Kindle Notes & Highlights
FreeBSD separates configuration files into default files and customization files. The default files contain variable assignments and aren’t intended to be edited; instead, they’re designed to be overridden by another file of the same name.
The universal configuration language, or UCL, is a common library for managing Unix-style configuration files. FreeBSD uses UCL for core functions, such as the packaging system.
To boil this all down, on a modern amd64 laptop or a server, I recommend ZFS. Test ZFS with your virtualization system. If it works, use ZFS for 64-bit virtual machines with 4GB of RAM or greater. On i386 hardware or 64-bit hosts with less than 4GB of RAM, use UFS.
install? Use GPT on any system that supports GPT, no matter the size of the disk. Use MBR if and only if the system can’t support GPT.
You don’t need any of these, but some will be very useful for certain situations. base-dbg Debugging symbols for the base system, useful to programmers doc FreeBSD’s official documentation, such as the Handbook kernel-dbg Debugging symbols for the kernel, useful to programmers lib32-dbg Debugging symbols for 32-bit libraries (only on 64-bit systems) lib32 32-bit compatibility libraries (only on 64-bit systems) src Source code of installed operating system tests FreeBSD’s self-test tools If you’re programming or developing on FreeBSD, or developing FreeBSD itself, arrow up and down to select
...more
They might also be virtual, as provided by IPMI’s Serial-over-LAN (SOL) protocol. Rather than a null modem cable, you’ll need to set up the IPMI interface and use special software to configure and access the virtual serial port. Before we set up a port, though, let’s talk about serial port protocol.
Serial protocols also include a whole bunch of settings beyond their speed. It’s possible to muck with them, but the standard settings of 8 data bits, no parity, and 1 stop bit are the most widely used. You can’t change these in FreeBSD without recompiling the kernel, so don’t muck with them.
The most common cause of system failure is those pesky humans, but hardware and operating systems also fail.
Never back up live databases; instead, dump the database to an archive file and back up that archive.
The kldstat(8) command shows modules loaded into the kernel.
You can find a complete list of hardware-specific features in the file NOTES under each platform’s kernel configuration directory—for example, /sys/amd64/conf/NOTES.
There’s a simple rule of thumb when considering optimizing: don’t. Network performance is generally limited only by your hardware. Many applications can’t process data as quickly as your network can provide. If you think that you need to optimize your performance, you’re probably looking in the wrong spot. Check Chapter 21 for hints on investigating performance bottlenecks.
Optimizing network performance with low-end hardware is like putting a high-performance racing transmission in your 1974 Gremlin.
Always distinguish planning for once-in-a-lifetime events from planning for normal load. When the US Government’s Affordable Care Act health insurance registration site went live, millions of users immediately tried to sign up. The first few days, the site was fiendishly slow. After a week, the hardware handled the load without trouble. This was certainly correct capacity planning.
These developers maintain a very low-volume mailing list, FreeBSD-security-notifications@FreeBSD.org, and subscribing is a good idea. While you can monitor other mailing lists for general announcements, the security notifications list is a single source for FreeBSD-specific information. To subscribe to the security notifications mailing list, see the instructions on http://lists.freebsd.org/. The FreeBSD security team releases advisories on that mailing list as soon as they’re available.
This “master.passwd is always correct” logic is deeply ingrained throughout user management.
While having root privileges can be convenient, a lack of responsibility when the system breaks is more convenient.
Enable securelevels at boot with the rc.conf option kern_securelevel_enable="YES".
Securelevels come in 5 degrees: –1, 0, 1, 2, and 3, with –1 being the lowest and 3 the highest.
UFS is built of two layers, one called the Unix File System and the other the Fast File System (FFS).
A noexec mount doesn’t prevent a user from running a shell script or an interpreted script in Perl or Python or whatever. While the script might be on a noexec filesystem, the interpreter usually isn’t.
This isn’t effective against spam, but it might make you feel better. Legit customers that encounter rude messages might trigger meetings, however.
Most of these you don’t want to muck with, unless you like breaking system functionality.
FreeBSD is only one layer of your application stack, so be sure to give the other layers proper attention.
The hypothetical “eliminating bottlenecks” that management often demands is really a case of “eliminating bottlenecks that interfere with your usual workload.”
Jails are a lightweight virtualization method, sometimes called OS-level virtualization. A jail normally contains a complete operating system userland that runs on top of an existing FreeBSD system. The jail relies on the host’s filesystem but is limited to a subset of the directory tree. It might even have a chunk of dedicated space in a ZFS pool.
In my experience, the phrase enterprise network is synonymous with “we have lots of ancient stuff that nobody dares touch.”
Those government spooks aren’t going to crack the encryption on your laptop. They’re going to wait for you to decrypt it yourself—and then they’ll break in.
