From owner-freebsd-geom@FreeBSD.ORG Sun Nov 3 09:03:26 2013 Return-Path: Delivered-To: geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 37C39FF5 for ; Sun, 3 Nov 2013 09:03:26 +0000 (UTC) (envelope-from symbolics@gmx.com) Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id C86E524D2 for ; Sun, 3 Nov 2013 09:03:25 +0000 (UTC) Received: from lemon ([80.7.17.14]) by mail.gmx.com (mrgmx002) with ESMTPSA (Nemesis) id 0M2ckv-1VtsZl042v-00sLr9 for ; Sun, 03 Nov 2013 10:03:24 +0100 Received: by lemon (Postfix, from userid 1001) id 6A5ACEB2DA; Sun, 3 Nov 2013 09:03:23 +0000 (GMT) Date: Sun, 3 Nov 2013 09:03:23 +0000 From: symbolics@gmx.com To: Warren Block Subject: Re: GEOM mentor request Message-ID: <20131103090323.GA1744@lemon> References: <20131101103158.GA35397@lemon> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Provags-ID: V03:K0:7SX3lTAbUNyERyoqXEQzilhxhOKNbWLpSPFDvxpAdYLVlMQvWUJ R+f2QLjKkucf3EaBS2hCaKLSnowSFFUBuphAMpOY+yUYKlxoViIDAw3zSNJNbC7LpGHzBvU iiFegZVmOzhmBGfv3vS7jpeHL7eIacFiXc9lass4FAHBkFXd7PtFQrF8RvdeQXkfCwus5hi tKfc+VNyEodl2Y2C55QKQ== Cc: geom@freebsd.org, hackers@freebsd.org X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Nov 2013 09:03:26 -0000 On Fri, Nov 01, 2013 at 01:23:12PM -0600, Warren Block wrote: > On Fri, 1 Nov 2013, symbolics@gmx.com wrote: > > > + Implement new things. Some ideas I have had: > > + GEOM "ERASE" - Rewrite deletes into random writes. > > + GEOM "PLUG" - Persistent version of the connect/disconnect verbs > > where the flag sits in the class metadata. This might be a cleaner > > approach, rather than adding the verbs to all the existing > > providers. > > + GEOM "TAP" - Allow userspace processes to hook into the GEOM > > API. Intended for debugging and development. > > + GEOM "WCACHE" - Allow you to use small, fast provider as a buffer > > for a larger, slower provider. > > + GEOM DTrace provider. Provide GEOM specific probes to complement > > the IO provider. > > + Probably other bits I can't remember right now. > > How about an explicit geom retaste command? "true > /dev/ada0" is > misleading to the reader. Yes, that would be good. It's on my list. > Also, a RAM-cached version of gmirror that would report writes finished > as soon as the faster drive finishes. Kind of the opposite of the > WCACHE above. This would permit creating mirrors of an SSD and hard > drive without performance loss, at least up until available write > buffer space runs out. This one may not be so easy. I can see the benefit. This would be like a mirror with a journal. As long as it has a different name from mirror, 'lazy mirror' ?, I think it would be interesting. The only concern I have would be that some users could use it and assume the normal mirror semantics, e.g. that all discs are equally redundant, which wouldn't be true. --sym From owner-freebsd-geom@FreeBSD.ORG Sun Nov 3 15:32:06 2013 Return-Path: Delivered-To: geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 2C1C9236; Sun, 3 Nov 2013 15:32:06 +0000 (UTC) (envelope-from wblock@wonkity.com) Received: from wonkity.com (wonkity.com [67.158.26.137]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id BE42B23D4; Sun, 3 Nov 2013 15:32:05 +0000 (UTC) Received: from wonkity.com (localhost [127.0.0.1]) by wonkity.com (8.14.7/8.14.7) with ESMTP id rA3FW4Sd038854; Sun, 3 Nov 2013 08:32:04 -0700 (MST) (envelope-from wblock@wonkity.com) Received: from localhost (wblock@localhost) by wonkity.com (8.14.7/8.14.7/Submit) with ESMTP id rA3FW3sB038851; Sun, 3 Nov 2013 08:32:04 -0700 (MST) (envelope-from wblock@wonkity.com) Date: Sun, 3 Nov 2013 08:32:03 -0700 (MST) From: Warren Block To: symbolics@gmx.com Subject: Re: GEOM mentor request In-Reply-To: <20131103090323.GA1744@lemon> Message-ID: References: <20131101103158.GA35397@lemon> <20131103090323.GA1744@lemon> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (wonkity.com [127.0.0.1]); Sun, 03 Nov 2013 08:32:04 -0700 (MST) Cc: geom@freebsd.org, hackers@freebsd.org X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Nov 2013 15:32:06 -0000 On Sun, 3 Nov 2013, symbolics@gmx.com wrote: > On Fri, Nov 01, 2013 at 01:23:12PM -0600, Warren Block wrote: >> On Fri, 1 Nov 2013, symbolics@gmx.com wrote: >> >>> + Implement new things. Some ideas I have had: >>> + GEOM "ERASE" - Rewrite deletes into random writes. >>> + GEOM "PLUG" - Persistent version of the connect/disconnect verbs >>> where the flag sits in the class metadata. This might be a cleaner >>> approach, rather than adding the verbs to all the existing >>> providers. >>> + GEOM "TAP" - Allow userspace processes to hook into the GEOM >>> API. Intended for debugging and development. >>> + GEOM "WCACHE" - Allow you to use small, fast provider as a buffer >>> for a larger, slower provider. >>> + GEOM DTrace provider. Provide GEOM specific probes to complement >>> the IO provider. >>> + Probably other bits I can't remember right now. >> >> How about an explicit geom retaste command? "true > /dev/ada0" is >> misleading to the reader. > > Yes, that would be good. It's on my list. > >> Also, a RAM-cached version of gmirror that would report writes finished >> as soon as the faster drive finishes. Kind of the opposite of the >> WCACHE above. This would permit creating mirrors of an SSD and hard >> drive without performance loss, at least up until available write >> buffer space runs out. This one may not be so easy. > > I can see the benefit. This would be like a mirror with a journal. As > long as it has a different name from mirror, 'lazy mirror' ?, I think it > would be interesting. The only concern I have would be that some users > could use it and assume the normal mirror semantics, e.g. that all discs > are equally redundant, which wouldn't be true. I've been calling it a "slow" mirror. Come to think of it, that's a little misleading. "Async mirror"? There may be an existing term. As pointed out, it's probably non-trivial to implement. The WCACHE you suggest above (the Linux guys have "bcache") is probably more benefit to more people. From owner-freebsd-geom@FreeBSD.ORG Mon Nov 4 11:06:49 2013 Return-Path: Delivered-To: freebsd-geom@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 1EFE461E for ; Mon, 4 Nov 2013 11:06:49 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 0BFA82C33 for ; Mon, 4 Nov 2013 11:06:49 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id rA4B6mPo048378 for ; Mon, 4 Nov 2013 11:06:48 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id rA4B6mxs048376 for freebsd-geom@FreeBSD.org; Mon, 4 Nov 2013 11:06:48 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 4 Nov 2013 11:06:48 GMT Message-Id: <201311041106.rA4B6mxs048376@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-geom@FreeBSD.org Subject: Current problem reports assigned to freebsd-geom@FreeBSD.org X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Nov 2013 11:06:49 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/181900 geom [geom] [patch] Line breaks missing in geli's kern.geom o kern/181704 geom [geom] ggatec crash the system when I write something o kern/179889 geom [geli] geli stopped work after updating RELEASE 9.* so o kern/178684 geom gpart(8) cannot get my GEOM tree o kern/178359 geom [geom] [patch] geom_eli: support external metadata o kern/176744 geom [geom] [patch] BIO_FLUSH not recorded by devstats o kern/170038 geom [geom] geom_mirror always starts degraded after reboot o kern/169539 geom [geom] [patch] fix ability to run gmirror on MSI MegaR a bin/169077 geom bsdinstall(8) does not use partition labels in /etc/fs f kern/165745 geom [geom] geom_multipath page fault on removed drive o kern/165428 geom [glabel][patch] Add xfs support to glabel o kern/164254 geom [geom] gjournal not stopping on GPT partitions o kern/164252 geom [geom] gjournal overflow o kern/164143 geom [geom] Partition table not recognized after upgrade R8 a kern/163020 geom [geli] [patch] enable the Camellia-XTS on GEOM ELI o kern/162690 geom [geom] gpart label changes only take effect after a re o kern/162010 geom [geli] panic: Provider's error should be set (error=0) o kern/161979 geom [geom] glabel doesn't update after newfs, and glabel s o bin/161807 geom [patch] add option for explicitly specifying metadata o kern/161752 geom [geom] glabel(8) doesn't get gpt label change o bin/161677 geom gpart(8) Probably bug in gptboot o kern/160409 geom [geli] failed to attach provider f kern/159595 geom [geom] [panic] panic on gmirror unload in vbox [regres f kern/159414 geom [isp] isp(4)+gmultipath(8) : removing active fiber pat p kern/158398 geom [headers] [patch] includes o kern/158197 geom [geom] geom_cache with size>1000 leads to panics o kern/157879 geom [libgeom] [regression] ABI change without version bump o kern/157863 geom [geli] kbdmux prevents geli passwords from being enter o kern/157739 geom [geom] GPT labels with geom_multipath o kern/157724 geom [geom] gpart(8) 'add' command must preserve gap for sc o kern/157723 geom [geom] GEOM should not process 'c' (raw) partitions fo o kern/157108 geom [gjournal] dumpon(8) fails on gjournal providers o kern/155994 geom [geom] Long "Suspend time" when reading large files fr o bin/154570 geom [patch] gvinum(8) can't be built as part of the kernel o kern/154226 geom [geom] GEOM label does not change when you modify them o kern/150858 geom [geom] [geom_label] [patch] glabel(8) is not compatibl o kern/150626 geom [geom] [gjournal] gjournal(8) destroys label o kern/150555 geom [geom] gjournal unusable on GPT partitions o kern/150334 geom [geom] [udf] [patch] geom label does not support UDF o kern/149762 geom volume labels with rogue characters o bin/149215 geom [panic] [geom_part] gpart(8): Delete linux's slice via o kern/147667 geom [gmirror] Booting with one component of a gmirror, the o kern/145818 geom [geom] geom_stat_open showing cached information for n o kern/145042 geom [geom] System stops booting after printing message "GE o kern/143455 geom gstripe(8) in RELENG_8 (31st Jan 2010) broken o kern/142563 geom [geom] [hang] ioctl freeze in zpool o kern/141740 geom [geom] gjournal(8): g_journal_destroy concurrent error o kern/140352 geom [geom] gjournal + glabel not working o kern/135898 geom [geom] Severe filesystem corruption - large files or l o kern/134113 geom [geli] Problem setting secondary GELI key o kern/133931 geom [geli] [request] intentionally wrong password to destr o bin/132845 geom [geom] [patch] ggated(8) does not close files opened a o bin/131415 geom [geli] keystrokes are unregulary sent to Geli when typ o kern/131353 geom [geom] gjournal(8) kernel lock o kern/129674 geom [geom] gjournal root did not mount on boot o kern/129645 geom gjournal(8): GEOM_JOURNAL causes system to fail to boo o kern/129245 geom [geom] gcache is more suitable for suffix based provid o kern/127420 geom [geom] [gjournal] [panic] Journal overflow on gmirrore o kern/124973 geom [gjournal] [patch] boot order affects geom_journal con o kern/124969 geom gvinum(8): gvinum raid5 plex does not detect missing s o kern/123962 geom [panic] [gjournal] gjournal (455Gb data, 8Gb journal), o kern/123122 geom [geom] GEOM / gjournal kernel lock o kern/122738 geom [geom] gmirror list "losts consumers" after gmirror de o kern/122067 geom [geom] [panic] Geom crashed during boot o kern/121364 geom [gmirror] Removing all providers create a "zombie" mir o kern/120091 geom [geom] [geli] [gjournal] geli does not prompt for pass o kern/115856 geom [geli] ZFS thought it was degraded when it should have o kern/115547 geom [geom] [patch] [request] let GEOM Eli get password fro o kern/113837 geom [geom] unable to access 1024 sector size storage o kern/113419 geom [geom] geom fox multipathing not failing back o kern/107707 geom [geom] [patch] [request] add new class geom_xbox360 to o kern/94632 geom [geom] Kernel output resets input while GELI asks for o kern/90582 geom [geom] [panic] Restore cause panic string (ffs_blkfree o bin/90093 geom fdisk(8) incapable of altering in-core geometry o kern/87544 geom [gbde] mmaping large files on a gbde filesystem deadlo o bin/86388 geom [geom] [geom_part] periodic(8) daily should backup gpa o kern/84556 geom [geom] [panic] GBDE-encrypted swap causes panic at shu o kern/79251 geom [2TB] newfs fails on 2.6TB gbde device o kern/79035 geom [vinum] gvinum unable to create a striped set of mirro o bin/78131 geom gbde(8) "destroy" not working. 80 problems total. From owner-freebsd-geom@FreeBSD.ORG Fri Nov 8 23:03:08 2013 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 6FC28A73 for ; Fri, 8 Nov 2013 23:03:08 +0000 (UTC) (envelope-from brunolauze@msn.com) Received: from blu0-omc3-s9.blu0.hotmail.com (blu0-omc3-s9.blu0.hotmail.com [65.55.116.84]) by mx1.freebsd.org (Postfix) with ESMTP id 3EA982669 for ; Fri, 8 Nov 2013 23:03:07 +0000 (UTC) Received: from BLU179-W5 ([65.55.116.74]) by blu0-omc3-s9.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Fri, 8 Nov 2013 15:03:01 -0800 X-TMN: [A/rBYluBvre+ysfIxM6Oo6ve9Wh3cONo] X-Originating-Email: [brunolauze@msn.com] Message-ID: From: =?iso-8859-1?B?QnJ1bm8gTGF1euk=?= To: "freebsd-geom@freebsd.org" Subject: GELI Passphrase Providers Date: Fri, 8 Nov 2013 18:03:01 -0500 Importance: Normal Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginalArrivalTime: 08 Nov 2013 23:03:01.0158 (UTC) FILETIME=[AC441C60:01CEDCD6] X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Nov 2013 23:03:08 -0000 Right now=2C there's only "cngets" used to provide passphrase for GELI disk= encryption.=0A= In the future=2C considering embedded solutiona=2C and cloud data centers= =2C co-location=2C etc..=2C=0A= would different geli passphrase providers be planned?=0A= =0A= =0A= One thing that I dream of (for embedded projects):=0A= =0A= =0A= While prompting the passphrase on the console=2C have some settings in load= er.conf to=A0=0A= provide an iface=2C ip=2C netmask gateway to mount and implement a Single P= acket Authorization mechanism with IPSec.=0A= =0A= The impossibility to be on-site to enter passphrase prevent disk encryption= for multiple scenarios=2C and in my humble opinion=2C those are the same s= cenarios where encryption is mandatory like embedded Device in the wild=2C = co-location=2C Off-site servers... even bhyve...=0A= =0A= Of course=2C I know IPMI or KVM solutions are possible=2C just wandering if= we oversee any solutions without those required.=0A= =0A= Any opinions? = From owner-freebsd-geom@FreeBSD.ORG Sat Nov 9 01:33:10 2013 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 72A57AF3 for ; Sat, 9 Nov 2013 01:33:10 +0000 (UTC) (envelope-from jmg@h2.funkthat.com) Received: from h2.funkthat.com (gate2.funkthat.com [208.87.223.18]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 4A2462DCE for ; Sat, 9 Nov 2013 01:33:10 +0000 (UTC) Received: from h2.funkthat.com (localhost [127.0.0.1]) by h2.funkthat.com (8.14.3/8.14.3) with ESMTP id rA91X9k2063092 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 8 Nov 2013 17:33:09 -0800 (PST) (envelope-from jmg@h2.funkthat.com) Received: (from jmg@localhost) by h2.funkthat.com (8.14.3/8.14.3/Submit) id rA91X9DD063091; Fri, 8 Nov 2013 17:33:09 -0800 (PST) (envelope-from jmg) Date: Fri, 8 Nov 2013 17:33:09 -0800 From: John-Mark Gurney To: Bruno =?iso-8859-1?Q?Lauz=E9?= Subject: Re: GELI Passphrase Providers Message-ID: <20131109013309.GK2279@funkthat.com> Mail-Followup-To: Bruno =?iso-8859-1?Q?Lauz=E9?= , "freebsd-geom@freebsd.org" References: Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.4.2.3i X-Operating-System: FreeBSD 7.2-RELEASE i386 X-PGP-Fingerprint: 54BA 873B 6515 3F10 9E88 9322 9CB1 8F74 6D3F A396 X-Files: The truth is out there X-URL: http://resnet.uoregon.edu/~gurney_j/ X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html X-to-the-FBI-CIA-and-NSA: HI! HOW YA DOIN? can i haz chizburger? X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.2 (h2.funkthat.com [127.0.0.1]); Fri, 08 Nov 2013 17:33:09 -0800 (PST) Cc: "freebsd-geom@freebsd.org" X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Nov 2013 01:33:10 -0000 Bruno Lauz wrote this message on Fri, Nov 08, 2013 at 18:03 -0500: > Right now, there's only "cngets" used to provide passphrase for GELI disk encryption. > In the future, considering embedded solutiona, and cloud data centers, co-location, etc.., > would different geli passphrase providers be planned? > > > One thing that I dream of (for embedded projects): > > > While prompting the passphrase on the console, have some settings in loader.conf to  > provide an iface, ip, netmask gateway to mount and implement a Single Packet Authorization mechanism with IPSec. We already have some of this via DHCP/BOOTP kernel for net booting and locating root FS, so it might be easier than having to create all of the infrastructure yourself... It is an insteresting idea... Though if http://www.linuxjournal.com/article/9565?page=0,2 properly describes their crypto, i'm not confortable with it... They should have used an authenticated encryption mode like AES-GCM, AES-EAX or Encrypt and then append/prepend an HMAC, or one of the others... One of the issues w/ decrypt then verify is that you now can cause the destination to decrypt arbitrary data... If you have a side channel (SPA/DPA and related attacks) on the destination (maybe it's an embedded system), you could extrac the key... > The impossibility to be on-site to enter passphrase prevent disk encryption for multiple scenarios, and in my humble opinion, those are the same scenarios where encryption is mandatory like embedded Device in the wild, co-location, Off-site servers... even bhyve... > > Of course, I know IPMI or KVM solutions are possible, just wandering if we oversee any solutions without those required. > > Any opinions? This is interesting as I'm trying to figure out how to deal w/ systems where you have many encrypted disks (say an array using ZFS) and how to get all them decrypted w/o having to enter the passphrase n times... Right now I use a separate zfs key store that has a bunch of key files which I then use w/o passphrased on the array... It works, but isn't the best solution... There has been talk about teaching geli to attach multiple disks using the same passphrase, but I haven't evaulated how well this works, and if it would work well for geli devices that ask for passphrases on boot.. P.S. Apparently a lot more people are using geli that I suspected. I'm happy that this is happening, but we have a lot of work to make it more usable. Thanks! -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."