TLS Mastery updates, August 2020

Solar systems form out of vast clouds of particles and gas. Motes of dust aggregate, drawn together by their own minuscule gravity over innumerable aeons. Those aggregates creep near other aggregates, eventually colliding into heavier masses, and their combined gravity draws yet more matter. A cosmic observer with a really compressed sense of time would see nothing happen for millennia, then there would be a huge rush as all this matter sucks itself together and becomes so heavy that the innermost atoms are compressed into involuntary thermonuclear fusion. It looks quick, but most of the progress is invisible.

Writing this book is a lot like that.

I’ve used TLS and SSL for decades. I have debugged errors and battled bogus certificate chains. I have screamed the vilest obscenities at SSL Labs for daring to expose my weaknesses and, like every other sysadmin, have doused browser developers in kerosine as they slept and set them on fire. I had a good working knowledge of TLS, but writing about it demanded a deep plunge.

So: the book is about a quarter written.

Most of my time has been spent aggregating tiny details into facts, building those facts into knowledge, and fitting my experience into that knowledge. I’m not going to jinx myself by publicly declaring that I expect the mere writing to go quickly, of course, but I feel I have some decent aggregate chunks and am ready to start throwing them together.

The Princess Bride motif I was considering seems to be a natural fit. Which is good, because if a motif doesn’t fit naturally it’s the wrong motif. My subconscious brain recognized the suitability before my conscious mind did. (Weirdly, John Carpenter films would have also fit well. I did cosmic horror for the SNMP book, however, so my beloved Carpenter must wait for another suitable title.)

Some bits, of course, won’t fit. A stray comment from Ray Percival reminded me that this book doesn’t mention my personal favorite Great Evil: Oracle. You might not have noticed, but Oracle has exerted great efforts to earn my personal loathing. The conversation ed1conf and I had on the Great Beast is irrelevant to TLS.

“You’ve heard of Informix? DB/2? SQL Server 2019?”



“In that case I challenge you to a battle of integrity.”

“For the database?”


“To the death?”


“I accept!”

“Good. Then open your console. Read this, but do not click «agree».”

“I comprehend nothing.”

“What you do not comprehend is called a EULA. It is odorless, tasteless, devolves instantly into legalese, and is among the more deadlier poisons known to man.”

(deploys system)

“All right: where is the liability? The battle of wits has begun. It ends when you decide and we both click «agree», and find out who is right and who is sued.”

(much later)

“They all had a EULA. I spent the last several years building up a mastery of Postgres.”

You can still sponsor TLS Mastery either at the print level or ebook level. Don’t wait too long if you’re interested. The dust cloud is coming together faster and faster, and once fusion hits it’s all over.

Sponsorship Headaches

Today, this happened.

This is a Sudo Mastery, 2nd Edition print sponsor’s gift. I shipped this book out just after I got the hardcovers, back in late 2019. It went to Russia. Months later, it came back with a tag saying “No such person at this address.” In the months between purchasing the sponsorship and me finishing the book, the sponsor had moved to Estonia. I shipped the book out the second time with the Networknomicon sponsorship shipments, just before the United States Postal Service to suspend all shipments to Estonia.

Today, I checked my PO Box for the first time since sending those books. I don’t get much mail there, and I’ve avoided leaving the house because of the plague. The length of this delay is 100% my fault. Fortunately, mail service to Estonia has been restored. I can now reship this package. AGAIN. The good news is I’m entitled to a refund on postage, so I don’t have to pay postage a third time.

The sponsor (who I’m not going to name for privacy reasons, though he’s welcome to chime in here to call me an idiot) has been beyond patient. I’m going to add some extras to his package, to show my gratitude.

But if you’re considering book sponsorships, or Kickstarters, or anything that involves physical goods, this is the sort of headache you’ll be dealing with. If (when) the plague is still going on when I finish TLS Mastery and start the next tech book, I might decide to not offer print sponsorships. Don’t get me wrong, I’m utterly grateful for people’s support–but I must not make promises I cannot reliably keep.

Stupid plague.

Anyway, that’s enough annoyance for today. I need to go make the words. Stay home, wash your hands, and wear a mask. And be kind to those around you–they’re just as stressed out as you are.

Reviews and Podcasts on “Cash Flow for Creators”

Mark Leslie Lefebvre hosts Stark Reflections, an essential podcast for writers. He was kind enough to interview me on my new book, Cash Flow for Creators. If you have any interest in managing money in a creative business, check it out. We also talked about the Networknomicon and other special editions, as well as many other options open to today’s creators.

Mark knows the publishing business cold, and his thoughts are well worth listening to. Plus, Mark is giving away a copy of the book. Listen to learn how to win.

Meanwhile, over at Writing Slices, Alex Kourvo reads books about writing. Now, I’m not saying that Kourvo calls her blog that because when she finds a bad book she slices it to ribbons. I wouldn’t dare. Alex turned her experienced and incisive eye to C4C. While I’ve given up soliciting long-form reviews, I’m always pleased when they happen. I expected her to leave my book a heap of ribbons, but was pleasantly surprised.

If you’re a writer and you have any interest in learning your craft, you should subscribe to Writing Slices. She really will save you a whole world of frustration with lousy books, freeing you to discover your own personal, entirely unique realms of frustration. I rarely buy writing books any more, but when I do it’s because she recommended them.

You can get C4C in all the usual places, including at my ebookstore and my print bookstore.

That’s enough resting on past successes. The electricity has returned after a 51-hour outage. The fridge has been sanitized and restocked. It’s time for me to descend into the Word Mines and drag out a bucket of high-carat verbs, not all of them obscene.

New book: “Cash Flow for Creators”

I make my living writing books. I don’t consult. I don’t teach, except for occasional talks at user groups and conferences–and cynics might call those talks “one hour commercials for a book.” It caused a problem I didn’t predict. People keep asking me how I do it. Some of these querents are making enough at their writing or other creative endeavor that they could make a living with their writing. I find my way of life immensely satisfying, and I believe similarly inclined folks should enjoy the same pleasure.

The answer comes down to: learn business.

Most business books are irrelevant to creators. Business books are aimed at franchises or stores or family factories, and contain chapter after chapter of stuff that’s utterly irrelevant to creators. I know. I read the books. Plus, the artistic stereotype includes “bad with business.” This is a pernicious myth that hampers many creators. A creator that dives into a business book filled with irrelevancies can be forgiven for buying into the myth, though.

This myth supports an entire industry. Any number of people will agree that creators have no head for business. It’s genetic. It’s not in their nature. That’s just how it is. They will soberly agree to handle your business affairs for a meager cut of the take. These people have an unparalleled skill at looking serious while their inner child is cackling and counting up the money. They profit by feeding the myth. These folks take the “no head for business” myth from a handicap and escalate it to utter pernicious fallacy.

A creative business isn’t hard, once you know how to do it. It might be the simplest kind of business there is, specifically because you don’t have to worry about so many of the things that make a store or a factory complicated. It might also be the most complicated, because being a full-time creator changes your whole life.

So I wrote a book about it. A small book. A cheap book. Cash Flow for Creators is about how to create, run, and build a creative business from the ground up. It explains how business works, and how to convert the irregular flow of creative income into rent payments without getting in trouble with the tax man.

It’s available my ebookstore and my brand new print bookstore. Or lots of other places shown in the book listing. (Still waiting on Apple, dagnabit.)

There it is. That’s how I do it. No secrets, no evasions.

The rest is up to you.

“TLS Mastery” sponsorships open

My next book will be TLS Mastery, all about Transport Layer Encryption, Let’s Encrypt, OCSP, and so on.

This should be a shorter book, more like my DNSSEC or Tarsnap titles, or the first edition of Sudo Mastery. I would like a break from writing doorstops like the SNMP and jails books.

You can sponsor in print or ebook. Remember, the print sponsorship includes everything in the ebook sponsorship, so you don’t need to buy both unless you want your name to appear twice in the ebook.

As we’re in a pandemic: take care of you and yours first! I’m conflicted on offering sponsorships, as so many people have lost their jobs. Several folks said they were going to send me money anyway, so I’ve opened these up. Do NOT send me money if you have any doubts about your financial stability.

“SNMP Mastery” leaking out

Bit by bit, site by site, SNMP Mastery is escaping into the world. I’ll keep the SNMP Mastery entry on my web page updated as it appears in more stores.

The various store databases are still synching everything up. You can get both paperback and Kindle on Amazon, but the entries aren’t connected. IngramSpark, the non-Amazon paper distributor and the sole source for hardcovers, is still processing. It’ll appear in other stores soon.

Now to go do my taxes, and get more work on git sync murder.

The MWL 2020 Asia Tour

Yep, I’m a big star now, touring Asia and everything! Sort of. Two countries. Two cities. The world’s most minimal tour. I’m a big star, in a really really tiny universe.

19-22 March 2020, I’ll be at AsiaBSDCon. I’m presenting a four hour tutorial on FreeBSD jails, as well as attending the conference.

The fine folks at HasGeek are sponsoring me on an accompanying trip to Bangalore, India, for three events. (Cool fact of the day: they’re not conferences in India, they’re events, because a “conference” apparently involves the Indian government and this isn’t a government thing.)

25 March, I’m offering a public lecture on Where is the Sysadmin Today at Juspay’s offices. I have rants thoughts. Oh, do I have rants thoughts.

27 March, I’m attending Netconf. This is an Unconference (Unevent?), so the program won’t be set until it starts. I’ll be proposing my new SNMP talk. I could also give any talk I’ve given before. If you’re attending and want me to give a specific talk, please comment or use the contact form to ask me to submit it.

28 March, I’m doing a reading of git commit murder at Champaca Bookstore, as well as a Q&A with Swapneel Patneka and anyone else who opens their mouth.

Why do this trip, when I loathe travel? Over the last twenty years, I’ve promised several folks that I would one day attend AsiaBSDCon. I keep my promises. I’m looking forward to being there, but not to getting there. The Bangalore trip is serendipitous. Presenting technology is how I built my career. Bangalore is a technology center and obviously a place I should present in. HasGeek asked if I would be interested, I said “if you could put an event by AsiaBSDCon,” and those folks actually went and did it. I’m simultaneously amazed and honored that they’ve gone to such trouble.

Plus, HasGeek opened discussions by promising gelato. They did their research.

I’ll have a couple free days in each place, yes, and I’ll take advantage of them. I’d rather like to attend a few classes at the Hombu Dojo, but… Fly across the world, teach crowds of strangers to whom English is a second language, talk to folks about areas I’m an expert in? Sure. Set foot on Ueshiba’s tatami? I’ve only practiced martial arts for eighteen years, there’s absolutely no way I’m worthy.

And India’s history is thousands of years deep, plus there’s elephants and tigers and… and… everything. I can’t decide what to see.

I’ve mentioned before that I’m cutting down my traveling. This trip will cost me at least a week of writing time before the trip, and probably two weeks of writing time afterwards as I recover. It’s at least a month of proper writing, all told, and probably more. I can’t authoritatively say that this is my final trip to Asia, no matter what. I can say that I’m not planning to travel so far again. If you’re on that side of the world and want to meet me, this is your best opportunity.

I will do Penguicon and BSDCan in 2020, but otherwise, I’ll be home making words.

“SNMP Mastery” cover reveal

I’ve been working like a maniac to complete “SNMP Mastery” before AsiaBSDCon. This means I haven’t had time to do my usual year-end roundup, the book cover reveal, or any of my usual beginning-of-year crud. The book went to copyedit today. At 60,000 words, it’s the biggest Mastery title yet. It’s bigger than I wanted, but SNMP is bigger than I want it to be, so I guess it evens out.

This means I have time to show the cover, done after Caillebotte’s Paris Street, Rainy Day.

SNMP Mastery wraparound cover

Why’s Beastie the one holding the umbrella? Because he’s a bloody gentleman. Also: hands.

(Purists will note that the ISBN sticker is not right. That’s because it’s not the final ISBN. I just assigned ISBNs today. I won’t have the real barcode until close to completion. You don’t have to email me about the inaccuracy, I remember from last time. Seriously.)

“SNMP Mastery” tech reviewers wanted

I’ve just finished the first draft of SNMP Mastery, and I’m looking for folks interested in pointing out my mistakes and misunderstandings.

If you’ve got the time to read the book and comment, please drop me an email at mwl at mwl dot io saying:

  • your degree of SNMP expertise
  • that you won’t share the draft manuscript. (I don’t need piracy of unproofed manuscripts to ruin my reputation, the finished books do enough harm, thank you.)

I would need all comments back before Monday, 13 January 2020. All comments need to be in plain text with enough context that I can find the bit you’re talking about, or annotations on the PDF. While I appreciate the madman who took the time send me PostScript diffs, I am insufficiently geeky to cope with them in the time allotted. With luck I’ll have it in time for AsiaBSDCon and HasGeek in March.

This book is written with a Lovecraftian cosmic horror motif. Because

We’re left with a protocol that’s incredibly powerful and flexible, but bears all the scars of its history. SNMP lets you invoke ancient standards from the void. It grants you incredible system-changing power, and can destroy everything you’ve worked for. SNMP exposes the secrets of your servers, and—if you’re thoughtless—reconfigures them into unspeakable nightmares. It’s like something out of an HP Lovecraft tale, without the rampant xenophobia but with all the alien system topologies.1

1The topologies were there all along. Your shallow human mind was blissfully incapable of perceiving them.
This whole analogy is disturbingly apropos.

Here’s the Table of Contents

  • Introduction
  • SNMP Essentials
  • Authentication
  • Queries
  • The Management Information Base
  • The Net-SNMP Agent
  • Logging
  • SET
  • Proxies, SMUX, and AgentX
  • Access Control
  • Extending snmpd(8)
  • Monitoring
  • Traps
  • Afterword

What comes next? I’ve been writing twelve hours a day for the past two weeks to finish this book on time. What comes next is a heartfelt faceplant. Hopefully onto the couch, but if I hit the bed of nails that’s okay.

The Six Prequels to “FreeBSD Mastery: Jails”

I’ve said a few times that I needed to write six books before I could write FreeBSD Mastery: Jails. Some were for the reader, because I didn’t want to take a break from the jails content to explain a seemingly unrelated topic. Some were for me, because I didn’t know everything I needed about a topic to effectively cover jails.

I thought which six books those were was obvious. I have heard from more than one person that it’s not. I chose to not put a title-by-title course of study in the front of the jails book. Seems I was wrong about that as well.

So: without further ado, here are the six prequels to FreeBSD Mastery: Jails.

  • Networking for Systems Administrators

    People want to bridge their jails, or VNET them, or NAT them, or otherwise play tricks with their network. You can’t set up a virtual switch if you don’t understand what a switch is. You can’t network your jails if you don’t understand netmasks. Every time your first virtual network grows, you have to troubleshoot everything.

  • FreeBSD Mastery: Storage Essentials

    Jails are all about storage. You can implement one or two jails without knowing what you’re doing, but eventually they’ll ruin your day.

  • FreeBSD Mastery: ZFS
    FreeBSD Mastery: Advanced ZFS

    ZFS is incredibly jail-friendly. It doesn’t suit all deployments, but if you want to implement jails at scale you’re almost certainly exploiting ZFS.

  • FreeBSD Mastery: Specialty Filesystems

    Any non-trivial jail implementation requires understanding devfs, nullfs, and memory filesystems. Many use iSCSI, NFS, and/or autofs. By the time I put all that in a book, I might as well add in namespace filesystems and HAST and completely cover special-purpose filesystems.

  • Absolute FreeBSD, 3rd Edition

    By the time I wrote all of the above, FreeBSD had changed enough that the second edition wouldn’t suffice.

Yes, I planned this. Every book I write is ordered internally in much the same way. I look at the material for each chapter and say “What must the reader understand before reading this?” I often revisit my chapters as needed, or even split them. Chapters 17 and 19 of AF3e were originally part of early chapters, but I had to split those chapters and put parts of them later because the reader would lack the context to understand the material.

Mind you, this is only what you need to get jails working. Managing jails is the pinnacle of systems administration practice, so I’d certainly recommend you learn about SSH, PAM, and sudo. Really, though, I’d suggest get a job at the gelato shop. You’ll be happier.