Again, this is mostly for my later reference, reviews on DistroWatch and Sunday Morning Linux Review.
In this BSD issue of SMLR, tho hosts were heard to say “Linux – that’s so last year.” So glad they’re catching up.
Visiting an OpenBSD hackathon.
I took Bill Allaire’s copy of Absolute OpenBSD to Toronto to get it signed. If you wonder what that’s like, check out my article over on undeadly.org.
Why no tech posts from me for a while now? I’m moving a bunch of virtual machines from ESX to SolusVM. As some of these VMs are several years old, I’m taking the opportunity to make new OS installs and get them into my Ansible setup. It’s a lot of work, but it’s not blog-worthy.
When I do something interesting, you’ll be the first to know. Well, no, maybe the sixth or seventh. But still, pretty early on.
Two “Absolute OpenBSD” reviews
One from Crypted Nets and one from IT World.
I post book reviews mostly so I can find them again years from now. When the time comes to do a third edition, I need quotes like “I doubt that a better book on OpenBSD could be written” for the cover and marketing materials.
FreeBSD-update vs bind99-base
My master nameserver runs BIND 9.9, so I can do DNSSEC easily. I’ve installed from ports, but used the REPLACE_BASE option so that it overwrites the BIND 9.8.3 install included in the base system. That way I don’t have to worry about having multiple versions of the same command on different systems.
I patch this system via freebsd-update. After applying the latest security patches, I got the following email:
The following files will be updated as part of updating to 9.1-RELEASE-p3:
/usr/bin/dig
/usr/bin/host
/usr/bin/nslookup
/usr/bin/nsupdate
/usr/sbin/ddns-confgen
/usr/sbin/dnssec-dsfromkey
/usr/sbin/dnssec-keyfromlabel
/usr/sbin/dnssec-keygen
/usr/sbin/dnssec-revoke
/usr/sbin/dnssec-settime
/usr/sbin/dnssec-signzone
/usr/sbin/lwresd
/usr/sbin/named
/usr/sbin/named-checkconf
/usr/sbin/named-checkzone
/usr/sbin/named-compilezone
/usr/sbin/named-journalprint
/usr/sbin/rndc-confgen
I don’t want freebsd-update to patch these files. I also don’t want to get an email every day telling me that I need to patch them. I know I don’t need to patch them.
The solution? Tell freebsd-update to ignore these files with the IgnorePaths directive in /etc/freebsd-update.conf. I copied the list of files from the email and added IgnorePaths before them.
...
IgnorePaths /usr/bin/dig
IgnorePaths /usr/bin/host
IgnorePaths /usr/bin/nslookup
IgnorePaths /usr/bin/nsupdate
IgnorePaths /usr/sbin/ddns-confgen
IgnorePaths /usr/sbin/dnssec-dsfromkey
IgnorePaths /usr/sbin/dnssec-keyfromlabel
IgnorePaths /usr/sbin/dnssec-keygen
IgnorePaths /usr/sbin/dnssec-revoke
IgnorePaths /usr/sbin/dnssec-settime
IgnorePaths /usr/sbin/dnssec-signzone
IgnorePaths /usr/sbin/lwresd
IgnorePaths /usr/sbin/named
IgnorePaths /usr/sbin/named-checkconf
IgnorePaths /usr/sbin/named-checkzone
IgnorePaths /usr/sbin/named-compilezone
IgnorePaths /usr/sbin/named-journalprint
IgnorePaths /usr/sbin/rndc-confgen
...
The complication here is that I must watch out for BIND security advisories, rather than just trusting in the update process. But that’s normal.
DNSSEC Mastery #1 best-seller…
…in its extremely narrow category. The Kindle edition is #1 and the paperback is #3.
Admittedly, DNS books are not a big category. I’m not up against Stephen King here. But it’s my category, and I’ll take it. I cut my teeth on DNS and BIND Beating it out just seems somehow immoral. But I’ll live with it.
This is only a best-seller because people bought it. Thanks, everyone.
The next FreeBSD book?
BSDCan hasn’t officially started, and I keep getting asked when I will write a third edition of Absolute FreeBSD?
The short answer is: I don’t know.
The slightly longer answer is: it depends in part on you.
The much longer answer is:
FreeBSD has added lots of stuff since Absolute FreeBSD came out in 2007. The big, screaming, basic change is that ZFS is really well-supported, and considered a core feature.
But you can’t install to ZFS. Or to a mirror. Or to any of the other really cool options available on FreeBSD. There’s good stuff there, but new users can’t have it.
There are ways around this. For a new user, they range from ugly to absurd. I had hopes for the new FreeBSD installer, but none of the rumored improvements have reached real users. I could write “To install FreeBSD, install PC-BSD.” But my gut rebels. If you want PC-BSD, install PC-BSD.
If I was to write a big FreeBSD book today, it would have to be “1001 ways to install FreeBSD.” It would cover getting FreeBSD onto ZFS, or mirrors, or GELI, or any of the other cool options. That’s not a fun book to write and would not be fun to read.
Some discussions at BSDCan give me hope for an improved installation process. I don’t care if it’s the current installer, or a port of PC-BSD’s installer, or a resurrected sysinstall.
I have no problem spending a chapter on planning an installation, or on things you should know before installing — just look at Absolute OpenBSD. But that chapter can’t be “Here’s FreeBSD disk management system, so you can boot off a live filesystem and manually edit disks and create zpools and GELIs and mirrors and and and…” Experienced FreeBSD users put up with this, but you can’t give this to a new user.
FreeBSD should have a decent partitioning scheme at boot. If the OpenBSD folks can manage that with their text-only installer, surely FreeBSD could do so. But at least it’s possible to partition the disk with the current installer.
So: if you’re a programmer and want a new version of the book, work on the installer.
If you’re not a programmer: bribe one.
I have some small books on FreeBSD on my schedule, but that’s a very different thing. Until the installer changes, Absolute FreeBSD 3 isn’t even on the schedule.
DNSSEC Mastery print now on Amazon
Amazon now has the print version of DNSSEC Mastery available.
I set the initial price assuming that they would discount. How much will they discount it, and when? No idea. Amazon is not inscrutable, but scrutling them exceeds my abilities. SSH Mastery print has ranged from ~$14 to ~$17 at various times, based how much coffee Bezos fed the cloud that morning.
Books at BSDCan
I’m sure everyone who reads this blog knows I’ll be at BSDCan tonight through early Sunday morning. I will also have books for sale, however.
Cash only.
If you buy a book, I’ll throw in a free Tilted Windmill Press T-shirt while supplies last. Because why not.
I’ll also be giving away some books as review copies. If you want a review copy of Absolute OpenBSD, you’ll need to give me your email address. I’ll be handing it off to the NSP publicity department. Sorry to be a pain on that, but I have to pay for any Absolute OpenBSDs that aren’t review copies. (Or I can ship them back to the publisher, but that’s just a waste.) I’m more flexible with review copies of self-published books.
First “DNSSEC Mastery” reviews
Two reviews came out over the weekend, one from Peter Hansteen and the other from Justin Sherrill.
Apparently this book also does not suck. Yay!
I’ll be giving a live dramatic reading from the book — er, that is, teaching a course on DNSSEC — at BSDCan Wednesday morning this week.
“Absolute OpenBSD” Kindle edition: problems and on sale
I’ve heard from a few different readers that there are problems with the Kindle edition of Absolute OpenBSD. It’s by no means every copy in every format, but there are enough problem reports that it needs investigating.
I’ve notified the publisher. They are investigating. When I have an update, I will post it.
Generally, when a Kindle file has a problem, remove it from your device. When the new version appears, you can re-download it from Amazon.
And this is the point where I mention that Absolute OpenBSD is O’Reilly’s Deal of the Day. If you want the ebook, you can get it for 50% off.