Author: Michael Lucas

Writer. Sysadmin. Owns this site.
Posted on

“Run Your Own Mail Server” Kickstarter prelaunch up

Pretty much what the subject says. The Kickstarter page is up. If you do Kickstarter and want to know when this goes live, hit the button.

Why do both sponsorships and a Kickstarter? Different people have different comfort levels with different options. Some folks want to make the book exist. Some folks want to get the book as soon as it exists. Some of you want a vague awareness that the book exists so yuo can more easily avoid it.

If the Kickstarter does well enough backers will get an online launch party/Q&A, additional ebooks, and more. Rewards will include the book in ebook, paperback, or hardcover, signed or unsigned, Eddie Sharam’s original cover art, or (for the truly deranged) a complete set of all current IT Mastery books.

I will not be doing direct sales off my web site, the way I did with OpenBSD Mastery: Filesystems. Trying this instead, to see if the social element outweighs Kickstarter’s 8% fee. Even if you’re not a Kickstarter user, I’d appreciate you sharing the link with those who might be interested. Thank you.

Posted on

New Prohibition Orcs novelette out

The Prohibition Orcs Kickstarter offered a stretch goal of “I will write an orc baseball story.” The story went to backers at the end of December, and now I’m releasing it to the public. As with all my standalone short fiction, it’s exclusive to my store.

“Fair Balls” contains baseball! Found Meat! Pure orcish wisdom, shared beneath the Sun. All in the name of that darkest of arts: “reading.”

What’s a novelette? Too long to be a story, too short to be a novella. The weird midrange crap that trad publishers sneer at.

Posted on

Penguicon 2024 Schedule

I’ll be at Penguicon this weekend. Come by, say hello, buy a book or heckle a talk. All talks are fifty minutes.

Friday, 26 April

  • 5 PM: hang out in bookstore
  • 7 PM: Reading (Orcs? Tech advice column? Nonfiction? Who knows?)

Saturday, 27 April

  • 10 AM: The Good, the Bad, and the Yikes: 20th-Century SF (panel)
  • 11 AM: How I Make a Living Writing
  • 1 PM: How to TLS when You Don’t Know TLS (my talk, given by Bagel Garrison)
  • 2 PM: BSDCan Concom Call (Not a Penguicon event, but it’s where I’ll be)
  • 3 PM: Run Your Own Email Server
  • 4 PM: Prying Money Out of an Indifferent Public: Self-Promotion for Creators (panel)
  • 6 PM: It’s Always DNS, and What to Do About It

Sunday, 28 April

  • hang out in bookstore

The “hang out in bookstore” blocks are actual work, sort of. I watch over other folks’ books, they watch over mine. If you want to buy a book send money via Paypal, show the watcher your receipt, and walk out with the book.

I’ll have a select, uh, selection of books, the sort of stuff that usually sells at Penguicon. If there’s a particular title you want, let me know in the next few days. I’ll bring a copy with your name on it. Otherwise, I might not be bringing that book at all.

Posted on

March’s Malformed Sausage

(This post went to Patronizers at the beginning of March, and the public at the beginning of April)

Last month, I mentioned blood pressure problems.

The good news is, I have the blood pressure under control. The bad news, it’s given me a cough so fierce that I occasionally fall over. People have told me I work to hard, so now I’m taking a thirty-minute break every four hours around the clock for a breathing treatment that leaves me wheezing and quivery but functional. It’s an opportunity to prove the maxim “sleep is for the weak,” and I needed to develop my abs and rib muscles anyway. The doc changed my meds yesterday, so I’m hopeful I can exchange these side effects for less inconvenient ones.

This is all covid damage. I’m not risking developing more problems. You want me at your events, enforce a mask policy. I got too many books to write to put up with any more symptoms.

I also failed to finish Run Your Own Mail Server last month. See the above cough. I’m down to one technical issue, MTA-STS, and a few social issues that only require spewing words. I was tempted to wait on this post until I write those, but that’s pretty much a guarantee that I won’t complete either. You folks are my strongest supporters, and I need to give you the attention I agreed to. (Not the attention you deserve, of course. I don’t have that much attention.)

One of the headaches in this book has been its constant violation of one of my usual writing rules: do the hard part first. When I approach a new project, I rank the contents in order of difficulty. Usually, there’s at least one thing I haven’t previously done. Those are the things I need to write first. Writing the stuff I know how to do is pretty straightforward, but the unknowns wreck my plans. RYOMS could only be written in one way, though. The services must be set up and documented in a particular order, without shortcuts. If the book said “This is wrong but we’ll come back and fix it later,” I know perfectly well that none of you would go back and fix it. We have to set it up right the first time. Which led to some extra work. I use pyspf-milter so I wrote about it, but rspamd turns out to be a wiser choice. Retreat, refactor, rearrange, try again.

On the fiction side, I sold a new Rats’ Man’s Lackey tale to a magazine. The RML tales have a strange publishing history; every magazine or anthology I’ve sold one too has collapsed before they could publish my tale. Once a story destroys a publication, I put it up on my bookstore. I’ve written enough of those to release a collection, but a few buyers are still in business so I have to wait for them to implode–uh, publish. Publish.

I’m most of the way of a massive Terry Pratchett Discworld reread, not just studying his craft but how he improved his craft. There’s something fascinating about reading a large body of work in the order it was written. The quality of Pratchett’s early work was borderline, but some editor saw something unique in his craft and decided to give the kid a chance. You can see him improving with every book. At a technical level, there’s a certain fascination in saying “Oh! This is where Sir Terry discovered cliffhangers!” “Hey, he learned the difference between description and setting!” “Ooooh, he figured out how to stop violating drifting point-of-view, thank you Om.” This binge gives me hope for my own craft, because nothing Terry with his craft did was magic. The art expressed through his craft was magic, but art is not craft. I started reading Pratchett when The Light Fantastic came out, and in retrospect I can honestly say he taught me how to improve my craft.

Note that you can’t binge-study James Patterson. This kind of study requires examining the work of someone who writes their own books. You also can’t binge-study Ayn Rand, because she never got better.

Anyway, this binge study leaves me feeling validated about my method of deliberately practicing one skill per project. That’s a dangerous feeling; I don’t study to see what I’m doing write, I’m looking for ways to improve. I’ve found a few, but I still suspect I’m missing something big. Oh well. I guess, in a year or two, I’ll have to… study Pratchett again.

I’m going to cut this a little short, because the coughing has backed off and I desperately want to finish RYOMS this week. Thanks for supporting me, everyone!

Posted on

xz backdoor vs “$ git commit murder” sale

I’ve gotten half a dozen messages on various forums declaring that the xz backdoor is eerily reminiscent of a major plot element of $ git commit murder.

I’ve been a sysadmin for decades, and hanging around with operating system developers nearly as long. I came up with a plan for a “difficult but achievable” hack. I checked with various actual developers to see if it was realistic, and adjusted the hack based on their feedback.

Target a userland tool. Hook it into the operating system core. Proceed from there. The plan is easy, the execution fiercely difficult, the coincidence unsurprising.

I can say that if Dale had developed this hack, it would not have damaged the host’s ability to serve SSH requests. He would have caught that and fixed it before deployment.

I feel compelled to acknowledge this similarity, however. Coupon code xzhack gets you 50% off $ git commit murder and $ git sync murder at my store. This expires 8 April 2024.

To all the sysadmins who are having a bad weekend because of this hack, I offer my sincere condolences. Just because the blast missed me this time doesn’t mean I don’t feel your pain, or that I won’t be caught next time.

To the author of the hack I would like to say: you are a dick.

Posted on

Vultr backed down, but so what?

(Quick note, because very busy day.)

Vultr had a rights grab in their ToS. They just took it out, after community outrage.

So, is everything fine?

Nope.

This is exactly what Findaway tried. I’ve read the whole ToS. There is no misunderstanding.

The CEO has said that users are not lawyers. I am not a lawyer, true. But I deal with a lot of intellectual property contracts. My books are intellectual property, and I have to read ToS and contracts for every one of them. When reading a contract, you have to assume that the other party will be sold to a complete bastard who will exploit the contract as far as possible.

It’s highly unlikely that Constant Contact (Vultr’s parent firm) would use a book stored on my site to make a film. But suppose their parent company did so. A film I didn’t want made would come out, destroying the value of any film I might have made. I could sue, spending my money to fight a much larger firm. This is a losing proposition.

Perhaps Vultr’s lawyers are merely incompetent.

But their parent firm is a content company. And many content companies are doing rights grabs.

Rights grabs are becoming more common, though. I believe that the only way to stop them is to stop doing business with any company that attempts one. Backing down from a rights grab is too late.

Posted on

Vultr Just Betrayed Us

(followup at https://mwl.io/archives/23504)

I suppose the hip kids would say this is enshittification, but it’s certainly a betrayal.

According to their new Terms of Service:

You hereby grant to Vultr a non-exclusive, perpetual, irrevocable, royalty-free, fully paid-up, worldwide license (including the right to sublicense through multiple tiers) to use, reproduce, process, adapt, publicly perform, publicly display, modify, prepare derivative works, publish, transmit and distribute each of your User Content, or any portion thereof, in any form, medium or distribution method now known or hereafter existing, known or developed, and otherwise use and commercialize the User Content in any way that Vultr deems appropriate, without any further consent, notice and/or compensation to you or to any third parties, for purposes of providing the Services to you.

This is unacceptable. No other hosting company does this.

The TLDR on the side is deceitful. They say that we own our stuff. Fine. The fine print declares that we license our stuff to them, for full exploitation, without compensation.

I have not agreed to those ToS. Fortunately, I can migrate off their systems without console access, so I do not have to agree. If you use vultr, I suggest you do the same. Also contact them through their contact page and state your refusal. I’m told you can cancel via their page without logging in, but haven’t yet tried it.

I am now investigating alternatives for hosting FreeBSD and OpenBSD systems. Preferably that take custom installs.

Posted on

Shopify vs Woocommerce for Author Bookstores

The hot new idea in writer circles is the author-owned bookstore. According to the Wayback Machine I’ve had my author-owned bookstore since 17 May 2013, so you can imagine I’m fully on board with this. This store now accounts for 35% of my income, more than Amazon, so it’s a critical part of my business.

When folks look at building a store, though, they’re immediately confronted with choosing a platform. There’s two major platforms: Shopify and Woocommerce. Which should you pick? The costs are comparable. The skill level to use either is about the same. They then commit a grievous error and ask me for my opinion.

I will always advise Woocommerce. Always.

When I say this, many authors immediately jump up and say “I tried Woo and it sucked, Shopify works better!” I would reframe that. “The first store I built sucked, the second store I built is much better!” The first book you wrote probably sucked, too. The first iteration of my Woo store also sucked. I look at a lot of author bookstores and immediately say, “Oh sweetie, no, this is not how you do it.” Some of them hired ‘technical’ people to build the store. Technical people are like literary agents: there is no qualifying exam, they act in their own interests according to their own biases, and you can’t afford a good one. Even a disaster is educational, though. Your failed first store taught you how to build a second store containing less suck. (It’s amazing how many writers are willing to spend years noodling over a manuscript, but expect their first store to work perfectly on their first try.)

My motivation for standing up my own bookstore is to declare independence from any outside channel. A decade ago, Amazon was the majority of my income. Making my books available in all channels increased the number of readers I drew while reducing my dependence on Amazon. Adding my own bookstore reduced my dependence on anyone. Yes, I use outside components and services, but every one of those parts can be replaced. Why would I replace a dependency on Amazon with a dependence on Shopify?

Cory Doctorow recently made a big splash with the word enshittifcation. He describes it as the process where an Internet company starts off being useful, becomes powerful, then starts squeezing values out of suppliers and then customers. It’s standard business practice at Internet scale. Ford and General Electric would totally do the same, if federal regulation didn’t prevent it. Amazon exists with very little federal regulation.

I prefer a simpler word: betrayal. It’s harsh, yes, but it fits.

Internet companies betray their user every day. Glassdoor sold itself as a place to anonymously rat out employers. Now the company wants to monetize its users, and is attaching real names to user profiles. While I could laugh and say You idiots trusted an Internet company, what did you expect? this will literally destroy lives and careers. Findaway Voices sold itself as one service, got bought by Spotify, changed its ToS to become an IP-pillaging company, and appeared to back down under protest. People thought it was a victory. It was not. We lost. We lost huge. It was an absolute rout. Compare their current terms of service to the pre-Spotify terms of service. Now consider what a minor update like “we added three carefully-chosen words to the ToS, they’re harmless legal boilerplate, we promise” could do. I guarantee that Findaway’s lawyers knew what words they would add and where they would put them before releasing these “friendly” Terms of Service. In Reddit’s quest to raise money, it trashed the people who create its value. All that’s only in the last year.

Betrayal is the Internet’s business model.

Businesses look out for their own interests. If a business believes it exists solely to maximize shareholder value, and has no legal, regulatory, or competitive barriers, it will become invaluable and then betray you.

What happens if either Shopify or Woo betrays me?

The Shopify software and all hosting thereof is fully controlled by the Shopify company. When folks tell me that they’re lovely people, what I hear is “the company’s current management is lovely, but the owners have decided to not betray their users. Yet.” A third of my income is at risk. If they become a problem I must hurry up and find a new store system, without advance warning, right freaking now.

The Woo software is freely available under a permissive license, and is hosted on a WordPress site I pay for. There is a Woocommerce company, yes, but they make money by selling support and add-ons. The actual software cannot be taken away. Yes, I buy some Woo plugins. There’s a super healthy plugin marketplace. If Woo Inc betrayed me, I’d have time to switch. After all, I have all the code. It’s running on my server. Betrayal would vex me, and I’d feel obliged to rant and rave. Also, Woo is a fork of Jigoshop. If Woo betrays its users, any number of those outside firms would leap up and happily take their place. And Woo knows it. That’s how they replaced Jigoshop. One day they’ll get bought and the new owners will go for a betrayal anyway, though.

When Shopify inevitably betrays me, over a third of my income is at risk.

When Woocommerce inevitably betrays me, I am not at risk. I’m merely pissed off.

Either way, you need to experiment with your store. Polish it. Experiment. Some of those experiments will be complete failures. Some will succeed worrying well. It’s all about what your readers want. Give readers a seamless buying experience, and expect that it’s gonna take a while.

Posted on

“Run Your Own Mail Server” off for tech review

I just finished the first draft of “Run Your Own Mail Server.” Copies have gone to my volunteer tech reviewers and my sponsors.

When I need to mass-mail my sponsors, I normally can only mail a dozen or so at a time without making Google and Microsoft throw a fit. This time, I mailed all 147 sponsors at once. None of the big providers even looked askance.

Requested feedback by 15 April, just to make tax day extra special. That’ll let me open the Kickstarter by Penguicon.