Michael W. Lucas's Blog, page 77

Those who have been following my Twitter feed know most of this, but here’s the status on this book.

Chapters 0-10 have been sent to No Starch. They’ve done initial edits on 0-5. I’ve responded to those edits, so they’re now off for Hansteen’s tech review.
Chapters 11, 14, and 17 have been sent to Henning for informal review.
Chapters 12, 13, and 20 partially exist.
Other chapters are outlines, notes, fragments, script(1) sessions, etc.
Oh, and the Afterword exists. Mainly because it’s 90% stolen...

The OpenBSD folks strongly encourage users to use packages for software management. Most of the time, their packages just work. But sometimes, you must use a port.

OpenBSD includes an updated Apache 1.3 server, and recommends that everyone use it if at all possible. (There’s also nginx, which is the future platform, but it’s not quite integrated yet.) I have a Web application that only runs on Apache 2.2, so the included Web server is not an option. OpenBSD provides an Apache 2.2 package for...

Yesterday’s election was mostly a primary, but also included a few millage issues. The purpose of a primary is to keep the obvious maniacs from getting onto the final ballot, so I make the effort to vote. (Your definition of “obvious maniacs” probably differs from mine, but that’s okay.)

I’m waiting for verification, and am glad to see that they’ve finally replaced the big printed books with a laptop. But all of the verification people are standing around the laptop, getting more and more frus...

I recently tried FreeBSD’s pkgng, based on Ivan Voras’ blog post. Days after getting the new machine set up, though, I got this in my daily status mail:

Checking for packages with security vulnerabilities:

Database fetched: Fri Aug 3 03:02:57 EDT 2012

apache-2.2.22_5 is vulnerable:

Apache -- Insecure LD_LIBRARY_PATH handling

WWW: http://portaudit.FreeBSD.org/de2bc01f...

php5-5.4.4 is vulnerable:

php -- potential overflow in _php_stream_scandir

WWW: http://portaudit.FreeB...

Will Beckman interviewed me at BSDCan. That interview is now available as BSDTalk #218.

Some of the issues I mention in the podcast are now solved. SSH Mastery is easily available in print in Europe. (You want the print copy as well as the ebook. You know you do.)

Ivan Voras’ article on FreeBSD’s pkgng prompted me to try pkgng. pkgng works exactly as advertised, with a couple of minor annoyances. But this brought to head a problem with FreeBSD that I’ve had for a while. I’ve talked to various ports guys about it over the years. It’s an engineering problem that’s begging for someone to solve.

Before folks in other Unix-like operating systems start snickering at “Lucas turning like a rabid dog on the community he came from”: you guys have your own problem...

This post is, “how is the new edition of Absolute OpenBSD coming along?” with a bit of musing on the craft of writing a second edition added in.

I’m always shocked by the number of systems administrators ignorant of networking basics. I don’t care that they don’t know how to choose between BGP and OSPF, or that they don’t know what those acronyms stand for. That’s not relevant to most servers. But lots of them don’t know what an IP address is, or how to recognize a valid netmask, or the differ...

All authentication on my network (with carefully selected exceptions) should be centralized. This includes router administrative logins via telnet or SSH. My authentication information is in an OpenLDAP 2.4 server. Attaching Cisco gear to an OpenLDAP database is hard. But attaching Cisco gear to RADIUS is pretty easy. But my FreeRADIUS server uses LDAP as its back end, and attaching Cisco gear to RADIUS is pretty easy.

To have your enable password, you’ll need an LDAP user called $enab15$. Tak...

The July 2012 issue of BSD Magazine has an article by yours truly: freebsd-update as an Intrusion Detection System.

It also has a code to get you 30% off of Absolute FreeBSD at No Starch Press. If you don’t have your copy of this book, here’s your chance.

It has other good articles too. None as awe-inspiring as mine, of course, but definitely worth a read.

I’m heading out to Oregon for Kris Rusch’s short story workshop in a little while. Additionally, I just got my story collection Vicious Redemption out in print. So, what the heck, here’s a story. It’s short enough that I’m not comfortable putting it out as a 99-cent short, but sufficiently solid that it deserves an audience.

Warning: not for children.

Keeping Friends

“I’m trying to decide if I should kill myself now, or wait five minutes.”

My precognition hadn’t warned me about Tom’s call, but I...