptops as people bring. This event is ideal for those who have never setup Cassandra and want to learn how to setup real world deployments. However, it is also going to be fun for those that have worked with cassandra before, because lets be real, setting up and playing with a multi-node Cassandra cluster is always fun! To help organized this event it is semi-important for us to have a rough count of how many laptops we will have available. If you register chose `bringing 1 guest` if you plan to bring your laptop to the LAN party. (We will provide a VM image on a pen drive)

AWK, Matthew Story
[nycbug-2012-01-04.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

Your developers came to you wanting to use a new programming framework they just saw on MTV.

It only builds on Ubuntu, and requires some bleeding-edge ports only available as .deb packages, as well as some large rpm`s which for some reason only install via yum. Not to mention you run a largely *BSD environment, with a few Linux, Solaris, UNIX etc… boxes in the mix.

This is the moment when you whip out awk(1), on any of your UNIX systems, and proceed to blow their minds.

About the speaker:
Matthew Story is a software developer at Tablet Hotels, who regularly abuses tcp services for fun and profit.

Holiday Meeting, Various
[nycbug-2011-12-07_a.mp3] [nycbug-2011-12-07_b.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

This year will feature a few technical and fun topics.

• Ike Levy on A Footnote on Inappropriate Cloud Use "Don't believe the hype..." - Public Enemy
• ADAM David Alan Martin on "Riding the Balmer Peak: A tongue-in-cheek look at software engineering, drinking, and bad code."
• Boris Kochergin on Bastard Users from Hell: Tales of Sysadmin Perseverance

Come celebrate the holiday season and the beginning of the ninth year of NYC*BUG.

We are open to additional light, fun yet technical talks.

Free Database Systems: What They Should Be, And Why You Should Care, James Lowden
[nycbug-2011-11-02.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

Open source databases depressingly mimic proprietary ones. They compete on "features". They don`t share code or ideas. They don;t formulate a standard a la the IETF and then strive for interoperability. And they are not working toward creating a true RDBMS.

RDMBSs are important and technically challenging. It`s time to bring database management systems -- MySQL, Firebird, Postgres, Ingres, Rel, MonetDB, SQLite, sapdb, et al. -- into the Internet age. Let`s use the tools that made the Internet possible to get out of the database doldrums.

Goals for free DMBSs:

1. Community
2. Standard wire protocol
3. Standard API
4. New query language
5. Shared language parser and query optimization library
6. Adopt lessons from Unix about namespaces and interfaces
7. Be the thinking man`s choice

About the speaker:
James K. Lowden works in quantitative research systems at AllianceBernstein. He began working with C, C++, and SQL around 1985, and NetBSD since 1.5. In his copious spare time he has for many years been the maintainer of the FreeTDS project (www.freetds.org).

Clang on FreeBSD, ADAM David Alan Martin
[nycbug-2011-10-05.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

Clang:

• What is it?
• Where to get it?
• How to build FreeBSD with it
• Why use it/advantages?
• Fun bits in clang
• Remaining GNU toolchain bits, and what`s being done about them
• Demo of Clang on FreeBSD, and some of its neat features

About the speaker:
ADAM has been using Unix systems since early childhood (truth be told he can hardly remember using anything but). He messed with Rogue and Larn and even a C program or two on old SunOS 4 and 4.4BSD based systems at his dad`s office in the early 1990s. Shortly after the Y2K problem, the Linux User Group at Case Western Reserve University (where nobody actually seemed to run Linux!) first exposed him to FreeBSD. He now tinkers with a lot of different bits of FreeBSD, but he vacillates between being too lazy and too obstreperous in his insistence on C++ to get a commit bit. He still jests that he`s really a Computer Physicist, despite abandoning Physics for Computer Science in 2003. He`s always been easy to spot at conferences -- find the guy with the unique hat. (It`s different every few years.)

He worked in Erez Zadok`s FileSystem and Storage Laboratory at SUNY Stony Brook, mostly writing code for linux, but he did take on a Google Summer of Code project for FreeBSD with the Lab. Currently he works for FalconStor Software, Inc. writing Deduplication engines for Linux platforms. Somehow he always seems to wind up writing more code for Linux than FreeBSD systems. His specialties are Computer Science, and Applied Mathematics & Statistics. Some penguins may have been harmed in the writing of this bio.

RP Counterattack and Net Sensor, Boris Kochergin
[nycbug-2011-09-07_a.mp3] [nycbug-2011-09-07_b.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

Boris will be speaking on two networking topics.

RP Counterattack (will include a demo!):

Monitors traffic on any number of Ethernet interfaces and examines ARP replies and gratuitous ARP requests. If it notices an ARP reply or gratuitous ARP request that is in conflict with its notion of "correct" Ethernet/IP address pairs, it logs the attack if logging is enabled, and, if the Ethernet interface that the attack was seen on is configured as being in aggressive mode, it sends out a gratuitous ARP request and a gratuitous ARP reply with the "correct" Ethernet/IP address pair in an attempt to reset the ARP tables of hosts on the local network segment. The corrective gratuitous ARP request and corrective gratuitous ARP reply can be sent from an Ethernet interface other than the one that the attack was seen on.

http://acm.poly.edu/wiki/ARP_Counterattack

Net Sensor (will include a demo!):

Aims to be a general-purpose, modular network-analysis suite for use in research, diagnostics, forensics, and statistics-gathering. It monitors traffic on an Ethernet interface, performs some pre-processing on it--such as figuring out where a packet`s payload begins--and passes it along to any number of modules. A module is an ELF shared object which may maintain state, write data out to disk using the Berkeley DB-backed Writer library, or send e-mail using the SMTP library. In addition to processing packets from the network, a module can also accept input from any number of other modules. Current modules include an HTTP session-keeping module, an HTTP session-logging module, and a BitTorrent-detection module.

http://acm.poly.edu/wiki/Net_Sensor

About the speaker:
Boris Kochergin is currently a system administrator and programmer at New York Internet. He was a network and system administrator at NYU-Poly`s business incubator at 160 Varick Street (consulting), network and system administrator at EmPower Solar (consulting), network and system administrator at Ecological, LLC (consulting), and programmer for the Long Island Solar Energy Industries Association (consulting).

BSD Networking Topics, Various
[nycbug-2011-08-03.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

Our August meeting will feature another series of short presentations related to BSD Networking.

Topics will include:

• Bruno on "packet tagging with pf"
• Bill on "fun with tcpdump"

Aggregating Metrics & Events, Alexis Lê-QuÃ
[nycbug-2011-07-06.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

Aggregating metrics & events, a necessity to grok systems & apps

Take any off-the-shelf web application, scale it a bit, put in on the cloud. It`s faster, cheaper and easier to assemble & deploy than before. But easier to operate it is not. Whereas 2-4 boxes with 40 metrics each would suffice for the entire app 10 years ago, we`re looking at 10s or 100s of nodes acting semi-autonomously and an avalanche of system metrics, system events, alerts to weed through.

The only way out is through aggregation, filtering and visualization, which is the topic of this talk. Starting the talk from where we should be, we will then look at some libraries/applications that you can use to do this and discuss where these currently fall short.

About the speaker:
Alexis co-founded Datadog to help fellow developers and webops track in real-time events, changes and metrics that can affect their applications. He currently splits his time between caring for Datadog’s data stack and thinking about how to improve the product.

Prior to Datadog, Alexis was building infrastructure software and leading a team of IT operations staff as a Director of Operations for Wireless Generation, supporting several million teachers in the U.S. In practice that has meant everything from racking servers to obsessing over sql queries, to writing embedded code deployed in teachers` hands nationwide. In an earlier life he spent time optimizing the performance of web applications for Orange’s 25 million mobile subscribers in France.

'High Availability' with FreeBSD Jails and ZFS, Isaac ".ike" Levy
[nycbug-2011-06-01.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

After 14 years of jail(8), it`s mature enough for "high availability"

It`s been a long while since we heard a talk on FreeBSD jails from Ike.

In the 14 years since it was committed to FreeBSD, little has fundamentally changed with FreeBSD jail(8), yet the surrounding toolset has pushed jailed virtual servers to a level of noteworthy sophistication and polish- (as though any UNIX tool could really claim to possess either).

New and sexy jail(8) tools:

Jails as platform for HA/Failover Applications

ZFS for jails, in jails, between jails

Wild possibilities using HAST, and GEOM Gate

New run-time configurables

jid specification, smp cpuset, child jails, per-jail sysvipc and raw sockets, plus more...

Multiple IP`s, (ipv6 anyone?!)

devfs(8) and rc(8), teaching new warts old tricks

Base material that will be covered (quickly):

How Jails Work, internals overview.

How to setup jails, a practical how-to, cooking show style...

When NOT to use jails

jail(8) security vulnerabilities, design considerations

Jails vs. Linux UML, XEN, VMware- technical and philosophical differences

Basic jailing tools and management practices

Who wants jails?

System Engineers who need cost-effective high-availability systems.

System Administrators who need to securely separate feuding userland applications.

Software Developers who always need more dev machines.

Educators who need clean unix servers.

Anyone who wants to deploy virtual machines at the internet.

Why do these people want jail(8)?

The design of Jail(8) and jail(2) are very secureable, and because jails use native system utilities,

they are simple to work with using common UNIX tools.

About the speaker:
Isaac ".ike" Levy is a Sr. UNIX Engineer at Tablet Inc., the cure for boring travel.

Ike has always been obsessed with high-availability systems and transparent failover, mostly because he likes to sleep at night. Standing on the shoulders of giants, his background includes partnering to run a Virtual Server ISP before anyone called it a cloud, as well as having a long history hacking internet-facing applications on UNIX systems.

.ike has been a part of NYC*BUG since it was first launched in January 2004. He was a long-time member of the Lower East Side Mac Unix User Group, and is still in denial that this group no longer exists. He has spoken frequently on a number of UNIX and internet security topics at various venues, particularly on the issue of FreeBSD`s jail(8).

The Unix Method of Development Management, William Baxter
[nycbug-2011-05-04.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

The Unix approach has been summarized in many ways, but most simply it`s about a certain method in simplicity, portability and interoperability. Jamming a square peg into a round hole it`s not.

The chapter entitled Basics of the Unix Philosophy in The Art of Unix Programming provides more comprehensive explanations.

Take that approach and look at development projects with dozens of programmers in whatever language.

How is the Unix method relevant? How do Unix principles aid in structuring and coordinating software development, even for, say, Java developers?

William Baxter argues that the Unix methods and principles are the most useful set of tools for directing developers, even more so when bad habits need to be relearned for the goal of creating good code.

About the speaker:
William Baxter, a senior developer with decades of experience leading programming projects, will discuss the process of managing developers and their projects.

BSD High Availability, Sam Banks
[nycbug-2011-04-06.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

The BSD High Availability (HA) suite has some very handy and powerful features. However, as with all systems, there are certain considerations to be made when rolling out a HA implementation. This talk will focus on the security considerations when rolling out a BSD HA implementation.

The talk will cover the following:

• An explanation of the BSD HA environment (CARP, pfsync, sasyncd)
• How these components, specifically CARP, function at a lower level
• Current and potential attacks against the HA environment, including some demos
• Security considerations when rolling out a HA implementation and applicable work-arounds
• Ideas on how to improve the security and flexibility of the BSD HA tool suite

About the speaker:
Sam hails from a small country in the middle of nowhere called New Zealand, where people live in mud huts and rub sticks together to produce fire. When not foraging for berries and miscellaneous woodland creatures, Sam works for Lateral Security as a security consultant (a more CEO-friendly word for hacker) where he breaks into systems for a living. Previous to that, he spent several years in programming and system administration roles. He caught the BSD bug many years ago when his friend enlightened him to the fact that he too could have a solid block cursor at the terminal.

Quick Note: Sam contacted us as he`ll be in NYC for a visit, and following the February meeting discussion, we saw it was a great opportunity to have this meeting

BigBlueButton, Dru Lavigne
[nycbug-2011-03-02.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

This talk will provide an overview and demonstration of BigBlueButton, an open source project that originated at Ottawa`s Carleton University. It was designed to enable universities to deliver a high quality learning experience to remote users, but can be used by any organization looking for an integrated web conferencing system. Features include video conferencing, shared presentations, shared whiteboard, instant chat, auto chat translation, and localization.

About the speaker:
Dru Lavigne is the Director of Community Development for the PC-BSD Project where she leads the documentation team, assists new users, helps to find and fix bugs, and reaches out to members of the open source community to discover their needs. She is the current Chair of the BSD Certifiication Group and author of BSD Hacks, The Best of FreeBSD Basics, and The Definitive Guide to PC-BSD.

BSD Networking, Various
[nycbug-2011-02-02.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

A number of short topics will be covered, reflecting some of the recent discussion on our Talk list.

Topics will include:

• lagg/trunk
• sysctl tweaking
• bandwidth monitoring with pf tagging

An Introduction to WebDAV, Ivan Ivanov

WebDAV is an HTTP-based protocol designed to turn the Web into a writable media. The major web server vendors provide compliant implementations and most OSes come with built-in clients. The presentation will describe how it works and why it is a viable alternative for web publishing.

About the speaker:
Ivan Ivanov met WebDAV for the first time as a service by a web hosting provider. He built a software repository with a WebDAV backend at a previous job and he implemented dependency management and deployment tracking based on it.

Holiday Meeting: Your Tips as Community Gifts, Various

Last December, we had a useful and fun meeting with a variety of speakers presenting their day-to-day hacks: small methods and tools that save time and hassles. This year, we'll do the same.

So get ready and think of one or two small hacks that save you time. Maybe it`s saved a few minutes a day, maybe it's saved your job.

And with the holiday season, it`s a great time to give back to the technical community.

The life you may be saving might be someone you actually like!

Post Meeting:

Dan's Bash List Decomposition http://bash.pastebin.com/ejnuFMQg

Mark's Using Rsync and Perl and Daemontools for Content Replication

George's GMail-Checking for the Privacy-Aware

NYCBSDCon 2010, Various

There will be no monthly NYCBUG meeting in November due to NYCBSDCon 2010.

Cooper Students Present, Various
[nycbug-2010-10-06.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

This month's meetings will feature several Cooper Union engineering students presenting their projects.

• "A Study of Bayesian Authorship Classification" with Kevin Tien and Nicole Lesperance. From a Natural Language Processing class project.
• "Real Time Hand Gesture Recognition" with George Todorov and Eugene Belilovsky.
• "Characterization of Light Output Instabilities In Quantum Cascade Lasers Under Pulsed Operation" with Jonathan Ligo.

These presentations will be great opportunities to hear from the next generation of young and bright engineers.

Bruno Scap on Building Email Infrastructure, Bruno Scap
[nycbug-2010-09-01.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

rganizations and individuals rely on e-mail, and while Google Mail and similar hosted solutions might be a good alternative, sometimes e-mail needs to be hosted in-house. The focus of this talk is building a reliable, scalable, and distributed e-mail infrastructure using open source off-the-shelf tools.

About the speaker:
Bruno Scap helps companies achieve greater business value from IT. He works with executives and top managers to maximize the business value from the computing technologies and services. He can be reached at bruno AT konjz DOT org.

Ivan Ivanov on Examples in Cryptography with OpenSSL, Ivan Ivanov
[nycbug-2010-08-04.mp3] [meeting_2010-08-04.pdf]
(Audio generously recorded and processed by Nikolai Fetissov)

OpenSSL is an ubiquitious SSL/TLS implementation and cryptography toolkit. It is widely used to manipulate keys and certificates for servers and clients and there are a lot of tutorials on how to use it from the command line.

This presentation attempts to go deeper into OpenSSL`s library and give an overview of its API. It will show how to programmatically calculate one-way hashes, perform symmetric and asymmetric encryption and create and verify message authentication codes and digital signatures. The concrete examples will include DES and AES ciphers, RSA and DSA encryption and decryption, Diffie-Hellman key exchange and a simple SSL-enabled application. Some particular algorithms can also be described in more details along with their mathematical properties if time permits but the presentation will be mostly example-driven.

About the speaker:
Ivan Ivanov is a software developer currently based in New York. His interest in cryptography comes from his mathematical education. In his professional work he has developed encryption and decryption routines for protecting data transmission over the network.

The Go Programming Language, Mark Chu-Carroll
[nycbug-2010-07-07.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

Go is ...
... simple
package main

import "fmt"

func main() {
fmt.Printf("Hello, 世界n")
}
... fast
Go compilers produce fast code fast. Typical builds take a fraction of a second yet the resulting programs run nearly as quickly as comparable C or C++ code.
... safe
Go is type safe and memory safe. Go has pointers but no pointer arithmetic. For random access, use slices, which know their limits.
... concurrent
Go promotes writing systems and servers as sets of lightweight communicating processes, called goroutines, with strong support from the language. Run thousands of goroutines if you want—and say good-bye to stack overflows.
... fun
Go has fast builds, clean syntax, garbage collection, methods for any type, and run-time reflection. It feels like a dynamic language but has the speed and safety of a static language. It`s a joy to use.
... open source

About the speaker:
Mark Chu-Carroll is a software engineer at Google, who is utterly obsessed with programming languages. He's been working on software development tools for close to 20 years. In his free time, he writes the blog Good Math/Bad Math at scienceblogs.com.

Introduction to GDB for System Administrators and Programmers., Nikolai Fetissov

System administrators often have to diagnose and report software anomalies back to developers while programmers often find themselves asking system administrators for specific information about production issues. GDB, while being a debugger and thus mainly a programmer`s tool, allows for gathering enough information from either running or crashed process, so support and development groups can communicate more effectively. We will touch upon relevant usage of GDB and associated tools.

About the speaker:
Nikolai Fetissov is a professional software developer with a long history of working with various Unixen and broad interests ranging from kernel internals to C++ meta-programming.

Scapy, Kevin Figueroa
[nycbug-2010-05-05.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

Scapy is one of the most powerful packet manipulation programs currently available. One of its powerful features lies within its capability in creating and decoding packets using numerous different types of protocols. In addition, it also has the ability send and receive packets, plus performing a number of useful penetration testing tasks, such as, handling tasks like scanning, tracerouting, network discovery and certain attacks. It serves duties like sending invalid frames, and creating double encapsulated packets in order to perform VLAN hopping. Perform Nmap-like scan much faster, inject 802.11 wireless frames, and combine different types of custom manipulation techniques within a single packet.

About the speaker:
Kevin Figueroa has been a life-long resident of the Bronx. Over the last 13 years he has developed skills on a wide range of cyber security, which lead him to various certifications as, A+, Network +, Security +, and CEH. He has spoken at the several Cyber Security Conference in the world. Kevin is the President and Senior Security Analyst for K & T International Consulting, Inc, which provides a spectrum of cyber security services like, security analysis, penetration testing, compliance audit, wireless security assessment, and reverse engineering analysis. K & T International Consulting, Inc. has successfully managed projects for clients like, The Federal Reserve Bank, CitiGroup, MacQuesten Inc. and many Fortune 500 companies. He is also the founder of Bronx Academy of Intelligent Technologists (BAIT). This academy focuses on teaching cyber security, certification courses, and preforming IT security research and Development. By grooming children and young adults on future technologies and how to secure these technology the students will be a great asset in securing the future of Corporations and national infrastructure.

Nepenthes, Marco Figueroa
[nycbug-2010-04-07.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

Detecting and defending your network from script kiddies using Nepenthes

We will discuss what is nepenthes, why was it created, how does it work and how to install it. As well as where to install Nepenthes on your network to get the best results. We will have sample analysis of Malicious Binary and show how to figure out what the code is really doing.

About the speaker:
Marco Figueroa is a Senior Security Analyst for fortune 500 companies. Marco`s expertise includes reverse engineering malware, incident handling, hacker attacks and defenses. He has performed numerous security assessments, and responded to computer attacks for clients in different market verticals. Marco holds the following certifications: GCIH, GREM, Security+, Network+, A+. You can contact him at Marco.figueroa@mafcorp.net.

PFSense II, Rocking The Datacenter, Isaac ".ike" Levy
[nycbug-2010-03-03.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

In 2006, ike gave an overview on PFSense and it`s mother project
m0n0wall, which were new and exciting router platforms back then.

Quote from that first talk, (4 years ago):
  "throw your Linksys/SoHo/WiFi router in the garbage where it belongs"
  http://www.nycbug.org/index.php?NAV=Home;SUBM=10027

Quote for this talk:
  "You might wanna` put your Sonicwall/Juniper/Cisco routers up on Ebay."

pfSense is a free, open source customized distribution of FreeBSD
tailored for use as a firewall and router.  http://pfsense.org/

pfSense has matured into a full-fledged routing platform which fits 
right in at the datacenter.  As all the big router vendors now tout
fully browser-based administration- (over IOS, I2J, etc...) so the
stigma of using pfSense in the enterprise is gone.

Our speaker has been using pfSense in datacenter deployments for over 4 
years, and will be describing how pfSense was used to save and secure
several "organically dysfunctional" corporate networks, and maintain
business continuity.

Throughout the talk, these points will be emphasized:
- Deploys: "Performing an Oil Change at 80mph" (quoting Michael Lucas)
- Corporate Office/Colo Life with pfSense
- Quickly/Safely Training Junior/Senior Network Sysadmins on pfSense
- Taking the Magic/Macho out of HA networking
- Networking can be Reliable/Understood/Fun

Half of this talk is a quick pfSense bootstrap:
- What *is* pfSense? (A Terrific Routing Platform!)
- Hardware (Embedded and Regular x86 Systems)
  - The reality of recycling servers, (Go Green! and other buzzwords)
- Install, basic setup- focused on typical multi-zone networks

The other half of the talk will go through the incredibly advanced tools 
and features that make pfSense an excellent platform for
High-Availability and Security at the datacenter:

- CARP, Physical Redundancy, (and living with HSRP/VRRP/GLBP 
  from your ISP)
- Fully Redundant Load Balancing, 2 common roles:
  - (inbound) Load Balancing to scale Web Servers
  - (outbound) Load Balancing for multi-wan redundant networking
- "Deep Packet Inspection" and other infosec buzzwords, done the 
  PF/BSD way

- Missing your IOS shell?  pfSense gives you a UNIX Shell- infinite 
  possibilities!
  - pfSense/embedded shell specifics, (read-only filesysem on CF?)
    - NanoBSD/implementation notes...
  - Using pf from the shell
    - interacting with system firewall/traffic-shaping/etc..
    - dancing a tango with the GUI
- Syslog, SNMP, and all fixin`s
- Config Management for Network Scaling/Sanity

About the speaker:
As Sr. Infrastructure Engineer at the emerging startup Proclivity Systems, Isaac ".ike" Levy is ob sessed with high-availability systems and transparent failover, mostly because he likes to sleep a t night. Standing on the shoulders of giants, his background includes partnering to run a Virtual Server ISP before there was ever a cloud in the sky, as well as having a long history hacking int ernet-facing applications on UNIX systems.
.ike has been a part of NYC*BUG since it was first launched in January 2004. He was a long-time me mber of the Lower East Side Mac Unix User Group, and is still in denial that this group no longer exists. He has spoken frequently on a number of topics at various venues, particularly on the issue of FreeBSD`s jail (8).

BSD Certifcation SME Session, None

NYC*BUG will be hosting a Subject Matter Expert (SME) session to review current and prospective questions for the BSD Certification Exam.

For more information about the SME policy, see the BSD Certification SME Policy.

BSD Certification Exam, None

NYC*BUG will be hosting the BSD Certification Exam.

For more information, and to register, please look at BSD Certification website.

Systems Programming On A System On A Chip, Aidan Cully
[nycbug-2010-02-03.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

Embedded software is characterized by a tight coupling to its associated hardware. This means that there is an ability to reduce the hardware and software footprint to the barest version that can possibly support the intended applications of the embedded system. In turn, this means that many libraries written for full-featured operating systems are not well suited to run in the embedded environment, as they often assume a range of system features available in common desktop platforms, but unavailable to many embedded systems.

This talk will emphasize techniques developers can use to make their software more suitable for embedded systems. I will also discuss debugging embedded applications, as well as the process of co-developing custom hardware, and its associated software drivers.

About the speaker:
Aidan Cully is a software engineer at Arkados, a fabless semiconductor manufacturer in Piscataway, NJ.

Hadoop a Worldwind Tour, Edward Capriolo
[nycbug-2010-01-06.mp3] [meeting_2010-01-06.pdf]
(Audio generously recorded and processed by Nikolai Fetissov)

This presentation gives a brief high level overview of Hadoop. Next, we hit the ground running with a quick practical example of how Hadoop solves a "big data" problem. We also discuss how the demonstrated Hadoop processing model scales out to terabytes of data and hundreds or even thousands of computers.

About the speaker:
Edward Capriolo, works at About.com System Operations. When not in break-fix mode, he researches high/traffic high-availability and scalable solutions. Edward is a committer to the Apache Hadoop Hive sub project.

Holiday Meeting: Your Tips as Presents, Various
[nycbug-2009-12-02.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

December's meeting will be an opportunity for an array of people to illustrate their Unix hacks.

In August, Dru Lavigne started a thread on NYCBUG`s talk about "fave BSD tips/tricks?" that brought out some good discussion. We see this meeting as a follow-up, and an opportunity to give your hacks "back to the community" as a holiday gift.

Please submit your one page PDF to admin@, with one, two, or even three simple tips. It might be simple and seemingly stupid, but it could save a few minutes a day for another developer or sysadmin in the meeting.

It could be a creatively piped set of commands, or a simple script that you run through periodic to prevent headaches. The field is wide open.

We will schedule a handful of ten minute or so speakers, and let the crowd take it from there.

FreeBSD 8.0 New Release and Virtualized Networking for All, George Neville-Neil
[nycbug-2009-11-04.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

The release of FreeBSD 8.0 brings with it many new features but none has been more anticipated than the full integration of network stack virtualization into the system. Virtualized network stacks have the potential to revolutionize the use of FreeBSD in the same way that Jails did, by providing a lightweight mechanism through which multiple clients or customers can use a system`s networking resources without interfering with each other. My talk will cover not only network virtualization but also all of the other features and improvements that are present in FreeBSD 8.0.

About the speaker:
George Neville-Neil works on operating systems and networking for fun and profit. He is the co-author with Marshall Kirk McKusick of _The Design and Implementation of the FreeBSD Operating System_ as well as the column Kode Vicious.

XMPP Takes AIM: A Lot of Jabber about Real Time Applications, Brian Cully
[nycbug-2009-10-07.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

XMPP Without IM

This will be an open-ended Q&A-style talk covering XMPP fundamentals. XML streams, stanza semantics, federation, and extensibility will all be touched on. The purpose will be to cover what makes XMPP different from existing IM solutions and viable as a generic push technology. Come with questions!

About the speaker:
Brian has been involved in the XMPP community since 2007, writing code for ejabberd and prosody to support various extensions, with a particular focus on publish-subscribe functionality. He is currently working on integrating XMPP with Junction Networks' SIP service, facilitating call control and monitoring in real-time on the web.

How to Get Started with Kernel Programming, Jeffrey M. Hsu
[nycbug-2009-09-02.mp3] [meeting_2009-09-02.pdf]
(Audio generously recorded and processed by Nikolai Fetissov)

This talk is intended to introduce kernel programming for the absolute novice. We will cover:

• basic setup
• building and booting test kernels
• how to write your first system call
• a quick overview of the major subsystems including
• kernel locking and synchronization primitives
• device drivers
• VFS layer
• memory allocation
• networking

About the speaker:
Jeffrey M. Hsu became a member the FreeBSD project in 1994 as one of its first 10 committers. He has contributed to many sections of the operating system in areas such as the networking stack, Java, and a large number of the early ports in the language category. He has worked professionally on FreeBSD and NetBSD was offered commit bits to both the OpenBSD and DragonFlyBSD projects when they were first being formed and is active in the DragonFlyBSD project today. He holds a degree from U.C. Berkeley in computer science.

In the past, he has consulted for leading companies such as the Western Software Laboratory division of Digital Equipment Corporation, Cygnus, Encanto, Netscape, ClickArray, Palm, Wasabi, and Cisco Systems. Jeffrey enjoys giving talks and meeting BSD enthusiasts all over the world.

BSDA Angoff Session, None

Call for BSD Certification Group Subject Matter Experts (SME)

Are you a working sysadmin?

Do you manage other sysadmins?

Want to help the BSD Certification Group?

If so, bring your laptop and come join us from 10 am to 2 pm on August 9 to help improve the BSDA exam. RSVP chair AT bsdcertification DOT org for exact downtown Manhattan event location.

BSD Certification: A Case Study in Open Source Community, Dru Lavigne
[nycbug-2009-08-05.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

Since their heyday in the 1990s, IT certifications have gained a bad rap. They are often perceived as money making machines for large companies, havens for braindumps, and certificates which aren`t worth the paper they are written on. We are all familiar with how open source is revolutionizing the proprietary software industry. Open source also has the potential to revolutionize the proprietary certification industry, and the BSD community is leading the way.

This talk will introduce the BSD Certification Group and their effort to create and maintain certifications that effectively assess the skills of BSD system administrators. It will provide an update on BSD certification, some of the lessons learned along the way, and principles other open source communities can use to provide their own certifications.

Dru Lavigne is founder and current chair of the BSD Certification Group. She is a sysadmin, technical trainer, author of BSD Hacks and The Best of FreeBSD Basics, maintainer of @bsdevents, board member of the FreeBSD Foundation, and editor of the Open Source Business Resource. She has been actively involved in the BSD community since 1997.

Please note that NYCBUG will be hosting a BSDA exam on August 2 which we encourage you to sign up for ASAP.

BSDA Exam, None

NYCBUG will be hosting a BSDA exam for the BSD Certification Group on August 2.

Please register as soon as possible to ensure your spot at the exam.

The exam will be held at 55 Broad Street between Exchange Place and Beaver Street in Manhattan.

Next steps for GNUstep, Gregory Casamento
[nycbug-2009-07-01.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

Gregory Casamento will speak about the advantages GNUstep has over some other environments as well as a brief discussion of it's history and where it's going in the future.

Building Better Tools, Jan Schaumann
[nycbug-2009-06-03.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

Every System Administrator has his or her own set of tools, programs and scripts; within every organization, every team of engineers has theirs. This means that a lot of the software used to maintain the infrastructure around the internet is written by people who are not (primarily) software developers. This talk tries to explain how these people can build better tools: tools that scale well, programs that can easily be extended, systems that behave well.

While not specific to BSD systems in general and completely programming language agnostic, this talk focuses on a number of principles, guidelines and concepts that should apply to virtually any system administrator`s or engineer`s daily routine.

About the speaker:
Jan Schaumann is a Systems Architect at Yahoo!, a nice place to stay on the internet, where he designs and maintains infrastructure solutions servicing over half a billion people each and every day. Jan holds a BS and MS in Computer Science from Stevens Institute of Technology. He is also one of the developers of the NetBSD operating system, where, amongst other things, he manages the NetBSD Project's participation in Google's Summer of Code program.

Jan enjoys life with his wife and daughter in New York City. He can be reached at jschauma@netmeister.org.

Open Forum, Various

Our "Open Forum" meetings allow for short presentations on a variety of topics, in addition to providing a better environment for attendees to raise issues and problems they face day-to-day as *BSD sysadmins and developers. We look to these meetings as a "live" version of our dynamic 'Talk' mailing list.

Git: A Case Study In Distributed Version Control, Brian Cully
[nycbug-2009-04-01.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

This talk will go over what distributed version control systems (dVCS) mean, and how git applies itself to its problems. The slides are here.

About the speaker:
bjc has been involved in open source since the mid 90s, contributing to the BSDs and Linux at various points. He once worked at Panix, and now works at Junction Networks. Wherever he goes he seems to end up working on the version control system, and is now using git exclusively.

What's your biggest Time Management problem?, Tom Limoncelli
[nycbug-2009-03-04.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

About the speaker:
Tom Limoncelli is a FreeBSD user and the author of the O`Reilly book,"Time Management for System Administrators". He`ll be giving a brief presentation with highlights from his book then will take questions from the audience. Whether you are a system administrator, a developer (or even a Linux user) this presentation will help you with something more precious a quad-processor AMD box.

Postfix Performance Tuning, Victor Duchovni
[nycbug-2009-02-04.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

Money can buy you bandwidth, but latency is forever! - John Mashey, MIPS

Victor will cover an array of issues connected to Postfix performance tuning, including:

• Latency, concurrency and throughput
• Postfix input processing
• Queue file format rationale
• Input processing bottlenecks
• Pre-queue filters, milters, content filters
• Tuning for fast (enough) input
• Postfix on-disk queues, requirements and architecture
• What is a "transport"?
• Postfix "nqmgr" scheduler algorithm
• Per-destination in memory queues
• Per-destination scheduler controls
• SMTP delivery
• Understanding delay logging
• Transport process limits, concurrency limits
• Scaling to thousands of output processes
• Connection caching, TLS session caching, feedback controls

About the speaker:
Victor Duchovni trained in mathematics, switched tracks to CS in 1980s leaving Princeton with a master`s degree in mathematics and newly acquired skills in Unix system administration and system programming. In 1990 moved to Lehman Brothers, worked on system management tooling, and network engineering. Ported "Moira" from MIT to Lehman, built efficient build systems that predated (and partly inspired) Jumpstart. In 1994 joined ESM to market "CMDB" tools to enterprise users, but this did not pan out, in the mean time learned Tcl, and contributed bunch of patches to the 7.x early 8.x TCL releases. In 1997 returned to New York, working in IT Security at Morgan Stanley since late 1999. At Morgan Stanley, developed a hobby in perimeter email security, becoming an active Postfix user and very soon contributor in May of 2001. In addition to many smaller feature improvements, contributed initial implementation of SMTP connection caching, overhauled and currently maintain LDAP and TLS support. Made significant design contributions to queue manager in collaboration with Wietse and Patrik Raq. In 2.6 contributing support for TLS EC ciphers and multi-instance management tooling, ideally also TLS SNI if time permits.

Introduction to Puppet, Larry Ludwig
[nycbug-2009-01-07.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

What it is and how can it make system administration less painful?

About the speaker:
Larry Ludwig - Principal Consultant/Founder of Empowering Media. Empowering Media is a consulting firm and managed hosting provider. Larry Ludwig has been in the industry for over 15 years as a system administration and system programmer. He`s had previous experience working for many Fortune 500 corporations and holds a BS in CS from Clemson University.
Larry, along with Eric E. Moore and Brian Gupta are founding members of the NYC Puppet usergroup.

Holiday Party, Everyone, after a few

This year's NYC*BUG Holiday Party will be a cash bar event in the backroom of Suspenders Restaurant.

Join us in this social event and celebrate another year of NYC*BUG success!

Hardware Performance Monitoring Counters, George Neville-Neil
[nycbug-2008-11-05.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

Many modern CPUs provide on chip counters for performance events such as retiring instructions and cache misses. The hwpmc driver and libraries in FreeBSD give systems administrators and programmers access to APIs which make it possible to measure performance without modifying source code and with minimal intrusion into application execution. This talk will be a brief introduction to HWPMC, and how to use it.

About the speaker:
George Neville-Neil is the co-author with Kirk McKusick of The Design and Implementation of the FreeBSD Operating System. He works on networking an operating systems for fun and profit.

NYCBSDCon 2008, Various

We are proud to announce NYCBSDCon 2008. Stay tuned as details are released.

Information is available at the NYCBSDCon 2008 web site.

Organizing NYCBSDCon 2008, Open Forum

Organizing NYCBSDCon 2008

Public Key sudo, Matthew Burnside
[nycbug-2008-08-06.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

Two tools which have become the norm in Linux- and Unix-based environments are SSH for secure communications, and sudo for performing administrative tasks. These are independent programs with substantially different purposes, but they are often used in conjunction. In this talk, I describe a flaw in their interaction, and then present our solution called public-key sudo.

Public-key sudo is an extension to the sudo authentication mechanism which allows for public key authentication using the SSH public key framework. I describe our implementation of a generic SSH authentication module and the sudo modifications required to use this module.

About the speaker:
Matthew Burnside is a Ph.D. student in the Computer Science department at Columbia University, in New York. He works for Professor Angelos Keromytis in the Network Security Lab. He received his B.A and M.Eng from MIT in 2000, and 2002, respectively. His research interests are in network anonymity, trust management, and enterprise-scale policy enforcement.

Configuration Management with Cfengine, Steven Kreuzer
[nycbug-2008-07-02.mp3] [meeting_2008-07-02.ppt]
(Audio generously recorded and processed by Nikolai Fetissov)

Cfengine is a policy-based configuration management system. Its primary function is to provide automated configuration and maintenance of computers, from a policy specification.

The cfengine project was started in 1993 as a reaction to the complexity and non-portability of shell scripting for Unix configuration management, and continues today. The aim was to absorb frequently used coding paradigms into a declarative, domain-specific language that would offer self-documenting configuration.

About the speaker:
Steven Kreuzer has been working with Open Source technologies since as long as he can remember, starting out with a 486 salvaged from a dumpster behind his neighborhood computer store. In his spare time he enjoys doing things with technology that have absolutely no redeeming social value.

NYCBSDCon 2008 Organizing Meeting, Open Forum

This meeting will be focused on NYCBSDCon 2008.

The meeting will consist of an overview of the conference as it`s planned for October 11-12 at Columbia University, in addition to plugging in individual members of NYCBUG into roles such as publicity and in the mechanics of the conference.

If you want to be involved with NYCBSDCon 2008, you should attend this meeting.

Managing OpenBSD Environments, Okan Demirmen
[nycbug-2008-05-07.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

This talk is the result of an after-meeting discussion with a few folks, when it became apparent that there is some confusion as to how to deal with OpenBSD in small and large environments. The topic of installation and upgrading came up again. This talk is aimed to hopefully dispel many of the rumors, provide a thorough description and walk through of the various stages of running OpenBSD in any size environment, and some of the features and tools at the administrator`s disposal.

About the speaker:
Okan Demirmen has been working with UNIX-like systems for as long as he can remember and has found OpenBSD to match some of the same philosophies in which he believes, namely simplicity and correctness, and reap the benefits of such.

ZFS on FreeBSD, Ike & Yarema

Ike & Yarema will tag-team this meeting.

ZFS - the breakthrough file system in FreeBSD 7 (ported from Sun`s Solaris 10 Operating System) delivers virtually unlimited capacity, provable data integrity, and near-zero administration. However FreeBSD`s sysinstall(8) does not yet support installing the system onto anything more exotic than a commonly used UFS partition scheme. Furthermore, FreeBSD`s boot loader(8) cannot yet load the kernel and modules from ZFS.

This meeting will cover installing FreeBSD 7.0 on ZFS as the root filesystem with a boot partition on a GEOM gmirror. Attendees are encouraged to read, download and try the zfsboot scripts at http://yds.CoolRat.org/zfsboot.shtml The rational behind the zfsboot script will be demystified and an install will be demonstrated. Anyone who brings a (minimum 1 Gig) USB thumb drive can go home with a bootable "root on ZFS" installer. Anyone who brings a hard drive can go home with FreeBSD installed on a ZFS root.

About the speaker:
Yarema has been a FreeBSD administrator for more than a decade. A contributor to the FreeBSD ports collection. Likes to mouth off about his latest exploits with the OS only to be rewarded by getting "volunteered" to do a lecture at an upcoming NYC*BUG meeting.

Ike has been orbiting NYCBUG since the beginning. Not only does he not think within the box, he doesn`t even know there *is* a box. He used to give talks on jail(8) in New York, but since he`s been banned from it, he is forced to do them for other unsuspecting BSD users at conferences like AsiaBSDCon.

Building a High-Performance Computing Cluster Using FreeBSD, Brooks Davis
[nycbug-2008-03-20.mp3] [meeting_2008-03-20.pdf]
(Audio generously recorded and processed by Nikolai Fetissov)

Since late 2000 we have developed and maintained a general purpose technical and scientific computing cluster running the FreeBSD operating system. In that time we have grown from a cluster of 8 dual Intel Pentium III systems to our current mix of 64 dual, quad-core Intel Xeon and 289 dual AMD Opteron systems.

In this talk we reflect on the system architecture as documented in our BSDCon 2003 paper "Building a High-performance Computing Cluster Using FreeBSD" and our changes since that time. After a brief overview of the current cluster we revisit the architectural decisions in that paper and reflect on their long term success. We then discuss lessons learned in the process. Finally, we conclude with thoughts on future cluster expansion and designs.

About the speaker:
Brooks Davis is an Engineering Specialist in the High Performance Computing Section of the Computer Systems Research Department at The Aerospace Corporation. He has been a FreeBSD user since 1994, a FreeBSD committer since 2001, and a core team member since 2006. He earned a Bachelors Degree in Computer Science from Harvey Mudd College in 1998.

His computing interests include high performance computing, networking, security, mobility, and, of course, finding ways to use FreeBSD in all these areas. When not computing, he enjoys reading, cooking, brewing and pounding on red-hot iron in his garage blacksmith shop.

User Interfaces and How People Think, Jeff Mau
[nycbug-2008-03-05.mp3] [meeting_2008-03-05.pdf]
(Audio generously recorded and processed by Nikolai Fetissov)

"User Interfaces and How People Think" will introduce concepts of designing software for different users by observing how they think about and do what they do. While much of design today focuses on the front-end of computer systems, there is opportunity to innovate in every area where a human interacts with software.

About the speaker:
Jeffery Mau is a user experience designer with the leading business and technology consulting firm Sapient. He has helped clients create great customer experiences in the financial services, education, entertainment and telecommunications industries. With a passion for connecting people with technology, Jeff specializes in Information Architecture and Business Strategy. Jeff holds a Masters in Design from the IIT Institute of Design in Chicago, Illinois.

Open Meeting on OpenSSH, Open Forum
[nycbug-2008-02-06.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

Febrary's NYCBUG meeting is a broad look at OpenSSH, the de facto method for remote administration and more. OpenSSH celebrated its 8th anniversary this past September, and we thought this would be a great opportunity to discuss OpenSSH, and for others to contribute their hacks and interesting applications.

If you are interested in doing a short spiel on an interesting use, please contact admin@ to let us know.

SSARES, Angelos D. Keromytis
[nycbug-2008-01-09.mp3] [meeting_2008-01-09.pdf]
(Audio generously recorded and processed by Nikolai Fetissov)

SSARES: Secure Searchable Automated Remote Email Storage is a novel system that offers a practical approach to both securing remotely stored email and allowing privacy-preserving search of that email collection. The paper on this topic is here.

About the speaker:
Angelos Keromytis is an Associate Professor with the Department of Computer Science at Columbia University, and director of the Network Security Laboratory. He received his B.Sc. in Computer Science from the University of Crete, Greece, and his M.Sc. and Ph.D. from the Computer and Information Science (CIS) Department, University of Pennsylvania. He is the author and co-author of more than 100 papers on refereed conferences and journals, and has served on over 40 conference program committees. He is an associate editor of the ACM Transactions on Information and Systems Security (TISSEC). He recently co-authored a book on using graphics cards for security, and is a co-founder of StackSafe Inc. His current research interests revolve around systems and network security, and cryptography.

2007 NYTC Holiday Party,

Back in 2004, NYCBUG and NYPHP organized the best technical networking event in the New York technical community`s memory. This year we will be replicating that event, with a free open bar, free hors d`oeuvres, sponsor exhibits and many other of New York technologies best and brightest. Unlike normal NYCBUG events, you will be required to register for this event. You should register as soon as possible and get ready to mingle and imbibe with your other technical cohorts. The event will be held at Suspenders Restaurant, and we will have the whole place.

IPv6 Workshop, Open forum

While the October meeting focused on IPv6, November`s meeting will look at the application of IPv6 by a number of NYCBUG members. Several people are setting up their home or colo`d networks for IPv6 ability. Meanwhile, the NYCBUG cabinet will be ready to provide IPv6 gateway services. Bring along your laptop, and we`ll work to get more people on an IPv6 network for further exploration.

IPv6 Implementation, Gene Cronk
[nycbug-2007-10-03.mp3] [meeting_2007-10-03.pdf]
(Audio generously recorded and processed by Nikolai Fetissov)

This talk will be on some of the basics of IPv6 including addressing, subnetting, and tools to test connectivity. There will be a lab (network permitting), and setups for an as of yet undisclosed flavor of BSD as well as some of the well known daemons (Apache 2, SSHD) will be demonstrated. Setting up a BSD OS as an IPv6 router and tunneling system will also be covered. If you`re reading this and see something I missed (and plan on attending the meeting), please drop a mail to the talk@ list and let me know what else should be added. Presentation slides are also available here.

About the speaker:

Gene Cronk, CISSP-ISSAP, NSA-IAM is a freelance network security consultant, specializing in *NIX solutions. He has been working with computers for well over 20 years, electronics for over 15, and IPv6 specifically for 4 years. He has given talks on IPv6 and a multitude of other topics at DefCon, ShmooCon and other "underground" venues. Gene is from Jacksonville, FL. When not involved in matters concerning IPv6, he can be found gaming (Anarchy Online), helping out with the Jacksonville Linux User`s Group, being one of the benevolent dictators of the Hacker Pimps Security Think Tank, or fixing up his house.

Cryptography in Web Apps, Nick Galbreath
[nycbug-2007-09-05.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

Using Cryptography to Improve Web Application Performance and Security: Cryptography has a reputation of slowing down applications. However if done correctly, it can actually be used to improve performance by storing high-value/high-cost results "in public." In addition the same techniques can solve common security problems such as authorization, parameter scanning, and parameter rewriting. All are welcome -- no previous experience with cryptography is required, and the techniques will be presented in a programming-language neutral format.

About the speaker:
Nick Galbreath have been working on high performance servers and web security at various high profile startups since 1994 (most recently Right Media). He holds a Master degree of Mathematics from Boston University, and published a book on cryptography. He currently lives in the Lower East Side.

NYCBUG-NYPHP Social,

We have planned a social get-together for NYCBUG and NYPHP and beyond at the Delancey Lounge in the Lower East Side. The event will be held on Thursday, August 23rd, starting at 6:30 pm. The Delancey Lounge has an all wood terrace on the roof filled with plants. It`s a very nice location. No need to RSVP, just show up. No fee for coming, but it`s a cash bar, of course.

Nagios, Marc Spitzer
[nycbug-2007-08-01.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

Nagios is a platform for monitoring services and the hosts they reside on. It provides a reasonable tool for monitoring your network and you can not beat the price.

We plan on covering the following topics:

• what it is
• how it works
• where to get it
• how to install it
• how to configure it
• how to customize it for your environment
• where the data is stored
• how to write a basic plug-in

About the speaker:
Marc Spitzer started as a VAX/VMS operator who taught himself some basic scripting in DCL to help me remember how to do procedures that did not come up enough to actually remember all the steps, this was in 1990. Since then he has worked with HPUX, Solaris, Windows, Linux, and the BSDs, FreeBSD being his favorite. He has held a variety of positions, admin and engineering, where he has been able to introduce BSD into his work place. He currently works for Columbia University as a Systems Administrator. He is a founding member of NYCBUG and LispNYC and on the board of UNIGroup. Most of his career has been building tools to solve operational problems, with extra effort going to the ones that irritated him personally. He takes a great deal of pride in not needing a budget to solve most problems.

The Real Unix Tradition, Isaac `Ike` Levy
[nycbug-2007-07-05.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

"The Real Unix Tradition" !!Please wear your your best shirt, a group photo-op will follow this month`s lecture!! UNIX hackers, all standing on the shoulders of giants.
"...the number of UNIX installations has grown to 10, with more expected..." - Dennis Ritchie and Ken Thompson, June 1972
"Well, it was all Open Source, before anybody really called it that". - Brian Redman, 2003
UNIX is the oldest active and growing computing culture alive today. From it`s humble roots in the back room at Bell Laboratories, to today`s global internet infrastructure- UNIX has consistently been at the core of major advances in computing. Today, the BSD legacy is the most direct continuation of the most successful principles in UNIX, and continues to lead major advances in computing. Why? What`s so great about UNIX? This lecture aims to prove that UNIX history is surprisingly useful (and fun)- for developers, sysadmins, and anyone working with BSD systems.

About the speaker:
Isaac Levy, (ike) is a freelance BSD hadker based in NYC. He runs Diversaform Inc. as an engine to make his hacking feed itself, (and ike). Diversaform specializes in *BSD based solutions, providing `IT special weapons and tatics` for various sized business clients, as well as running a small high-availability datacenter operation from lower Manhattan. With regard to FreeBSD jail(8), ike was a partner in the first jail (8)-based web hosting ISP in America, iMeme, and has been developing internet applications in and out of jails since 1999. Isaac is a proud member of NYC*BUG (the New York City *BSD Users Group), and a long time member of LESMUUG, (the Lower East Side Mac Unix Users Group).

DOS Mitigation, Steven Kreuzer
[nycbug-2007-06-06.mp3] [meeting_2007-06-06.ppt]
(Audio generously recorded and processed by Nikolai Fetissov)

Protecting your servers, workstations and networks can only go so far. Attacks which consume your available Internet-facing bandwidth, or overpower your CPU, can still take you offline. His presentation will discuss techniques for mitigating the effects of such attacks on servers designed to provide network intensive services such as HTTP or routing.

About the speaker:
Steven Kreuzer is currently employed by Right Media as a Systems Administrator focusing on building and managing high transaction infrastructures around the globe. He has been working with Open Source technologies since as long as he can remember, starting out with a 486 salvaged from a dumpster behind his neighborhood computer store. In his spare time he enjoys doing things with technology that have absolutely no redeeming social value.

pkgsrcCon, Amitai Schlair
[nycbug-2007-05-02.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

The fourth annual pkgsrcCon is April 27-29 in Barcelona. As might be expected when brains congregate, pkgsrcCon traditionally results in a flurry of activity toward new directions and initiatives. Mere hours after returning to New York, Amitai will give us a recap of the proceedings, including his presentation, "Packaging djbware."

About the speaker:
Amitai Schlair is a pkgsrc developer who has worked in such diverse areas as Mac OS X platform support and packages of software by Dan Bernstein. His full-time undergraduate studies at Columbia are another contributing factor to his impending insanity. He consults in software and IT.

OpenCVS, Ray Lai
[nycbug-2007-04-04.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

This presentation was inspired by the recent Subversion presentation. It will talk about the origins of OpenRCS and OpenCVS, its real-world usage in the OpenBSD project, and why OpenBSD will continue to use CVS.

About the speaker:
Ray is an OpenBSD developer who uses Subversion by day, CVS by night. Taking the phrase "complexity is the enemy of security" to heart, he believes that the beauty of UNIX`s security is in its simplicity.

Enterprise Security Mgmt, Matthew Burnside
[nycbug-2007-03-07.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

Security policies are a key component in protecting enterprise networks. But, while there are many diverse defensive options available, current models and mechanisms for mechanically-enforced security policies are limited to traditional admission-based access control. Defensive capabilities include among others logging, firewalls, honeypots, rollback/recovery, and intrusion detection systems, while policy enforcement is essentially limited to one-off access control. Furthermore, access-control mechanisms operate independently on each service, which can (and often does) lead to inconsistent or incorrect application of the intended system-wide policy. We propose a new scheme for global security policies. Every policy decision is made with near-global knowledge, and re-evaluated as global knowledge changes. Using a variety of actuators, we make the full array of defensive capabilities available to the global policy. Our goal is a coherent, enterprise-wide response to any network threat.

About the speaker:
Matthew Burnside is a Ph.D. student in the Computer Science department at Columbia University, in New York. He works for Professor Angelos Keromytis in the Network Security Lab. He received his B.A and M.Eng from MIT in 2000, and 2002, respectively. His main research interests are in computer security, trust management, and network anonymity.

Subversion, Ivan Ivanov
[nycbug-2007-02-07.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

The presentation will discuss Subversion from both client and server points of view. It will show how to create repositories and how to make them accessible over the network using different access schemes like http://, file:// or svn://. Pointers are given on securing the repositories and on authenticating and authorizing the clients. Next, the presentation shows how an user interacts with the repository and describes some of the important Subversion client commands. Finally, it deals with administrating the repository using "hook scripts".

About the speaker:
Ivan Ivanov is generally interested in Version Control Systems since his student years in Sofia University, Bulgaria, where he set up and maintained a CVS server for an academic project. When Subversion became a fact and proved to be "a better CVS" he researched it and last year deployed it for his NYC-based employer Ariel Partners (http://www.arielpartners.com/). He intergrated the Subversion repositories with Apache Web Server over https to enable a reliable and secure way to access them from any point.

pf(4), Okan Demirmen
[nycbug-2007-01-03.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

We have had lots of meetings that have peripherally discussed OpenBSD`s wildly popular PF firewall . . . but finally we will have a meeting focused on it.

Holiday Party, Open forum

This year`s holiday party with be held with our buddies at NYPHP. We`ll have a couple of brief presentations, sure to put you in the right mood. First, Alfred Perlstein will speak on "Captchas can be LOL." Then, NYPHP`s Hans Zaunere will speak on "Unfashionable FreeBSD: Why Their Threads Are So Last Year." Cash bar and food. So come one, come all, and have a blast. Please RSVP to rsvp AT nycbug DOT org if you plan to attend.

NYCBSDCon 2006, Various

Saturday, October 28-29, 2006

The regularly scheduled meeting for November will be held at NYCBSDCon.

NYCBSDCon planning, Open forum

This meeting will be focused on building and organizing the upcoming NYCBSDCon 2006 conference to be held on October 28 and 29th. If you want to play a role, have questions, etc., we strongly encourage you to attend and take part in the discussion We`ll review the conference details, and start plugging volunteers into various roles that are needed at the conference.

m0n0wall and PFSense, Isaac `Ike` Levy
[nycbug-2006-09-06.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

UNIX professionals are busy these days. Setting up routers and firewalls are fundamental to any network, but in environments where the focus is on various applications, (servers, workstations, and the software that runs on them), it`s difficult for a business not to choose off-the-shelf SOHO routers and networking gear. The web management gui`s are understandable by everyone, (even techs without UNIX knowledge), and the gear is cheap - this saves time and money. In the meantime, the features of your average Linksys or Netgear router often leave MUCH to be desired, (https auth management, for one simple example). Enter m0n0wall and PFSense, 2 BSD based packaged router/firewall solutions that are as solid and full featured as you`d expect from any BSD system- PLUS THEY HAVE HTML WEB INTERFACES FOR MANAGEMENT! m0n0wall and PFSense become an easy sell in any small professional enviornment, any competent tech can manage the network within minutes... At home, in every hackers home network, they free the hacker to have trusted tools available, but are as time-saving as using any Linksys router. m0n0wall and PFSense are both light and clean, designed to run on embedded systems- (Soekris, WRAP), but are monsters when unleashed on even legacy PC`s around the office. If you manage UNIX networks and systems all day, do you really want to manage the router for your DSL when you get home? But then doesn`t it bug you to use a chincey Linksys box?

About the speaker:
Ike has been a member of NYC*BUG since we first launched in January 2004. He is a long-time member of the Lower East Side Mac Unix User Group: LESMUG. He has spoken frequently on a number of topics at various venues, particularly on the issue of FreeBSD`s jail (8).

Open Forum, Open forum

Our "Open Forum" meetings allow for short presentations on a variety of topics, in addition to providing a better environment for attendees to raise issues and problems they face day-to-day as *BSD sysadmins and developers. We look to these meetings as a "live" version of our dynamic `Talk` mailing list. We have prearranged a number of short spiels for each meeting, including. . . Steven Kreuzer & Nathan Boeger have some methods for scaling a large member base. The technical challenges of scaling websites with large and growing member bases, like social networking sites, are numerous. One of these challenges is how to evenly distribute the growing member base across all available resources. This talk will explore various methods that address this issue. The techniques used can be generalized and applied to various other problems that need to distribute data evenly amongst a finite amount of resources. Jesse Callaway will provide an overview of a *BSD solution to a Windows environment, rsync from remote Win32 systems to *BSD servers, and some fixes for commonly faced problems.

Sendmail Hacks, Alfred Perlstein
[nycbug-2006-07-05.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

Alfred will discuss the hacks used to turn Sendmail into a high performance solution for delivering millions of messages to OKCupid`s subscribers. Topics covered will be system tuning and sendmail hacks used in house to achieve massive throughput.

About the speaker:
Alfred Perlstein is the CTO of OKcupid.com, the largest free online dating site. He has been a FreeBSD hacker for five years, he`s worked on NFS, VFS, pthreads, networking and general system maintenance during his tenure on both FreeBSD and OS X kernels.

Open Forum, Open forum
[nycbug-2006-06-07.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

Once again, we are looking to alternate our technical presentation meetings with a more open format that we hope can reflect the vitality of our `talk` list. This time, we have some speakers who will be giving short, ten minute presentations: Ray Lai, who just returned from the OpenBSD Hackathon, will be providing a summary of the event, including giving some insight into the code that was created at this annual happening. Brad Schonhorst will `pass-the-hat` and let everyone know about the current BSD Certification User Group Competition for raising funds. A good number of NYCBUG members are active with the BSD Cerification process, and we are looking forward to a strong, community-based certification that could add to the popularity of the BSDs. Mikel King, who recently added much needed juice into Daemon News-land, will speak about how we can make DN and BSDNews the CNN of the BSDs, and what you can do to help. Plus, we`ll begin a discussion on NYCBSDCon, which this year`s will happen the second weekend in October. We are looking to have active involvement from people in NYCBUG and beyond.

VPN & PAE, Mischa Diehm & Mickey Shalayeff
[nycbug-2006-05-03.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

Part 1: VPNs with OpenBSD in large corporate networks: Large corporate networks are traditionally a mess. Historically grown, designed and maintained by a number of different people and never really intended to be secure. Above all big companies are operating globally and often use the internet to connect their locations, employees and 3rd party supporters. We need very flexible ways to deal with the vast number of requirements to secure these networks. This talk will show different practical approaches in building flexible secure VPNs with OpenBSD at different network levels.

Part 2: Implementing PAE for OpenBSD/i386: Not yet committed to OpenBSD, Mickey has been working on PAE for OpenBSD i386. Essentially, it`s about supporting up to 64 gig of physical memory.

About the speaker:

Mischa is working on VPN and Firewall deployment at GeNUAmbH in Munich, where he maintains large scale network and firewall setups.

It is hard to find some code which Mickey Shalayeff has not at least influenced in OpenBSD. He seems to be dextrous on any hardware platform and is equally well versed in PCI as he is SCSI. Mickey is readily available on the message lists and is always happy to help impart some of his vast networking knowledge to beggars and sysadmins with a smile. He recently left New York City to cause havoc in Berlin.

Open Forum, Open forum
[nycbug-2006-04-05.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

Please send an email to rsvp at lists dot nycbug dot org with `RSVP` and your full name in the subject line. Past meetings have had a single speaker on a single topic. This time, we have a couple of speakers on a couple of useful topics for about 10 minutes each. Then the floor will be open for *you* to open up a discussion on a topic you are dealing with now. We are looking for the meetings to be useful tools for what *you* as an admin or developer is facing now. This is the time to bring your funky solution or problem to the table, like we do with our talk list, and open up a live discussion.

Systrace for Slackers, Ray Lai
[nycbug-2006-03-01.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

Please send an email to rsvp at lists dot nycbug dot org with `RSVP` and your full name in the subject line. Systrace is a facility to confine programs to doing what they are supposed to do. When do they do "bad" things? When they get exploited, of course! Most people either never heard of Systrace or don`t know how to use it. I hope to change both these problems. This meeting is co-sponsored with the Baruch College CIS Society

About the speaker:
Ray is a full-time slacker. His interests include security, coding, and documentation. One day he decided to systrace every process in his laptop and realized that it's not that hard.

Xen and the Art of SysAdmin, Johnny Lam
[nycbug-2006-02-01.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

This presentation will be about using Xen in the real world to simplify the maintenance of BSD systems. There will be a short introduction to Xen and how it works, an in-depth look at the details of one particular Xen setup along with some performance results, and how using Xen simplifies life as an admin.

About the speaker:
Johnny C. Lam is a senior pkgsrc developer whose main area of work is improving the portability and the capabilities of pkgsrc. He has headed the organizing of two pkgsrcCon meetings in Europe to promote a better understanding of pkgsrc infrastructure development. He is still looking to dupe someone else into taking maintainership of the Perl package.

Java on FreeBSD, Trish Lynch
[nycbug-2006-01-04.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

Trish will explain how Java can be a useful and stable environment on FreeBSD, as well as the particulars that go into deploying Java in such a highly stressed, highly attacked environment. Trish will also show where the pitfalls and idiosyncrasies with FreeBSD`s java lie, and how to get the most of the FreeBSD/Java production environment.

About the speaker:
The name Trish Lynch is not unknown in BSD circles. Trish has been around since the mid-1990`s doing advocacy and some small development, but what Trish is known for is deploying BSD into companies that have networks in disrepair or otherwise strained to the limits using Linux, and turning them into works of gold. First doing this at VA Linux/Andover.Net, Trish is known for putting BSD firewalls in front of Slashdot, a well-known and heavily trafficked Linux news site, later on, Trish won an Emmy Award by using FreeBSD in a high performance network designed to handle millions of viewers for interactive television at ABC`s Enhanced TV. These days, Trish is deploying FreeBSD boxes with java on them to multiplex video and voice at the 4th largest private Instant Message infrastructure, Paltalk.

Jail(8), Isaac `Ike` Levy
[nycbug-2005-12-07.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

Early unix mainframe computing brought elegant process and resource sharing systems which helped get more application use out of expensive hardware. These concerns have been largely been pushed aside in computing with the rise of desktop PCs, and large farms of ever-shrinking pizza boxes in the data center. Today, as more punch gets packed into 1u than ever, server resources can be further consolidated and abstracted to securely separate complex and sophisticated services in the same hardware server, by running secure virtual UNIX machines. FreeBSD Jails are a time-tested, secure, reliable UNIX virtual machine with endless uses.

Who wants jails?

• System Administrators who need to securely separate small yet
• important services.
• Software Developers who always need more dev machines.
• System Architects who need affordable high-availability systems.
• Educators who could use virtual machines to provide clean unix server
• systems for student use.
• Anyone who wants *secure* virtual machines.

Why do these people want jail(8)?

• The design of Jail(8) and jail(2) are secure, and because jails use native system utilities,
• they are simple to work with.

What I would like to focus on:

• How Jails Work, the technical low-down
• How to setup jails, the practical how-to, cooking show style...
• When NOT to use jails
• jail(8) security vulnerabilities/considerations
• Jails vs. Linux UML, XEN, VMware- technical and philosophical differences
• Tools and management practices

Time Mgmt for SysAdmins, Tom Limoncelli

Who has the time for time management!? Users interrupt you constantly with requests, your managers want you to get long-term projects done but flood you with requests for quick-fixed, and the machines you manage just never behave, causing problems at the most inopportune moments.

Tom will discuss techniques he has developed over the last 15 years including:

• How to find time to get projects done
• The best way to manage interruptions from users
• Open Source tools for tracking requests
• How to turn chaos into free time

About the speaker:
Tom Limoncelli has over 15 years of system administration experience and has been teaching workshops on Time Management at conferences since 2003. Tom has worked for both large and small organizations, including Bell Labs and AT&T. He speaks at conferences around the world. His previous book, The Practice of Network and System Administration, is considered a standard reference in system administration. If you pre-order his book, there is a small chance it will arrive by the meeting so that it can be autographed.

The Summer of Code, Jan Schaumann
[nycbug-2005-10-05.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

The Summer of Code is a Google program designed to introduce students to the world of open source software development. NetBSD, one of the oldest open source projects and generally regarded as the most postable operating system in the world, is pleased to participate in this project as a mentoring organizations. The list of possible projects for students to choose from shows that any completed project will benefit the entire Open Source community. Here is the list of accepted projects. In this meeting, Jan Schaumann (who coordinates and overlooks the NetBSD Projects mentorship efforts within the SoC) will present an in-depth summary of these exciting new developments within NetBSD, how the projects started out, what progress they made, what difficulties were overcome and what final achievements were made. New insights on Open Source mentorship and user-developer relationships as well as lessons learned that apply to all open source projects will also be presented. A full list of all accepted projects will be made available soon; a full list of all completed projects will be made available before the meeting.

About the speaker:
Jan Schaumann works as a System Administrator in the Department of Computer Science at Stevens Institute of Technology in Hoboken, NJ, USA, where he maintains a large NetBSD environment across dozens of desktops, numerous public laboratories, and a number of clustered high performance computing facilities and servers. The tasks involved in all of this are, as any SysAdmin will know, far too many to be listed here.

NYCBSDCon 2005, Open forum

We are pleased to announce the New York City BSD Conference
WHEN: Saturday, September 17, 2005 (9:00am-5:30pm)
WHERE: Davis Auditorium, Columbia University [map]

See the details at NYCBSDCon Website

Why would you want to come?

• Participate, and support the BSD community
• Network with some of the best and brightest
• Attend presentations by prominent BSD figures
• Sit in on lectures on the latest topics
• Round out your technical knowledge base
• Get together with like minded folks
• Meet in person; put a face with an email address

Challenges of large Unix environ, Hildo Biersma
[nycbug-2005-08-03_a.mp3] [nycbug-2005-08-03_b.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

The firm I work at has a large Unix environment (over 5,000 servers) that are kept as identical as possible through the use of networked file systems to hold programs, combined with centralized large-scale administration tools. The presentation will provide a minimal introduction of the environment, then focus on the challenges that this environment poses when integrating software, new hardware, or new operating systems. It will highlight both the pros and cons of open source software and OSes.
I expect a lively discussion of why *BSD and the ports system are not suitable, in their current form, to replace the Linux systems in use at our firm.

About the speaker:
Hildo Biersma has worked at a large Wall Street firm since 2000 and uses open-source tools to manage commercial software products such as IBM MQSeries and DB2. Before 2000, he was a perl/Unix/C++ trainer and web consultant.

OpenBSD IPsec stack, Angelos Keromytis
[nycbug-2005-07-06.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

A presentation will be made on the OpenBSD IPsec stack and the related subsystems that make it work (or not). These include the mbuf tags, the Cryptographic Framework, and the isakmpd key-management daemon. We will begin with a brief introduction of IPsec from a 30,000 ft. view, and proceed to the various IPsec components in the OpenBSD kernel.For those interested to do some background reading, see: ipsec.pdf, ipsecspeed.pdf, ocf.pdf, tmipsec-tissec.pdf, mbuf_tags.pdf. Also, here are the slides.

About the speaker:
Angelos Keromytis is an Assistant Professor of Computer Science at Columbia University. He received his Masters and PhD from the University of Pennsylvania, and his Bachelors (all in Computer Science) from the University of Crete, in Greece. His research interests include network and system survivability, authorization and access control, and large-scale systems security. In a previous life, he had enough time to contribute code to the OpenBSD project. His increasingly outdated home page can be found here.

Open Source Software, Phillip Moore
[nycbug-2005-06-01.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

A presentation will be made on The Evolving Role of Open Source Software in Large Enterprises. Here is the Audio.

About the speaker:
Phillip Moore recently left Morgan Stanley, where he was Executive Director of UNIX Engineering. There Phil was a senior architect, responsible for the evolution of the Firm`s UNIX/Linux infrastructure. His past accomplishments include the deployment of Morgan Stanley`s perl development environment, global filesystem (AFS), and transactional messaging infrastructure (MQSeries), with over 15 years experience deploying solutions to problems of extreme scalability. He is the original author of the MQSeries suite of perl modules, and a member of the OpenAFS Advisory Council. Phil left Morgan Stanley to more fully participate in the open source community. He is an open source advocate and enterprise technology consultant.

Heimdal Kerberos on NetBSD, Roland Dowdeswell
[nycbug-2005-05-04.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

A presentation will be made on how to use Heimdal Kerberos on NetBSD.

About the speaker:
Roland is an expert in the proper implementation of cryptographic tools, and has written a cryptographic disk driver (cgd) which was a part of NetBSD since version 2.0. He is a published mathematician but acknowledges there is always more to learn about cryptography. Roland has extended himself to the community as a gateway to the actual use of secure methods in computing. Take advantage of this free lecture to edify yourself of these important tools.

FreeBSD port maintenance, Yarema

Tutorial on port maintenance: Courier on FreeBSD: The entry point for many people into BSD is using the ports system to install and run just about any application one could ever want on a server. Yarema, yds at coolrat dot org, will give an in-depth tutorial on how he maintains the Courier port to FreeBSD. Yarema has worked out kinks with getting Postfix, Mulberry, and some Ruby libraries to build consistently and easily. He will go line-by-line through the makefiles and show the audience where to find the knobs and the documentation for features such as the interactive configuration menus. Emphasis will be placed on the "Big Daddy" bsd.port.mk, which is 1/5 comments, 4/5 shell code. This will take you into the depths of the Makefile which is not covered in the Porter`s Handbook. After the talk Yarema will be taking questions and firing back answers... a rare opportunity for those interested. After meetings, we customarily go to Denizen to discuss. Here is a map.

OpenBSD on PA-RISC, Michael Shalayeff
[nycbug-2005-03-02.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

Michael "Mickey" Shalayeff will talk about the hppa port of OpenBSD which he maintains. He maintains many of the applications which run on this peculiar platform and will provide some insight to the inquisitive as to what this combo can do. Presentation Slides are here.

About the speaker:
Mickey has contributed heavily to the CARP project which has become such a success. It is hard to find some code which Mickey has not at least influenced in OpenBSD. He seems to be dexterous on any hardware platform and is equally well versed in PCI as he is SCSI. Mickey is readily available on the message lists and is always happy to help impart some of his vast networking knowledge to beggars and sysadmins with a smile (;

pkgsrc, Jan Schaumann
[nycbug-2005-02-02.mp3] [meeting_2005-02-02.pdf]
(Audio generously recorded and processed by Nikolai Fetissov)

The NetBSD Packages Collection (pkgsrc) is a framework for building third-party software on NetBSD and other UNIX-like systems, currently containing nearly 5000 packages. It is used to enable freely available software to be configured and built easily on supported platforms.

About the speaker:
Jan Schaumann works as a System Administrator in the Department of Computer Science at Stevens Institute of Technology in Hoboken, NJ, USA, where he manages a large, almost homogenous NetBSD environment in an academic environment; runs clustered High Performance Computing Facilities based on NetBSD; ports and maintains NetBSD pkgsrc tools and packages on non-NetBSD platforms such as IRIX and Linux; teaches classes in UNIX programming and System Administration. (Other activities he enjoys that he unfortunately does not get paid for usually involve a board often in combination with some form of H20.) Jan holds a BS and MS in Computer Science and joined the NetBSD Project as a developer in January of 2002. Within the NetBSD Project, he is a member of the Communication Executive Committee, leads the www team and -- after having ported the pkgsrc tools to IRIX -- finds himself maintaining the infrastructure for this platform as well as numerous packages. Trying to make him move out of NYC, where he lives together with his wife, would be a futile endeavor. Jan can be reached at jschauma -at- netmeister -dot- org.

Anatomy of a Hack, Manos Megagiannis
[nycbug-2005-01-05.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

About the speaker:
Manos E. Megagiannis is the CEO of Totally Secure, a company dedicated to providing quality solutions and services for today`s network security market. He is responsible for the conceptualization, design and implementation of security applications, as well as senior level consulting services. Mr. Megagiannis has over 15 years of professional experience with Information Systems and Security in several key areas, including LAN/WAN architecture, voice and data communications, and commercial Internet solutions. He has consulted with many Fortune and Global 500 companies, pioneering technologies such as micro-payment systems, network storage, search engines, commercial video and audio broadcast, network security tools, and operating systems` internal components.

Holiday Party, No one really

When: Wednesday, December 15th, 2004 from 6:30pm to 10:30pm
Where: Exclusive lounge space in Manhattan
Cost: Free, including complimentary beverages and hors d`oeuvres
URL: http://www.nytchp.org/

New York PHP and the New York City *BSD User Group are proud to announce the first annual New York Technical Community Holiday Party.

Keep the evening of Wednesday, December 15th, 2004 open for the first holiday party to embrace and network the entire New York technical community.

This is not a PHP or BSD only event, and will include participants from many technology sectors, including Java, Linux, Perl, and .NET. We`re working hard to make this event embrace all technologies - not only open source - and our goal is to combine free and commercial software in one professional networking event.

Flagship sponsors New York PHP and NYC*BUG are bringing together hundreds of technical professionals from the New York metropolitan area for the New York Technical Community Holiday Party. By uniting diverse skills and interests, open source professionals, IT managers, and top authors and speakers, this event begins a new era in technical, business, and social networking.

Business casual attire is required.

All attendees must RSVP. A reminder with complete details will be sent prior to the event.

Sponsorship

Do not miss this opportunity to reach hundreds of IT professionals.
Download the Sponsorship PDF

Lok Technology, Inc., Simon Lok

Event Pics: 1 2

About the speaker:
Founder, Chief Scientist and Chairman of the Board of Directors, Lok Technology, Inc., is pursuing a Ph.D. in Computer Science focusing on human computer interaction at Columbia University. He also holds three Master`s degrees. He has patents pending in microwave engineering, computer architecture and network security. At the age of 14 he was a paid consultant to NASA`s Goddard Institute for Space Studies paleo-climatology program. Lok Technology, Inc. , a private company headquartered in Vero Beach, Florida, was founded in 1999 to continue with the development of trusted computing applications based on an open source and ultra-thin client computing platform incorporating an integrated PKI (Public Key Infrastructure). LokTek utilizes OpenBSD, OpenSSL, and OpenPGP allowing an enterprise to impose its trusted and secure environment on those individuals and enterprises that reside and operate outside of the it`s environment. (As seen in FORBES)

Meet McKusick & Allman, Marshall Kirk McKusick and Eric Allman
[meeting_2004-10-16_flier.pdf] [meeting_2004-10-16.pdf] [nycbug-2004-10-16.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

Columbia University, Mathematics building, Rm. 312

Here is the flier for downloads. Events pics: 1 2

About the speaker:

Marshall Kirk McKusick, known for his extensive work from the 1970`s to FreeBSD in the present day, is the featured speaker at this special NYC*BUG meeting. He has twice served as the President of the Board of the USENIX Association. Kirk`s The Design and Implementation of the FreeBSD Operating System is being revised and republished this summer.

Eric Allman, of Sendmail.org and past Vice President and Treasurer of the USENIX Association, will be speaking about the recent controversies on sender identification to prevent unsolicited commercial email (spam).

Jail(8), Isaac `Ike` Levy
[meeting_2004-09-01.pdf]

Isaac Levy will be talking about Jailing systems on FreeBSD. Jail(8) is a facility available in FreeBSD which one can use to create extremely secure virtual machines, running on a single piece of hardware. Isaac will discuss some of the use models for jailing, as well as sharing practical information about how to run Jails. After the meeting, we meet at a nearby bar, Denizen Lounge 73 Thompson Street in SoHo, map available here.

About the speaker:
Isaac`s background with jailing comes from his past working with iMeme, a small Open Source web-hosting company which primarily provides FreeBSD Jails.

NYCBUG InstallFest, Various

An installfest at Marco's place in Brooklyn. Only one block from the Franklin Ave stop on the C train in downtown Brooklyn. email bsdfest at metm dot org for directions.

Let's make all those jerks with real vacation plans jealous! Interesting problems and strange hardware welcome. Some of us will be bringing our Soekris boxes plus some copies of DragonFlyBSD, FreeBSD, NetBSD and OpenBSD.

Some beers will be available, but more are absolutely welcome. Food (pizza) will be ordered.

OpenBSD on Soekris, Pete Wright

Pete Wright will be sharing his experience installing OpenBSD on Soekris devices, small, inexpensive, low-power computers. As a number of NYCBUG members are now official Soekris hackers. One of them, Pete Wright has stepped forward to give a 40 minute presentation on how he got his Soekris hardware up and running with OpenBSD. Additionally we`ll have a short discussion about the new website, and hopefully look towards launching it in the near future!

Secure Architectures, Brandon Palmer

The OpenBSD operating system is a secure, stable, and powerful operating system that is attracting many new and old UNIX users to it. The OpenBSD legacy is peppered with some ingenious security features throughout the OS, and Brandon Palmer is extremely close to all of it. Brandon Palmer will be giving a special overview of OpenBSD to the NYCBUG attendees. Brandon`s book received a rare 9/10 rating when reviewed on slashdot, and this is sure to be a special nycbug meeting!

About the speaker:
Brandon Palmer is the author of the book Secure Architectures with OpenBSD.

Hacking Your iBook, Bob Ippolito

Bob Ippolito & Isaac Levy on Hacking Your iBook While it was our smallest meeting yet, with just under 20 people in the room, the topic was a bit more narrow than usual, but the discussion was again great.
Bob and Ike gave a great presentation, and we managed to collect $126 to send to Dan Langille of BSDCan, Freshports and FreeBSDDiary, who had his laptop stolen recently.

BSD Consulting, Wes Sonnenreich

While the meeting was somewhat smaller than usual, with about 35 people showing their faces for at least some of the meeting, the topic was narrow in its focus. Not everyone is a consultant or interested in the practical questions consultants face. Nevertheless, most people agreed after the meeting that the discussion and presentations were brilliant.
This wasn't some cheerleading session, it was filled with the good and bad realities that consultants face, particularly those performing *BSD related work. Unfortunately, due to time restrictions, Marc`s section on using the ports system was cut short due, but we can plan to have a meeting exclusively based on the ports system at some point in the near future. And once again, a big thank you to Tekserve, who provided us space and were very gracious hosts.

OS X, Darwin and BSD, Edward Eigerman

Some 44 people crammed into the meeting space for Edward Eigerman`s great presentation on OS X, Darwin and BSD. The Apple engineer spoke for some two hours, but no eyes were glazing over as he covered everything from RAID devices and supercomputers, to security and open source issues. We look forward to getting the video of the meeting online, in addition to Edward's slides.

NetBSD crypto disk, Roland Dowdeswell
[meeting_2004-03-03.pdf]

March 3rd Meeting on NetBSD`s cgd - About 43 people attended Roland Dowdeswell`s presentation on NetBSD cryptographic disk driver. Ike is in the process of getting the video online and Roland will be posting his notes. The basis of his talk is a FreeNIX paper that is located here. The slides are also there in postscript.

OpenBSD Security, Wes Sonnenreich and Jason Albanese
[nycbug-2004-02-04.mp3]
(Audio generously recorded and processed by Nikolai Fetissov)

February 4th Meeting on OpenBSD Security - Up to 40 people jammed the room on West 23rd Street to hear Wes Sonnenreich and Jason Albanese speak about OpenBSD security. The meeting discussion was thriving, and those discussions continued on as most people went on to the bar afterwards. For some, the discussions didn't end until 3:30 am. Thanks Wes and Jason.

NYC*BUG BOF @ LinuxWorld Expo, Various

NYCBUG successfully reached out to hundreds of people at the BSDMall and New York PHP tables.

We handed out fliers for the meetings, answered questions conference attendees had about the BSD family, gave a presentation on the backup port Bacula and held a birds-of-a-feather meeting.

Our bof meeting had some fifty participants. Speakers included Michael of NYCBUG, Jeremy Sohn from Wasabi Systems, Don Witt from BSDMall/Daemon News, author Wes Sonnenreich and Dan Langille, organizer of BSDCan.

The audience well represented the various members of the BSD family. Discussion ranged from meeting topics to NYCBUG`s relation to vendors.

There`s no question that we`ve started with a BOOM. Our mailing list already has over 75 members.