Author: Michael Lucas

Writer. Sysadmin. Owns this site.
Posted on

First copy of “Absolute OpenBSD, 2nd ed” now on auction

You’ve asked me how to get Absolute OpenBSD early.

The answer is simple. You buy it. At auction. All proceeds to the OpenBSD Foundation.

The printer will take the first copy of Absolute OpenBSD off the press and overnight it to me. I will sign it, and label it on the title page as the first copy. I will include a Certificate of Authenticity stating that this is the one true first copy off the press. I will ship this book anywhere in the world, as fast as reasonable, at a cost of up to $100. (If you win the bid and want it shipped to Antarctica, it will take a little longer.)

To reassure the security-minded among: I also promise that this is the only copy that I will sign and label as the first copy.

Being able to do this gives me warm fuzzies. It makes me look like a nice person without me doing any real work. After all, No Starch Press provided the physical book and Austin Hook is running the auction. I just have to scribble my name and stuff an envelope.

We did this for the first copy of Absolute FreeBSD, and raised $600 for the FreeBSD Foundation. Frankly, I expect you OpenBSD folks to beat that handily.

If you do not beat that amount, I will be disappointed in the community.

Do not disappoint me.

You wouldn’t like me when I’m disappointed.

Posted on

DNSSEC Mastery release

I had hoped to get DNSSEC Mastery out before my trip next week. That’s not going to happen, thanks to the copyeditor. (And I do mean “thanks” in a completely non-sarcastic way.)

Most of her comments are easily fixable. But she goes into detail on one point that is utterly, completely, compellingly damning. “The thing I worry about is that while this book may be perfectly acceptable, if people open it up really eager to get some more good clean Lucas (strange people), then there’s not a lot of that there.”

All the knowledge is in there. But the writing needs more life.

I really wanted to have this book in print before BSDCan 2013. I tried to keep that deadline, despite my surprise appendectomy in January. I’ve felt kind of uneasy about this book, but it was technically finished, so I sent it on.

As I’m self-publishing, I both have the freedom to make the book correct and no excuse for not doing so. There’s no offset press scheduled for a feeding.

So, the book will be delayed a couple weeks. And it will be better for it.

And if you need a copyeditor who isn’t afraid to tell you in detail exactly why you suck, I have one.

Posted on

Misc: Books, and April Fool’s

Absolute OpenBSD is at the printer. I can do nothing more on this book. For better or worse, the book is complete. I’m resisting the urge to scream “I can do it better! Give me the book back, I will rewrite it until it doesn’t suck!”

I got copyedits back on DNSSEC Mastery. Hopefully, the ebook will be available on the weekend, with print next month.

On an unrelated note

April 1st is a tedious day, with all the efforts to be funny drifting around the Internet. Unless, of course, you’re the one pulling the gag, in which case it’s freaking hilarious. I don’t pull pranks, of course.

Unless they’re really, REALLY good. So I’d like to present a flash from the past here, and point you at FretBSD.

And, of course, there’s always the Great Committer. You know, I haven’t spoken with John Baldwin much since that post. Odd, really…

Posted on

Upcoming Appearances

For those who want the dubious pleasure of encountering me in meatspace:

I am a guest at Penguicon April 26-28, 2013, in Pontiac, MI, USA.

I am teaching at BSDCan, May 15-18, 2013, in Ottawa, Ontario, CA.

I expect to have copies of Absolute OpenBSD at both events. (Penguicon might be pushing it, but I’m hopeful.) I’ll sell them in person for $50USD. This is a little more expensive than buying them online, but you get hand delivery and possibly even a handshake depending on how many people have been poking at me in the recent past. Also, I hate carrying change.

Why do I sell books, instead of giving them away to all the fans who take the trouble to come see me? One, because I have to pay for them. Two, because mortgage.

Posted on

LeanPub experiences, and my own ebook store

At the urging of Gerald Weinberg, I decided to try publishing my newest self-pub nonfiction book, DNSSEC Mastery, as I wrote it, using LeanPub. I offered the book at a discount for early adopters, with the intention of raising the price for the finished book. Those eager for my next book got an early peek and I got paid early.

Personally, I don’t know that I would buy a book early. But people have asked me for early access, and I do try to listen to my customers. So, what I would pay for isn’t exactly relevant.

One of the interesting features of LeanPub is that it lets readers overpay for books. You can have a minimum price and a suggested price, but a reader can give the author as much as they want. They also have a royalty calculator visible to the reader, so that the reader can see how much the author gets after LeanPub takes their (modest) cut.

Here are my results.

44 people bought DNSSEC Mastery via LeanPub.

Of those, 15 (34%) overpaid for the book.

  • 9 paid $10 (the final MSRP)
  • 1 paid $8.35
  • 1 paid $9.01
  • 1 paid $11.67 (so that the author royalty is $10)
  • 1 paid $15
  • 1 paid $22.78 (so that the author royalty is $20)
  • 1 paid $25 (they like me, they really like me)

    • For those who bought the early draft at all: thank you. To those of you who gave me a tip: thank you so much! For the person who paid $25 for the pre-pub manuscript: I’m deeply flattered, but I’m already married.

    The total for this experiment is: $356.47. Average pice paid was $9.5575, or almost MSRP.

    Not bad for a book that I haven’t actually finished.

    Sales appear to have been totally driven by my own blog posts and tweets. I’d post something, and a couple people bought.

    There’s one headache with LeanPub. Your book needs to be uploaded in Markdown, a text-to-HTML conversion tool. LeanPub takes the Markdown text and converts it to various ebook formats.

    The sales through LeanPub are nice, but nowhere near my sales for completed books from Amazon and Smashwords.

    That presents me with a problem. Amazon wants us independents to deliver ebooks as HTML files, which they then crunch into their format. Smashwords wants MS Word, but has recently started taking epub files as well. My books are highly formatted. The easiest way to produce these is to write in MS Word or LibreOffice and export HTML or convert to epub.

    There are tools to convert other formats to Markdown. They aren’t quite ready for prime time. LeanPub offers an HTML-to-Markdown converter, but they freely admit it’s not really meant for re-importing newer versions of the same document.

    The end result is, I spent several hours futzing with Markdown.

    I don’t want to learn another markup language. If ebook platforms were all about the technically best option, we’d all use LaTeX. But they’re not.

    My early LeanPub experience was profitable. But not overwhelmingly so. My fans like it. I like making early drafts available. But adding another step into my production is an annoyance, and that step uses a language not usable for any other ebook platform. Plus, the tools to do that transformation automatically are not yet reliable, at least for my highly formatted technical documents.

    But there’s obviously a market for early work.

    It did make me wonder: how hard would it be to sell early drafts on my own? And how much extra work would that be? The answer is: a week of bugging my fellow writers, two days of intermittent research, and four hours of technical setup.

    Tilted Windmill Press now has its own ebook store. You can buy SSH Mastery and the DNSSEC Mastery pre-pub draft directly from me. I produce PDF, mobi, and epub versions using pretty reliable tools.

    I’ll blog some other time about how I set up the store, but I can say: total cost to me, $0.00. Zip. Nada. I will be spending- money on some additional features, but you can get a fully working ecommerce solution for no money. (Admittedly, I leveraged my expertise, my free hosting access, and so on, but even if I had to pay for those, it would still be Pretty Durn Cheap.)

    The store is PayPal-only at the moment, but I suspect I’ll be adding other payment methods before long. And you can’t overpay. I’ll be adding that in the next few days because, well, if people want to give me money, who am I to argue?

    I’m publishing the LeanPub sales numbers now, because I’m splitting the market.

    This raises other possibilities. Would people be interested in pre-ordering print+ebook bundles of DNSSEC Mastery and other TWP titles? I could sell signed print copies of my other titles as well. (I can’t sell ebooks of my No Starch titles, as I don’t have the rights for that.) I couldn’t highly discount print titles, as I cannot compete with Amazon. They would crush me like a bug.

    Let me know your interests in in the comments below.

    [update: I should say that LeanPub works exactly as advertised. Their royalty rate is higher than any other ebook store, and my customers have all had good experiences there. Technical support was exactly as responsive as claimed. If their formatting works easily for your books, I would recommend them.]

    Posted on

    “DNSSEC Mastery” status, dates, and acknowledgements

    Monday night, I sent DNSSEC Mastery to copyedit. If all goes well, it’ll be back at the beginning of next month. Making corrections from copyedits is a quick task.

    The copyedit-ready manuscript has been uploaded to LeanPub, so if you’re one of the early purchasers, it’s in your account for you. The manuscript is now technically correct.

    I’m going to a writer’s workshop on 5 April. If all goes well, I’d like to have the ebook available before I go. That would also let me hand it to the print layout team by then. Which means that I would have print copies for BSDCan, of which I am a sponsor.

    It might not be the final book. But I’d like to have a few proofs to give to reviewers and possibly even for the charity auction. (“It’s not defective, it’s limited edition.”)

    I think it’s very important to appreciate those who help me, and publicly acknowledge that appreciation. In that spirit, here are the credits for DNSSEC Mastery.

    Acknowledgments

    A special thanks to my pre-publication reviewers: Henrik Lund Kramshøj, Fredrik Ludl, Jan-Piet Mens, Scott Murphy, Mike O’Connor, Eivind Olsen. Notably, Alan Clegg and Carsten Strotmann went above and beyond in reviewing the book.

    Before even starting this book, I asked poor Doug Barton of BlueCat Networks to be my lead technical reviewer. Mutual friends tell me that he’s stopped moaning “Oh, the pain,” and should be able to talk coherently any day now. I do hope he’s learned his lesson.

    Any errors in this book crept in despite the efforts of these fine folks.

    As an experiment, I published in-progress versions of this manuscript on LeanPub (https://www.leanpub.com). To my surprise, many people bought the incomplete book. To my greater surprise, several people chose to overpay for it. I want to thank everyone who purchased the in-progress book. While I won’t publically name and shame those who wanted to give me a tip, I will say thanks to parts of their email addresses: sven, nawfal, bonetruck, alejandro, olgamirth, axel, shori, marcus, and cdjk.

    Sadly, those early drafts included plain bad advice caught by the technical reviewers. My best fans got ripped off. I hope that they, too, have learned a valuable lesson.

    This book is for the folks trying to keep their name service intact despite the miscellaneous scumbags trying to break it. For all the folks on Twitter who encouraged @mwlauthor to write it. And, of course, for She Who Must Be Obeyed.

    Posted on

    Diagnosing “+Limiting icmp unreach response from…” with tcpdump

    Anyone who has run a FreeBSD server for any length of time has seen these messages in their daily security emails. (You do read those, right?)

    +Limiting icmp unreach response from 296 to 200 packets/sec
    +Limiting icmp unreach response from 337 to 200 packets/sec
    +Limiting icmp unreach response from 318 to 200 packets/sec
    +Limiting icmp unreach response from 535 to 200 packets/sec
    +Limiting icmp unreach response from 332 to 200 packets/sec
    +Limiting icmp unreach response from 328 to 200 packets/sec

    Way back in the Bronze Age, I learned that this mean “someone is port scanning.” The usual advice is to disable these messages by setting the sysctl net.inet.icmp.icmplim to 0. This silences the messages. I’m guilty of giving that advice myself.

    What it really means is that something is sending your server UDP packets on a port that isn’t open. This could be a port scanner. It could also be a host legitimately trying to reach your host for a service it thinks you provide, or a service your host should be providing but isn’t.

    I could go to my netflow collector and run a few commands to track down where these packets are coming from. In this case, the problem host is my netflow collector. I’m somewhat leery of using a tool to diagnose itself. An initial check shows that everything on the collector is running, so let’s see if it’s still happening with tcpdump.

    I could run tcpdump -i em0 icmp and see all the ICMP traffic, but that’s inelegant. I don’t want to miss the traffic I’m looking for amidst a torrent of ICMP. And why have my brain filter traffic when ICMP will do it for me?

    The first step is to identify exactly what we’re looking for. ICMP isn’t a monolithic protocol. Where TCP and UDP have ports, ICMP has types and codes. You can find a friendly list of types and codes here, or my readers can look in my Network Flow Analysis.

    ICMP’s “port unreachable” message is type 3, code 3. Unlike TCP ports, the type and code are separate fields. Type 3 is “destination unreachable,” while the code indicates exactly what is unreachable — the port, the network, whatever. Type is ICMP field 0, while code is ICMP field 1. Tcpdump lets you filter on these just like the more familiar port numbers. Enclose more complicated filter expressions in quotes.

    # tcpdump -ni em0 "icmp[0]=3 and icmp[1]=3"
    10:01:03.287063 IP 10.250.250.10 > 192.0.2.214: ICMP 10.250.250.10 udp port 11022 unreachable, length 36
    10:01:03.331388 IP 10.250.250.10 > 192.0.2.214: ICMP 10.250.250.10 udp port 11022 unreachable, length 36
    10:01:03.356052 IP 10.250.250.10 > 192.0.2.214: ICMP 10.250.250.10 udp port 11022 unreachable, length 36
    10:01:03.378256 IP 10.250.250.10 > 192.0.2.214: ICMP 10.250.250.10 udp port 11022 unreachable, length 36
    10:01:03.411046 IP 10.250.250.10 > 192.0.2.214: ICMP 10.250.250.10 udp port 11022 unreachable, length 36
    10:01:03.437458 IP 10.250.250.10 > 192.0.2.214: ICMP 10.250.250.10 udp port 11022 unreachable, length 36
    10:01:03.457858 IP 10.250.250.10 > 192.0.2.214: ICMP 10.250.250.10 udp port 11022 unreachable, length 36

    The host 192.0.2.214 is constantly trying to reach my collector on port 11022. 192.0.2.214 is my busiest border router.

    That’s a router. This is a netflow collector. Maybe it’s netflow traffic? Let’s see.

    # tcpdump -ni em0 -T cnfp ip host 192.0.2.214 and udp port 11022
    192.0.2.214.11022 > 10.250.250.10.11022: NetFlow v5, 1897575.270 uptime, 1363184870.488773000, #1285199613, 30 recs
    started 1897571.570, last 1897571.570
    ...

    Yep. Either my router or my collector is misconfigured. And my monitoring system is misconfigured, because it should have caught that the collector process isn’t running. Or I should have noticed that I wasn’t actually getting any flow files from the collector running on another port.

    Now to go back in time, find that young punk who wrote Absolute BSD, and whup his butt.

    Posted on

    Tech Book Contracts

    Several tech authors recently contacted me for advice about problems with their publishers. (No publisher in particular, mind you.) Apparently I’ve been doing this long enough that I’m considered an expert. I’m writing this post so I can point these people at it later.

    If you’re a tech author thinking of asking for my wisdom: this is basically it.

    None of this is anything against any particular publisher or any particular writer.

    This is not legal advice. I am not a lawyer, nor do I play one on TV, nor do I write stories involving lawyers.

    No, I will not look at your publishing contract.

    I’ll point you to resources for fiction authors. Genre authors have been bludgeoned over the head repeatedly with this stuff. Tech book authors? Not so much. Most tech authors are technologists first, gamers second, have another hobby or a family or something, and write books as a distant fourth or fifth. Fiction writers who make a living writing have been forced to defend themselves against predatory practices. (“Fool me once, shame on me. Fool me and all of my peers for years, we will gang up on you and burn down your house.”)

    Now that the disclaimers are done:

    So, you’ve written a tech book. Or you want to write a tech book. You’ve found a publisher. They express interest, and send you a contract. Hurrah! You’re going to be published! An antload of fame and a soupcon of fortune will be yours!

    STOP.

    Do not sign the contract.

    Techies in particular have a disdain for paperwork, but the wrong contract can ruin your life. Even if you know the publisher. Even if the publisher is your best friend, like, ever. Even if you’ve been trained to automatically click on “I accept the license terms.” Overcome that disdain.

    READ THE DANGED CONTRACT.

    Maybe Microsoft isn’t going to come after you for that extra copy of Windows 95, but your publishing contract is much more personal. It’s aimed at you. And contracts tend to favor the side that writes the contract. Even the most scrupulously even-handed contract by the most good-hearted publisher in the world includes provisions where you agree to do stuff. It’s not as simple as “you write the book, you get paid.”

    By signing the contract, you’re agreeing to do what the contract says. The written contract overrides anything verbal. That handshake deal? Utterly worthless. The email paper trail? Also worthless in the face of the contract. Mutual understandings? Nonexistent.

    A publishing contract exists between you and the publishing company. The publishing company is not the nice acquisitions editor you’ve been talking to. It’s a legal entity owned by someone. That legal entity can be sold to another entity at any time. The new owner can fire the nice editor and assign you one with a ninth grade diploma and a deeply rooted, highly personal distaste for your work, your subject, your family, your religion, your college, and your personal aroma, who wants to know what button to push to make Microsoft Word do this FECN thing you’re talking about.

    I agree that the publisher’s attitude and reputation are important. I work with No Starch Press because they’re awesome to work with. They focus on making the best book possible. That’s great. But:

    The only binding agreement is the contract.

    Read it. Understand it. Print it out. Highlight anything you don’t understand. Highlight anything that might be a legal term of art. Highlight anything that could be used against you.

    What sorts of things should you look for? There are things that real publishers include in their contracts. The exact terms differ, but the bones are there. If any of these things are missing from a contract, the publisher is not a real publisher. Run away. Run away quickly. Put their gmail address in your spam bucket and blacklist their IP address at your network border.

  • Real publishers offer advances against royalties. No Starch has an interesting model where they offer a large advance and a small royalty, a middling advance and a middling royalty, or no advance and a great big freaking royalty. I’m playing a long game, so I take the big royalty — but the important thing is, they offered me an advance and I chose not to take it. (An advance is an interest-free loan against future royalties; you don’t get any more money until your royalties exceed the advance.) A publisher that does not offer a royalty is not a real publisher.
  • Real publishers say what rights they’re buying. This is frequently World English Rights. Some, such as NSP, also buy world rights, sell translation rights, and share the proceeds with the author. Whatever those rights are, they’re spelled out. Authors do not sell books. They license copyright.
  • How long does the contract last? For technology books, “life of copyright” is not uncommon. But tech books have a shelf life. The rights to Windows 2.0 Unleashed for Complete Dummies are basically worthless now. Still, the contract should give a length. It should also include conditions under which the contract can be terminated early, and you get those rights back.
  • Due dates. Can you really fulfill everything in the contract in the stated time? Are you assuming everything goes correctly? What about when things go wrong? What if your appendix ruptures a week before the contract is due? The publisher is signing contracts for printing, distribution, and marketing based on your commitments. If a contract doesn’t include a due date, someone could take an advance and never write the book. I’ve seen a tech book contract without a due date.
  • How will the publisher request changes and/or reject the manuscript? How long will you have to do revisions?
  • When will they publish? They should say they will publish within X days/months/years of manuscript delivery. If they don’t publish, you never get royalties.
  • Will they promote the book? If it’s not in the contract, it doesn’t have to happen.
  • When do you get paid? Publishing has a baroque distribution system, including things like “rolling reserves against returns.” It’s an infuriating system. Any engineer or business person could design better, but the system was built by people who love books. You will get paid… eventually.
  • Then there’s warrants and indemnifications. It’s reasonable to warrant that you are the author of the book, and that you have the rights for all content. It’s not reasonable to warrant your book against any and all possible damages that might be caused by it. If one of my books mortally and morally offends someone and they decide to sue the publisher, too bad.
  • How many copies do you get? They’ll go quick.
  • How can YOU terminate the contract? Under what circumstances? I’ve seen tech publishing contracts without termination clauses.
  • How can THEY terminate the contract?

    You might see other things. NSP has a nice “artistic control” section where they enumerate the various decisions that they’ll consult me on. They won’t guarantee to follow my desires, which is why my books don’t come with a glossy cover featuring an extreme close-up of my smiling face, but being asked gives me warm fuzzies. While NSP takes my input seriously, it won’t help me get my way against Ninth-Grade Diploma Editor.

    Lots of details in publishing contracts can bite you. Some of these seem harmless at first glance. My favorite example is the “right of first refusal,” where the publisher says they get first dibs on your next book, under the same contract terms. This seems like it’s to your advantage, but it’s not. The proper form for the publisher to express interest in your next book is by saying “Hey, what are you writing next? We’d really like a look.” If your first book is a smash hit at Wal-Mart, you want freedom to negotiate your next contract. If your publisher totally screws up your first book, you want freedom to work with a different publisher next time. If the publisher treats you well, follows their own terms, and produces a good book, you will want to stick with them — they don’t need this clause. There are really good reasons why I’ve stuck with NSP for over a decade, despite being repeatedly courted by editors for other publishers.

    Publishers have all kinds of tricks. They’ve been in the business longer than you. They have better lawyers. Don’t fear them. Do respect the crap out of them.

    If you really want to get into how contracts can abuse you, check out genre writer resources like Writer Beware. And you should really read Kris Rusch’s Business Rusch blog every Thursday. They’re for fiction, but Rusch has been a writer long enough to have suffered every abuse and indignity a publisher or agent can perpetrate. Learn from her mistakes, as you don’t have time to make them all yourself.

    Now that you have your marked-up contract, talk to someone about it — not your buddy, and not an experienced author. Hire a lawyer, preferably one with publishing experience. A couple hours of a lawyer’s time to explain the contract to you might save you years of grief. And yes, I mean years.

    Most publishing contracts include at least one objectionable clause. If a publishing contract includes no objectionable clauses, you do not understand the contract. Group the problems into “things you’d like changed” and “things that I will not accept.” This is where that lawyer comes in really handy, especially a lawyer experienced in publishing.

    Talk with the publisher about the problem terms. Some terms cannot be changed — the publisher pays all their royalties at the same time, so you’ll get paid quarterly or twice a year or once a leap decade along with every other author. Some terms can change. Ask. See what you can get.

    If one of your deal-breakers can’t change?

    Walk away. That’s what a deal-breaker means.

    Or accept what follows.

    • Posted on

    Some “Absolute OpenBSD 2/e” dates

    No Starch intends to send AO2e to the printer on 22 March 2013. This would give a “bound book date” of approximately 12 April. Books would be in their hands roughly 19 April. They’re really good about shipping books to purchasers as soon as possible.

    Note that DNSSec Mastery should be available in ebook form about then. Not only do I have two books coming in 2013, I have two books coming in April 2013.

    All dates are subject to change based on the whim of the printer, phase of the moon, gasoline shortages, insurrections and iniquity and incivility, or any other reason whatsoever.