14: Competent Spammers

Here’s a few words on the Sender Policy Framework, aka SPF, aka omg why please no no no.

SPF is often touted as an anti-spam measure. It isn’t. It’s one component of a spam assessment policy. Competent spammers are among the most reliable publishers of SPF records, gleefully declaring that any host may send mail for their domains. Emails from domains without SPF records are likely to be classified as spam, however.

When a MTA with basic spam protections receives an email, it performs an SPF check against the sender in the envelope. This is the email address used in the SMTP exchange’s MAIL FROM statement, not the sender address that the recipient’s client shows. This check passes or fails.

SPF checks are also performed against the visible From address. If the domains match, the message is said to be in SPF alignment. Alignment is important for DMARC, so it’s best to configure alignment from the beginning.

This week’s work has a lot of formatting, what with sample DNS records and defining variables and such. If you’re interested in running email, or in making running your own email more accessible, you could sponsor this book.

OpenBSD PF versus FreeBSD PF

I encountered yet another discussion about OpenBSD PF versus FreeBSD PF. For those who are new to the discussion: OpenBSD developers created PF in 2001, and it rapidly improved to become the most approachable open source packet filter. FreeBSD ported PF over to its kernel in 2004, with occasional updates since. Today a whole bunch of folks who don’t program echo cultish wisdom that one or the other version of PF has fallen behind, not kept up on improvements, or otherwise betrayed their community. My subtler comments have been misinterpreted, so let’s try this.

These claims are garbage.

First, and most importantly: FreeBSD PF developers work with OpenBSD devs all the time, and OpenBSD PF developers pull stuff from FreeBSD1. You get a lot of noise about certain people being jerks about the other project–and both projects absolutely have jerks. (And yes, anyone who has read my books knows that I am a cross-platform jerk.) But for the most part, folks want to work together.

PF is absolutely an OpenBSD creation, though, so why isn’t the OpenBSD version the Single Source of Truth? Why doesn’t FreeBSD just consider OpenBSD a vendor and pull that code in? Because the OpenBSD and FreeBSD kernels are wholly different.

Back when I wrote Absolute BSD, I could realistically write a single book that would basically apply to the three major open source BSDs. Yes, the various projects objected to being lumped together, but if you knew any one of them you could stumble through the others. This is no longer true. FreeBSD’s kernel uses a wholly different locking model than OpenBSD. OpenBSD’s memory protections have no equivalent in FreeBSD. These are not things you can manage with a shim layer or kernel ABI. These are big, complicated, intrusive differences. You can’t tar up one version and dump it in the other’s kernel. It won’t work. If you do a hack job of making it work, it will perform badly.

Yes, you can find “proof” that one PF or the other is faster under particular workloads on specific hardware. I have no doubt that some of them are not only accurate, but honest. There are other workloads, though, and other hardware, and other conditions. Regardless of who wins a particular race, the constant competition to achieve peak performance benefits everyone. I’m not going to link to any of the benchmarks, because I have made my opinions on benchmarking very clear elsewhere.2 Pick what you want and roll with it.

Every PF developer is trundling along, doing their best to make things work.

Are features missing from one or the other? Yep. I’m not going to list examples because, as the above links show, each project plucks what they find useful from the other. These things are freely given, with glad hearts, but they take time to integrate. Filling message boards with staunch declarations that my team’s PF is better is not only tedious, it wholly misses the point.

People are working together to improve the world.

And the PF syntax is the most approachable in all of open source Unix.

(Partisan fanboy comments will be mercilessly whacked.)

Yes, I Know I’m In the AI Scraping Search Engine

I awakened today ready to make words on Run Your Own Mail Server only to discover that half the world wanted to be sure I knew about the search engine for Meta’s Books3 LLM training data, aka “AI.”

Yes, I know.

The search engine was created by The Atlantic, and I thank them for this public service.

Authors and publishers have already filed lawsuits against Meta and their partners. I do not have the cash to sue Meta. I must ride on the coattails of other people’s lawsuits.

For the record, most of my books are legitimately available for digestion by AI. Just as I offer my Tilted Windmill Press books for teams and groups and large corporations, I offer the entirety of those books as AI fodder for a modest annual fee and under friendly licensing terms. The default listing is for personal use because I sell many more personal licenses than AI licenses, but: a legal option exists for Meta to use my books

Now to figure out how to send Meta an invoice.

13: The Only Right We Have

Today I’m reading from a story that’s coming out this winter, “The Rats’ Man’s Lackey and the Forbidden Tinsel.”

I’d agreed to obey the rules. To walk away from my past, so that my demons couldn’t find me. This madhouse had no right to throw any of that in my face.

The thought calmed me.

Hiding in a root cellar while the opposition filled the house with bullets? The bad guys had no right to break their word. A teammate developed cancer? She’s the best person I know, this isn’t right! Any time I catch myself thinking about rights, I know I’ve derailed myself.

The only right we have is the right to die. Anything else, we claw out of the world.

I focused on my breath until I could think with more than my brainstem.

You got ding-dong ditched when your bellybutton still had a knotted cord attached—so freaking what? Your folks did what they thought best. Anything else would have been worse, and you came out okay. You had no right to this kind of Christmas, nobody gets this, and you’re too old to appreciate it properly anyway.

A couple of Rats’ Man’s Lackey tales are out already, with more coming soon.

A True Story: “The Cat”

I have never owned a cat. I have never lived with a cat. It’s not that I mind cats, but rats fit my life better. For a few years though, a cat seriously impacted my life.

That tab at the top of my site that says Autobiography? Sometimes I publish true stories there. There’s a new story up there, about the aforementioned cat, the never-experienced delights of goat on a stick, and mouse compost. While the names have been changed so Larry the Leg-Breaker doesn’t get tetchy with me, the facts are one hundred percent accurate.

Video Score: Me 83, Rats 53650

I’ve been experimenting more with audio and video, thinking it might draw in some new readers. That’s why I have the 60 Seconds of WIP podcast. Kickstarter doesn’t require videos, unless you want to succeed. There’s videos of me reading things where I’m happy to get two or three views. And there’s the playlist of my various public presentations.

I don’t normally check the number of views on these things. Like the number of books I sold this week, it doesn’t matter. This thing I did has been launched into the world, and whether it lives or dies is now up to y’all. Like Mickey Spillane said (in paraphrase, because I can’t be bothered to go look up the actual quote): “I don’t have fans. You know what I got? Customers.”

On a whim, I uploaded a video of my pet rats working their treat puzzle. According to Youtube’s analytics, it has 53,568 views in five days.

Glancing over my public talks playlist, I’m lucky to get 3,000 views over years.

When I work hard on something? Crickets. When I just slam something up there, though, the world comes. That’s how the world works.

I’ve been skimming the Youtube comments and deleting the mean ones, and noticed readers popping up with comments like Lucas is a big-name author, and this is the video that gets attention? Go read his books! I’ve gotten a couple emails telling me this is unfair.

I appreciate that people love my books and want to support my craft. I truly do, from the bottom of my musty labyrinthine heart.

This video exploding does not disturb me. Fairness is a human construct.

I launched something into the world, and it did well? That’s nice, but I’m working on the next thing.

Besides, those squeaky little bastards are far cuter than I am. The audience for cute animal videos is much vaster than the audience for Networking for Systems Administrators. I might read some of my work to them, however.

I am not about to go chasing youtube views. When I get a new puzzle, I might upload a video of that. Or not. Depends.

I have been told that my guys are “smol” and “chonk.” Whatever that means.

53,650 views now. 920.6 hours spent listening to rats munch their hard-won toddler puffs. 38 nonstop person/days, or 114 work days, is an impressive amount of productivity to suck out of the world.

Anyway. I gotta go work on the next Thing.

60 Seconds of WIP, 14 September 2023

Today we have a tidbit from Run Your Own Mail Server, where I discuss debugging submission at the command line.

Don’t leap straight to OpenSSL or a TLS-aware netcat, though. Submission doesn’t take a straight username and password. Instead, you need a login string. If you’re supporting Microsoft clients, you need two. A login string is a precisely formatted username and/or password, encoded in Base64. Base64 is not an encryption method, but rather a way to transparently transfer binaries as plain text. Passwords are not binary, but they should include special characters that protocols might consider escapes. Figure out your submission string before starting debugging.

Postfix’s default authentication method is called PLAIN. A PLAIN login string is a single line encoded into Base64. You’ll see lots of examples using echo, but they are not portable between shells let alone between operating systems. Use printf(1)—not the shell’s built-in printf with its extensions and incompatibilities, but the standalone POSIX-compliant program.

This book is still open for sponsors, by the way. Get your name in the book and soil your reputation forever. For some value of forever, that is. The lifespan of a tech book is about five years. A pretty small forever.

Proof You Should Not Run My Code: my SNMP agent

I’ve included bits of code in my books, sure. Always with warnings to not run it in production, as I am a firm devotee of fault-oblivious computing. You should not follow my example. But after a Fediverse (Mastodon) discussion last night, I’ve decided to share the code of a program I wrote and deployed. In production. When writing SNMP Mastery, I needed to understand how to integrate a custom agent into net-snmp. I also needed to go through the process of getting my own enterprise OID. I submitted the OID request right before Christmas 2019, and 55030 was assigned the next day.

So I promptly wrote my own SNMP agent, use top-notch state-of-the-art Perl 4. There’s some compatibility glue to make it run under Perl 5, but it’s basically Perl 4. Yes, there’s other languages–but Perl is eternal and timeless. Like Cobol and SNMP, that is not dead which can eternal sleeping lie.

This agent is the single source of truth for my published bibliography. Instructions for accessing it are in the SNMP book, but if I’m sharing the code I should provide context.

Browse to https://cdn.mwl.io/snmp/ and you’ll find the MIB file TWP.mib. Put that in your SNMP browser or MIB directory. If you’re running net-snmp you can pull the table with:

$ snmptable -v2c -c megadweeb snmp.mwl.io mwlBooksTable

The file agent-TWP.pl includes the agent proper.

This code has been called “comically evil,” which warms my bitter heart. Yes, I could use a database. But why? The data changes 3-4 times a year, if I’m productive. And yes, the data is in columns, not rows. SNMP doesn’t do rows. It doesn’t really do tables. It only has columns, which you could choose to arrange side-by-side, but that’s a feeble human thing and irrelevant to this primordial protocol.

In writing this I had to choose between complex code and simple data, or simple code and complex data. Given that updates consist of adding an entry to the end of each column, I chose simple code. Yes, there’s an occasional painful update where I realize that I missed one of my old books, but those are increasingly rare.

Anyway. If you want a truly complete checklist of what I’ve written, here it is. Other writers have spreadsheets or text documents or perhaps, if they’re truly prolific, desktop databases. But noooo, I had to do this.

TLDR: do not run my code. That’s one reason I don’t use github; this is not a sample or example, it an inspiration for you to recoil in horror and do better. (I also insist on controlling my platforms, and I don’t control github.) I’m certain this will be presented as an exhibit in my inevitable, eventual sanity hearing.

60 Seconds of WIP, 7 September 2023

Run Your Own Mail Server has finally forced me to write a bit about netcat versus telnet.

Netcat is a flexible network tool that, among other things, allows you to connect to arbitrary TCP/IP ports. We’ll use it for testing services. Over the decades netcat has been forked, reimplemented, and served as inspiration for other programs that also call themselves netcat. These variants made no effort to make their added features compatible with other variants. Your Unix might provide a netcat-alike such as ncat or socat. Long commands are not very Unixy so netcat, ncat, and others often get installed as nc. If you have a problem using netcat focus your investigation on your exact version, and not netcat in general.

With all these issues, why use netcat and not telnet? If you think netcat has been forked, wait until you get a look at telnet. Telnet mingles standard output with standard error, and silently modifies text for compatibility with interactive shells.

If this book interests you, or if you want to encourage me to wreck my life by writing it, please consider sponsoring it.

“Apocalypse Moi” ebook out!

The official release date for Apocalypse Moi is 26 September 2023. If you want to get it from one of the big bookstores, you’ll have to wait. (I’ve been accused of hiding the big point, so: this collection contains a previously unpublished Prohibition Orcs tale.)

It’s already available at my ebookstore, though. If you believe that I’m deploying a sophisticated, subtle strategy to steer people to buying direct from me rather than via Amazon, you would be incorrect. It is neither sophisticated nor subtle.

Also, The Full Michael and the All The Novels and Collections bundles have been updated. The price of All the Novels and Collections has not changed: you now get four books free. The Full Michael has actually decreased in price, because buying Apocalypse Moi is less expensive than buying the chapbooks.

Some poor bastard who shall remain nameless bought The Full Michael five days ago, right before this came out. I sent him a copy of Apocalypse Moi because I’m not a monster. Okay, I’m not that kind of monster.

I’ve unpublished the assimilated chapbooks everywhere, reducing my maintenance load. Huzzah! The anthologies the other stories come from will remain in print, but maintaining them is not my dang problem so that’s fine.

And for the record, the branding on The Full Michael will remain until it ceases to amuse me.