Category: Uncategorized

Posted on

“Absolute OpenBSD” physically exists

I hold in my hands the first copy of Absolute OpenBSD off the press.

IMG00371The fine folks at No Starch Press did a beautiful job designing and creating the print book. I know ebooks are the coming thing, but a well-designed physical book is a delight.

This specific copy is for Bill Allaire. I’ll have my own copy. But I’m sure Bill won’t mind if I spend a few minutes fondling his book.

The loop is closed, the project is over. Now to lie back and let the fame and wealth just roll into — Sorry, I can’t even type that with a straight face.

And if you ask me when the third edition is coming out, I’ll be sure to thank you. With an axe.

Posted on

“Absolute OpenBSD, 2nd edition” ebook download available

I’m told that No Starch Press now has the ebook for the new Absolute OpenBSD available for download. If you preordered the book, go get the electronic version while you’re waiting for the print to arrive.

If you haven’t preordered, go get it now. If you use coupon code ILUVMICHAEL, you save 30% and I make a couple extra bucks on it.

The auction for the first print copy off the press is up to $910. If it breaks $1000, I’ll post a coupon code for discounts on the electronic versions of my Mastery books from my Web site.

Posted on

Absolute OpenBSD blurbs

One of the tasks on an author’s to-do list is gathering blurbs for the new book. A blurb is blatant promotion from a name a reader might recognize. Preferably a name that has some bearing on the topic of the book. You frequently see this in fiction, where the first couple of pages are other people saying “this book is fantastic! It cured my leprous bulemia!” Most often it’s multiple authors each saying nice things about the others’ books.

“Nice,” I think. “They’re doing each other favors. It’s blatant backscratching. When I’m successful, I swear I will never do that.”

For the first time, the fine folks at No Starch Press asked me to get blurbs for the new book. Apparently I have reached the point where I merit that. It’s not bad enough that going around asking people to praise me is like begging for approval. No, I’m a computer dork. Telling others about my accomplishments doesn’t come naturally, and doesn’t work well when I try. Apparently this is common.

(For the record, I don’t particularly like bacon. Pig, yes, but bacon, not so much. I’m aware this is heresy on the Internet. Deal.)

So I have my mission: get blurbs. I think about who I know, who might be interested in the book. With growing horror, I realize: most of them are writers. All of them are friends on some scale, somewhere on the spectrum from “call up when you’re in town and we’ll get gelato” to “I heard you need to borrow a kidney, my back is already shaved.”

I guess I’m going back on my younger and dumber self’s sworn word. Dammit.

At least they all wanted to see the book before they said nice things about it. That’s mild balm to my conscience.

So, I’ve gotten a couple of them back and felt like sharing them. Actually, no, I misspeak. I don’t feel like sharing them. But if something embarrassing is going to happen, it’s best to take control and get it over with. So, in that spirit:

From George Rosamond, a founding member of NYC*BSD User Group and noted detester of string beans and beets:

“The space for BSD books is small, indeed.

All the BSDs provide excellent documentation, from their handbooks and FAQs to their native manual pages. Got a question? There’s a good chance you will find the answer in the official documentation.

Michael W. Lucas manages to squeeze into that ‘other’ space. He engages the reader. He answers those specific questions and addresses those methods that a manual page or online documentation can’t approach.

He is the modest sysadmin sitting next to you in front of an OpenBSD box, narrating as you dive into an operating system that does things minimally without fuss. He’s not perched up high on a pedestal, preaching or obfuscating his words. He is a layperson’s tutor, who’s working through the same issues the average sysadmin does.

So buy this book. Buy it because for the amateur or intermediate OpenBSD end-user, you will flatten any learning curves real or perceived. You will find the elegant simplicity of OpenBSD, while sometimes discouraging for the uninitiated user, is a fruitful path for building systems that just run.”

And from Chris Sanders, author of the essential Practical Packet Analysis and better human being than I am:

“It’s rare to find a book that can cover so much technical content while still being engaging and enjoyable to read. Absolute OpenBSD, 2nd edition, is one of those books that achieves that with flare. Whether you are an experienced OpenBSD user seeking a functional desk reference, or a new OpenBSD user seeking to gain the carnal knowledge necessary to become an expert, then Absolute OpenBSD is the book you have to have.”

Somehow, I don’t think NSP will let me use those blurber descriptions, though. Pity.

[UPDATE] Oh, yes, the plug. Forgot the plug. Preorder Absolute OpenBSD, 2nd Edition. Get ebook and print together for one low price. Use coupon code ILUVMICHAEL for a 30% discount and give me a couple extra bucks. Or, if you’re in a place where shipping from the US is prohibitive, get it locally. Whatever. In either case, thank you.

Posted on

FreeNAS 8.0 and SNMP

Today, I learned that FreeNAS 8.0’s SNMP isn’t quite all one could hope for. The good news is, the bugs will be fixed in 8.0.1. I’m posting this in the hope of saving others the annoyances I had.

To SNMP query a FreeNAS 8.0 host, you must force the client to use SNMPv2.

# snmpwalk -c public -v 2c freenashost

Additionally, you can’t change the community name (at least on the amd64 version). You must use public.

This is fixed in 8.0.1. Still, it makes me glad I hacked a firewall into my FreeNAS box.

Posted on

awk and access.log

I keep forgetting about the single quotes in this incantation. Writing it down won’t improve my memory, but I’ll know where to look it up.

To see a field (e.g. referers) from Apache’s combined access.log:

# cat /var/log/apache/logname | awk '($11 !~ /sitename|\-/) {print $11}'

This strips out references from the site itself, plus entries with a – in the field. Mostly useful when testing anti-referer-spam stuff.

Posted on

new personal Web site

Over the last fifteen years or so, hand-coded HTML has transformed from “how it is done” to “a baroque eccentricity” to “an amusing peccadillo” to “what is WRONG with you, dude?”

My personal Web site, http://www.michaelwlucas.com, has now been updated. It’s as boring as ever, except for the awesome art. Let me know if you see any problems. Those of you who prefer the old version can see it at www-old, but I won’t update it again.

Posted on

Ubuntu server 10.04 LTS diskless filesystem

A diskless server needs a copy of the operating system files, served from an NFS server.  The Ubuntu docs have a general-purpose tutorial on diskless systems, which suggests copying the files from your NFS server.  My NFS servers are not Ubuntu boxes.  Also, I don’t want to copy from a live system; too many things can happen.  I want a set of Ubuntu server files that I can use to deploy a functional server in a known good state, that complies with the requirements of my environment.  And I need to script it, so I can boot and update my “golden image” server and easily reproduce the same file set. And I want all the routine changes taken care of automatically.

This problem isn’t hard, but I’ve spent a fair amount of time building and rebuilding diskless systems lately, so you get to hear about it.

Install an actual Ubuntu system.  I prefer to install on a virtual machine.  This will become your “golden image.”  When the Ubuntu installer asks for a machine profile, choose OpenSSH server.

  • apt-get update && apt-get upgrade
  • Install required software, such as emacs, tcsh, and configure .
  • install portmap and nfs-common.
  • Install and configure LDAP auth and sudo against LDAP
  • Install and configure ufw.  I’ve seen many attacks against Ubuntu boxes lately, and highly recommend very restrictive firewall rules.  Do not let the world talk to your Ubuntu servers!
  • Make a VM snapshot of your base image, so you can revert to this core functionality
  • Install anything else required to make this a nice clean template for the purpose of this server.

Now mount a directory on another server on the clean server’s /mnt via NFS and tar up the server.

# cd /
# tar -cvpf /mnt/ubuntu1004.tar --one-file-system .

Wait.

The resulting tarball has a few problems.  I don’t want the diskless hosts to all have the same SSH keys, so those files need to be removed. Ubuntu caches the MAC address of attached NICs to maintain consistent interface names across reboots. This cached MAC address will be wrong for the diskless machine. The existing interface configuration will not work on a diskless machine (see below).  Finally, the fstab is wrong for any diskless machine.  The machine will get its hostname from DHCP, rather than from a file.  I therefore remove the troublesome files from the tarball.

# tar --delete -f /mnt/ubuntu1004.tar ./etc/ssh/ssh_host_rsa_key ./etc/ssh/ssh_host_rsa_key.pub ./etc/ssh/ssh_host_dsa_key ./etc/ssh/ssh_host_dsa_key.pub ./etc/udev/rules.d/70-persistent-net.rules ./etc/fstab ./etc/network/interfaces ./etc/hostname


The difficult file is /etc/network/interfaces.  I don’t want to use the server’s network configuration.  My test server boots from either DHCP or with a static IP, and neither will work for a diskless server.  A diskless server needs an /etc/network/interfaces like this:

auto lo
iface lo inet loopback
auto eth0
iface eth0 inet manual

I want to replace the existing ./etc/network/interfaces with one of my own choosing.  Tar won’t let you replace a file in an existing archive, but it will let you add another file of the same name.  I change to a config directory and add this file to my tarball.  Similarly, I need a blank etc/fstab.  I create a fake etc directory in another location, touch etc/fstab, and create a suitable etc/network/interfaces.

# tar --append -f /mnt/ubuntu1004.tar etc/network/interfaces etc/fstab

To use this file, log into NFS server, go to the mount point for the diskless system, and run:

# tar -xpf /path/ubuntu1004.tar

The machine will then boot, is easily cloned, built to my standards, and the only customization needed is to run dpkg-reconfigure openssh-server.

As I installed on a virtual server I can snapshot the golden image and build custom filesystems for different purposes.

Lots of long commands?  Yep.  This basically screams “8-line shell script, please.”  It’s a pretty trivial script, but if you’ve made it this far, you’re either interested in what I’m doing or astonished at my inanity.  In either case, you should get the script too.

#!/bin/sh

mount nfs1:/tmpmount /mnt
cd /
tar -cvpf /mnt/ubuntu1004.tar –one-file-system .

tar –delete -vf /mnt/ubuntu1004.tar ./etc/ssh/ssh_host_rsa_key ./etc/ssh/ssh_host_rsa_key.pub ./etc/ssh/ssh_host_dsa_key ./etc/ssh/ssh_host_dsa_key.pub ./etc/udev/rules.d/70-persistent-net.rules ./etc/fstab ./etc/network/interfaces ./etc/hostname

cd /home/mwlucas/fakeroot
tar –append -f /mnt/ubuntu1004.tar etc/network/interfaces etc/fstab

Yes, this shell script is a good example of fault-oblivious computing. But it suits my minimal needs, and performs the same task the same way every time.

About Me

Me, with one copy of every edition and translation of every book I’ve written. Except the Korean first edition “Absolute OpenBSD,” anyone have a spare?

Welcome!

As Michael W Lucas I write books explaining exactly how computers were a mistake. As Michael Warren Lucas I write SF, thrillers, mysteries, the odd tidbit of romantic suspense, and a bunch of other stuff. To find out when I release a book, sign up for my topic-specific mailing list.

Once you walk into the twisted imagination of Michael Lucas, you really won’t want to leave… – Kristine Kathryn Rusch, multiple Hugo award winning author of The Retrieval Artist

What goes on this site? All my books. Suggestions on which books you might like, depending on what you read. Updates on books underway. Links to recent, current, or impending Kickstarters. Nonfiction books open for sponsorship. New projects. April Fool’s pranks. Links to reviews. My travel policy. Answers to questions I’ve been asked too many times. Where you can get T-shirts and other stuff with book cover art on them. My social media, currently only Mastodon. My mailing lists–oops, I already mentioned that. Still, disintermediation is precious.

Find my nonfiction books at my e-bookstore, my print bookstore, Kobo, Apple, Google, Barnes & Noble, Amazon US, Amazon UK, Amazon AU, Amazon CA, Amazon DE, Amazon FR, Amazon IT, Amazon ES, or any other Amazon outlet. (Links might be affiliates, depending on stores.)

Grab my fiction at my e-bookstore, my print bookstore, Kobo, Apple, Google, Barnes & Noble, Amazon US, Amazon UK, Amazon AU, Amazon CA, Amazon DE, Amazon FR, Amazon IT, Amazon ES, or any other incarnation of the Bezos-beast. (Links might be affiliates.).

Latest Books

The collections Devotion and Corrosion and Apocalypse Moi are out, as is the Prohibition Orcs / Frozen Talons duology. OpenBSD Mastery: Filesystems and DNSSEC Mastery, 2nd Edition have escaped.

“One of the best technical writers in the networking and security environments.” – Midwest Book Review

Current Projects

I’m assembling tidbits for Running Your Own Mail Server and trying to get $ git merge murder, the last book of the $ git commit murder trilogy, rolling.

Lucas is one of those rare writers who can make nail-biter action and gut-wrenching drama dance together and not have either stepping on the other’s toes. – Rob Cornell, author of Darker Things

Social Media

Everything feeds back to my blog, so follow it. My Twitter is dead because Elon Musk is an alt-right idiot, but I have a fediverse/Mastodon server @mwl@io.mwl.io.