The other bit is that, having just released an Absolute OpenBSD update, his Absolute FreeBSD book will not see an update… until the FreeBSD installer gets more coherent.
(If you manage DNS in any fashion, buy DNSSEC Mastery.)
From the man page: “The tpm driver provides support for various trusted platform modules (TPM) that can store cryptographic keys.” Crypto keys stored in hardware, where they are in theory unmangleable, instead of on the disk. At least, that’s my impression after 30 seconds of research.
Michael W. Lucas recently wrote and self-published a new book, DNSSEC Mastery. He asked me to review it, and I’ve been reading it in bits and starts over the past few very busy weeks.
First, the background: If you’re not familiar with the acronym, it’s a method of securing DNS information so that you can trust that domain name information is actually from the machine that’s supposed to provide it. DNS information is basic to Internet operation, but it traditionally has been provided without any mechanisms to deal with misinformation or malicious use. This seems to happen with protocols that have been around for many years, as any mail administrator can tell you…
In any case, ‘DNS poisoning’ (or as Wikipedia calls it, ‘DNS Spoofing‘) attacks such a basic part of how the Internet works that it will completely bypass any security methods that assume name information is correct. DNSSEC is a way to deal with that. It introduces public-key encryption into the process of sharing and updating DNS information. The idea has been around for a while, but it’s only been completely implemented recently.
DNSSEC Mastery goes over this history, and through the setup required to get (recent) BIND working with DNSSEC. Lucas seems to be starting a series of ‘Mastery’ books, where he covers all the territory around a specific topic. This one, like his previous title, is exactly what it says. As long as you have some existing clue around zone files and DNS, the book will take you from no DNSSEC at all to fully implemented in less than 100 pages. (well, at least in the PDF version, but that gives you an idea of the size.)
Use it to learn, or use it as a quick reference – either way will work. If you have any DNS server(s) to manage, you’re the target audience. I expect DNS without these security extensions will go the way of telnet vs. ssh.
A book covering things like new encrypted hash zone record types is going to be a bit dry, but there’s an appropriate sprinkling of humor through the book. I’ve reviewed other Lucas books before, and I’ve got another on my plate right now, but this is the same: there’s plenty of funny to make the lessons go down easier.
I’m inexplicably short on links this week; I blame my schedule/the nice weather for much for much of the U.S./the class I’m teaching ending/my trip to TCAF for this. More Lazy Reading next week! Meanwhile, I have a book review coming up as an alternative.
Lots of links, not a lot of commentary, this week. Enjoy!
- What is your most productive shortcut with Vim? The first very extensive answer is actually all vi, not vim. (via)
- Found via previous link: vi / vim graphical cheat sheet.
- The site where that image site sells a vi emulator for Visual Studio/Word/Outlook. I can totally understand why you’d want that.
- Memory of a Broken Dimension, a game that starts as a command-line shell and breaks out into a 3D glitchy world. This is what Tron should have been. Mac/Windows only right now, unfortunately. (via)
- TCP Headers in Lego. (via)
- The History of ASCII art. (via)
- QWERTY, DVORAK, KALQ.
- “Hey, a dot out!“
Your unrelated link of the week: Baman Piderman. It’s a series of Youtube videos. Just… roll with it.
I’ve put the 3.4 release images up on terasaur, a Bittorrent seeding site. Please try pulling them and let me know how it goes. I haven’t torrented many things, so I am unsure how to even verbify “torrent’. Hopefully that sentence and those links work out.
If you’ve ever wondered about how you can resize/move a HAMMER filesystem, follow this thread for a variety of answers.