It seems pkg 1.3.6 was slightly scrambled. If you happen to have built and installed it, John Marino has special instructions on how to update to 1.3.7. If you are on DragonFly 3.8, you can follow those instructions now, and if you are on 3.9, that repo should be ready for an update in the next few days.
Category: Someday you will need this
You should perform a full world and kernel install if on master.
Several people (including me) have been getting bit by a problem: when performing an installworld with a changed kernel, the vn kernel module is loaded, but it was built by the previous kernel and may cause problems when it doesn’t match up.
To fix that, vn is now built in, instead of being a separate module. The rescue initrd (which is what is being mounted when it has this problem) is now installed via a ‘make rescue‘ command that can wait until a successful installworld and reboot.
If you have a DragonFly system with an iwn wireless chipset, and you are having trouble connecting and running in the 5Ghz part of the spectrum only, here’s a tip: the -ht switch may fix it.
While Matthew Dillon was testing the new up-to-256-processor support for DragonFly, he added a few sysctls, one of which helps qemu performance when emulating a lot of processors. I note it here in case it’s helpful to someone else.
A note for everyone: use Hammer default on a very busy filesystem, and you will eat a lot of disk space since all file changes are recorded. (I’ve done this to myself a few times.) Francois Tigeot has a list of tips on how to keep that from happening.
O’Reilly is running a 50% off special on a variety of books on electronics, with coupon code WKECTRC. I’m posting it now because it only lasts for this week.
Update: another offer just popped up in my email – 50% off various “web performance and operations” books with the code CFVLTY4.
If you’re building ports, it will treat OpenSSL as a dependency and bring in whatever version is available. If perhaps you want to use the version of OpenSSL installed as part of your base system, Robin Hahling has the answer for how. (This probably works on FreeBSD too.)
Remember the joke I and probably a zillion others made about OpenOpenSSL? It’s happening, except it’s called LibreSSL. (thanks, Tomáš Bodžár)
If you noticed the lack of a GUI DVD image for the 3.6 release of DragonFly, I posted a followup note on the users@ list that talks about the steps to get X installed. It’s not much work, with pkg set up.
There’s been periodic commits updating the USB4BSD support in DragonFly; I haven’t been linking to them because they are generally incremental. However, it’s good to (re?)mention just how you can build DragonFly with that new USB support.
Recent updates to tzcode apparently fixed a long-standing time zone bug in DragonFly. POSIX says the America/New_York timezone is picked as default if nothing else has been selected. That didn’t happen in DragonFly – until recently. If your timezone seemed to suddenly jump to U.S. Eastern time, that’s because you never picked before.
I didn’t post this before, and should have: Matthew Dillon posted a summary of all the trackpad improvements he added, and how to make use of the various features.
There’s a lot this week, so let’s get started:
Unix: 14 things to do or stop doing in 2014. These tips are actually useful and contain no buzzwords.
TrewGrip, another item in my quest for interesting keyboards I don’t use.
4043 bytes to recreate a mid-80s IBM PC. There are less bytes of data in the program than there were transistors in the CPU that it emulates. It can run MS Flight Simulator. It was for the International Obfuscated C Code Contest, which should surprise you not at all. (via)
The World’s Most Pimped-Out ZX81. I don’t think it can run Doom, though.
Technology used to suck even when it was cutting-edge, and we’ll still feel that way in the future. (via)
Able to be turn on, and that is it. Sci-fi movies ignore where technology comes from.
True Nuke Puke Story. My mine coworkers once did something similar to a copier repairman; got him so worried about going underground that he had a panic attack when he had to step on the hoist. We had to get a new repairman.
If you want to track the bleeding edge of DragonFly, which is currently version 3.7, I happened to describe it in a reply to Filippo Moretti, on users@. Long-time users will know this/do this already, but it’s worth repeating just because new users may not realize how easy it is.
Here’s how my upgrade from DragonFly 3.4 to 3.6 for this server went.
The system install went normally. I rebooted before performing ‘make upgrade’, as noted in UPGRADING and elsewhere.
I already have dports installed, so a binary upgrade should be possible. I had heard of people with older version of pkg, having trouble getting it to notice upgrades. I rebuilt pkg, and ran ‘pkg upgrade’. A number of the updates coredumped. Here’s one example:
[156/160] Upgrading gtk2 from 2.24.19 to 2.24.19_2...Segmentation fault (core dumped)
After the upgrade, I had two problems: PHP wasn’t working for the website, and some programs would segfault.
The random segfault was fixable by forcing a binary upgrade of all packages. Since there were some programs on the system that were still new enough that the version number was the same as on the remote repository, pkg didn’t upgrade them. Those packages were linked against old versions of system libraries that predated the locale changes in DragonFly 3.6, so they’d crash. Forcing the update for all packages fixed the issue.
The other problem, PHP on the web server, is not new to me. The binary package for PHP does not include the module for Apache. The solution is to build from source with that option selected. I understand that pkg is destined to support (some?) port options in the future. There’s also an immediate workaround for locking it.
However, the port would not build because of a security issue. The binary package installed without any warning. This, I am told, will change to pkg giving you the option to install if you are aware of the security problem, and whether it really affects you. (which is just what I want, yay!)
Anyway, other than the system changes biting me because I didn’t realize some packages weren’t updated, it went very quickly. That is the reason for binary updates through pkg, or at least a major one.
Still quiet out there, but I found some good reading.
Another Perl One-Liners review.
Vim plugins you should know about. From that One-Liners author.
Speaking of Perl, here’s a Larry Wall interview. An old-school hacker – he wrote patch, too.
Moonpig: a billing system that doesn’t suck. An in-depth review of system design. More Perl, too.
Three Books You Should Read… Mostly BSD content.
Your unrelated comics link of the week: Cookie Puss.
Things are very quiet this week; I’ve had nothing to post for some days – DragonFly or even for other BSDs. The end of the year has most people distracted, I think. This makes it a good time to bring up something that’s been bothering me: the state of software firewalls in BSD. The pf utility is a BSD advantage; I’ve heard people say “I used iptables on Linux and pf is a much better alternative.” I know that’s anecdotal, but there it is. Here’s the question, and the reason I’m writing this: which pf?
DragonFly has a version of pf equivalent to what was shipped in OpenBSD 4.4. FreeBSD has a version equivalent, I think, to OpenBSD
3.8 4.5′s pf, and it has been further modified. NetBSD has a similar, older pf, but there’s people working on a NetBSD-specific version called npf, which isn’t yet ready. And of course, OpenBSD has its version of pf. If you feel good about these different alternatives, you call it divergence. If you don’t feel good about it, you call it fragmentation.
Compare this to OpenSSH – it works the same on each platform. There’s no confusion on how to configure it, or interoperability problems. It would be wonderful to have the equivalent for pf, where other BSD platforms would import a portable version. This software firewall is a strength, and it’s much easier to tout it when there’s only one.
I doubt there’s a way to bring it all back to one source tree. There’s a lot vested in the different forks out there. You know what would take a lot less effort: a compatibility test suite. Agreeing on a common syntax and set of functions would make life easier for every end user. It would incidentally make vendors a lot happier, too. Even if a user or vendor wasn’t hoping to move between BSD flavors, a test suite would still guarantee a certain known level of functionality for any BSD release.
How likely is this? I don’t know. But I want to bring up the notion before it gets missed. Now is a good time, with each pf version still being relatively close to one another.
Update/note: Henning Brauer is willing to help.
Happy birthday to me!
- Is Your Stack Protector Working? On Undeadly, so it’s OpenBSD.
- ChaCha20 and Poly1305 in OpenSSH. (via)
- The next PC-BSD 10.0 image is available.
- Reid Linnemann is the latest in the Faces of FreeBSD series.
- NetBSD has updated file.
- FreeBSD’s iwn(4) driver has some updates (also in DragonFly).
- FreeBSD now has casperd, for controlling access to out-of-sandbox capabilities.
- FreeBSD’s oce(4) driver now supports 40Gb devices. (yay for manufacturer support)
- FreeBSD has Hyper-V drivers.
- OpenBSD’s ifconfig now shows the NWID, channel, and BSSID for IBSS networks.
- OpenBSD has updated to pixman 0.32.4.
- pkgsrc’s 2013Q4 freeze will start on the 16th.
- How old is who? (Don’t tell me 900 years.)
- There’s a broken builds list for pkgsrc-2013Q4 for anyone who wants to help.
- Hacker News had a link to the FreeBSD version of the BSD Family Tree, which is not unique, but the comments led to some interesting links, like this story of an 8-year NetBSD uptime.
- FreeBSDNews’s summary.
- All the AsiaBSDCon 2013 videos. (Last week’s link was just OpenBSD ones.)
- FreeBSD authentication against Samba 4 LDAP. I’m going to need this for the DragonFly machine I’m setting up in the same role at work… in my copious spare time.
This post from Konrad Neuwirth asking how to do a minimal installation of DragonFly led to this list of all the ‘knobs’ you can set to make your installation smaller, from John Marino. (And your buildworld faster, if that’s appealing to you.) I also pointed at rconfig and PFI, which are criminally underdocumented.
If you’re planning to run DragonFly in KVM, remember this post from Matthew Dillon, giving the settings he uses. This will save you a bit of time.
It’s been snowing this week in the northeast US, which makes me happy.
- Unix: sending signals to processes. Signals have always struck me as a somewhat byzantine messaging system that everyone uses for the equivalent of Ctrl-C.
- Unix: Debugging your scripts. This will be useful if it’s not already familiar to you.
- Compatibility is Hard. Contrary to popular belief, Microsoft Word documents are not backward or forward compatible, from release to release.
- From that previous link: Why Microsoft Word Must Die. The worst problems to troubleshoot are when someone says “Word/Excel is acting funny”. There’s so many intermediate layers of software in those programs that it’s difficult to find the actual data and the actions being performed on it, much less troubleshoot any process.
- SparkFun.com moved from MySQL/MariaDB to Postgres. I agree with the sentiments in the article, but I want to know the technical reasons that made Postgres the choice for scaling. (via)
- Apple ][ DOS source code. I don’t have anything I can actually do with the source, but there’s a 1977 price list pictured in the the article that shows some interesting numbers: A 4Kb RAM system costs about $1300, and the prices just go up from there.
Your unrelated comics link of the week: the first four pages of Necropolis. This comic looks to be fun.
If you’ve seen my previous two reviews of Michael W. Lucas’s ‘Mastery’ books – DNSSEC Mastery and SSH Mastery - then you can guess what this will be: his newest book, focusing on a single software topic. This time it’s sudo.
The one downside of reading this book: I now am aware I’m using sudo wrong. Perhaps not wrong, but not anywhere near its potential. Sudo – and I’m not the only person who has experienced this – is used as a “Let’s install sudo so we don’t have to tell anyone the root password”. Sudo works for that sort of thing, but there’s a lot more possibilities.
Sudo is designed to be deployable across multiple systems, as part of a security policy. It’s an easy way to create purpose-shaped roles with different users, especially with users that have specialized skills and tasks, like database maintenance.
Obviously I think better of sudo after reading the book; there’s a lot of program capabilities of which I was unaware, but it’s the book that sells them. Michael W. Lucas’s humor is on display again, to break up some very technical material. Here’s some bits, pulled out.
Remember that “syntactically valid” is not the same as “does what you want.”
Pressing Q tells visudo to break sudo until you log in as root and fix it. Do not press this button. You won’t like it.
Here I create the TAPEMONKEYS alias for the people who manage backups.
And if Carl tries to configure Oracle on the PostgreSQL server, senior sysadmin Thea needs to have sharp words with him. Probably involving a tire iron.
The book is in-depth enough to cover more complex topics like using sudo and Active Directory, and sudo as an intrusion detection tool, of all things.
The usual reasons to buy a Mastery book are all still there: it specifically mentions working on BSD systems instead of pretending Linux is the only system out there. It’s available through a DRM-free seller (Smashwords) in addition to Amazon. It’s a self-published effort, not shovelware. It’s available now as an ebook, and in physical form soon. Lucas talks about it on BSDNow 010, too.
I have one last nontechnical note. Since these Mastery books are working into a series, I’d like to see a whole printed run of visually matching books. Something with the equivalent of the O’Reilly animals or the Pelican or even Little Blue Books common look and feel.
The takeaway: You should be reading this book if you plan to use sudo in any sort of multiuser environment. It’s available as an e-book direct from the author, via Amazon, via Smashwords, and possibly Barnes & Noble at some point in the near future. Physical books are available, and you can buy both forms together, apparently.
And of course this sudo joke.
I spent this entire week saying things like “Wait, today’s Tuesday?” and “I thought this was Wednesday, not Thursday.”
- Welcome to my GUI Gallery, a whole lot of different GUI screenshots. This mention of the “Salto” Alto emulator brought me there, and there’s some material I’ve never seen before. Also, there’s Bob. Not “Bob” the prophet, but Bob, the computer mistake. Speaking of problematic designs, see the Windows 8 page.
- 5 Cool UNIX Hacks. Sounds linkbaity, but it’s useful. I didn’t realize that CTRL-a is the non-destructive version of CTRL-u. (via)
- This seems strange, but I never heard of PLATO, even though it seems to be the precursor to so much. (via)
- “Goodbye Google“, in terms of switching to your own platform, seems to be a new trend.
- arkOS, a similar idea.
- Finding Files Your Way. I can never remember all the arguments to ‘find’.
- Google has a Shell Style Guide. Which equates to a Bash Style Guide, but that’s OK. Shell scripts are sometimes considered the most disposable form of programming, so it’s good to see a full guide. (via)
There’s a surprisingly large list this week.
- FreeBSD has updated netmap.
- FreeBSD supports VT-d DMAR hardware. Not totally sure what that is.
- FreeBSD supports the RealTek RTL8168G, RTL8168GU, RTL8411B, and RTL8168EP.
- FreeBSD updated byacc to version 20130925.
- FreeBSD has binary packages again.
- Managed Services using FreeBSD at NYI, a whitepaper.
- NetBSD has imported OpenBSD’s support for ASIX AX88178a and AX88179 USB network interfaces, in the axen(4) driver.
- NetBSD supports the Broadcom BCM56340 iProc based switch.
- OpenBSD supports unattended installation. See Also on Undeadly.
- OpenBSD has softraid booting documentation. Someone will find this useful, I’m sure.
- OpenBSD 5.4 is released.
- Inspecting Packets with OpenBSD and pf, the presentation from vBSDCon.
- Lua in pkgsrc has been modified.
- Ocaml in pkgsrc has been updated to 4.0.1.
- The BSD Router Project has hit 1.5. (via)
- PC-BSD 10 alpha images are available for testing.
- PC-BSD is doing weekly updates, an idea I support, unsurprisingly.
- No BSD systems in Google Code-In this year, darnit.
I think I’m finally catching up on the backlog.
- Unix: Flexibly moving files with lftp. I usually copy and paste a shell script together.
- BANCStar source code. In that sort of environment, there’s no good or bad code. It has moved beyond such considerations. (via)
- The Lenna Story. About the 1972 Playboy centerfold image used to test image compression. I mentioned it once before in passing. (via)
- If you find regular expressions difficult, putting another layer of expression on top doesn’t help. (via)
- How not to check the validity of an email address. I had a similar experience at an old job in 1999, where a coworker set a site’s main page to get all news stories and then showed the 10 most recent. This started to really slow things down when we reached over 5,000 stories… (via)
- Achieving Rapid Response Times in Large Online Services. A PDF of slides. (via)
- It’s described as “the best programming fonts“, but it’s really the most popular monospaced typefaces. Who cares about correct language – it has visual examples. (via)
- Phone keypads could have been very different. (via)
- Sudo Mastery’s first draft is complete. You can buy it now and get updates as it gets polished.
- Have yourself a keysigning party. GPG is complicated. I know there’s reasons, but still, this is the sort of thing that would be better with as little barrier to entry as possible.
- The Internet, via Commodore64 and Neuromancer.
Your unrelated link of the week: The Alan Lomax recordings.
Another week of links completed early. And there’s a lot, so get clicking!
- 1BSD, the installation. Interesting to see the procedure and the tools used.
- Over the Rainbow, polychromatic type from Microsoft. I don’t know if this is as exciting as they seem to think it is.
- Do your own backups. Yeesh, what an unfortunate event. I’m fixing up my backups now, after my own troubles.
- Operating System Development series. Dry but interesting. (via)
- Windowing operating systems are too messy, too restrictive. From 1984. (via)
- Home Automation via the Internet. For those who don’t want to deal with x10.
- Chess implemented in Sed. No en passant? Sheesh, I was on board until that point. (I’m making a joke) (via)
- Managing sshd in Ansible. Ansible’s getting more popular, it seems.
- Remember that PDF compression/scanning error I mentioned a few weeks ago? Xerox has fixed it for their devices, and the patch is available. One of the ways to apply the patch is to print the file to a copier, via LPR/raw. Firmware updates via printing – that seems like a good and bad idea all at the same time.
- An XKCD cartoon slightly related to the previous link.
- Learn to code. (via)
Again, lots of links. Some of these are overflow from previous weeks where I just said “That’s enough; let’s work on the next Lazy Reading.”
- Perl, the Detroit of scripting languages. The slides are entertaining, but it’s also interesting for the discussion of how to handle a very old code base and a community. (which are BSD issues too) (via)
- Ruins of Forgotten Empires: APL languages. “APL uses one thread per CPU, which is how sane people do things.” (via)
- Remember when we used mega- prefixes to measure disk and memory, and not bandwidth?
- Ian Lance Taylor’s 20-part series on ELF linkers and linking. (via EFNet #dragonflybsd)
- PDF compression formats. Incidentally, here’s an answer on the Xerox number alternation issue, where compression means one number gets misidentified and substituted for another. The Economist has a not-crazy take on it. It’s not a Xerox problem but rather a JBIG2 compression issue. I have a number of Xerox models at work and have not seen this issue, but also haven’t checked for it.
- OSI, the Internet That Wasn’t. People only ever care about levels 1, 2, 3, and 7 in the OSI model. And this joke. (via)
- The Toshiba Libretto. You can get more powerful, smaller computers now, but they’re cheap netbooks and totally uncool.
- A crash course in tmux. (via)
- Whatever room you keep your primary computer in – clean it, please.
- Robots for destroying buildings. This is not some speculative article; these are robots you can buy right now. Screw the flying cars joke everyone makes; the future is now. (via)
- How to shutdown computer under Linux? A rough summary of how Linux can be a moving target for actual usage.
- Vim 7.4 out, mostly so there isn’t so many patches to apply.
- Goto is making a comeback. (via Eric Radman)
Your unrelated link of the week: Mighty Taco radio ads. Mighty Taco is a Mexican fast food place from Buffalo, New York, USA. It’s about as authentically Mexican as fast food from a city on the edge of Canada can be, which is ‘not much’. I’ve always loved the food, though, and the commercials are just the right mix of amateur joke and commercial advertising.
killall -T will now kill all processes associated with the current tty, except parents of the killall process itself. It’s a shortcut to “kill all these runaway items I started by accident”.
Last week was relatively light, but somehow this week I read a zillion interesting things. It’s been too dang hot to do much else, other than flop in a chair and point a fan at my head.
- Chopping up CSV files. Tabular format will never die, and for good reason.
- Reanimated: The story of Vampire: The Masquerade Bloodlines. I like this idea that someone can just keep working on a project long after the originating company disappeared, just to improve it for their own benefit – no mention of open source or even a plan for it. See also Oblivion Lost or Complete for some of my personal game fix/improvement modification favorites. (via)
- I don’t think this systemd/Debian news is accurate in its reasoning, and they don’t say what’s going to happen with non-Linux Debian. However, it’s still crappy, any way you slice it. (via)
- The paranoid #! Security Guide. Lots of details that won’t necessarily apply to your BSD system, but the descriptions of various attacks are neat. (via)
- Another reminder of how easy it is to deal with a lot of text data at a Unix-ish command line. (via)
- Those ssh password attempts are still going, and have been for a decade. (via)
- Don’t care about the story, but I like the dragonfly illustration.
- Linus Torvalds swears a lot. The problem is not ‘office politics’ as he sees it, but that if you swear all the time as the leader of a project, it becomes commonplace. Linus really has to really freak out for people to notice something new. There’s other issues, like how other people emulate the behavior, but I’m pointing out the ‘verbal base sweariness’ of a project affects the entire tone.
- Quine Relay, where programming languages write each other. The Ouroboros illustration is appropriate. (via many places)
- History of emacs and vi keys. I like how this shows that the command styles in both editors was shaped by the available hardware. (via)
- Fear and Loathing in Debian^H^H^H^H^H^H/Ubuntu (or: who needs /etc/motd). A wonderful rant about the creeping complication of operating systems. Let’s place bets on when people start complaining about Linux bloat. (via luxh on EFNet #dragonflybsd)
Your unrelated link of the week: Bones Don’t Lie. An anthropologist who blogs about various discoveries of human remains. I really enjoy blogs where someone is talking about a subject they care about – not to sell a product, not to be paid (directly), but just because they like the topic and they want to share it with others. Of course I would think that, wouldn’t I?
It’s possible your Internet service provider uses a non-routeable IP range (like 10.*) and occasionally your border device picks that up via DHCP by accident instead of an Internet address. If that happens to you, and you’re using DragonFly as your border gateway, it’s possible to prevent it with
Switching terminals in X with ctrl-alt-Fx requires a not-on-by-default option. This could catch anyone used to the old behavior, so I might be doing you a favor by mentioning it.
If you’ve been reading the Digest for a while, you’ve seen me talk about the value of hosting or running your own services. It’s not too much of a surprise in my case; if you are working on an open-source operating system, you want to run it. It’s good to get the experience, and you can run programs the way you want, instead of picking from whatever vendors happen to sell you.
The PRISM disclosure, which I am going to assume everyone is familiar with at this point, is another facet. Every time you use another company for your email, your entertainment, your software, and so on, their information on you can be accessed. This isn’t a problem that can be fixed by going from one webmail provider to another. You can shop around, but notice that the author in that link effectively throws his or her hands in the air and says, “there’s no way out” by the end of the article. This is because corporations work as collecting agents for the government, even if they don’t plan to do so.
That sounds drastic, but there’s legal frameworks in every country for governments to require companies to give up data on any person, on request. It happens. I’ve seen it myself; I worked for Time Warner for several years, tracking down cable modem user information and handing it over as compelled by law. I know the lawyers at TW Corporate didn’t like doing it, but they didn’t have a choice. (I have some horrifying stories about what people would do to themselves and each other.)
Companies are increasingly working to create services to sell, not products to buy. A service never stops being consumed, so it forms an ongoing revenue stream. I’m not saying this is bad; I firmly believe that a financial incentive to be paid improves services. However, as only a consumer, you can end up not owning what you use. Other people have pointed this out, and I don’t want to sound like a frothing crazy person… but it is relevant, though not necessarily as catastrophic as some people pronounce.
What I’m working towards here is a reminder that you should run your own software, and running it on DragonFly is the best way. (Or some other operating system, I guess. If you have to.) Instead of trying to figure out what the least-bad commercial option can be, run it yourself. Good for privacy, good for learning. I know that’s not an option for everyone; fighting with Sendmail (for instance) is not an activity that many people pick voluntarily. But, if you’ve been thinking of setting up a replacement for Google Reader, or hosting your own mail, or own blog, etc… there’s never a better time than now.
(Follow all those links for some good information; consider it an early Lazy Reading post)
The ‘amd64′ specific parts of kernel architecture have been removed, since x86_64 covers all that. As a side effect of other changes, John Marino warns that upgrading DragonFly from a version older than 3.4, to a version newer than 3.4, will require an intermediate step of going to 3.4 first. e.g. If your machine is a DragonFly 3.0 system, you will need to upgrade to 3.4 before moving to, say, 3.6 once it is out. This won’t matter for some months, since the next release is months off.
Not as wordy this week, but still wordy. And linky!
- Max Headroom and the Strange World of Pseudo-CGI. A discussion of how old fake CGI can look better than modern, real CGI. This is an opinion I’ve had for quite a while, and my children pretty much ignore it every time I bring it up. (via)
- The Colby Walkmac, which predates the Mac Luggable. Linked to because it includes good pictures of what the (external) hardware was like. I find all the old ports interesting, since it’s all USB and the occasional eSATA these days… not that I’m complaining! I’ve never had a good experience with a 9-pin serial port. (via)
- A brief education on escaping characters.
- I get worried when remotely rebooting a server in a different town or even state. In Praise of Celestial Mechanics covers much more stressful circumstances: interplanetary reboots. Does Voyager 1 or 2 have an ‘uptime’ function?
- The equivalent of what you are doing right now, 20 years ago. I personally never got to see this; my experience was MUDs. Speaking of which…
- The Birth of MMOs: World of Warcraft’s debt to MUD. MUD == MMO, Roguelike == Diablo/Torchlight, Doom == almost everything else. There’s a number of game archetypes that haven’t changed in some time. (via)
- Playing with powerlines. I used to work at a company that used these lines for data transfer. It was neat technology, but it sure wasn’t easy to set up. Imagine wiring a city but only being able to use Ethernet hubs. Not switches, hubs. That, combined with undersized ARP caches/MAC tables, made it really difficult.
- OpenVPN on FreeBSD, which will come in handy for at least several readers, I’m sure, as the directions should apply to any BSD.
- Is there anything DNS can’t be used for? Cause now it’s domain-based mail policy publishing. (via ferz on EFNet #dragonflybsd)
- “Have you tried DragonFly?” posts on various forums seem to pop up with some regularity.
- Uses of tmux, explained. A slide show talking about how tmux works. (via)
Unrelated link of the week: I’ve had several deadlines and a mail server with issues this week at work, so this is all I got.
Since dports uses FreeBSD ports as a base, adding something to FreeBSD ports means it will show in dports, too. However, it doesn’t have to go that way. It’s possible to have dports packages that exist only in dports. If you have changes to a port that make it compile on DragonFly, that can be added too. For all of that, go to the dports issues page on GitHub.
Johnathan Perkin has a nice tutorial up about creating pkgsrc packages. It’s done on SmartOS, but I imagine it’ll generally apply to anything pkgsrc supports.
Michael W. Lucas recently wrote and self-published a new book, DNSSEC Mastery. He asked me to review it, and I’ve been reading it in bits and starts over the past few very busy weeks.
First, the background: If you’re not familiar with the acronym, it’s a method of securing DNS information so that you can trust that domain name information is actually from the machine that’s supposed to provide it. DNS information is basic to Internet operation, but it traditionally has been provided without any mechanisms to deal with misinformation or malicious use. This seems to happen with protocols that have been around for many years, as any mail administrator can tell you…
In any case, ‘DNS poisoning’ (or as Wikipedia calls it, ‘DNS Spoofing‘) attacks such a basic part of how the Internet works that it will completely bypass any security methods that assume name information is correct. DNSSEC is a way to deal with that. It introduces public-key encryption into the process of sharing and updating DNS information. The idea has been around for a while, but it’s only been completely implemented recently.
DNSSEC Mastery goes over this history, and through the setup required to get (recent) BIND working with DNSSEC. Lucas seems to be starting a series of ‘Mastery’ books, where he covers all the territory around a specific topic. This one, like his previous title, is exactly what it says. As long as you have some existing clue around zone files and DNS, the book will take you from no DNSSEC at all to fully implemented in less than 100 pages. (well, at least in the PDF version, but that gives you an idea of the size.)
Use it to learn, or use it as a quick reference – either way will work. If you have any DNS server(s) to manage, you’re the target audience. I expect DNS without these security extensions will go the way of telnet vs. ssh.
A book covering things like new encrypted hash zone record types is going to be a bit dry, but there’s an appropriate sprinkling of humor through the book. I’ve reviewed other Lucas books before, and I’ve got another on my plate right now, but this is the same: there’s plenty of funny to make the lessons go down easier.
If you’ve ever wondered about how you can resize/move a HAMMER filesystem, follow this thread for a variety of answers.
For those of us still on IPv4 networks, the BSD-specific OpenGrok site bxr.su should now be available in general, not just on IPv6.
Peter Hansteen has an extensive writeup of how he has managed the bsdly.net spam blacklists. Normally I’d stick this article in the Lazy Reading links, but the article is good enough to call out separately. It’s excellent not just for the mechanical aspects of how the blacklists were maintained, but for his strict description on how the process is simple, verifiable, and transparent. That last item, transparency, is how many anti-spam groups fall down.
For anyone who is a student considering Google Summer of Code this year: this timeframe we’re in right now is listed by Google as time for “students discuss project ideas with mentoring organizations”. This is the perfect time to find out what the people in an organization are like, and get early feedback on your project ideas.
Chances are, if you’re submitting a proposal for an idea from an org’s project list, you’re one of a number of students all trying for the same thing. The best way to get accepted instead of any other applicant is to be the person they already know.
I hope you like reading; there’s some very meaty links this week. Go get a cup of tea and settle in. You drink tea, don’t you? You ought to.
- Reading about KDE’s repository near-meltdown makes me think we need more checks for DragonFly. We have the advantage of Hammer, of course, which would help in the same way that the linked article names ZFS as a ‘fix’. (via multiple places)
- We know that Apple will reject apps it disagrees with. Google also will do so. Has there ever been a program rejected from pkgsrc or (FreeBSD/OpenBSD) ports on content grounds? Not that I know of – anyone remember differently? I’d argue that’s a favorable point for the BSD packaging systems, though it may just be that no application has tested those boundaries yet.
- Portscanning all IPv4 addresses on the planet. Possibly the largest distributed effort ever? The detail in the maps and returned services is especially interesting. (via)
- Scale Fail, a Youtube video of a 2011 talk about screwing up your services. Mostly about the humor, but the underlying points are valid. (via #dragonflybsd IRC)
- There’s still improvement possible to fsck, apparently based on this. That’s UFS2 fsck.
- What is your most productive shortcut with Vim? A very thorough explanation of verbs, marks, and registers. Holy cow, I wish I had known about ‘: … v’ before. It’s long, but worth it. (via)
- Matthew Garret’s description of Secure Boot vs. Restricted Boot with UEFI, (via a coworker who went to Libreplanet 2013). I’m still not sure what DragonFly will need to do about this.
- I missed mentioning this earlier: 20 years of NetBSD. We’re coming up on 10 soon.
- Dragonfly drones. Unrelated except for name.
- That guy who starts to froth madly every time BSD is mentioned on Phoronix is still there (see comments).
- Mainframe computer supercut. (via)
Your unrelated comics link of the week: Tom Spurgeon of the Comics Reporter asked people for their lists of webcomics that could go in a ‘Hall of Fame’. The resulting list is a lot of really, really good material. Go use up a few hours reading.
OpenGrok is a source browser that I have not used extensively, but many people say is a great tool. The same people say it’s difficult to run. Zafer Aydogan just posted that DragonFly’s source is available now from his perfectly-functional OpenGrok installation.
(I’ll put it in the links sidebar here, too.)
It’s still snowing in my area, which is unusual. And great!
- An IBM Selectric being gutted, in stop motion.
- Apple is Losing the War – Of Words. I’m not interested in it for Apple, but rather the casual reference to the huge quantity of astroturfing going on, all the time, from major tech companies.
- Following up on my earlier tweetspam post: World’s Best Spam. Remember, recommendations from others is the most effective persuasion method to get people to buy, so there’s a big economic incentive to create positive recommendations. (via)
- Related: The Economics of Spam. (via)
- se, a modernized, screen-oriented ed. (via)
- Where the symbols “+” and “-” came from. (via)
- A Partial History of Headphones.
- Geometric shapes in Latex. I’m sure someone will find this useful. (via)
- “The Kung Fu Killing Machine DragonFly” See the second cover. I have this actual series in paper form; it’s great. (via)
- That Afrodisiac comic from the previous link is available from the publisher; there’s a PDF preview.
- Continuing – the best blaxplotation homage ever is Black Dynamite.
- I never promised I’d stay on topic here.
Your unrelated comics link of the week: French cartoonist Boulet knocks it out of the park again.
I managed to come up with a lot of links this week, somehow, despite the start of the class I’m teaching in addition to normal work. And Summer of Code’s coming up! And we’re due for a release relatively soon! I may appear somewhat… stretched over the next few weeks.
- Hey, other people are noticing that odd linkspam email I’ve been getting. (via)
- The followup: Don’t share that infographic spam. I’m pretty sure I’m the ‘one reader’ mentioned by the author, since I mailed him about the previous story.
- I always enjoy stories about troubleshooting strange performance problems.
- We need something like this Red Book idea for pkgsrc/DPorts.
- Ode to the Semicolon. I love semicolons; I use them more than an em dash. (via)
- The Maker Map. You may find this useful for building resources. I’m gaining one near me soon. (via)
- The Book-writing Machine. Possibly the first book written with a word processor. (via)
- Vim Git Gutter. A brilliant idea: show the git diff as you work in Vim. (via)
- Add everything to Vim! Add nothing to Vim! (via a long twisty path of links)
- An HTML5 roguelike, THE ROYAL WEDDING; nicely done. (via)
- Hey, the Digest is on Google Plus, or at least the RSS feed is.
- Smallest analog computer ever made. This is what computers should look like. (via)
- List of inventors killed by their own inventions. No good reason to link this other than it’s a longer list than I thought it would be. (via)
- This PHP/MySQL assessment made me laugh. (via)
Your unrelated link of the week: I’m the Computer Man. I always thought the mid-1990s were sort of a Internet/computer teenager phase. Everything had potential but everything was also awkward. (via I forget, sorry!)
I am all over the place with links this week – some of them pretty far off the path. There’s a lot, too, so enjoy!
- Puctuation obscurantism, punctuation humor; I like it all. (via)
- Exporting your git repository. Found while looking for something else.
- I want CTRL-D at a terminal to make something like this to happen.
- Visual Representation of Regular Expression Character Classes. I like visual ways of classifying complex data.
- Speaking of which: Anatomy of Data. Not sure how I found it.
- Digital Files and 3D Printing – In the Renaissance? The title sounds a bit linkbaity, but the story of the 14th century map designed to be recreated with a graphing tool is pretty neat.
- Postgres: The Bits You Haven’t Found. Advanced/odd Postgres usage. (via)
- Breaking your arrow keys is the latest idea in improving Vim usage.
- PC-BSD is moving to a ‘rolling release’ format, and also using the new pkg tools that are also in DPorts. Historic details on this new setup are available.
- Fred, taking off.
- Ten hours with the most inscrutable game of all time. I like the idea of Dwarf Fortress more than I actually like playing it. I’m somewhat afraid of it. It looks like this sounds.
- That last comparison wasn’t necessarily fair, but it was fun.
- If I’m going to talk about music like that, I should link Ishkur’s Guide to Electronic Music.
- The Wizard of Pinball. I just want my own standup pinball or arcade cabinet game. Yes, yes, I know, MAME cabinet.
- Appropriately this week, “Ball Saved”, page 1 and page 2 of a 2-page comic about pinball.
- UnReal World, an Iron-Age roguelike. Apparently pretty brutal, and two decades in development. Runs on several platforms, but not BSD. (via)
- You Are Boring. Some of the ‘boring’ items made me laugh. (via)
- The first review of Michael W. Lucas’s Absolute OpenBSD, Second Edition is available.
Your unrelated link of the week: I’ve already been offbeat enough in this Lazy Reading; I don’t have anything else.
This week I will both post this on the correct day AND get the date in the title correct.
- An oldie but goodie. ENHANCE. This will make anyone who has done photo/video editing twitch. Check the author’s Tumblr for more supercuts. (indirectly via)
- Many people complain about regular expressions (and more recently), but they are an insanely powerful tool if you know them well. If you do, figure out this crossword. (PDF) (via)
- Followup on the first two links in that last item: xkcd drives a lot of traffic!
- If you are on Windows, you probably use PuTTY for ssh. It saves everything in the registry, which can occasionally mean losing all your configuration. There’s manual ways to save it, but there’s also PuTTYtray. (I’ve used portaPuTTY in the past, but it seems to be missing/no longer updated.)
- Actually, holy crap there’s a lot of variations/addons for PuTTY.
- That makes sense given how many terminal emulators there are, really.
- Why piping something off the Internet right to a shell isn’t a good idea. (via)
- Remember when the computer section in bookstores had books that involved programming? (unfair, I know.)
- “Don’t Be A Stranger“, musing on how there isn’t enough meeting strangers through the Internet any more. Here’s the odd thought I had while reading that article: I couldn’t pick most of the other DragonFly developers out of a lineup, but I’ve been working and talking with some of them for a decade.
- You could build Photoshop version 1 yourself – just substitute the original Mac libraries.
- Related: Photoshop is a city for everyone.
- Some of the oldest color film footage. Not the oldest,but possibly some of the earliest commercial film. Of course, the first thing filmed are young, attractive women. This is a re-occurring theme.
- Hey, a comprehensive year-end BSD roundup.
Wait, this is better! That previous link led to this film from an English chemistry professor about tea chemistry. At first I was just entertained by his hair and his accent, but when he put tea in a NMR spectrometer, I decided this was the best tea thing ever. Even better than Elemental!
Michael W. Lucas has put together a script for pulling a user’s authorized_keys file for SSH out of LDAP. It’s a very good idea, though he hints pretty clearly that he could use feedback/feedback – there’s already some in the comments.
Updates: from discussion in IRC about this sort of distributed authentication (maybe ‘authentication distribution’ is a better phrase): Tools like puppet or FreeIPA may also be useful. From seeing other conversations about this, it looks like there’s a lot of solutions to pick from, of varying difficulty, and none canonical. That’s both good and bad.
If you have git installed, and you are trying to upgrade it, you may have problems. The scmgit-docs package dependency requires some DocBook files that aren’t always accessible. If you do run into this problem, there’s 3 separate options:
- You can just install scmgit-base and ignore scmgit-docs. The program ‘git’ still runs.
- You can download the prebuilt DocBook files separately.
- You can rebuild some XML-related dependent files and then rebuild without issue.
Based on this bug report on the recently updated m4, you may need to perform some extra steps to update m4 as part of a normal upgrade:
# cd /usr/src/usr.bin/m4 # make # make install clean
If you are a brave soul and have an IPv6-only DragonFly installation, there’s now a git mirror of DragonFly that is available on IPv6.
Michael W. Lucas announced his next book will be about DNSSec, which is good. It’s also self-published, which I like to see. I don’t know if it necessarily makes him more money, but I like to see more exploration of this new way of publishing.
If you look at his announcement, there’s a link to something else: vendor-free SSL certificates. These are possible? That’s one of those things I didn’t even realize I wanted; having to deal with a certification authority is annoying.
This discussion of cryptographic hardware for FreeBSD may include hardware that would work for DragonFly too. Can someone verify?
Shopping! This is the big holiday shopping weekend in the US, and I usually put together something here.
- Buy an SSD for someone who doesn’t have one – including you if that’s the case. There’s better and worse SSDs out there, but you’ll get a speed benefit no matter what, and other bonuses are possible.
- The Tea Bag Buddy, which also comes in a color-changing version. Because tea.
- My perennial Science! suggestions: ThinkGeek, American Science and Surplus, Ward’s Scientific, Carolina, and United Nuclear, The Bone Room, and Skulls Unlimited.
- The Best of BSD 2011 and Last Year in BSD Security, from the BSD Magazine publisher.
- For more BSD, there’s always the orgs themselves. FreeBSD, NetBSD, and OpenBSD - no DragonFly, though there ought to be. Also, ISC.
- For lists of gifts, there’s the Verge Gift Guide, which has some interesting offshoots.
- Another long list: The Comics Reporter’s Shopping List.
If you have suggestions, please comment!
Sascha Wildner has added system management BIOS (SMBIOS) support, visible with kenv, from FreeBSD. Use it for getting things like the BIOS revision, system manufacturer, and so on. For example:
smbios.bios.reldate="12/04/2006" smbios.bios.vendor="Dell Inc. " smbios.bios.version="2.1.0 "
This may seem minor, but this can be very helpful when dealing with hardware you aren’t physically able to access.
The 3.2 release seems to have gone well. Who has tried the new USB support? I’m curious to see how it’s going.
- :syntax Off, about working without syntax highlighting. (via)
- The previous link led me to this .vimrc with by-line explanations. I never get tired of looking at these things, though I also never implement anything out of them.
- 102 FreeBSD Tips. It’s really the contents of the FreeBSD fortune file. Almost all these tips apply to DragonFly, too, and often the other BSDs.
- A tcpdump primer. Always a good tool to know. It’s not as easy to use as Wireshark, but it’s certainly possible to end up with access to tcpdump and not Wireshark, right when you really need to see what’s happening on the network. (via)
- An HTML5-based terminal in your browser. Displays images, runs vim, etc. All that technological growth since 1972 has come full circle to replicate an 80×25 screen again. (I kid; it’s pretty neat.)
- A 6-week cryptography course, free of charge.
- Nothing to do with this operating system, but: Robot DragonFly, an Indiegogo project. (via)
- When you’re young and getting paid to work on open source, you can be surprisingly naive. (via several people)
- I agree with this sentiment about Linuxisms coming from an OpenBSD developer. (via Tomaz Bodzar)
- Someone want to work on ssh-ldap-helper for BSD? It sounds like a very good idea.
- A bunch of free computer books. Ignore the Linux ones; there’s free books for Ruby/Python/Perl there. (via)
A thread on pkgsrc-users@ reminds me: adding a specific line for bin-install will save time when rebuilding packages; pkgsrc will use existing binary packages instead of rebuilding from source when possible, when this is set. At least, I’m pretty sure that’s what it does.
- deadweight, “Find unused CSS selectors by scraping your HTML”. I’ve needed something like this for years. (via)
- The same sort of thing for pkgsrc: pkg_leaves. Worth running at least yearly, or at least before any significant pkgsrc upgrade. There’s no point in updating a package you don’t use or need.
- GNU Coreutils cheat sheet, plus the instructions to make it. There’s other cheatsheets linked in the article that may be useful.
- Compiler benchmarks, comparing gcc and clang versions. For a complete benchmark, I’d want to compare what number of programs build with each, too. (via ftigeot on #dragonflybsd)
- When ‘your mom’ and Unix jokes collide.
- Distraction-free writing with Vim. (via)
- Also, there’s a “Modern Vim” book on the way. Will it be good? I have no idea; I don’t know of any prior books by the author or who the publisher is. Those facts might help.
- For a known author and publisher, here’s a status report on Absolute OpenBSD, 2nd Edition. If you don’t know what a BOFH is from his last sentence, read the original stories.
- Quadrilateral Cowboy, a cyberpunk hacking game that actually involves non-boring programming and not just a pipe-matching game under the guise of hacking.
- While I’m linking to games, GUTS, sorta like Diablo but more… roguey? It’s turn-based. Also, an excuse to use the roguelike tag.
- 4 UNIX commands I abuse every day. Having done a fair amount of Perl programming, I am entertained by having side effects being the intended goal. Also, the author pays attention to what runs on BSD. (via)
- “Disks lie. And the controllers that run them are partners in crime.” Marshall Kirk McKusick describes just how hard it is to know when your data has really made it from memory to disk. (via)
I have such a surplus of links these days that I started this Lazy Reading two weeks ago.
- Setting Up spamd(8) With Secondary MXes In Play In Four Easy Steps. Reprinted from bsdly.
- A Brief History of Videogames. (via) A 3 minute movie.
- Networking by Example with the Packet Construction Set. An mp3 of the NYCBUG presentation from George Neville-Neil. I wish I was just a little closer to NYC so I could attend these… but then I’d be in Syracuse or Albany, and that’s not as cool as Rochester.
- I knew Interix existed, but I had never looked at it. Apparently there’s community-created bundles of software to go with it. I think pkgsrc works with it too.
- SSD prices appear to be crashing. Now may be a good time to buy. Having a SSD is possibly the bestest part of my work laptop.
- Buffers, Windows, and Tabs in Vim. A good explanation for terms unfortunately used somewhat differently in Vim that you’d expect. (via)
- Magenta, Darwin/BSD (so sorta FreeBSDish?) on top of Linux. Quoted from page: “This is a very weird project.” As time goes on, what you would think of as BSD goes through new mutations and growths. (also via)
- Some selected BSD desktops. XFCE seems to be the most popular; that may not be a surprise in an environment where you are compiling or installing yourself. Various Linux distributions coming with a set desktop hide the pain of compiling all of GNOME/KDE from the user. Whether that is good or bad is a matter of debate.
- I never heard the term troll-hugging before, but this description of how a caustic software community will become a smaller software community makes sense. (via)
- This emulated VMSCluster setup cost probably close to $150. It would have cost a quarter million or more when I was in college. (via)
- It’s a Learning Perl book, from Wrox. But the whole thing appears to be available online at O’Reilly’s site for free? I’m not sure what that is.
- Zork 1 played via Twitter.
- The Interrupted Unix FAQ. (via) Funny, but probably also a good thing to memorize.
Your unrelated comics link of the week: Elfquest, every issue ever. The dialogue is cheesy but the original art is fun, in a way that grabbed me when I read it at 10 years of age.
The short version: MySQL, compiled a certain way, will allow 1 out of 256 root login attempts to work no matter what. I was going to link to this for the startlingly large number of MySQL installations found allowing connections from the public Internet, which means breaking into any affected servers would be easy. Then I thought about it… I don’t see a my.cnf installed by pkgsrc for at least MySQL 5.1 by default.
To fix this for your own installation, put
in /usr/pkg/etc/my.cnf to disallow remote connections. I don’t know if MySQL on DragonFly from pkgsrc is vulnerable to the issue, but it’s a good idea to not allow remote connections to the database, and ought to be on by default.
Or just use Postgres, if possible.