Michael W. Lucas's Blog, page 86

An OpenBSD advocacy article led me to a mailing list posting on how to get Flash playing transparently in Firefox on OpenBSD. You could get Flash (and other clunky media formats) to work on Unix-like platforms that Adobe doesn't support for some time now, using a combination of players in packages and nearly random hacks in Firefox. This process makes everything simple, however.

I'm using 4.9/i386 and mozilla-firefox-3.6.13p3.

Set a package path in your shell. A few tests with ping and...

I woke up today to find a console with:

panic: _mtx_lock_sleep: recursed on non-recursive mutex iscsi-io @ /usr/src/sys/modules/iscsi/initiator/../../../dev/iscsi/initiator/isc_sm.c:324

The initiator is a FreeBSD-current amd64 from 8 May 2011. The iSCSI target is an inexpensive iomega NAS. Other hosts attached to this iSCSI NAS have also had errors, though. The errors clear when I reboot the NAS.

Unfortunately, the FreeBSD box is a diskless system. Dumps aren't exactly simple. While I heard...

BSDCan 2011 was great. The problem with a conference that's routinely great is that great becomes routine, and hence boring. Several presentations struck me as notably interesting for a variety of reasons, and I wanted to comment on three of them. These are only my personal opinions, of course. BSDCan had three tracks, and I could only be in one talk at a time.

Mark Linimon's talk on How not to build a lights-out facility discussed the FreeBSD Project's efforts to mirror its core...

I need to confine the user jrlodden to his home directory on this OpenBSD 4.9/i386 system, but give him a shell prompt and access to a couple of specific commands. While the SFTP server has built-in chroot support, a shell environment is more complicated. The /etc/ssh/sshd_config part is pretty simple…

...

#ChrootDirectory none

...

Match User jrlodden

ChrootDirectory %h

This chroot directory is nonfunctional. I must create device nodes and add necessary programs. Start by creating the t...

I promised I'd announce the title of my next No Starch Press book in my BSDCan talk. That happened. The rest of you had to wait until now to hear that I'm rewriting Absolute OpenBSD. The technical reviewer is Peter Hansteen, author of The Book of PF.

Most of the book does not exist yet. Best guess for a release date is some time in 2012.

Why did a second edition take so long?

I will only write books about tools I use in production, out in the real world. (Desktop use does not count.) In my...

From the BSDCan FreeBSD developer summit:

The ports team has developed new package management tools and methods to simplify FreeBSD package management. The hope is to have these as the default in FreeBSD 10. Erwin Lansing has posted slides from his brief presentation, and a Web search for "pkgng FreeBSD" will get you all sorts of details.

I know several tech authors who use an agent to sell their books license their copyright to publishers. Tech authors don't need agents. You can sell to a tech publisher yourself, and hire a lawyer to evaluate any contract offered. I've never used an agent for my nonfiction.

Pimping yourself is work, yes. And it takes time, and you must educate yourself. But it's not hard, or authors couldn't do it. Before you decide to hire an agent to place your work, I suggest you read this. Some agents are ...

BSDCan! Are you going? Why not? Sorry, that excuse isn't good enough. Get there. I arrive Tuesday. I will be looking for you. Do not make me come looking.

As a result of BSDCan, as well as preparing to sell my house, various stuff has been delayed. If you're waiting on me, I'll get to you soon. Really.

The good news is, the house painting is finished. All that remains is to pack. While not fun, packing can be done in smaller chunks of time than painting. Hoping to get book writing back on...

Most of my OpenSSH servers now require public key authentication for users. On a few systems, however, I must allow remote access with password auth. I need SSH to allow password auth from those IP addresses and only those addresses, but still require public keys from other locations.

Do this with OpenSSH's match keyword.

Start by configuring sshd for the most common case — in this case, requiring public key authentication. This requires only two changes to the default configuration:

...

In yesterday's mail, the Japanese translation of Network Flow Analysis:

I have two copies for Japanese-reading reviewers. I'd also like to add a link to the publisher's page for the book, but the ASCII Web site defeated me. If you know enough Japanese to figure it out, I'd appreciate it.

Translations of my books fascinate me. That's my name on the cover, but I don't understand the alphabet, let alone the sentences. But recognizable English words are scattered throughout the text, including...