Crime writer. Many of those crimes involve computers.
My BSDCan 2016 talk on OpenPAM and BSD is now on YouTube.
The video comes straight from screen capture, which means it’s missing details like the green dot of the laser pointer.
Also, the audio only covers my voice. You don’t get all the audience interaction. Sadly, I forgot to repeat audience questions at the end, but you can figure most of them out based on my responses.
Also, I need to stop saying “um.” I really need to stop saying “um.”
I’ve wondered for a while what to do about Allan Jude.
Allan is my co-author on FreeBSD Mastery: ZFS and FreeBSD Mastery: Advanced ZFS. I could have written those books on my own, but they wouldn’t have been nearly as good.
We have had one major disagreement, though: is it pronounced zee-F-S or zed-F-S? This has proven an intractable problem.
I’ve come up with a solution, though.
FreeBSD Mastery: Advanced ZedFS – Canadian Version.
Here’s the front text.
This book exists because Allan Jude is too generous for his own good.
Alan has aided my efforts to become a professional writer in ways that can never really be paid back. They can only be paid forward.
The only real disagreement we had while writing this book was on the pronunciation of ZFS. Is it zeeFS, or zedFS? This special edition of FreeBSD Mastery: Advanced ZedFS exists as a physical token of my appreciation.
What makes this book different from the regular edition?
First, the special Canadian cover.
The text is modified to be more palatable for Canadian readers.
This edition contains a footnote that does not appear in the standard edition.
And last, this edition has not been proofread or copyedited.
Thanks, Alan, for everything.
Michael W Lucas
24 May 2016
The catch is: it’s only available in print.
Only five of them exist. (The electronic originals have been destroyed, so I couldn’t exactly reproduce this if I wanted to.)
I have one.
Allan has three. (There’s a YouTube video of part of the presentation.)
One, and only one, will be on sale.
The only place to get it is at the BSDCan charity auction, benefiting the Ottawa Mission.
BSDCan attendees, this is your one and only one chance to get a copy of this exotic, rare object.
Ask Alan or myself for a peek at it.
A person’s first visit to a particular tech con can be overwhelming. BSDCan is now having an introductory session for new attendees, to try to ease them into the event. Somehow, I’m running it.
From 6-9 PM on Thursday night I’ll be in DMS 1160 to greet new BSDCan attendees and discuss how the conference runs with folks new to BSDCan.
I would really like someone from each of the BSD projects to help me ease new attendees into the con. Ideally I’d be able to say “Oh, you want FreeBSD? Let me introduce you to Fred, he’s a FreeBSD guy,” or OpenBSD, or whatever project they’re interested in.
This will be pretty informal. I plan to order carryout and hang out.
The event concludes at 9 PM, leaving time for a gelato run, of course.
In my mind, new attendees need to know about:
Can you think of anything else I should add to this list?
I’ve posted the story of why I like OpenBSD elsewhere on this blog. It made a fine conclusion to the new Absolute OpenBSD.
The FreeBSD foundation finally convinced me to write a similar tale for FreeBSD. You can find it on the Foundation blog.
It involves monkeys.
(First post in a while? Yep. I’ve been busy, but not with anything worth posting.)
While the folks at Penguicon reserve the right to change the schedule at any time, we’re close enough to the con that I’m comfortable releasing my talks and panel schedule. This is extracted from the official Penguicon descriptions. and schedule.
Friday, 30 29 April:
6 PM – Social Media for Writers (panelist) – Hamlin
What social media trends does a writer building their web footprint need to understand? What are some Dos and Don’ts?
8 PM – PAM: You’re Doing It Wrong (speaker) – Windover
PAM, or Pluggable Authentication Modules, is one of the most occult parts of managing Unixish systems. The unique configuration syntax and idiosyncratic rule processing drives many sysadmins to copy working configurations from other people and random blog posts. This talk takes you through the essentials of PAM configuration, You’ll learn the components of PAM, how PAM processes rules, how to use multi-factor authentication, and get an overview of some useful PAM modules you probably haven’t used, based on my forthcoming book “PAM Mastery.”
10 PM – the ZFS File System (speaker) – Windover
ZFS, the Zettabyte File System, is one of the most full-featured filesystems available today and gives almost unlimited storage flexibility. Originally created by Sun Microsystems, the independent entity OpenZFS now develops ZFS as deployed in illumos, Linux, and FreeBSD. This talk takes you through ZFS’ features, including: data self-healing, deduplication and compression, clones and snapshots, copy-on-write, boot environments, replication, and more. Once you use ZFS, you’ll never understand how you lived without it.
Saturday, 1 May 31 April:
11 AM – Networking for Systems Administrators (speaker) – Windover
Too many organizations have a tense relationship between the network folks and the sysadmins. Sometimes it degenerates just short of war. But basic networking isn’t hard–if it was, network engineers couldn’t do it. This talk teaches the essentials, in a way that lets sysadmins troubleshoot network problems on their own. Sysadmins have amazing visibility into the network, once they know how to use it. We’ll cover cross-platform tools for viewing and troubleshooting the network, on both Windows and Unix.
4 PM – Encrypted Backups with Tarsnap (speaker) – Windover
Online backup is incredibly useful, but has many privacy and integrity risks. Tarsnap is an online backup service that only handles your data in encrypted form. It’s inexpensive and reliable. Plus you don’t need to trust the Tarsnap service–they can’t access your backups even if they want to. And Tarsnap’s built-in deduplication saves space, letting you store terabytes of backups in mere gigabytes of disk. This talk takes you through using Tarsnap, from backing up a system to customizing and rotating backups, to fully restoring them.
5 PM – Acts of Shameless Self-Promotion (panelist) – Portage Auditorium
What’s the best way to get your name forward?
7 PM – reading (speaker) – Writer’s Block (313 & 315)
My first ever fiction reading: my datacenter crime story “Wifi and Romex” I’m sharing this hour with Ken MacGregor. Don’t know which half I’ll get.
Sunday, 2 1 May:
10 AM: Self-Publishing 2016 (panelist) – EMC 1
This panel discusses today’s self-publishing options and business models. Our panelists include authors who are both self- and traditionally published, in fiction and nonfiction, including people who are making an income entirely by self-publishing. We’ll discuss why we made the choice to self-publish, the pitfalls and lessons learned, and which business choices we’ve made on our respective self-publishing efforts.
12 PM: BSD Operating Systems in 2016 (speaker) – Windover Charlevoix B
The BSD family of Unix has a been kicking around for almost 40 years now, and have taken different paths than Linux. Come see the last year’s developments in BSD land! One of them just might solve your intractable problem. We’ll talk about new things from FreeBSD, OpenBSD, plus updates from NetBSD, Dragonfly, and assorted derivatives.
2 PM: Senior Sysadmins Panel – Windover
Some say systems administration is a young man’s game, and that eventually sysadmins rise into management. They’re wrong. A sysadmin who measures their experience in decades has made mistakes younger sysadmins can’t even imagine. This panel lets you learn from their suffering, take advantage of their experience, and laugh at their pain.
I’ll have print books at all of my tech talks, including the brand-new FreeBSD Mastery: Advanced ZFS. You’ll be able to find my novels up in the Writer’s Block, rooms 313 & 315.
I’ll be kicking around the con the rest of the weekend, except for probably a lunch break Saturday. (Anyone interested in pho?) I’m not making a firm schedule for the rest of the time, but you’ll have a pretty decent chance at finding me at any of these events.
Friday 4 PM: LN2 Welcome Back Ice Cream
Friday 11 PM: LN2 After Hours Ice Cream
Saturday 3 PM: LN2 Guest Flavors Ice Cream
Saturday 11 PM: LN2 After Hours Ice Cream
Sunday 11 AM: LN2 Sunday Brunch Ice Cream
(I wrote sponsors an email with this information earlier, but email is not exactly reliable, so I’m posting it here as well.)
The good news: the book is almost here!
I’m greatly touched by how many people offered their support. The least I can do is verify that I’m spelling your name correctly.
Here’s the sponsor list, as well as my notes on any instructions you sent with your sponsorship. Please double-check that I:
I would appreciate a response, even if it’s “everything looks OK.”
If you have any additional requests, such as signing the book to someone other than yourself, this is the time to tell me.
The final ebooks should be in your account next week. Print books should ship the last week of the month, if everything goes well.
Thanks again, for everything.
Kris and Allan of BSDNow interviewed me this week, about FreeBSD Mastery: Specialty Filesystems.
Also about the Lucas Track (now up to ten events, I must be even nuttier than I thought!) at Penguicon, and about my new novels.
Also, how to intimidate Allan Jude into working harder. Always useful information.
When I set up the FreeBSD Mastery: Advanced ZFS print and ebook sponsorships, I never considered when I should take them off sale.
Comments are due back from tech editors tomorrow, 28 March. I’ll immediately be processing them. This should take a couple days. Once I’ve made all the corrections, I’m sending the whole thing out for copyedit.
The sponsorship sale ends when the book goes for copyedit.
If you want to be a sponsor, act now.
If not, that’s perfectly cool too.
Sunday Morning Linux Review episode 184 discusses FreeBSD Mastery: Specialty Filesystems.
While SMLR is always worth listening to, if you want to cut right to the review (or, alternately, if you’re me coming back to look for good quotes to steal for publicity purposes), the review starts about 30 minutes in.
It’s about 1:11 into the unedited video.
Summary: the book does not suck. And some parts are actually interesting. Which is nice. The book did expose Mary to new ideas and sent her running for the manual and Wikipedia a few times, but learning is good for you, so that’s okay.
I should also note that while I offer free review copies to podcasters, SMLR insists on purchasing books for review. They say it keeps them unbiased. I won’t argue.
I’ve discovered unknown terrors while researching and writing PAM Mastery. Well, terrors previously unknown to me, at least. I’m certain that the OpenPAM and Linux-PAM developers are very much aware of them. (I’m also certain that they’re part of the reason DES keeps his hair cut so short, so that he can’t yank it out of his head in bloody chunks.)
Part of the writing process was building a giant spreadsheet listing operating systems, PAM versions, and which modules appear in each OS. Strictly speaking, OpenPAM proper contains very few modules. Most “OpenPAM” modules actually originate from FreeBSD. But people are free to use them, so they generally get lumped into the “OpenPAM module” bucket.
One module that’s conspicuous by its absence in pam_listfile. Pam_listfile.so lets you accept or reject access based on the username’s presence in a file. It’s much like the traditional BSD /etc/ftpusers functionality.
It’s a reasonable enough module. And I’m told that pam_listfile.so can be compiled to work on FreeBSD, but nobody’s bothered to submit a port. How to make it work is a perennial question on the FreeBSD mailing lists.
The good news is, you can easily emulate pam_listfile.so on FreeBSD using pam_exec. Pam_exec runs a command as part of the PAM chain. If the command returns 0, the module says to grant access. If the command returns 1, the module says to deny access. (Whether PAM obeys this instruction or not depends on the type of statement.)
Here I implement basic pam_listfile.so functionality in a shell script, pam_listfile.sh.
Enable pam_listfile.sh as an auth rule.
auth required pam_exec /usr/local/scripts/pam_listfile.sh
Now all you need is a script. This version of the script permits access if the username appears in /etc/validusers.
#!/bin/sh
/usr/bin/grep ^$PAM_USER$ /etc/validusers
return $?
And here’s a version that rejects access if the username appears in /etc/validusers, exactly like /etc/ftpusers. It’s a huge change, adding an entire exclamation point.
#!/bin/sh
! /usr/bin/grep ^$PAM_USER$ /etc/validusers
return $?
You could add more functions as you need. The important thing is to return either 0 or not-zero.
PAM Mastery is over half finished. I’ve completed the parts on “this is how PAM works” and have moved on to “here are some cool PAM modules that you might want to use.”
And my marketing department says I need to mention that I’m taking sponsors on the print and ebook versions of PAM Mastery.