BSD – Page 73 – DragonFly BSD Digest

2013/11/112013/11/11

Book review: Sudo Mastery

If you’ve seen my previous two reviews of Michael W. Lucas’s ‘Mastery’ books – DNSSEC Mastery and SSH Mastery – then you can guess what this will be: his newest book, focusing on a single software topic. This time it’s sudo.

The one downside of reading this book: I now am aware I’m using sudo wrong. Perhaps not wrong, but not anywhere near its potential. Sudo – and I’m not the only person who has experienced this – is used as a “Let’s install sudo so we don’t have to tell anyone the root password”. Sudo works for that sort of thing, but there’s a lot more possibilities.

Sudo is designed to be deployable across multiple systems, as part of a security policy. It’s an easy way to create purpose-shaped roles with different users, especially with users that have specialized skills and tasks, like database maintenance.

Obviously I think better of sudo after reading the book; there’s a lot of program capabilities of which I was unaware, but it’s the book that sells them. Michael W. Lucas’s humor is on display again, to break up some very technical material. Here’s some bits, pulled out.

Remember that “syntactically valid” is not the same as “does what you want.”

Pressing Q tells visudo to break sudo until you log in as root and fix it. Do not press this button. You won’t like it.

Here I create the TAPEMONKEYS alias for the people who manage backups.

And if Carl tries to configure Oracle on the PostgreSQL server, senior sysadmin Thea needs to have sharp words with him. Probably involving a tire iron.

The book is in-depth enough to cover more complex topics like using sudo and Active Directory, and sudo as an intrusion detection tool, of all things.

The usual reasons to buy a Mastery book are all still there: it specifically mentions working on BSD systems instead of pretending Linux is the only system out there. It’s available through a DRM-free seller (Smashwords) in addition to Amazon. It’s a self-published effort, not shovelware. It’s available now as an ebook, and in physical form soon. Lucas talks about it on BSDNow 010, too.

I have one last nontechnical note. Since these Mastery books are working into a series, I’d like to see a whole printed run of visually matching books. Something with the equivalent of the O’Reilly animals or the Pelican or even Little Blue Books common look and feel.

The takeaway: You should be reading this book if you plan to use sudo in any sort of multiuser environment. It’s available as an e-book direct from the author, via Amazon, via Smashwords, and possibly Barnes & Noble at some point in the near future. Physical books are available, and you can buy both forms together, apparently.

And of course this sudo joke.

2013/11/092013/11/08

In Other BSDs for 2013/11/09

Not sure why, but there wasn’t a lot of things this week to pick out.

A short discussion of Perfect Forward Secrecy on pkgsrc-users.
PC-BSD apparently (used to) play a movie on first boot.
FreeBSD now has a ‘mini-memstick‘ install option. (a later messages says ~200M in size.)
FreeBSD has updated aacraid.
OpenBSD supports the RTS5229 card reader in rtsx(4).
OpenBSD has updated OpenSSH, and NetBSD has updated. (DragonFly has a fix for the underlying problem.)
OpenBSD has FUSE support.

2013/11/06

BSDNow 10: Year of the BSD Desktop

The 10th BSDNow episode is out, with the ambitious title, “Year of the BSD Desktop”. As you can guess from the title, a PC-BSD desktop gets set up as part of the episode, and as you might not guess from the title, they interview Michael W. Lucas.

2013/11/022013/11/01

In Other BSDs for 2013/11/02

There’s a surprisingly large list this week.

FreeBSD has updated netmap.
FreeBSD supports VT-d DMAR hardware. Not totally sure what that is.
FreeBSD supports the RealTek RTL8168G, RTL8168GU, RTL8411B, and RTL8168EP.
FreeBSD updated byacc to version 20130925.
FreeBSD has binary packages again.
Managed Services using FreeBSD at NYI, a whitepaper.
NetBSD has imported OpenBSD’s support for ASIX AX88178a and AX88179 USB network interfaces, in the axen(4) driver.
NetBSD supports the Broadcom BCM56340 iProc based switch.
OpenBSD supports unattended installation. See Also on Undeadly.
OpenBSD has softraid booting documentation. Someone will find this useful, I’m sure.
OpenBSD 5.4 is released.
Inspecting Packets with OpenBSD and pf, the presentation from vBSDCon.
Lua in pkgsrc has been modified.
Ocaml in pkgsrc has been updated to 4.0.1.
The BSD Router Project has hit 1.5. (via)
PC-BSD 10 alpha images are available for testing.
PC-BSD is doing weekly updates, an idea I support, unsurprisingly.
No BSD systems in Google Code-In this year, darnit.

2013/11/01

BSDTalk 233: David Chisnall

BSDTalk 233 plays David Chisnall’s hour of presentation from vBSDCon 2013 about moving from gcc to llvm/clang.

2013/11/012013/11/01

BSDNow 9: Current Events

BSDNow 9 is up and it’s all Current Events, going by the title. I’d describe it better but I haven’t even had a chance to watch it yet.

2013/10/292013/10/28

BSDNow: A Brief Intorduction

BSDNow has Episode 8 out, containing an interview with Antti Kantee, a number of BSD news items (including some I missed entirely), and if you couldn’t tell from the purposefully misspelled title, a conversation about Tor and BSD.

2013/10/262013/10/25

In Other BSDs for 2013/10/26

Once again, doing this at the last minute:

FreeBSD supports the FreeScale Fast Ethernet controller on a number of SoC systems.
FreeBSD’s jemalloc has been updated to 3.4.1.
FreeBSD has initial support for the RealTek RTL8106E PCIe Fast Ethernet chipset.
FreeBSD has significant changes to the CAM subsystem.
FreeBSD has initial support for the Rockchip RK3188 SoC.
FreeBSD has an updated oce(4) driver, directly supported by Emulex, the vendor. (always nice to see vendor support.)
FreeBSD now has a /usr/tests.
There’s some NetBSD in your Mercedes.
the safety of the internet is called into doubt
OpenBSD supports the cubieboard and other allwinner devices.
OpenBSD supports the XBox controller.
A few packages are being retired from pkgsrc because of lack of DESTDIR support.

2013/10/192013/10/18

In Other BSDs for 2013/10/19

I am doing this one at the last minute. I had all the articles noted, but normally I build this post over the course of the week.

FreeBSD has added the atse(4) network driver.
FreeBSD has added iw_cxgbe, for Chelsio T4/T5 chips.
FreeBSD has added (initial, minimal) AR9340 switch SoC support.
PC-BSD has an interesting install-to-SSD option that disables atime and swap.
NetBSD now has a Lua device driver to access.
NetBSD has added Apple’s libunwind.
NetBSD has added several different iic sensors from OpenBSD.
OpenBSD has added vxlan(4), a virtual LAN setup. (Layer 2 traffic over layer 3)
“Vendor said so” is a reasonable excuse.
OpenBSD has an altq replacement.

2013/10/18

BSDNow 7: Go directly to jail(8)

BSDNow episode 7 is out, with jails as a feature among a number of topics.

2013/10/18

BSD Magazine for October out

The October episode of BSD Magazine is out. I haven’t seen it in their RSS feed yet (is it running?), but noticed it here.

2013/10/142013/10/13

BSDNow 6 out

I’m a bit slow in posting this, but: BSDNow episode 6 is out. Theo de Raadt is interviewed, and a lot of other topics (including DragonFly) are visited. The page listing shows all the areas covered, plus the embedded video itself.

2013/10/122013/10/11

In Other BSDs for 2013/10/12

I got some PC-BSD items this week, too.

Open Source Snapshot: GhostBSD.
(Free)BSD and Dropbox.
FreeBSD finally dumped rcs.
FreeBSD’s igb(4) driver is updated to 2.4.0.
FreeBSD’s binutils now has “sup port for assembling and disassembling Intel Random Number Generator extensions“.
You can now use ‘athsurvey’ on AR5212 chipset ath(4) devices in FreeBSD.
FreeBSD branched version 11.
FreeBSD has changes contributed by… Microsoft?
PC-BSD has added a GUI version of their Life Preserver application.
PC-BSD has a new ‘pc-zmanager’ program for managing ZFS and disks.
PC-BSD has branched version 10, I think.
NetBSD runs on the iMX233/OLinuXino.
OpenBSD replaced rc4 with ChaCha20. No, I’m not sure what that means. (via)
OpenBSD now has the vmwpvs(4) driver, for VMWare paravirtualized SCSI.
OpenBSD has imported Mesa 9.2.1 and Freetype 2.5.0.1.
OpenBSD supports the AM335x EDMA3 controller.
OpenBSD supports the RTL8106E and RTL8168G/8111G networking chipsets.
Diffe-Hellman key size increased in OpenBSD. It’s from NIST Special Publication 800-57, which is unavailable as of this typing because of the stupid U.S. government shutdown.

2013/10/08

AsiaBSDCon 2014 announced

Hiroki Sato posted to the users@ list about AsiaBSDCon 2014. It’s happening the 13th to 16th of March in 2014. Material from 2013’s convention should be going up soon, and the Call for Papers is already out.

2013/10/082013/10/08

BSDTalk 232: Thomas Cort

BSDTalk 232 is 15 minutes of conversation with Thomas Cort about “Minix, NetBSD, and Summer of Code”.

2013/10/072013/10/08

Here, there, everywhere for mdocml

Franco Fichtner recently received commit rights for DragonFly. This is so he could import mdocml, a OpenBSD-originating replacement for groff and man page display. Mdocml has been mentioned before on the Digest, and there’s a downloadable book. (See the more-interesting-than-it-sounds History of UNIX Manpages there too, but I digress.)

One advantage of using mdocml, as I understand it, is that groff is no longer required to view man pages. The only thing left in DragonFly that required a C++ compiler was groff. So, rebuilding could be a bit faster, and a bit less complicated.

Here’s the part that makes me happy: Changes made in DragonFly promptly made it back into NetBSD’s mdocml. Other changes rolled from DragonFly back into OpenBSD, too, and mdocml is in FreeBSD 10, though I don’t have a src change to point at right now. It all circled back around to DragonFly, too. It’s really neat to have a BSD-grown cross-BSD product.

(Incidentally, if you have a Thinkpad and keyboard issues, Franco has a patch for you to try.)

2013/10/052013/10/04

In Other BSDs for 2013/10/05

Less straight source links this week.

FreeBSD 9.2 is out.
FreeBSD no longer has GNU ar or GNU ranlib, or BIND.
FreeBSD has an Open Fabrics Enterprise Distribution update. (OFED info) (helps DragonFly)
NetBSD has initial support for the OMAP1-183 board.
NetBSD has updated terminfo to 20130607.
NetBSD has imported FreeBSD’s new implementation of NFS – does not run yet.
NetBSD 6.1.2 and 6.0.3 are out.
The pkgsrc-2013Q3 freeze is over, and here’s the branch announcement.
There’s some discussion of long-term support in pkgsrc, an idea I like.
EuroBSDCon 2013 presentations for OpenBSD are online.
OpenBSD now has a built-in snmp client. Undeadly has a description.
OpenBSD now has ntpctl(8), for querying ntpd.
There’s a new MaheshaBSD video on YouTube. (it’s a custom FreeBSD setup, though DragonFly versions exist too.)

Related to DragonFly: Patrick Welche updated glib2 in pkgsrc, and is interested in hearing how it works for DragonFly users. If you have pkgsrc on your system and it’s not a quarterly release, try building t.

2013/10/042013/10/04

vBSDCon: register soon!

There’s 30 days left to register for vBSDCon… except that 30 day mark was a week ago, but I didn’t get it posted. So now there’s 19 days. If you were thinking of going, go for it. This is I think the only east coast BSD convention in the US other than NYCBSDCon.

2013/10/03

BSDNow: Stacks of Cache

The BSDNow video series put out another episode already: Stacks of Cache. I didn’t realize this before, but they broadcast their episodes live as they are done on Wednesdays at 18:00 UTC.

2013/09/302013/11/22

NYCBUG meetup Wednesday

If you’re around New York City on Wednesday, Boris Kochergin will be giving a talk at the NYCBUG meeting about how he and his employer, New York Internet, managed to be in the middle of Hurricane Sandy and survive without interruption.

That same announcement lets drop the news that NYCBSDCon will happen next February ~~1st~~ 8th.