Want to hear my voice? Interested in Absolute OpenBSD or DNSSEC Mastery?
Go check out BSDTalk 228, starring yours truly.
“Absolute OpenBSD” auction photographs
I promised to post photographs of the signed copy of Absolute OpenBSD 2nd Edition that went to Bill Allaire.
Here they are. In full size, so that Bill can later use them to authenticate his copy, in the extraordinarily unlikely event that he desires to do so. (And also so that perhaps the bandwidth utilized might finally exceed that generated by my fame in the gay porn world.)
All the developers signed the first page:
People immediately checked the index for their favorite features. Leave it to Bob Beck to find my extraordinarily subtle joke on BUFCACHEPERCENT, which I assure you I completely deliberately chose to do and was not at all an actual error.
Some developers weren’t terribly confident of their English skills. But that’s okay.
Sadly, there were some problems with the book. People were kind enough to point them out.
Many pages didn’t get marked up, but a few got extra attention. We now know exactly how Theo feels about file flags.
Finally, Theo was kind enough to add a footnote. He didn’t mark it from the main body of the text, however. Programmers might have mad skillz, but footnotes are much harder than they look.
As an aside: I considered getting the developers to sign my personal copy of the book while I was there. But that would reduce the uniqueness of this artifact, dang it. So Bill gets the awesome copy and the rest of us get pix.
“DNSSEC Mastery” business numbers
When SSH Mastery came out, I published the initial sales figures and a followup a month later. The results of publishing one book is not really data, however. It’s one data point.
A second data point is also not data. But it’s twice as close to data as one data point.
Let’s compare and contrast SSH Mastery with the book I just published a couple months ago, DNSSEC Mastery.
DNSSEC Mastery was pre-released via LeanPub, so that my hard-core fans could get copies of the incomplete draft. This was also an experiment. Now that the book is out on mainstream platforms such as Amazon and Kobo, LeanPub sales have basically gone to zero. (I still make an occasional sale thanks to LeanPub not requiring a PayPal account and being platform agnostic.) I’ve sold a total of 61 copies on LeanPub, most for the list price of $9.99.
The ebook was published 17 April 2013. Here are sales for the trailing end of April.
Here’s April’s DNSSEC Mastery sales:
In May, the book had been out for a while. Also, the print book came out near the end of the month. What happened to sales?
Then there’s June. Where did sales go:
June’s sales are down across all platforms.
What conclusions can I draw from these numbers?
First, let’s talk about “fan base.” The story is, you need a fan base to pimp your book for you. Word of mouth is a powerful thing, true. But the key here is the word “need.” You can certainly be successful at self-publishing without an existing fan base.
My fans are awesome. All of the LeanPub and TWP sales are from my devoted readers who specifically want books from me and want to support my writing. I appreciate every one of you. (I also think that you’re slightly daft for buying an incomplete book that hasn’t undergone any review whatsoever and might well be chock-full of dangerous advice, but that’s a separate issue.) Some of my fans waited until the book was officially released to purchase. I certainly don’t begrudge them this. Buying a book from your preferred cloud provider has distinct advantages, and that’s my personal preference as well. These readers are responsible for May’s surge of ebook sales and June’s higher print sales.
Over 60 people bought copies of the book from LeanPub or TWP before the book was even complete. These hard-core fans would have presumably bought the book on a big-name commercial ebook platform instead. Selling the book through alternative channels deprived me of that initial “big sales burst” that so many self-publishing authors covet. That big initial sales burst doesn’t matter. The book is selling better than I expected. Less than I hoped, mind you, but better than I expected.
I’m now done selling to the hard-core fans who stalk me on Twitter. Extra posts on Facebook and Twitter and whatever will not get me more readers. Instead, I’m selling to the public. And the public is buying.
Would I like every single DNS administrator to deploy DNSSEC, using my book? Sure.
But here’s the thing: if I continue to sell roughly 50 books a month to the general public, I will have more sales to the public than to my hard-core fans. I’m not discounting the fans, mind you — the initial influx of cash certainly helps, and their encouragement keeps me writing technology books. But in the long run, the book itself is the thing.
What about “breaking even?” The expenses for SSH Mastery were very high, but I broke even in the first few months. What about breaking even on DNSSEC Mastery?
Total expenses were about $650, between cover art, layout, editing, more editing, proof shipping, and such. (This does not include the various beers I owe assorted people.) I haven’t totaled all of the income across all the platforms, and I have no intention of doing that until the end of the year, but it’s pretty clear that this book has broken even with expenses. The only thing I need to get paid for is my time in writing the book. If the book continues to sell, then I’ll be okay on that front.
The obvious question people will have is, “If you expected sales to be mediocre, why not write something with wider appeal?”
I wrote DNSSEC Mastery as another test.
At a technical level, SSH Mastery was very easy to write. I tested absolutely everything with my OpenBSD desktop, my Windows laptop, and a remote virtual machine. Nothing required interacting with anything outside my little world. Also, it’s very easy to see if my documentation worked. My usual testing methods of “capricious malicious play” work well with SSH.
DNSSEC is different. It demands interacting with the entire world. This makes DNSSEC actually somewhat dangerous to play with. You can make your domains disappear from the Internet. You can make your users unable to reach the Internet. It’s an ugly, hairy thing to capriciously and maliciously play with.
Additionally, DNSSEC is hard. My DNS knowledge dates from the mid-1990s. I was aware it had changed over the years, but I didn’t know exactly how or why. Writing this book meant updating my knowledge base.
The community knowledge base on DNSSEC is spotty, unreliable, incoherent, and actively wrong. While folks started working on DNSSEC in the last century, it was only really finished in 2006. The years between generated a whole bunch of obsolete documentation on weird problems that no longer have any bearing on reality.
Finally, DNSSEC has a really bad reputation. “It’s hard!” It’s another layer of complexity! It’s a whole chain of failures waiting to happen!” “There’s better ways to do this!”
I don’t write books about torturing yourself. With the latest version of BIND, it’s entirely possible for your average overworked network administrator to deploy DNSSEC in the real world, without relying on overcomplicated third-party add-ons and scripts and random hacks. The software now handles the tedious and constant maintenance. This means that I could write a book about it in clear conscience.
So: can I write and self-publish a technologically challenging book and have it be useful and correct? Can such a book solve problems for the reader and actually improve their organization?
In that regard, DNSSEC Mastery is an unqualified success.
Two more “Absolute OpenBSD 2/e” reviews
Again, this is mostly for my later reference, reviews on DistroWatch and Sunday Morning Linux Review.
In this BSD issue of SMLR, tho hosts were heard to say “Linux – that’s so last year.” So glad they’re catching up.
Visiting an OpenBSD hackathon.
I took Bill Allaire’s copy of Absolute OpenBSD to Toronto to get it signed. If you wonder what that’s like, check out my article over on undeadly.org.
Why no tech posts from me for a while now? I’m moving a bunch of virtual machines from ESX to SolusVM. As some of these VMs are several years old, I’m taking the opportunity to make new OS installs and get them into my Ansible setup. It’s a lot of work, but it’s not blog-worthy.
When I do something interesting, you’ll be the first to know. Well, no, maybe the sixth or seventh. But still, pretty early on.
Two “Absolute OpenBSD” reviews
One from Crypted Nets and one from IT World.
I post book reviews mostly so I can find them again years from now. When the time comes to do a third edition, I need quotes like “I doubt that a better book on OpenBSD could be written” for the cover and marketing materials.
FreeBSD-update vs bind99-base
My master nameserver runs BIND 9.9, so I can do DNSSEC easily. I’ve installed from ports, but used the REPLACE_BASE option so that it overwrites the BIND 9.8.3 install included in the base system. That way I don’t have to worry about having multiple versions of the same command on different systems.
I patch this system via freebsd-update. After applying the latest security patches, I got the following email:
The following files will be updated as part of updating to 9.1-RELEASE-p3:
/usr/bin/dig
/usr/bin/host
/usr/bin/nslookup
/usr/bin/nsupdate
/usr/sbin/ddns-confgen
/usr/sbin/dnssec-dsfromkey
/usr/sbin/dnssec-keyfromlabel
/usr/sbin/dnssec-keygen
/usr/sbin/dnssec-revoke
/usr/sbin/dnssec-settime
/usr/sbin/dnssec-signzone
/usr/sbin/lwresd
/usr/sbin/named
/usr/sbin/named-checkconf
/usr/sbin/named-checkzone
/usr/sbin/named-compilezone
/usr/sbin/named-journalprint
/usr/sbin/rndc-confgen
I don’t want freebsd-update to patch these files. I also don’t want to get an email every day telling me that I need to patch them. I know I don’t need to patch them.
The solution? Tell freebsd-update to ignore these files with the IgnorePaths directive in /etc/freebsd-update.conf. I copied the list of files from the email and added IgnorePaths before them.
...
IgnorePaths /usr/bin/dig
IgnorePaths /usr/bin/host
IgnorePaths /usr/bin/nslookup
IgnorePaths /usr/bin/nsupdate
IgnorePaths /usr/sbin/ddns-confgen
IgnorePaths /usr/sbin/dnssec-dsfromkey
IgnorePaths /usr/sbin/dnssec-keyfromlabel
IgnorePaths /usr/sbin/dnssec-keygen
IgnorePaths /usr/sbin/dnssec-revoke
IgnorePaths /usr/sbin/dnssec-settime
IgnorePaths /usr/sbin/dnssec-signzone
IgnorePaths /usr/sbin/lwresd
IgnorePaths /usr/sbin/named
IgnorePaths /usr/sbin/named-checkconf
IgnorePaths /usr/sbin/named-checkzone
IgnorePaths /usr/sbin/named-compilezone
IgnorePaths /usr/sbin/named-journalprint
IgnorePaths /usr/sbin/rndc-confgen
...
The complication here is that I must watch out for BIND security advisories, rather than just trusting in the update process. But that’s normal.
DNSSEC Mastery #1 best-seller…
…in its extremely narrow category. The Kindle edition is #1 and the paperback is #3.
Admittedly, DNS books are not a big category. I’m not up against Stephen King here. But it’s my category, and I’ll take it. I cut my teeth on DNS and BIND Beating it out just seems somehow immoral. But I’ll live with it.
This is only a best-seller because people bought it. Thanks, everyone.
The next FreeBSD book?
BSDCan hasn’t officially started, and I keep getting asked when I will write a third edition of Absolute FreeBSD?
The short answer is: I don’t know.
The slightly longer answer is: it depends in part on you.
The much longer answer is:
FreeBSD has added lots of stuff since Absolute FreeBSD came out in 2007. The big, screaming, basic change is that ZFS is really well-supported, and considered a core feature.
But you can’t install to ZFS. Or to a mirror. Or to any of the other really cool options available on FreeBSD. There’s good stuff there, but new users can’t have it.
There are ways around this. For a new user, they range from ugly to absurd. I had hopes for the new FreeBSD installer, but none of the rumored improvements have reached real users. I could write “To install FreeBSD, install PC-BSD.” But my gut rebels. If you want PC-BSD, install PC-BSD.
If I was to write a big FreeBSD book today, it would have to be “1001 ways to install FreeBSD.” It would cover getting FreeBSD onto ZFS, or mirrors, or GELI, or any of the other cool options. That’s not a fun book to write and would not be fun to read.
Some discussions at BSDCan give me hope for an improved installation process. I don’t care if it’s the current installer, or a port of PC-BSD’s installer, or a resurrected sysinstall.
I have no problem spending a chapter on planning an installation, or on things you should know before installing — just look at Absolute OpenBSD. But that chapter can’t be “Here’s FreeBSD disk management system, so you can boot off a live filesystem and manually edit disks and create zpools and GELIs and mirrors and and and…” Experienced FreeBSD users put up with this, but you can’t give this to a new user.
FreeBSD should have a decent partitioning scheme at boot. If the OpenBSD folks can manage that with their text-only installer, surely FreeBSD could do so. But at least it’s possible to partition the disk with the current installer.
So: if you’re a programmer and want a new version of the book, work on the installer.
If you’re not a programmer: bribe one.
I have some small books on FreeBSD on my schedule, but that’s a very different thing. Until the installer changes, Absolute FreeBSD 3 isn’t even on the schedule.
DNSSEC Mastery print now on Amazon
Amazon now has the print version of DNSSEC Mastery available.
I set the initial price assuming that they would discount. How much will they discount it, and when? No idea. Amazon is not inscrutable, but scrutling them exceeds my abilities. SSH Mastery print has ranged from ~$14 to ~$17 at various times, based how much coffee Bezos fed the cloud that morning.