Michael W. Lucas's Blog, page 89

I'm a fan of version control in systems administration. If you don't have a central VCS for your server configuration files, you can always use RCS. I habitually add #$Id$ at the top of configuration files, so I can easily see who touched this file last and when.

On an unrelated note, I'm upgrading my virtualization cluster to Ubuntu 10.10. The worker nodes run diskless. Each diskless node reads a configuration file over TFTP. Mine looked like the following:

#$Id$

LABEL linux
KERNEL...

So how does the traffic I get here compare to an established Web site, like the OpenBSD aggregator undeadly.org? Undeadly linked to my OpenBSD story…

Can you guess when?

No, they weren't the only ones. But 6 of my top 10 referring URLs were in undeadly.org. The lesson is, do not feed the puffer fish. They will swarm and eat you like the tender tasty morsel you are. They even crashed my helpless little server. (Admittedly, I'd done terrible things to the server configuration, including...

I'm using Ubuntu servers with qemu-kvm as a virtualization solution. The software included in 10.04LTS includes a variety of annoyances, such as broken PXE, odd bridge behavior, and "general weirdness." Although 10.10 is not supported in the long term, I decided to try it.

The good news is, the 10.10 virtualization stack works much better. The bad news is, 10.10 didn't want to run on my diskless hardware. Boot attempts all died with many lines of:

ipconfig: no devices to configure

and a...

The folks at undeadly.org have started posting "how I discovered OpenBSD" stories. This isn't a story of how I discovered OpenBSD, but rather why I like it. Before you ask, I don't have similar stories about any other operating system, not even any other BSDs. I was guided to FreeBSD in 1995, and I discovered NetBSD on my own shortly after. (An earlier version of this was previously published in a small promo pamphlet handed out at a tech conference years ago.)

Back around 2000, my...

My phone got a call recently from a systems administrator whose network was under attack. I was busy getting my twice-weekly dose of humility, but a couple hours later, my phone delivered the message.

The attacker was flooding their primary DNS server with requests for isc.org. This is a not-uncommon attack. As DDos attacks go, it's not terribly effective; it can overwhelm the DNS server's resources, but doesn't utterly destroy the victim's network. You can easily defend against this by...

People keep asking me why I use a publisher when self-publishing has become more and more possible over the last few years. Today, 38% of Amazon's top 100 titles are self-published. Authors with a long track record in publishing, like Bob Mayer and Joe Konrath, extol the advantages of self-publishing your work rather than going through a publisher. Dean Wesley Smith and Kristine Kathryn Rusch, authors with decades of respectable mainstream publishing behind them, make solid business cases f...

The video of my NYCBSDCon 2010 talk, BSD Needs Books, is now available at http://blip.tv/file/4844882. At the moment, it's the top link on BSD TV.

This is the first time I've seen my own presentation, at any conference. I've always suspected that I look daft in front of an audience. It turns out that the slim chance I was wrong was a nice thing to have.

I use LDAP authentication on several Web servers. For the first time, I have a Web application that I want to open to customers as well as staff. Usually, I just put the users into a group. Apache validates the password against LDAP and checks for group membership, and either accepts or rejects the request. The relevant Apache configuration looks like this:

AuthLDAPURL "ldap://ldap1.domain.com/ou=people,dc=domain,dc=com" STARTTLS
AuthLDAPGroupAttribute memberUid
require ldap-group...

I've started the next book for No Starch Press. There's an outline, and I've written both the introduction and the afterword. All that's left is the hard stuff in between, twenty-some chapters of it.

Where to start writing? That's easy: First, I write the stuff that's most likely to make the book fail.

Every project has easy parts that are fun and go quickly. Those are the tasks you're most familiar with, that leverage your existing skills. Then there's the parts that require you to...

A modern hand scraper and wire brush can strip peeling, mildewy paint from a concrete basement wall almost easily — at least, much easier than when I was a kid and had to do the same job with a pointed stick and piece of chalk. The equipment comes with warnings in big black letters. "Wear Goggles!" "Wear Gloves!" "May Sever Fingers!" And so on. You don't want to get a flying paint chip in your eye.

Unfortunately, it doesn't come with a warning that says "Keep Mouth Shut."

Describing the t...