Someday you will need this – Page 12

2013/12/192013/12/20

Who’s for an OpenPF?

Things are very quiet this week; I’ve had nothing to post for some days – DragonFly or even for other BSDs. The end of the year has most people distracted, I think. This makes it a good time to bring up something that’s been bothering me: the state of software firewalls in BSD. The pf utility is a BSD advantage; I’ve heard people say “I used iptables on Linux and pf is a much better alternative.” I know that’s anecdotal, but there it is. Here’s the question, and the reason I’m writing this: which pf?

DragonFly has a version of pf equivalent to what was shipped in OpenBSD 4.4. FreeBSD has a version equivalent, I think, to OpenBSD ~~3.8~~ 4.5’s pf, and it has been further modified. NetBSD has a similar, older pf, but there’s people working on a NetBSD-specific version called npf, which isn’t yet ready. And of course, OpenBSD has its version of pf. If you feel good about these different alternatives, you call it divergence. If you don’t feel good about it, you call it fragmentation.

Compare this to OpenSSH – it works the same on each platform. There’s no confusion on how to configure it, or interoperability problems. It would be wonderful to have the equivalent for pf, where other BSD platforms would import a portable version. This software firewall is a strength, and it’s much easier to tout it when there’s only one.

I doubt there’s a way to bring it all back to one source tree. There’s a lot vested in the different forks out there. You know what would take a lot less effort: a compatibility test suite. Agreeing on a common syntax and set of functions would make life easier for every end user. It would incidentally make vendors a lot happier, too. Even if a user or vendor wasn’t hoping to move between BSD flavors, a test suite would still guarantee a certain known level of functionality for any BSD release.

How likely is this? I don’t know. But I want to bring up the notion before it gets missed. Now is a good time, with each pf version still being relatively close to one another.

Update/note: Henning Brauer is willing to help.

2013/12/12

Holiday shopping guide 2013

For those of you doing last-minute holiday shopping – like me: see previous years of gift links. There’s also a number of comics lists, book lists, and game guides. And of course, donations.

2013/12/11

A pkg fix for 3.4 upgraders

If you have a DragonFly 3.4 system that has already been switched over to dports, and you upgrade it to DragonFly 3.6, you might see an odd problem. Rebuild pkg, and it will work.

I’ve only seen a few reports, so I don’t know if this is even likely to happen to most upgraders.

2013/12/072013/12/04

In Other BSDs for 2013/12/07

Happy birthday to me!

Is Your Stack Protector Working? On Undeadly, so it’s OpenBSD.
ChaCha20 and Poly1305 in OpenSSH. (via)
The next PC-BSD 10.0 image is available.
Reid Linnemann is the latest in the Faces of FreeBSD series.
NetBSD has updated file.
FreeBSD’s iwn(4) driver has some updates (also in DragonFly).
FreeBSD now has casperd, for controlling access to out-of-sandbox capabilities.
FreeBSD’s oce(4) driver now supports 40Gb devices. (yay for manufacturer support)
FreeBSD has Hyper-V drivers.
OpenBSD’s ifconfig now shows the NWID, channel, and BSSID for IBSS networks.
OpenBSD has updated to pixman 0.32.4.
pkgsrc’s 2013Q4 freeze will start on the 16th.
How old is who? (Don’t tell me 900 years.)
There’s a broken builds list for pkgsrc-2013Q4 for anyone who wants to help.
Hacker News had a link to the FreeBSD version of the BSD Family Tree, which is not unique, but the comments led to some interesting links, like this story of an 8-year NetBSD uptime.
FreeBSDNews’s summary.
All the AsiaBSDCon 2013 videos. (Last week’s link was just OpenBSD ones.)
FreeBSD authentication against Samba 4 LDAP. I’m going to need this for the DragonFly machine I’m setting up in the same role at work… in my copious spare time.

2013/12/032013/12/04

Remember: manually clean up offline Hammer volumes

If you have a Hammer volume that is offline, meaning that you don’t have the pseudo-file-systems null-mounted anywhere, it won’t get cleaned up in overnight processing. You just have to manually specify it.

2013/12/02

Minimal installation notes

This post from Konrad Neuwirth asking how to do a minimal installation of DragonFly led to this list of all the ‘knobs’ you can set to make your installation smaller, from John Marino. (And your buildworld faster, if that’s appealing to you.) I also pointed at rconfig and PFI, which are criminally underdocumented.

2013/11/272013/11/25

DragonFly in KVM

If you’re planning to run DragonFly in KVM, remember this post from Matthew Dillon, giving the settings he uses. This will save you a bit of time.

2013/11/172013/11/15

Lazy Reading for 2013/11/17

It’s been snowing this week in the northeast US, which makes me happy.

Unix: sending signals to processes. Signals have always struck me as a somewhat byzantine messaging system that everyone uses for the equivalent of Ctrl-C.
Unix: Debugging your scripts. This will be useful if it’s not already familiar to you.
Compatibility is Hard. Contrary to popular belief, Microsoft Word documents are not backward or forward compatible, from release to release.
From that previous link: Why Microsoft Word Must Die. The worst problems to troubleshoot are when someone says “Word/Excel is acting funny”. There’s so many intermediate layers of software in those programs that it’s difficult to find the actual data and the actions being performed on it, much less troubleshoot any process.
SparkFun.com moved from MySQL/MariaDB to Postgres. I agree with the sentiments in the article, but I want to know the technical reasons that made Postgres the choice for scaling. (via)
Apple ][ DOS source code. I don’t have anything I can actually do with the source, but there’s a 1977 price list pictured in the the article that shows some interesting numbers: A 4Kb RAM system costs about $1300, and the prices just go up from there.

Your unrelated comics link of the week: the first four pages of Necropolis. This comic looks to be fun.

2013/11/112013/11/11

Book review: Sudo Mastery

If you’ve seen my previous two reviews of Michael W. Lucas’s ‘Mastery’ books – DNSSEC Mastery and SSH Mastery – then you can guess what this will be: his newest book, focusing on a single software topic. This time it’s sudo.

The one downside of reading this book: I now am aware I’m using sudo wrong. Perhaps not wrong, but not anywhere near its potential. Sudo – and I’m not the only person who has experienced this – is used as a “Let’s install sudo so we don’t have to tell anyone the root password”. Sudo works for that sort of thing, but there’s a lot more possibilities.

Sudo is designed to be deployable across multiple systems, as part of a security policy. It’s an easy way to create purpose-shaped roles with different users, especially with users that have specialized skills and tasks, like database maintenance.

Obviously I think better of sudo after reading the book; there’s a lot of program capabilities of which I was unaware, but it’s the book that sells them. Michael W. Lucas’s humor is on display again, to break up some very technical material. Here’s some bits, pulled out.

Remember that “syntactically valid” is not the same as “does what you want.”

Pressing Q tells visudo to break sudo until you log in as root and fix it. Do not press this button. You won’t like it.

Here I create the TAPEMONKEYS alias for the people who manage backups.

And if Carl tries to configure Oracle on the PostgreSQL server, senior sysadmin Thea needs to have sharp words with him. Probably involving a tire iron.

The book is in-depth enough to cover more complex topics like using sudo and Active Directory, and sudo as an intrusion detection tool, of all things.

The usual reasons to buy a Mastery book are all still there: it specifically mentions working on BSD systems instead of pretending Linux is the only system out there. It’s available through a DRM-free seller (Smashwords) in addition to Amazon. It’s a self-published effort, not shovelware. It’s available now as an ebook, and in physical form soon. Lucas talks about it on BSDNow 010, too.

I have one last nontechnical note. Since these Mastery books are working into a series, I’d like to see a whole printed run of visually matching books. Something with the equivalent of the O’Reilly animals or the Pelican or even Little Blue Books common look and feel.

The takeaway: You should be reading this book if you plan to use sudo in any sort of multiuser environment. It’s available as an e-book direct from the author, via Amazon, via Smashwords, and possibly Barnes & Noble at some point in the near future. Physical books are available, and you can buy both forms together, apparently.

And of course this sudo joke.

2013/11/102013/11/08

Lazy Reading for 2013/11/10

I spent this entire week saying things like “Wait, today’s Tuesday?” and “I thought this was Wednesday, not Thursday.”

Welcome to my GUI Gallery, a whole lot of different GUI screenshots. This mention of the “Salto” Alto emulator brought me there, and there’s some material I’ve never seen before. Also, there’s Bob. Not “Bob” the prophet, but Bob, the computer mistake. Speaking of problematic designs, see the Windows 8 page.
5 Cool UNIX Hacks. Sounds linkbaity, but it’s useful. I didn’t realize that CTRL-a is the non-destructive version of CTRL-u. (via)
This seems strange, but I never heard of PLATO, even though it seems to be the precursor to so much. (via)
“Goodbye Google“, in terms of switching to your own platform, seems to be a new trend.
arkOS, a similar idea.
Finding Files Your Way. I can never remember all the arguments to ‘find’.
Google has a Shell Style Guide. Which equates to a Bash Style Guide, but that’s OK. Shell scripts are sometimes considered the most disposable form of programming, so it’s good to see a full guide. (via)

Your unrelated animation of the week: late for meeting. A followup to going to the store, which I think I posted here years ago.

2013/11/022013/11/01

In Other BSDs for 2013/11/02

There’s a surprisingly large list this week.

FreeBSD has updated netmap.
FreeBSD supports VT-d DMAR hardware. Not totally sure what that is.
FreeBSD supports the RealTek RTL8168G, RTL8168GU, RTL8411B, and RTL8168EP.
FreeBSD updated byacc to version 20130925.
FreeBSD has binary packages again.
Managed Services using FreeBSD at NYI, a whitepaper.
NetBSD has imported OpenBSD’s support for ASIX AX88178a and AX88179 USB network interfaces, in the axen(4) driver.
NetBSD supports the Broadcom BCM56340 iProc based switch.
OpenBSD supports unattended installation. See Also on Undeadly.
OpenBSD has softraid booting documentation. Someone will find this useful, I’m sure.
OpenBSD 5.4 is released.
Inspecting Packets with OpenBSD and pf, the presentation from vBSDCon.
Lua in pkgsrc has been modified.
Ocaml in pkgsrc has been updated to 4.0.1.
The BSD Router Project has hit 1.5. (via)
PC-BSD 10 alpha images are available for testing.
PC-BSD is doing weekly updates, an idea I support, unsurprisingly.
No BSD systems in Google Code-In this year, darnit.

2013/09/152013/09/14

Lazy Reading for 2013/09/15

I think I’m finally catching up on the backlog.

Unix: Flexibly moving files with lftp. I usually copy and paste a shell script together.
BANCStar source code. In that sort of environment, there’s no good or bad code. It has moved beyond such considerations. (via)
The Lenna Story. About the 1972 Playboy centerfold image used to test image compression. I mentioned it once before in passing. (via)
If you find regular expressions difficult, putting another layer of expression on top doesn’t help. (via)
How not to check the validity of an email address. I had a similar experience at an old job in 1999, where a coworker set a site’s main page to get all news stories and then showed the 10 most recent. This started to really slow things down when we reached over 5,000 stories… (via)
Achieving Rapid Response Times in Large Online Services. A PDF of slides. (via)
It’s described as “the best programming fonts“, but it’s really the most popular monospaced typefaces. Who cares about correct language – it has visual examples. (via)
Phone keypads could have been very different. (via)
Sudo Mastery’s first draft is complete. You can buy it now and get updates as it gets polished.
Have yourself a keysigning party. GPG is complicated. I know there’s reasons, but still, this is the sort of thing that would be better with as little barrier to entry as possible.
The Internet, via Commodore64 and Neuromancer.

Your unrelated link of the week: The Alan Lomax recordings.

2013/09/012013/09/02

Lazy Reading for 2013/09/01

Another week of links completed early. And there’s a lot, so get clicking!

1BSD, the installation. Interesting to see the procedure and the tools used.
Over the Rainbow, polychromatic type from Microsoft. I don’t know if this is as exciting as they seem to think it is.
Do your own backups. Yeesh, what an unfortunate event. I’m fixing up my backups now, after my own troubles.
Operating System Development series. Dry but interesting. (via)
Windowing operating systems are too messy, too restrictive. From 1984. (via)
Home Automation via the Internet. For those who don’t want to deal with x10.
Chess implemented in Sed. No en passant? Sheesh, I was on board until that point. (I’m making a joke) (via)
Managing sshd in Ansible. Ansible’s getting more popular, it seems.
Remember that PDF compression/scanning error I mentioned a few weeks ago? Xerox has fixed it for their devices, and the patch is available. One of the ways to apply the patch is to print the file to a copier, via LPR/raw. Firmware updates via printing – that seems like a good and bad idea all at the same time.
JAVASCRIPT MESS. 45 different computers all emulated in Javascript. A Javascript Mac SE, for instance.
An XKCD cartoon slightly related to the previous link.
Learn to code. (via)

Your unrelated link of the week: The remix of this 1997 Kid’s Guide to the Internet – somewhat NSFW, and has all the best moments. More from EVERYTHING IS TERRIBLE.

2013/08/112013/08/10

Lazy Reading for 2013/08/11

Again, lots of links. Some of these are overflow from previous weeks where I just said “That’s enough; let’s work on the next Lazy Reading.”

Perl, the Detroit of scripting languages. The slides are entertaining, but it’s also interesting for the discussion of how to handle a very old code base and a community. (which are BSD issues too) (via)
Ruins of Forgotten Empires: APL languages. “APL uses one thread per CPU, which is how sane people do things.” (via)
Remember when we used mega- prefixes to measure disk and memory, and not bandwidth?
Ian Lance Taylor’s 20-part series on ELF linkers and linking. (via EFNet #dragonflybsd)
PDF compression formats. Incidentally, here’s an answer on the Xerox number alternation issue, where compression means one number gets misidentified and substituted for another. The Economist has a not-crazy take on it. It’s not a Xerox problem but rather a JBIG2 compression issue. I have a number of Xerox models at work and have not seen this issue, but also haven’t checked for it.
OSI, the Internet That Wasn’t. People only ever care about levels 1, 2, 3, and 7 in the OSI model. And this joke. (via)
The Toshiba Libretto. You can get more powerful, smaller computers now, but they’re cheap netbooks and totally uncool.
A crash course in tmux. (via)
Whatever room you keep your primary computer in – clean it, please.
Robots for destroying buildings. This is not some speculative article; these are robots you can buy right now. Screw the flying cars joke everyone makes; the future is now. (via)
How to shutdown computer under Linux? A rough summary of how Linux can be a moving target for actual usage.
Vim 7.4 out, mostly so there isn’t so many patches to apply.
Goto is making a comeback. (via Eric Radman)

Your unrelated link of the week: Mighty Taco radio ads. Mighty Taco is a Mexican fast food place from Buffalo, New York, USA. It’s about as authentically Mexican as fast food from a city on the edge of Canada can be, which is ‘not much’. I’ve always loved the food, though, and the commercials are just the right mix of amateur joke and commercial advertising.

Bonus unrelated: If you enjoy imgur/fukung but it’s not youtubey enough, hit ‘Random’ on IWantMoar.com a few times. You may want to turn down your volume.

2013/08/022013/07/31

Just kill everything

killall -T will now kill all processes associated with the current tty, except parents of the killall process itself. It’s a shortcut to “kill all these runaway items I started by accident”.

2013/07/212013/07/17

Lazy Reading for 2013/07/21

Last week was relatively light, but somehow this week I read a zillion interesting things. It’s been too dang hot to do much else, other than flop in a chair and point a fan at my head.

Chopping up CSV files. Tabular format will never die, and for good reason.
Reanimated: The story of Vampire: The Masquerade Bloodlines. I like this idea that someone can just keep working on a project long after the originating company disappeared, just to improve it for their own benefit – no mention of open source or even a plan for it. See also Oblivion Lost or Complete for some of my personal game fix/improvement modification favorites. (via)
I don’t think this systemd/Debian news is accurate in its reasoning, and they don’t say what’s going to happen with non-Linux Debian. However, it’s still crappy, any way you slice it. (via)
The paranoid #! Security Guide. Lots of details that won’t necessarily apply to your BSD system, but the descriptions of various attacks are neat. (via)
Another reminder of how easy it is to deal with a lot of text data at a Unix-ish command line. (via)
Those ssh password attempts are still going, and have been for a decade. (via)
Don’t care about the story, but I like the dragonfly illustration.
Linus Torvalds swears a lot. The problem is not ‘office politics’ as he sees it, but that if you swear all the time as the leader of a project, it becomes commonplace. Linus really has to really freak out for people to notice something new. There’s other issues, like how other people emulate the behavior, but I’m pointing out the ‘verbal base sweariness’ of a project affects the entire tone.
Quine Relay, where programming languages write each other. The Ouroboros illustration is appropriate. (via many places)
History of emacs and vi keys. I like how this shows that the command styles in both editors was shaped by the available hardware. (via)
Fear and Loathing in Debian^H^H^H^H^H^H/Ubuntu (or: who needs /etc/motd). A wonderful rant about the creeping complication of operating systems. Let’s place bets on when people start complaining about Linux bloat. (via luxh on EFNet #dragonflybsd)

Your unrelated link of the week: Bones Don’t Lie. An anthropologist who blogs about various discoveries of human remains. I really enjoy blogs where someone is talking about a subject they care about – not to sell a product, not to be paid (directly), but just because they like the topic and they want to share it with others. Of course I would think that, wouldn’t I?

2013/06/182013/06/20

Avoiding non-routeable IPs

It’s possible your Internet service provider uses a non-routeable IP range (like 10.*) and occasionally your border device picks that up via DHCP by accident instead of an Internet address. If that happens to you, and you’re using DragonFly as your border gateway, it’s possible to prevent it with PF dhclient.

2013/06/172013/06/17

Another tip: cleaning up a really, really full Hammer drive

If you get your Hammer drive really full, a normal cleanup won’t make enough space. When that happen, use ‘hammer reblock’ in increasing increments. That works because it does cleanup in much smaller steps.

2013/06/17

An X tip on terminal switching

Switching terminals in X with ctrl-alt-Fx requires a not-on-by-default option. This could catch anyone used to the old behavior, so I might be doing you a favor by mentioning it.

2013/06/152013/06/17

PRISM, privacy, and what you make yourself

If you’ve been reading the Digest for a while, you’ve seen me talk about the value of hosting or running your own services. It’s not too much of a surprise in my case; if you are working on an open-source operating system, you want to run it. It’s good to get the experience, and you can run programs the way you want, instead of picking from whatever vendors happen to sell you.

The PRISM disclosure, which I am going to assume everyone is familiar with at this point, is another facet. Every time you use another company for your email, your entertainment, your software, and so on, their information on you can be accessed. This isn’t a problem that can be fixed by going from one webmail provider to another. You can shop around, but notice that the author in that link effectively throws his or her hands in the air and says, “there’s no way out” by the end of the article. This is because corporations work as collecting agents for the government, even if they don’t plan to do so.

That sounds drastic, but there’s legal frameworks in every country for governments to require companies to give up data on any person, on request. It happens. I’ve seen it myself; I worked for Time Warner for several years, tracking down cable modem user information and handing it over as compelled by law. I know the lawyers at TW Corporate didn’t like doing it, but they didn’t have a choice. (I have some horrifying stories about what people would do to themselves and each other.)

Companies are increasingly working to create services to sell, not products to buy. A service never stops being consumed, so it forms an ongoing revenue stream. I’m not saying this is bad; I firmly believe that a financial incentive to be paid improves services. However, as only a consumer, you can end up not owning what you use. Other people have pointed this out, and I don’t want to sound like a frothing crazy person… but it is relevant, though not necessarily as catastrophic as some people pronounce.

What I’m working towards here is a reminder that you should run your own software, and running it on DragonFly is the best way. (Or some other operating system, I guess. If you have to.) Instead of trying to figure out what the least-bad commercial option can be, run it yourself. Good for privacy, good for learning. I know that’s not an option for everyone; fighting with Sendmail (for instance) is not an activity that many people pick voluntarily. But, if you’ve been thinking of setting up a replacement for Google Reader, or hosting your own mail, or own blog, etc… there’s never a better time than now.

(Follow all those links for some good information; consider it an early Lazy Reading post)