Michael W. Lucas's Blog, page 67

I’ll be speaking at NYCBSDCon this weekend. If you’re in the New York City area, show up.

Just for this conference, I’m having a sale on my 3 ebook bundle at my bookstore..

Coupon code SUSPENDERSBSD will get you $7 off, bringing the price for all three Mastery books to $20. Through Saturday.

With Richard Stallman’s recent raising of the flag against LLVM and Clang, I’ve heard a lot of people talking about how the “FreeBSD people are whining about the GPLv3 terrorizing them.”

Back in 2000, I wrote an essay for Linux.com about why I like the BSD license. It’s actually stood up fairly well to the test of time, but it’s fourteen years old now. Times have changed. So have licenses.

Normally I object to taking something with warts, dosing it with Compound-W, and sending it back out. The...

Another “put this up so I can point to it later” post.

Now and then someone tells me that I should put ads on my blog. Some of the articles get a ridiculous number of search engine hits, and I could probably add another (small) income stream there.

I’m not morally opposed to the very idea of advertising-supported web sites or, indeed, advertising in general. I’m opposed to leaking information about my readers, however. And that’s what the advertisers actually pay for.

I don’t oppose sharing info...

So I’m trying to upgrade my Ansible server to the newest OpenBSD snapshot, which involves working at the console. I go to my virtual server control panel, click on the link to the Java applet, and get told that Java won’t run this application.

Turns out that Java has trusted self-signed certificates for applications until now, relying on blacklists rather than whitelists. I simultaneously applaud this move away from enumerating badness and condemn them for temporarily inconveniencing me.

To whi...

It seems that ntpd has turned into the latest DDOS amplifier. I run a lot of servers, and most of them use the standard ntp client. I need to verify that none of my servers can be used for DDOS amplification. To do this, I need to give all the clients a standard NTP configuration, pointing at my personal NTP servers.

While my internal addresses need access to the port 123 on my servers, the public doesn’t. And I occasionally add internal addresses. Automating PF and NTP configuration via Ansib...

No, not for me. If I bring another piece of obsolete hardware into this house, it can have my chair because I’ll be sitting out at the curb.

The OpenBSD Project builds all their packages on native hardware. Yes, it might take a month to build a complete package set on some of their platforms, but that’s okay.

Their VAX recently died. They need a new one.

I know that some of you have a VAX in storage, that you’ve been reluctant to surrender because it’s a cool toy. Now you can send it to a good h...

I’m sick of scrounging hardware for writing books. I’m sick of waiting for things to compile, managing disk space, and running out of memory. I finally got so sick of it that I decided to invest some serious cash in a research machine, in the hope that I wouldn’t need to hunt hardware piecemeal for the next five to six years.

I solicited hardware advice from my modest horde of Twitter followers. After diving through realms of documentation, I came to realize that I didn’t want to build my own...

We have an in-house application that was written for FreeBSD 4 and antediluvian versions of PHP, Perl, OpenSSL, and so forth. Most of the features have migrated into other applications, but a few critical functions remain.

An old operating system isn’t sufficiently bad, though. The hardware terrifies me. Not only is it over a decade old, it’s repurposed desktop hardware.

Virtualize it? Maybe. But device drivers have changed over the intervening decade, and a ten-year-old de(4) or fxp(4) driver...

Amazon sends us Kindle owners an email every few days saying “You bought this and that, so we think you’ll like these items.” They’re right an annoying large portion of the time, but when they get it wrong they really blow it.

Amazon Recommendation Failure

Okay, yes, the book of PF is pretty good. But I have a copy. And I actually paid cold hard cash for the FreeBSD Design & Implementation book, and waited in line to get it signed. Either of these would be excellent gifts for the BSD aficionado...

The official OpenBSD bookstore now carries both DNSSEC Mastery and Sudo Mastery print. If you buy the print from them, you get the ebook as well. These books sell for list price, but sales support the OpenBSD Project.

I am not donating all my proceeds from these books to OpenBSD, however. I did that with SSH Mastery, because the OpenBSD guys kind of take it in the shorts with OpenSSH. One of my goals is to have the ability to make a living writing without needing survival tips like “There’s gr...