Slashdot Mirror

As part of O'Reilly's Open Books Project, this book is also available (without the shiny binding) for free. You can also pickup PDF's and the like the Linux Documentation Project's guides section.

As part of O'Reilly's Open Books Project, this book is also available (without the shiny binding) for free. You can also pickup PDF's and the like the Linux Documentation Project's guides section.

Well the quotes may have been used in an inappropriate fashion but read this book and you will see that they are what RMS thinks (and rightly so.)

While UC Berkeley and USL were filing briefs and "negotiating," commercial vendors (Sun, SGI, Pyramid, Sequent, etc.) were abandoning BSD and switching to SYS V Unix, at least partially out of fear of getting stuck without an OS they could legally sell. BSDI was the original defendent in the case, and was also pretty damaged by the entire incident, and NetBSD was also seriously affected by the two(?) years of restraining orders associated with the case, until the settlement in Jan of 1994.

It was into this legally-imposed BSD-void that Linux first emerged. Linux may not have been nearly so popular without the perception (of the time) that BSD was permanently entangled in lawsuits. (Two years is a long time to be shutdown.)

According to this history of BSD by Kirk McKusick, USL agreed not to sue any organizations that distribute Unixes based on 4.4 Lite. So, ironically, the BSD Unixes which were shunned during the AT&T-Berkeley suit may be immune SCO's current suit (because SCO derives their license from USL), and may see their popularity jump, should Linux become entangled in the same restraining order nastiness that was so damaging to BSD back in 1992-1994.

I just found a much better description in a paper named Twenty Years of Berkeley Unix

... is (IMHO) the MySQL Cookbook. The 'Cookbook'-format (specific real-world problems and possible solutions) makes for extremely useful books.

JP

And does it make sense to buy a book about a GPLed piece of software?

You mean, like, Perl?

And does it make sense to buy a book about a GPLed piece of software?

What, you mean like this? O'Reilly will give you a 30% discount if you own an older version of the book.

Hefty 621 pages? The bat book is very nearly twice as hefty.

certain hardware manufacturers utterly refuse to support anything other than Windows

Since you mentioned you did some coding, you may want to check out Linux Device Drivers plus some of their other kernel tweaking/modding books.

I meant this batbook.

David Pouge's Mac OS X: The Missing Manual is a well-respected book for showing both converts from OS 9 and the Unix/Windows world how things are done in OS X.

To get into the gritty Unix stuff, you can also pick up Mac OS X for Unix Geeks.

The combination of these two books might better server you rather than one "everything and the kitchen sink" Mac OS X book.

Colocated Linux Servers - From $60/mo

David Pouge's Mac OS X: The Missing Manual is a well-respected book for showing both converts from OS 9 and the Unix/Windows world how things are done in OS X.

To get into the gritty Unix stuff, you can also pick up Mac OS X for Unix Geeks.

The combination of these two books might better server you rather than one "everything and the kitchen sink" Mac OS X book.

Colocated Linux Servers - From $60/mo

Some of us are have moral/ethical problems with proprietary software, even if it is free of cost. I for one would pay to buy all of my software, including the source and right to redistribute. If Windows could be zero-cost tomorrow, it would not differ significantly from the price of a cheap copy from a friend, but many of the people who are just into free software because they don't want to pay will stop lending their support to the free software world. Hence the free (as in price) software undercutting the free (as in speech) software.

Read free as in freedom.

The official explanation was that the printer (the Xerox Dover) jammed frequently, and RMS wanted to hack the drivers so that some sort of alert would display on his terminal if the printer jammed. This was in 1979, long before anti-counterfeiting features were incorportated into copiers.

IMHO any information security professional needs to develop a professional paranoia, being thoughtful of potential risks and failures, and understand what might go wrong.

Reading Bruce Schneier's Secrets and Lies is a really good start in this area. It is a not very technical book, written at the level suitable for an IT manager. This is also useful to help explains risks, vulnerabilities, and failures to IT Management.

The ever so ugly covered Hacking Exposed, which explains the basics of what criminals (or attackers) do commonly to gain unauthorized access to (networked) computer systems. This is so you a) know how easy it is, and b) are familiar with an overview of the basic steps and techniques to gain illicit access.

For online resources, RISKS digest (not focused on malicious activities, but how systems fail - very insightful and low volume), and Bugtraq a full disclosure mailing list will show you recent exploits, and vuln notices, but it is fairly lacking in actual educational content, and there are several other mailing lists at SecurityFocus that could also be useful to developing professional paranoia.

Next you need the language and basics of information/computer security. For this textbooks like Computer Security by Dieter Gollmann, Information Security Management Handbook by Tipton and Krause, Practical Unix & Internet Security by Simson Garfinkel, Gene Spafford, Alan Schwartz, and Security in Computing by Pfleeger and Pfleeger.

For procedures look at CISSP study material, BS 7799 / ISO 17799, and security auditing and incident handling materials. Some knowledge of risk management can also be useful.

From these basics, of the right mindset, the common language of infosec, and procedures and policy you can get into the low-level details of firewalls, VPNs, IDS, and network design. For this you should have a good network/internetworking basics, a very detailed understanding of TCP/IP, and understand firewalls, VPNs, and IPsec.

Firewalls and Internet Security: Repelling the Wily Hacker, 2nd ed. by William R. Cheswick, Steven M. Bellovin, and Aviel D. Rubin is a great place to start, and Building Internet Firewalls by Elizabeth D. Zwicky, Simon Cooper, D. Brent Chapman is a great follow-up. An alternative book on firewalls and VPNs is Inside Network Perimeter Security: The Definitive Guide to Firewalls, VPNs, Routers, and Intrusion Detection Systems by Stephen Northcutt, Karen Frederick, Scott Winters, Lenny Zeltser, Ronald W. Ritchey (crowd from SANS).

For networking basics, a Cisco certification like CCNA could useful in providing knowledge about internetworking and Cisco router's IOS. For the gory details of TCP/IP either TCP/IP Illustrated: Volume 1: The Protocols by Richard Stevens or Internetworking With TCP/IP Volume 1: Principles Protocols, and Architecture, 4th edition by Douglas Comer.

For IDS - Network Intrusion Detection: An Analyst's Handbook by Stephen Northcutt and Intrusion Signatures and Analysis by Matt Fearnow, Stephen Northcutt, Karen Frederick, Mark Cooper are the best IMHO.

I am not sure what to recommend for VPNs, other than you need to know about IPsec.

I highly reccomend Practical Unix & Internet Security by O'Reilly Associates. It a good primmer on the broad concepts that encompass security architecture.

O'Reilly has a good security bibliography here. Be sure to read Practical Unix and Internet Security (which is now in its third edition). Beyond that, pick some books that seem the most interesting to you.

Now with added link power for those of you who do not want to google.

From chapter 5, What Real Web Servers Do...

Ok... -1 Flambait... Cheers to the mods. ;)

I believe the poster is referring to the kind of advanced features that required writing an entire book on the subject.

In other words, I could have used a good 'tips and tricks' sort of book. Not basic syntax, but the sort of things you'd miss even if you got fairly far using the online docs.

Sounds like you want the PHP Cookbook by David Sklar and Adam Trachtenberg, and the MySQL Cookbook by Paul Dubois, then. Great books, I use them all the time.

JP

In other words, I could have used a good 'tips and tricks' sort of book. Not basic syntax, but the sort of things you'd miss even if you got fairly far using the online docs.

Sounds like you want the PHP Cookbook by David Sklar and Adam Trachtenberg, and the MySQL Cookbook by Paul Dubois, then. Great books, I use them all the time.

JP

An interesting side note: the MySQL people "stole" (Rasmus Lerdorf's words, not mine) php.net's webmaster. For a long time now, I've gotten very used to typing things like php.net/mysql_pconnect in the location bar of my browser and getting redirected to the right page in the online docs. MySQL's new webmaster brought that feature with him, so you can do things like mysql.com/select and get answers fast. (If you want to do this on your site, it's actually fairly simple. Check out lerdorf.com/tips.pdf. Look midway through for a slide on the $PATH_INFO environment variable.)

The web sites obviate both books for all but beginners, IMO.

-B

>After SCO wins this round, Linux and *BSD will truly become toys for
>computing hobbiests, and will be out of the server rooms.

*BSD has already been thru the litigation wringer. A settlement was reached, and BSD is now unencumbered - 100% free of any Unix code.

Twenty Years of Berkeley Unix - From AT&T-Owned to Freely Redistributable

That lawsuit put the BSD folks in limbo for quite a while, I sincerely hope this SCO mess doesn't put a similar drag on the growth of Linux.

Did you know that the "q" in qmail stands for "queer"??? That's SO cool!!!

Top results for one-letter google searches as of Sat May 17
a : Apple
b : B'Tselem, The Israeli Information Center for Human Rights in the ...
c : CNET.com
d : D-Link Systems, Inc.
e : Welcome to E! Online
f : Welcome to F-Secure, Securing the Mobile Enterprise
g : G*Loomis
h : H-Net, Humanities & Social Sciences Online
i : Yahoo!
j : J-???
k : KDE Homepage - Conquer your Desktop!
l : LEXPRESS.fr : l'info au quotidien. L'actualité économique, ...
m : 3M Worldwide
n : SBC Pacific Bell Knowledge Network Explorer : Online Learning : ...
o : www.oreilly.com -- Welcome to O'Reilly & Associates -- computer ...
p : Alfred P. Sloan Foundation
q : Q4music.com - The World's Greatest Music Magazine Online
s : GNU's Not Unix! - the GNU Project and the Free Software ...
t : AT&T
u : The whatUseek Network
v : Welcome to Bobby WorldWide
w : Welcome to the White House
x : Netscape.com
y : Yahoo!
z : HealthAtoZ - Your Family Health Site

No, thats the way it is by design.

IETF doesn't standardize anything untill it is finished, complete with reference implementations.

Heres a good writeup: The Internet Engineering Task Force

>Yup. But not necessarily in the reverse. ICC doesn't support all of GCC's extensions, but enough of them to build the Linux kernel.

Better than I expected. That's good.

In my original post I just wanted to point out that however wonderful Intel's compiler might be, it's completely useless for a surprisingly large subset of the machines which run Linux and the three *BSDs. Its also useless for AIX and Solaris and HPUX and TRU64 machines.

Of course, anyone who can benefit by using the Intel compiler shouldn't let its x86-specific nature stop him. Far better to allow youself to be stopped by the sort of ethical considerations which led RMS to write GCC in the first place, if you're going to let anything stop you.

Lessig would probably be the first to tell you that he absolutely respects copyright. From what I've read from him, he believes in copyright, but also believes that it has become unbalanced. His solution is to create creativecommons.org which artists and publishers can use to voluntarily limit the length of their copyright or set the terms by which others can duplicate their work.

Coming from Perl land, I've found O'Reilly's Learning Java really helpful with, uh, learning Java. It's all content and complements the Javadoc pages nicely.

When you consider how much BSD code M$ has helped themselves to and the orignial lawsuit, you might have a point. But M$ knows this is all bullshit and delay.

They want to keep back the wide adoption of free software long enough to put Pladium into place, but it's not going to work. They can't convince chipmakers to sell their souls to M$ if there's enough interest in alternate software. They have found their sacrificial shill, but I doubt it will be enough. SCO's case is so weak that reasonable shops will continue ditching the M$ software that has failed them. It's not like M$, with EULAs that demand read/write access to all files, has any respect for anyone else's IP. Even if they do manage to delay, enough hardware is out there for free software adoption and the money for the latest greatest M$ junk is not.

They can't come after BSD. That code is most assuredly unencumbered. Look at Kirk McKusick's article, which states that

The lawsuit settlement also stipulated that USL would not sue any organization using 4.4BSD-Lite as the base for their system. So, all the BSD groups that were doing releases at that time, BSDI, NetBSD, and FreeBSD, had to restart their code base with the 4.4BSD-Lite sources into which they then merged their enhancements and improvements. While this reintegration caused a short-term delay in the development of the various BSD systems, it was a blessing in disguise since it forced all the divergent groups to resynchronize with the three years of development that had occurred at the CSRG since the release of Networking Release 2.

http://safari.oreilly.com/

It lets you have N books on a shelf (min time one month). Not just O'Reilly books.

I'm glad that the three BSDs are not yet being bothered by these wonderful people.

Sources seem to suggest that the BSD's cannot be bothered by the SCO suit. Recall the legal fiasco between the USL and the BSD's in the early 90's. There is a terrific history in Marshall Kirk McKusick's chapter Twenty Years of Berkeley Unix: From AT&T-Owned to Freely Redistributable in O'Reilly's Open Sources: Voices from the Open Source Revolution.

The relevant paragraph:

The lawsuit settlement also stipulated that USL would not sue any organization using 4.4BSD-Lite as the base for their system. So, all the BSD groups that were doing releases at that time, BSDI, NetBSD, and FreeBSD, had to restart their code base with the 4.4BSD-Lite sources into which they then merged their enhancements and improvements. While this reintegration caused a short-term delay in the development of the various BSD systems, it was a blessing in disguise since it forced all the divergent groups to resynchronize with the three years of development that had occurred at the CSRG since the release of Networking Release 2.

After the end of the BSD project at Berkeley in 1986?

Huh? The CSRG did not disband until after the release of 4.4BSD-Lite, Release 2. This was about 1995. Check this
history out.

BWP

Eric references a Slashdot interview with the IBM Linux kernel hackers, among others. Code that the IBM Linux kernel hackers contributed had to pass the inspection of a "gatekeeper" who monitored the contributions for possible violations (see question #2 on OS blending).

Check out Marshall Kirk McKusick's chapter chapter in "Open Sources" for a rundown on the history of the various Unixes. It's a good, rapid-pace read.

http://www.macosxhints.com/ rocks for searching, and if you're unclear on the concept, you can post a query and get an answer from someone in the know. Ad free, and on a decently fast server too. Highly recommended if you want to save a tree.

And if you want to kill a tree they even made a Mac OS X Hints Book. O'Reilly seem to be cornering this corner of the market...

Did anyone read the remote screenshot hack (scroll to bottom)?

If you allow say a friend to log in remotely, they could technically snap a shot of your screen while you were on your machine.

At the least only those who can log in can do this but still, ouch!

Of course it may not work at all, I've tried it on my machine, and it produced a blank white tile.

Anyone else got this to work?

An excellent FreeBSD book is Michael Lucas' Absolute BSD. His Absolute OpenBSD book arrives soon.

Enjoy,

Helevius

There's a very detailed and interesting story, hosted in Oreilly which describes the history of UNIX.

"Twenty Years of Berkeley Unix- From AT&T-Owned to Freely Redistributable " remembers how UNIX evolved from it's early days as a proprietary software owned by AT&T; branching over to the educational field as BSD (Berkeley System Distribution), and finally ending up as various flavors of SysV and BSD's both proprietary, and freely-redistributable.

The link: here!

If a MMORPG just had a monthly fee, and a freely distributable/downloadable ISO, their increased sales would more than make up for the loss in revenue associated with ditching a retail box. There should also be a free 7 day trial that automatically converts to a paid account after 7 days. They should use crack dealer marketing: give them a free taste and get them hooked. The Safari free trial is a classic example in my case. After bad experiences with ebooks in the past, I didn't even consider trying Safari when it first came out. 2 months ago I saw a free trial offer, now I plan on keeping my Safari account for a long time to come.

Is it just me, or does it seem like a bunch of companies dislike the thought of letting anything into the public domain? DOS 2 couldn't possibly hurt MS if it went public domain, yet they don't do the sensible thing and just let it go. Why?

Kudos to O'reilly for overcoming this.

You have to just jump in! I too am already using IPv6 comfortably alongside my routed IPv4 network. I actually forced myself to start using it just 'cause, and it's wonderful. The autoconfiguration features are worth it alone. And I have a mixed network of Linux, AIX, HP-UX, Windows 2000, and Cisco. My bind/DNS is configured for IPv6, my sendmail is configured for IPv6, and so on. But the underlying IPv4 network is still there right along side. There's really no reason to not go ahead and start experimenting with IPv6, to get comfortable with it before you depend on it.

Actually my excuse to start playing with it was I was developing an application which could make use of multicasting. And let me tell you, IPv6 multicasting is a dream come true when compared with IPv4! And the sockets-API is much more sane and complete, after all the IETF learned from the shortcomings of the IPv4 API. See these wonderful resources and just jump in!

• RFC 3493 Basic IPv6 Sockets API
• RFC 2292 Advanced IPv6 Sockets API
• IPv6 Essentials Book, from O'Reilly
• IETF IPv6 Working Group
• Linux IPv6 HOWTO

So now that I'm enjoying it, I've been seeking out open source applications that use IPv4 and providing assistance to the developers to get them compatible with IPv6. A lot of the smaller projects in particular could use help, as some of them are unnecessarily tied to the IPv4 stack and probably don't even know it nor know anything about IPv6. I also suggest that anybody with some expertise to lend a hand as well. The open source/free software community can not find itself falling being here.

I thought Linux was a counterpoint to Minix? Linus couldn't afford a copy of Minix (or any commercial UNIX) so he wrote his own. Minix is microkernel, Linux is monolithic. Tannenbaum v Torvalds and all that.

I don't think "based on" is quite right. "Inspired by", maybe...

But seriously, O'Reilly has done a lot more important stuff in copyright but this is laughable. He is not publishing Steamboat Willie or Moby Dick.

You act like O'Reilly is doing this out of some kind of insidious, venal self-interest or something. If Tim O'Reilly really spent his days thinking up new ways to swindle the people out of their hard-earned dollars, I hope to God he could think up something better than running a publishing company, hanging out with nerds and wearing the same brown shirt every day. So maybe he's not publishing the world's most widely-read, important books -- but if publishers are ever going to take a stand against copyright bullshit (the way most of us hope they will), doesn't somebody have to be first?

When O'Reilly got the Safari Bookshelf?

As mentioned elsewhere, most computer books gets old really fast, but with Safari I can check out a book and read it online before it even leaves the presses, and I must have a deadtree version, I can buy it directly from them.

This slashvertisment was brought to you by; //H

O'Reilly is doing that now.

They've got several free books available at http://www.oreilly.com/openbook/.

Some of these are new content that is freely available because of the wishes of the authors, i.e. DocBook: The Definitive Guide and Free as in Freedom.

Some of them are out of print books, i.e. The Future Does Not Compute and Volume 6A: Motif Programming Manual.

Compare that to one of O'Reilly's best books, Building Internet Firewalls, with a cover of $49.95 and 890 pages -- less than 6 cents per page. buy.com has it for $31.47, dropping the ratio to less than 4 cents per page!

O'Reilly books seem to be the most expensive around, yet I think their ability to charge so much has been eroded by good books from other publishers.

Helevius

Compare that to one of O'Reilly's best books, Building Internet Firewalls, with a cover of $49.95 and 890 pages -- less than 6 cents per page. buy.com has it for $31.47, dropping the ratio to less than 4 cents per page!

O'Reilly books seem to be the most expensive around, yet I think their ability to charge so much has been eroded by good books from other publishers.

Helevius