The other bit is that, having just released an Absolute OpenBSD update, his Absolute FreeBSD book will not see an update… until the FreeBSD installer gets more coherent.

(If you manage DNS in any fashion, buy DNSSEC Mastery.)

First, the background: If you’re not familiar with the acronym, it’s a method of securing DNS information so that you can trust that domain name information is actually from the machine that’s supposed to provide it.  DNS information is basic to Internet operation, but it traditionally has been provided without any mechanisms to deal with misinformation or malicious use.  This seems to happen with protocols that have been around for many years, as any mail administrator can tell you…

In any case, ‘DNS poisoning’ (or as Wikipedia calls it, ‘DNS Spoofing‘) attacks such a basic part of how the Internet works that it will completely bypass any security methods that assume name information is correct.  DNSSEC is a way to deal with that.  It introduces public-key encryption into the process of sharing and updating DNS information.  The idea has been around for a while, but it’s only been completely implemented recently.

DNSSEC Mastery goes over this history, and through the setup required to get (recent) BIND working with DNSSEC.  Lucas seems to be starting a series of ‘Mastery’ books, where he covers all the territory around a specific topic.  This one, like his previous title, is exactly what it says.  As long as you have some existing clue around zone files and DNS, the book will take you from no DNSSEC at all to fully implemented in less than 100 pages.  (well, at least in the PDF version, but that gives you an idea of the size.)

Use it to learn, or use it as a quick reference – either way will work.  If you have any DNS server(s) to manage, you’re the target audience.  I expect DNS without these security extensions will go the way of telnet vs. ssh.

A book covering things like new encrypted hash zone record types is going to be a bit dry, but there’s an appropriate sprinkling of humor through the book.  I’ve reviewed other Lucas books before, and I’ve got another on my plate right now, but this is the same: there’s plenty of funny to make the lessons go down easier.

DNSSEC Mastery: Securing the Domain Name System with BIND is available on Amazon, Barnes & Noble, Smashwords, and his self-publishing site.  Also see Peter N. M. Hansteen’s review of the book.

• Here’s a good coincidence: I already had a link to post from Ycombinator about the rather scary Ken Thompson compiler hack.  Note that the Ycombinator answers are generally, “Nah, this hack is extremely unlikely to happen.”  Except Christian Neukirchen happened to note separately that this really happened as recently as 2009, with Delphi.
• This poster doesn’t understand that “removing the license” is not a legitimate use of BSD-licensed code.
• That crazy anti-BSD ranter on phoronix is getting a fan club – just what every troll desires, unfortunately.
• OpenBSD is actually looking at paring down ports, which makes sense when you read why.
• LearnYouAHaskell.com – a free tutorial on the programming language Haskell.  It’s entertainingly written.  (via EFNet #dragonflybsd)
• Javascript is the new Perl.  I can see that. (via)
• Courier Prime, a new version of the ‘traditional’ Courier monospace font.  (via)  Reading about Courier Prime to the end leads to a mention of Inconsolata as a good ‘coding’ font.  Anyone tried it?  Sans-serif monospace fonts are the most subtle way you can make your xterm look modern, I think.  Update: Thomas Klausner just added courier-prime to pkgsrc, so you can try it now.  Inconsolata is already there.
• Who hasn’t thought about doing this with the computers in their house, really?
• “Storyboard was born of my insane desire to consume videos without actually having to watch them.“
• A modem from the 1960s, communicating.  I’d like this even if it didn’t work; the box is nice.  I remember watching text scroll on screen like that with a 1200-baud unit.  (via aggelos on EFNet #dragonflybsd)
• Related to that: The sound of the dialup, pictured.  (via)

Your unrelated link of the week: MeTube: August sings Carmen ‘Habanera’.  Might be NSFW, probably will make you mildly confused or uncomfortable.  Here’s the ‘making of’ video which is all in German, I think.  If that’s too much, try a recent Cyriak-animated video.  I never thought I’d recommend a Cyriak video as the less disturbing thing to watch.

This is a familiar concept for software, where early purchasers get access to a ‘beta’ version of software for testing…  It’ll be interesting to see how it works for a book.

• This is a good thing.
• This is a (description of) a bad thing.  (via)
• Linux is becoming the opposite of UNIX.  (via makx on EFNet #dragonflybsd)
• Found via the previous article: “It’s a UNIX system.  I know this.“
• Arch/FreeBSD.  This mixing is still weird.  Don’t take this stuff seriously, yet.  (via)
• Gygax Magazine, a reinvention of gaming magazines that no longer exist.  It’ll apparently include What’s New with Phil and Dixie, from the original Dragon magazine.
• What does the middle initial “B” stand for in “Benoit B. Mandlebrot”?  Benoit B. Mandelbrot.
• So that’s where Markov chains came from.
• The first computer image of a person, and of course it’s porn.  (via)
• Hey, that’s my haiku!

Your unrelated comics link of the week: Kyle Baker comics, available as PDFs for free.  Go, read.

If you look at his announcement, there’s a link to something else: vendor-free SSL certificates.  These are possible?  That’s one of those things I didn’t even realize I wanted; having to deal with a certification authority is annoying.

It’s a very straightforward book.  The introduction opens with a promise not to waste space showing how to compile OpenSSH in text.  Chapter 2 ends with the sentence, “Now that you understand how SSH encryption works, leave the encryption settings alone.”  This stripping-down of the usual tech-book explanations gives it the immediacy of extended documentation on the Internet.  Not the multipage how-to articles used as vehicles for advertising, but an in-depth presentation from someone who used OpenSSH to do a number of things, and paid attention while doing it.

It’s a fun read, and there’s a good chance it covers an aspect of SSH that you didn’t know.  In my case, it’s the ability to attach a command to a public key used for login.  It even covers complex-but-oh-so-useful VPN setups via SSH.

If you’re looking for philosophical reasons to buy it, how about the lack of DRM?

The physical version is not available yet, but the electronic version is available at Amazon (Kindle), Barnes & Noble (Nook), or from Smashwords (every other format ever, including .txt).  The Smashwords variety of formats means that you’ll be able to read it on your phone, one way or another; I’d like to see more books that way in the future.

I read it despite my knee-jerk reaction, and I didn’t need to reject it so suddenly.  Almost all of the book will apply to any Unix-like system.

My first real experience with something that wasn’t Windows or a Mac was at a summer job during college, sitting in front of a SparcStation 5 editing files and processing data for real estate.  Much of my muscle memory about vi and file manipulation dates from then.  This book, even though it’s technically for a different operating system, would have been just what I needed.  There’s no system administration in the book, just making your way around a filesystem and the tools you need to get results.  It’s the kind of skills I think people lose out on when they boot to a graphical interface in Ubuntu, for example, and then never experience these tools.

Negatives: a few areas won’t be of use to most BSD users, like the section on packaging, or the bash-centric instructions in the shell programming area.  There’s the occasional off comment, like that OpenSSH originates from “the BSD project”.  There’s surprisingly little of this however, and I had to think a bit to write this negative paragraph.

Positives:  The book puts the proper focus on some complex but rewarding aspects of command line use, like using vi (alright, vim) and understanding regular expressions.  Much of what it covers is the same material I’ve learned to use over time, and explained to others.

There’s clearly two areas to the book; the first half is about using the command line to accomplish work, and the second is about shell programming.  Making it at least through the first half will result in being able to work at a prompt with little issue, with the shell programming a nice bonus.  It’s not the normal mix of admin tasks and introductory text; it’s about working at the command line.  I imagine giving it to new software testers in a lab, or to a Windows user that has to deal with the occasional unfamiliar environment.  There isn’t an equivalent BSD-centric book like this, so it wouldn’t hurt a BSD user, either.

It’s available now at the No Starch website.

No Starch Press, the company that published all the books linked in the previous paragraph, asked if I’d read/review another book from them. This would be Practical Packet Analysis, 2nd edition.  (Review continues after the break…)

The reason: If you’ve been reading the Digest for some time, you may have noticed several trends: a liking for roguelikes, a preference for graphs, and hints that you should understand tcpdump.  Being able to tell what’s happening on the network, as it happens, is a powerful tool.

The book: Another way to describe the book is “Here’s how Wireshark works.”  It dives right in to network setup and the various parts of Wireshark.  This makes for relatively dry reading at first – book descriptions of menu options is never as fun as actually clicking on the menus and getting results.

If you aren’t immediately familiar with the OSI network model, the book includes material on the lower layers of that model.  It also talks about a number of real world scenarios – specifically on identifying speed issues and security monitoring.

As with most technical books, it works in part as narrative and in part as reference.  There’s enough background material and procedure to get a relative newcomer started.  The book also has enough detail that it’s worth coming back later to explore a new feature, or see how to solve a new problem.

My advice is to skim the book to get an idea of how Wireshark works, and then fire up Wireshark so you can see the actual live results.  Then, go running back to the book to find out what it all means.  The content matter is dry, but reading the text with a copy of Wireshark running will smooth out the process.  I’d half-expect exercises at the end of every chapter to reinforce the steps being taken, though nobody ever voluntarily writes out homework.  (I’m sure this will get a comment from someone about how much they enjoy solving random math puzzles.   Good for you.)

This book is an excellent tool for any system administrator to gain useful troubleshooting skills.  Those skills will look magical to anyone not familiar with the lower levels of how a network works.

The anecdote: Here is where I back up those statements on how important it is to use these network tools.  Some years ago, I worked for the largest (though now defunct) power line networking service provider in the US.  We had a Dell-manufactured home router device which just couldn’t acquire an IP address via DHCP on that power line network, but it worked anywhere else.

I was able to solve the problem by using Wireshark to watch the actual DHCP transaction.  The router was receiving two DHCP ACK messages from the same device, which completely confused it.  There was no way to identify this problem without looking directly at the activity on the wires (and reading RFC2131).  It made me look heroic, which is a nice break from the usual.

Back to DragonFly: Wireshark is available as net/wireshark in pkgsrc.  The later chapters on traffic types and common problems will be helpful in any case, even when the only tool handy is tcpdump.  There’s a lot of overlap between the filtering expressions used in tcpdump and the ones in Wireshark, and the capture files are interchangeable.

Disclaimer: I didn’t get anything except a copy of the book.  So, I’m either unbiased, or a horrible negotiator.

You can buy paper and electronic versions of the book.

(more after the jump…)

The background: Michael Lucas also wrote Absolute FreeBSD and Absolute OpenBSD.  I’ve read the former and enjoyed it.  He also wrote a Big Scary Daemons column for some years on O’Reilly’s site; the articles are still available though it stopped in 2006.  These have been linked here before.

The result of this is a pleasing acknowledgement of Unix-like operating systems (i.e. BSD) in the book, which is different than the “If it’s not Windows, it must be Linux – using Bash” common in most tech books.

The book: I had initially expected to read a sort of agglomeration of tips; tools like Cacti or Munin for monitoring hardware; Wireshark or tcpdump for monitoring traffic, and so on.  Instead, it goes very specifically into Netflow.  Producing Netflow data, saving it, and making sense of it are the majority of the book.

People administering any sort of larger network, usually as part of the day job, are the target audience.  Netflow appears to be supported by many network equipment vendors, and software tools exist to read it on *BSD.

(For the uninitiated, Netflow tracks network activity in terms of protocol, port, and so on – everything short of the actual data.  It can describe what was happening at any point in time between hosts on a tracked network.)

As described in the book, it’s useful for both tracking down active issues and for analyzing the health of a network that otherwise could be hidden by averaged graphs, or seen only by direct reads at the problem site.  The book covers the protocol and various tools involved with it, and branches off into other related topics, like the use of gnuplot to create ad-hoc representations.

The reading: The book is enjoyable, with a touch of a conspiratorial Bastard Operator From Hell-like attitude between the author and the reader.  It’s a directed narrative going through install, analysis, and reporting, different enough from a man page review that there’s value in proceeding from chapter to chapter.  There’s also enough detail in the center of the book that it can serve as a reference source for Netflow collector setup.

It was valuable enough that I found myself planning ways to implement this at my workplace.  Remarkable, considering how dry network analysis can be.

It can be purchased now from No Starch Press.