(Trouble this morning. Had to pull and republish this episode. Sorry if you see it twice, or if it didn’t work the first time.)
I really do need to get on the orc Christmas story. So here’s a bit from the networking book.
Enterprise environments have monitoring systems. Monitoring systems alert people. Those people recognize common alerts. “The link to Farawayistan is fubar again, ignore it.” Certain alerts are expected. “The ERP team started their patches two minutes early? The line manager will be annoyed—but that’s not my problem.” They only stir themselves for rare or unfamiliar alerts.
But some alerts trigger full-on alarm. “Port scanning on the secure subnet? My week is ruined, if I’m lucky!” When a second disturbing alarm arrives moments later, the sick feeling escalates to full-on panic. The reflexive coping strategy for panic is to share it. Eventually, an angry network admin or a furious manager or an icy-cold C-level shows up at your desk demanding to know exactly what you thought you were doing and if you can give any reason why you shouldn’t be fired. Even if you keep your job the network team will identify you as a problem—and they’ll be correct. You caused problems.
Remember, the word “fired” has multiple meanings. One is “to have your employment terminated.” The second is “to be set on fire.” Either might apply.
“The book is underway.” What does that mean? The first half is largely done. The Windows stuff is PowerShell. The Debian stuff uses ip. FreeBSD is the reference Unix. I wrote a chapter on what folks need to know about TLS, to go in the middle. I sadly sent that to Bob Beck for his comments. I understand where TLS has been, but Bob has good insight into where it will be.
Bob’s a good guy, but he also has cause for a lawful quarrel with me. Whenever I start to feel depressed, I listen to that recording of the BSDCan 2019 closing ceremony. That man screaming “LUCAS” in tones of rage and despair? That’s Bob.
He can now declare himself avenged.
If I’m talking modern TLS and modern networks, I really need to address QUIC. Not long ago, QUIC was largely theoretical for sysadmins. None of our common applications supported it. Yes, half of the traffic to Google went over QUIC, but I couldn’t deploy it. It merited a paragraph or two, no more.
Turns out that nginx main release now supports quic. I can reasonably deploy it. Except I’m using Apache. I’ve been running web servers since well before nginx, and never saw a reason to change. Yes, yes, Apache has issues, but I’m accustomed to its odd little habits and even the thing with the whirling razor blades followed by vinegar mist.
Could I skate by with three or four paragraphs on QUIC? Many tech authors do. I have this career because I don’t skate through, however. So I get to migrate my systems to nginx. Or perhaps stick an Envoy proxy in front of the web server. Haven’t decided yet. I’ll probably talk through the decision on the fediverse.
But it’s all Bob’s fault.
On the plus side, I have a sketch of the n4sa2e challenge coin. It’s not final, but it’s the way I’m leaning now.
I think the rest of the book will go quickly. You still shouldn’t nmap addresses you don’t control. DNS hasn’t changed, nor traceroute, nor netcat. I have to weave some TLS throughout, of course, which makes the netcat part a pain. (Standardize Netcat Flags and Give It TLS Challenge 2025!)
But at least Bob will have the pleasure of hearing me scream “BECK!” in blended rage and despair.
Standard netstat attempts to show hostnames instead of IP addresses. This means your server performs a reverse DNS lookup on every IP address it exchanges traffic with. On a busy server, this might mean hundreds or thousands of lookups. The output pauses for each lookup. Many hosts have no reverse DNS, so these lookups can take quite a long time before they fail.
Service names also appear with a human-friendly name rather than a port number whenever possible. It gathers this information from the services file. This results in a mix of named ports and numbers in netstat output, depending on whether a specific port has an entry in the services file.
All versions of netstat let you disable DNS lookups and port name lookups with the –n flag. I almost always recommend using –n. (I can’t think of any exceptions, but I’m sure there is one. Somewhere.)
titles available in print on tiltedwindmillpress.com, 21 April 2025
I have other books in the system, but am waiting for the print proofs to arrive. They come from a new printer (BookVault). Before I tell you to buy a book, I need to know that BV can produce the book as intended. They’re competent, but everyone handles PDFs slightly different. I’ve caught a couple weird color things and a skewed margin. So, despite my efforts to trim down in-house stock, I’m accumulating books. Dammit.
The thing I’m super excited about? Bundles.
It’s about eight years too late, but I now sell the FreeBSD Storage bundle in print. If you buy it from me, I can afford to knock 20% off. Even with shipping, that makes it a better deal for you than buying from Amazon.
My hope is that the kind of people who want to, for example, run their own mail servers will also want to buy directly from the author. That would help make up for the current, unforced and wholly unnecessary, economic implosion in the US.
It funded. My gratitude to everyone who backed, spread the word, or called me mad.
My goal on book Kickstarters is deliberately set below actual production cost. I want it to fund. I’m going to publish it anyway, and I’d rather get $500 to production cost than set a goal of the actual price and fail to fund.
Every campaign funding has this shape. There’s an initial surge, a steady upward slope, and a final surge. Here’s Laserblasted.
That three-day dead spot in the middle is where the tariffs were announced. After that initial shock I did attract more backers, but other backers canceled their pledges or switched from hardcovers to ebooks. Again, I don’t blame them. But without that economic shock, the graph would have looked very different.
The good news? In absolute dollars, Laserblasted raised more than Apocalypse Moi. That’s cool. The bad news is that Laserblasted is wholly original, not a collection, and so expenses are much higher.
Laserblasted will be the first new release offered in print and ebook exclusively through my web store for a few weeks. It will trickle out to other stores.
Again, I don’t blame folks for not backing. When the plane loses pressure, put on your own air mask before helping others. This post is simply to tell others that they are not alone.
Think of the network as a conference room. At the physical layer you have a table and chairs. The room is a broadcast domain. Each chair is a host, with a unique MAC address.
As an IP network, the table can hold a number of chairs equal to a power of two. Each chair has a unique IP address. Two of the chairs, the top and bottom addresses, are rickety and dangerous to use. Nobody sits in the chair by the door, as that’s the default gateway.
ICMP lets you see things like “George is asleep, so he’s not answering questions.” TCP is when you pass the stack of memos to the next person and make sure the other person has them before letting go. Drop the memos and you must gather them off the floor and retransmit. UDP is when you crumple the memo into a wad and launch it at the project manager. What comes back might be the same memo, nothing, your termination notice, or a brick, depending on your meeting protocol.
Let me say up front: the whole Laserblasted project is daft. Yes, it’s a real novel. No, you don’t need to see the movie to understand it. (You don’t need to see the movie, period.) My alpha readers say it’s worthy. It’s not a novelization of the film. The marketing wrote itself.
But it’s daft.
This post is not a complaint, merely an observation. This is my career, and I knew the risks when I got into it. I am grateful for any support folks offer me, and I do not blame anyone for protecting themselves or their families.
By now I have a decent idea how much a Kickstarter will raise. I suspected that Laserblasted would bring in about $5,000, plus or minus a thousand, more or less. After fulfillment, that would net more than a trad deal with a reputable medium-sized publisher. It was on track to match or exceed that prediction.
Kickstarter provides a handy graph of backer support each day. What’s the campaign actually doing?
Huh. It’s like something happened last week. Something that took a few days to ripple through the economy, until it hit folks that this was real and they needed to prepare for financial disaster. When the plane loses cabin pressure, you must put on your own air mask before helping others.
I see the names of my backers. I recognize many of them. Folks who previously bought $200 omnibuses are now backing for $6 ebooks. Again, no blame on them. Put your own mask on first.
I’ve gotten notes from long-term backers and Patronizers, apologizing. These are awesome because I know they dearly want to support me. They’re heartbreaking because folks feel they’re letting me down. No, you’re not letting me down. I appreciate every one of you but again, put your own mask on first.
If you’re doing crowdfunding right now and everything imploded last week, know you’re not alone.
If you want to support my books but can’t, know that I don’t hold it against you. I know who to blame, and they never liked my books anyway.
I’ll keep shilling the campaign, and will raise what I can. I’m just glad I didn’t do the $200 Laserblasted 12″ Action Figure with Real Fake Lasergun Arm.
These common transport protocols all run over IPv4 and IPv6 alike. Each has minor updates to match the underlying IP stack, but the basic concepts such as port numbers and connection state remain unchanged. Most differences are only visible if you analyze packet headers.
A single chunk of TCP, UDP, or ICMP data is called a segment. Each segment gets wrapped in an IPv4 or IPv6 packet, which is then wrapped in a datalink frame and sent out into the cold hard world. The word segment isn’t used very often. Instead you’ll see references to a UDP or TCP packet, which means an individual segment wrapped in an IP packet. The IP packet contains vital information, like the source and destination IP addresses. Think of a segment like a fast-food hamburger in wax paper. If a cashier dropped a fresh hot burger, unwrapped, straight in your hand, you’d consider it incomplete.
(This post went to Patronizers in March, and to the public in April. Not a Patronizer? You could be.)
The business world is upended. Companies are bracing for survival. Jobs are being cut. It’s almost as if people realized that the ship of state has not only been overtaken by a great white whale, but the whale has climbed onto the deck and is thrashing about shrieking “Respect me! RESPECT ME.”
As if that could ever happen. But anyway.
There’s really only one reaction my family can have: tighten our belts, and slash spending to the bone. At the business level I’m focusing on disintermediation. Speaking of which, I have successfully disintermediated print sales for Run Your Own Mail Server, SSH Mastery, and Dear Abyss. And they’re selling. 11 copies isn’t fantastic, but these are all backlist titles more than 30 days old. Yes, RYOMS is my most recent title, but after the sponsorships and Kickstarter and my 30-day post-release marketing push, it’s now a backlist title. I hope to sell a couple dozen copies a month, if I’m lucky. Same for SSH Mastery. Dear Abyss, of course, I expect to sell zero of. Those of you daft enough to buy it have already done so. (How do I make a living by selling a couple dozen copies a month of a title? By having a lot of titles., and by offering crowdfunding. That’s you lovely Patronizers.)
Mind you, I have no ability to count how many copies of a title I sell. The dozens of sales channels I offer ebooks through all have incompatible reporting systems. No way to aggregate them. I just write the best books I can, wish them luck, kiss them goodbye, and indifferently fling them into the hungry void. What happens next is up to them.
Me launching books. “Good luck kid, you’re on your own. Hope you make it!”
I control what I can, and stop worrying about the rest. If there’s a giant white whale flopping around on deck, I stay below and do my job. Occasionally holding up my SLAY THE WHALES sign, offering support to whale-fighters, and reducing the amount of stuff my family owns until we can carry it all to the lifeboats.
How does the print disintermediation work?
Bookvault (BV) prints the books for me. They offer an API for ordering books and a WordPress plugin for it.
When you order a print book from me, WordPress confirms that the book is printable and what shipping options are available to your address. When you complete your order, WordPress takes your money. It then tells BV to print and ship the book, and tells BookFunnel to send you an ebook. BV will send you a notice that they’ve accepted the order, as well as when they ship from their plants in the US, UK, or Australia. The annoying thing is that BV’s receipt tells you how much I paid for the book. It’s not that I care that you know printing RYOMS costs $8. You could figure that out if you cared. But it might confuse buyers.
The catch with BookVault is that while they are a third printer. I currently print through IngramSpark and Amazon. Each requires PDF files created with very specific requirements and settings. If you’ve lived your life as a decent, wholesome person and have therefore never needed to delve into the bleak innards of the Portable Document Format, all you need to know is that there are many versions of the PDF standard, and each has many options. These settings can be saved through .joboptions files. As a printer, providing your customers with a config file is the surest way to guarantee that the PDF files you receive use the correct settings. Between all of the big POD printers, can you guess which ones provide .joboptions files?
Lulu.
Which POD printer does not appear in the list of printers I use?
Lulu!
(Why do I not use Lulu? That’s another discussion. They’re probably fine for you, but I’m a madman.)
BV can use the same interior file as Amazon and IngramSpark, but provides their own cover template. I must recreate the cover for each book. About an hour of work for each title. Then I must order a proof, wait for it to arrive, check my work, and activate it on the store. Not onerous, but definitely tedious. With the number of titles I’ve published, getting everything on BV will require time. If I can reproduce the success of the RYOMS Kickstarter, I was contemplating hiring someone for exactly this sort of work. Sadly, the flopping whale means that’s unlikely. Once I finish the current books, I need to book a couple weeks of nothing but cover recreation and get everything into BV and thus onto TWP.
Why did this take so long? As I said last month, I had to hire an outside WordPress consultant to figure out why the shipping options for sponsors and print orders were being comingled. Sleeping Giant delved into my store and came back with, “Because WooCommerce shipping is poo.” Authors who don’t do sponsorships would have no problem, but noooo, I’m a madman and have multiple shippable products that use different shipping mechanisms. Woo has many shipping options because the poo needs shoveling. It’s both a relief to know that I did nothing wrong, and that I spent nearly a year on a problem that I could not have solved because the underlying technology is flawed. Figures.
This will be left alone couple months. If there are problems, if BV can’t actually execute or shipping is awful or the flopping whale disables my ability to do business with British firms like BV, I’ll have to find another way.
I’m also waiting for someone to say “You charged $30 for a book that costs you $8? What the hell, dude?” That’s a fair question. My print books are priced to accommodate sales through bookstores, including the Dread Bezos-Beast. I sure don’t see $22 when you buy it through retail channels. I freely admit that the increased margin on direct sales is why I’ve been so desperate to disintermediate print. I can’t offer a reduced price on print books sold directly, because Amazon will match any price I set. Once I know that everything works as I hope, I might offer a coupon to help cover shipping.
Other things I’ve done this month?
I try to make all relevant information available on my web site. Between the FAQ, the books, podcast, blog, videos of talks, it’s a lot. More than one person has told me that my web site is overwhelming. I took a couple hours and set up https://mwl.link/ as a handy index of everything. What happens? If I tell folks that’s my web site, they say I need a better web site. Please imagine I’ve put one of those “exhausted crying baby” GIFs here.
Writing progress?
Five scenes remain on ProjectIDGAF, and one of them is super short. It should be complete this week. I’ll then shift into high gear on N4SA2e.
Hard to type with a whale rocking the whole dang ship, though. I get seasick.
Over on the fediverse (Mastodon), there’s a weekly Old SF Movie Watch Party called Monsterdon. Every Sunday at 8PM Central US Time (9PM Eastern), folks watch a film selected by poll. This week’s winner is Laserblast. I’ll be watching and commenting with the #monsterdon hashtag.
For the record, I don’t recommend watching the movie. But if you must, you can at least join in with a bunch of other folks doing the same.
I also encourage hanging out with folks and watching old monster movies. Taweret does a fantastic job running Monsterdon. They’re pretty much speedrunning my childhood, and I love them for it. (How did I get this way? 3:30PM Saturday. Channel 50. Creature Feature, right before Star Trek. Add in the Ghoul and Sir Graves Ghastly, and what more could a young maniac boy need?)
