Unix Power Tools
on
BSD Hacks
·
· Score: 4, Interesting
This book (which I picked up in a recent book shopping binge) reminds me most of Unix Power Tools. I own the 2nd edition and I've reviewed the 3rd edition. The similarities to the "Hacks" series is striking (not surprising, considering that they're both published by O'Reilly). The "Hacks" books seem to be shorter and with fewer tips receiving more thorough treatment.
A comment I wrote for the Power Tools review applies to BSD Hacks as well:
Among the most hyperlinked book I've seen, this book is filled with hundreds of useful tips and, perhaps most interestingly, Unix culture. It's only marginally successful as a reference manual or as a teaching aid as it focuses on the useful-but-obscure aspects of Unix. Where it truly excels is in steeping the reader in ``How do I''-style Unix lore until it comes out of their pores.
Of course, by the second grade much of the rest of the world has figured out that English and American are not exactly the same. "Civilised" is normal spelling for most of the English speaking world.
If you subscribe to the theory that wars are almost invariably the result of population pressure on scarce resources, then it's easy to see that the/possibility/ of reduced pressure might be enough to greatly improve life on Earth.
I've always like Heinlein's viewpoint (as expressed by Lazarus Long): Because we need frontiers to improve ourselves.
There's an interesting bit where he explains after several rounds of successive colonization the descendents of those who left earth view those who stayed behind as generates since they were unable to evolve.
WHAT INFORMATION IS STORED IN YOUR PALM PRINT THAT THEY CAN MISUSE?????
The fact that it's my information, not theirs. If they give me a swipe-card instead and it gets stolen (identity theft), I can report it and they can simply issue me a new one.
If somebody impersonates my palm print, issuing a new one is one is somewhat more difficult;-)
If they issue me a swipe-card, the unique (one hopes) ID it contains can be used throughout their databases. But it isn't tied to my identity at other organizations. If using my palm-print becomes common then they can tie my identity at one organization to my identity at another organization.
Imagine a case of identity theft where/everything/ is tied to your palm-print. Someone fakes it (trivial technology these days) and they have complete access to everywhere that uses it (and you won't be able to change your palm-print to recover).
And now imagine what a typical employers "security" is like on those sorts of databases.
It's spooky how easy this makes things for the bad guys...
FreeBSD 5.1 has very impressive performance and scalability. I foolishly assumed all BSDs to play in the same league performance-wise, because they all share a lot of code and can incorporate each other's code freely. I was wrong. FreeBSD has by far the best performance of the BSDs and it comes close to Linux 2.6. If you run another BSD on x86, you should switch to FreeBSD!
and
Linux 2.4 is not too bad, but it scales badly for mmap and fork.
I personally believe that it's fair to compare FreeBSD 5.X to Linux 2.4.X because a complete operating system based on -CURRENT has been available for download for a year now (FreeBSD 5.0), leading it substantial stability. It'll be some time before RedHat ships with 2.6.X by default.
As the -CURRENT branch will become the -STABLE branch in the next few months (shortly before 5.3 is released) and this will create 6.X (the new -CURRENT), the timing is fairly close to when distributions that include kernel 2.6.X start to appear.
There's a way of looking at fascism which is neither right- nor left-wing oriented: It's part of a separate "social" axis (where the traditional axis is "economic").
How long has it been since you tried this? I seem to remember the OpenAFS team fixing a lot of their FreeBSD issues. I know OpenBSD recommends OpenAFS as a network file store. Even then you could try ARLA (?). Should be able to Google for it. IIRC Arla fully supports FreeBSD as both a client and a server.
It's been over a month, I think. My only -CURRENT server is a sparc64 and that could be revealing problems that don't occur on i386. Arla has been marked as "broken - does not build" in the ports tree for some time now (months, at least). I've been struggling with getting AFS onto FreeBSD since last Spring: I don't want to migrate the Vinum file server to another O/S.
Samba is supported somehow IIRC, but I KNOW that AFS over NFS is supported because it's in the docco... Appendix A. Managing the NFS/AFS Translator
Ah! Thanks for the link. At first glance it looks like it needs a second server to act as the translator, but definitely sounds like it does the job.
I agree, though from the other side of the fence: I have an existing Kerberos realm and am finding the AFS integration difficult;-)
There are two current stumbling blocks for me that likely won't affect the original poster:
* OpenAFS doesn't run nicely (read: at all) on FreeBSD (tested with -STABLE on i386 and -CURRENT on sparc64). Doesn't matter if you're running it on Linux, of course.
* AFS uses it's own filesystem rather than riding on top of the O/S. That's fine, and better for security, but sucks if you want to do something fancy like distribute the same filesystem via samba, NFSv3 and AFS simultaneously.
To me, AFS is much more appealing than NFSv4. For one, NFSv4 is fairly rare - the implementations are basically for testing purposes and there's a limited set of operating systems supported. The extra features that AFS has (volume management, failover, ease of client maintenance, intelligent client-side caching, etc) make it a win for me.
> > This situation encourages companies *not* to contribute their code, because if they keep it proprietary, they have an advantage over the original developers.
> Though there may be no legal demands to open the code, there are many other pressures to do so. One big one is economic incentive to avoid closed forks. This was probably the biggest factor leading to the opening of Darwin.
Putting "closed forks" another way, there is a pratical pressure to contribute back: nobody wants to maintain their own patch set forever. It's a pain in the butt. If it can be incorporated into the main truck, volunteer maintainers ensure that your changes will be kept working. This is a big win, and a big incentive for companies to contribute.
Some people seem to perceive Stalman as resentful of Torvalds because Linux stole the spotlight and rendered GNU a distant also-ran. I don't share this perception. I believe that Stalman and Torvalds have very different agendas, which happen to overlap in Linux. Stalman is promoting the idea of Free (liberated) Software. Torvalds is trying to build an operating system.
I agree. The overlap is largely accidental and conclusions are often erronously drawn from it.
...my reasons for prefering the Stalman world are practical: I believe that the process established by Stalman would have soon enough given rise to someone like Torvalds who could have done approximately as well.
But it's like you've never heard of BSD or any of the other mature source-sharing communities. Stallman isn't the only one with a successful vision - his "process" wasn't anything new. His particular method at enforcing it via the GPL is fairly innovative, and it's also somewhat contentious.
The GPL world and the open source world also overlap largely accidentally:-)
I agree, Kerberos is definitely the solution here. Aside from solving the original poster's problem, it also does a whole bunch of other cool stuff - consider it a bonus:-)
I've collected a bunch of Kerberos information at the ROSPA website, and I have several realms in production use. It provides the sort of magic that seems simple until you try to work at a site that doesn't use it.
Among other old and/or exotic hardware, I run a 1991-vintage DECStation 5000/25 (named "Firbolg") with 40MB of RAM and a 25Mhz R3000 processor. It takes to NetBSD 1.6.1 like a charm.
It's acting as a shell server for friends who like to play angband as well as being the web development environment for rospa.ca. It has the fancy graphics adapter, a 17" monitor with the evil sync-on-green design (run away!) and the DEC 4800-bps serial keyboard and mouse, but it's currently running headless so it'll fit on a shelf. It runs remote X applications surprisingly quickly for such old hardware.
I bought three of these for Can$40 a while back. One of the best deals I ever made.
You speak of "our constitution" as if I were an American:-) I'm speaking in the generic.
In your view we'd need a huge number of police officers just to prevent all the "jay walking" (crossing the street not at a crosswalk) that pedestrians do because the police (a government agency) would have to enforce the letter of the law.
Of course, in this example the police have limited resources and so have decide exactly where they're going to draw the line -- i.e., they're not following the exact letter of the law, they're interpreting it.
I want them to interpret it in such a way that it protects the public good.
I tried, but I can't agree with you.
A power granted does not need to be used. An example is the imposition of martial law. It could be used to "solve" all sorts of legal problems. Laws can be intended for use only in truly exceptional circumstances, after all.
A government agency should be noted for it's commitment to serving citizens, it's ethics and it's restraint IMO.
One could could argue that it's the fault of the lawmakers for not wording it correctly, but that implies that we expect government agencies to behave like out-of-control power-hungry caricatures. I don't think we (as a society) want to expect that.
Spider is an interesting author precisely because he focuses on his characters more than the hard science. Now that the space race era is over and the hard science is readily available to anyone willing to spend 5 minutes in google, his approach seems to be working better (i.e. selling more).
Frank Herbert wrote a book (The Dosadi Experiment) which talked about an intriguing concept: a Bureau of Sabotage. This Bureau is charged with ensuring that government doesn't move too fast by literally sabotaging the efforts.
In a way it makes sense: You can't achieve a balance with only one side represented.
RObert Heinlein, as the character Lazarus Long, said:
"The second best thing about space travel is that the distances involved make war very difficult, usually impractical, and almost always unnecessary. This is probably a loss for most people, since war is our race's most popular diversion, one which gives purpose and color to dull and stupid lives. But it a great boon to the intelligent man who fights only when he must -- never for sport."
Space wars are too expensive compared to just moving to the next rock.
PF is short for 'packet filter', and it's the native firewall code for OpenBSD. Here's the man page for the config file.
PF is fairly new compared to IPFW and IPFilter, but it has reapidly been gaining advanced features and capabilities. Porting it to other operating systems is a good thing IMO - the more competition in this field, the better;-)
There's a summary of good practices at http://www.openbsd.org/porting.html#Security. The white papers that the team has produced (for example, on the str "l" variants) are also good reading.
Slashdot Mirror
This book (which I picked up in a recent book shopping binge) reminds me most of Unix Power Tools. I own the 2nd edition and I've reviewed the 3rd edition. The similarities to the "Hacks" series is striking (not surprising, considering that they're both published by O'Reilly). The "Hacks" books seem to be shorter and with fewer tips receiving more thorough treatment.
A comment I wrote for the Power Tools review applies to BSD Hacks as well:
Among the most hyperlinked book I've seen, this book is filled with hundreds of useful tips and, perhaps most interestingly, Unix culture. It's only marginally successful as a reference manual or as a teaching aid as it focuses on the useful-but-obscure aspects of Unix. Where it truly excels is in steeping the reader in ``How do I''-style Unix lore until it comes out of their pores.
The FDL, as the first paragraph states.
... one of the letters in the acronym is the same, I trip over that all the time ;-)
I can understand the confusion
SWMBO: She Who Must Be Obeyed.
;-)
Try lurking on a.s.r. soemtime, it's good for the place where you soul used to be
(That's an a.s.r. style joke, BTW. Sigh. Nevermind.)
-T
Of course, by the second grade much of the rest of the world has figured out that English and American are not exactly the same. "Civilised" is normal spelling for most of the English speaking world.
If you subscribe to the theory that wars are almost invariably the result of population pressure on scarce resources, then it's easy to see that the /possibility/ of reduced pressure might be enough to greatly improve life on Earth.
I've always like Heinlein's viewpoint (as expressed by Lazarus Long): Because we need frontiers to improve ourselves.
There's an interesting bit where he explains after several rounds of successive colonization the descendents of those who left earth view those who stayed behind as generates since they were unable to evolve.
The Moon is a Harsh Mistress.
WHAT INFORMATION IS STORED IN YOUR PALM PRINT THAT THEY CAN MISUSE?????
The fact that it's my information, not theirs. If they give me a swipe-card instead and it gets stolen (identity theft), I can report it and they can simply issue me a new one.
If somebody impersonates my palm print, issuing a new one is one is somewhat more difficult ;-)
If they issue me a swipe-card, the unique (one hopes) ID it contains can be used throughout their databases. But it isn't tied to my identity at other organizations. If using my palm-print becomes common then they can tie my identity at one organization to my identity at another organization.
Imagine a case of identity theft where /everything/ is tied to your palm-print. Someone fakes it (trivial technology these days) and they have complete access to everywhere that uses it (and you won't be able to change your palm-print to recover).
And now imagine what a typical employers "security" is like on those sorts of databases.
It's spooky how easy this makes things for the bad guys ...
You're probably talking about this benchmark.
Some comments from his conclusion include:
FreeBSD 5.1 has very impressive performance and scalability. I foolishly assumed all BSDs to play in the same league performance-wise, because they all share a lot of code and can incorporate each other's code freely. I was wrong. FreeBSD has by far the best performance of the BSDs and it comes close to Linux 2.6. If you run another BSD on x86, you should switch to FreeBSD!
and
Linux 2.4 is not too bad, but it scales badly for mmap and fork.
I personally believe that it's fair to compare FreeBSD 5.X to Linux 2.4.X because a complete operating system based on -CURRENT has been available for download for a year now (FreeBSD 5.0), leading it substantial stability. It'll be some time before RedHat ships with 2.6.X by default.
As the -CURRENT branch will become the -STABLE branch in the next few months (shortly before 5.3 is released) and this will create 6.X (the new -CURRENT), the timing is fairly close to when distributions that include kernel 2.6.X start to appear.
There's a way of looking at fascism which is neither right- nor left-wing oriented: It's part of a separate "social" axis (where the traditional axis is "economic").
See Political Compass for details.
In this view, being fascist (or libertarian) doesn't imply anything about ones economic beliefs.
How long has it been since you tried this? I seem to remember the OpenAFS team fixing a lot of their FreeBSD issues. I know OpenBSD recommends OpenAFS as a network file store. Even then you could try ARLA (?). Should be able to Google for it. IIRC Arla fully supports FreeBSD as both a client and a server.
It's been over a month, I think. My only -CURRENT server is a sparc64 and that could be revealing problems that don't occur on i386. Arla has been marked as "broken - does not build" in the ports tree for some time now (months, at least). I've been struggling with getting AFS onto FreeBSD since last Spring: I don't want to migrate the Vinum file server to another O/S.
Samba is supported somehow IIRC, but I KNOW that AFS over NFS is supported because it's in the docco... Appendix A. Managing the NFS/AFS Translator
Ah! Thanks for the link. At first glance it looks like it needs a second server to act as the translator, but definitely sounds like it does the job.
I agree, though from the other side of the fence: I have an existing Kerberos realm and am finding the AFS integration difficult ;-)
There are two current stumbling blocks for me that likely won't affect the original poster:
* OpenAFS doesn't run nicely (read: at all) on FreeBSD (tested with -STABLE on i386 and -CURRENT on sparc64). Doesn't matter if you're running it on Linux, of course.
* AFS uses it's own filesystem rather than riding on top of the O/S. That's fine, and better for security, but sucks if you want to do something fancy like distribute the same filesystem via samba, NFSv3 and AFS simultaneously.
To me, AFS is much more appealing than NFSv4. For one, NFSv4 is fairly rare - the implementations are basically for testing purposes and there's a limited set of operating systems supported. The extra features that AFS has (volume management, failover, ease of client maintenance, intelligent client-side caching, etc) make it a win for me.
> > This situation encourages companies *not* to contribute their code, because if they keep it proprietary, they have an advantage over the original developers.
> Though there may be no legal demands to open the code, there are many other pressures to do so. One big one is economic incentive to avoid closed forks. This was probably the biggest factor leading to the opening of Darwin.
Putting "closed forks" another way, there is a pratical pressure to contribute back: nobody wants to maintain their own patch set forever. It's a pain in the butt. If it can be incorporated into the main truck, volunteer maintainers ensure that your changes will be kept working. This is a big win, and a big incentive for companies to contribute.
Some people seem to perceive Stalman as resentful of Torvalds because Linux stole the spotlight and rendered GNU a distant also-ran. I don't share this perception. I believe that Stalman and Torvalds have very different agendas, which happen to overlap in Linux. Stalman is promoting the idea of Free (liberated) Software. Torvalds is trying to build an operating system.
...my reasons for prefering the Stalman world are practical: I believe that the process established by Stalman would have soon enough given rise to someone like Torvalds who could have done approximately as well.
:-)
I agree. The overlap is largely accidental and conclusions are often erronously drawn from it.
But it's like you've never heard of BSD or any of the other mature source-sharing communities. Stallman isn't the only one with a successful vision - his "process" wasn't anything new. His particular method at enforcing it via the GPL is fairly innovative, and it's also somewhat contentious.
The GPL world and the open source world also overlap largely accidentally
I agree, Kerberos is definitely the solution here. Aside from solving the original poster's problem, it also does a whole bunch of other cool stuff - consider it a bonus :-)
I've collected a bunch of Kerberos information at the ROSPA website, and I have several realms in production use. It provides the sort of magic that seems simple until you try to work at a site that doesn't use it.
Among other old and/or exotic hardware, I run a 1991-vintage DECStation 5000/25 (named "Firbolg") with 40MB of RAM and a 25Mhz R3000 processor. It takes to NetBSD 1.6.1 like a charm.
It's acting as a shell server for friends who like to play angband as well as being the web development environment for rospa.ca. It has the fancy graphics adapter, a 17" monitor with the evil sync-on-green design (run away!) and the DEC 4800-bps serial keyboard and mouse, but it's currently running headless so it'll fit on a shelf. It runs remote X applications surprisingly quickly for such old hardware.
I bought three of these for Can$40 a while back. One of the best deals I ever made.
You speak of "our constitution" as if I were an American :-) I'm speaking in the generic.
In your view we'd need a huge number of police officers just to prevent all the "jay walking" (crossing the street not at a crosswalk) that pedestrians do because the police (a government agency) would have to enforce the letter of the law.
Of course, in this example the police have limited resources and so have decide exactly where they're going to draw the line -- i.e., they're not following the exact letter of the law, they're interpreting it.
I want them to interpret it in such a way that it protects the public good.
I tried, but I can't agree with you. A power granted does not need to be used. An example is the imposition of martial law. It could be used to "solve" all sorts of legal problems. Laws can be intended for use only in truly exceptional circumstances, after all. A government agency should be noted for it's commitment to serving citizens, it's ethics and it's restraint IMO. One could could argue that it's the fault of the lawmakers for not wording it correctly, but that implies that we expect government agencies to behave like out-of-control power-hungry caricatures. I don't think we (as a society) want to expect that.
Of course, once the long-lived mice are widely known they'll have to hijack a space ship and head for the stars to escape our envious wrath.
Try reading _Deathkiller_. Classic time-travelling science fiction.
Spider is an interesting author precisely because he focuses on his characters more than the hard science. Now that the space race era is over and the hard science is readily available to anyone willing to spend 5 minutes in google, his approach seems to be working better (i.e. selling more).
Are you trying to claim that governments buy their operating systems from Future Shop?
Hobbyists aren't the market that this article is talking about. Retail sales aren't a problem.
Frank Herbert wrote a book (The Dosadi Experiment) which talked about an intriguing concept: a Bureau of Sabotage. This Bureau is charged with ensuring that government doesn't move too fast by literally sabotaging the efforts.
In a way it makes sense: You can't achieve a balance with only one side represented.
RObert Heinlein, as the character Lazarus Long, said:
"The second best thing about space travel is that the distances involved make war very difficult, usually impractical, and almost always unnecessary. This is probably a loss for most people, since war is our race's most popular diversion, one which gives purpose and color to dull and stupid lives.
But it a great boon to the intelligent man who fights only when he must -- never for sport."
Space wars are too expensive compared to just moving to the next rock.
PF is short for 'packet filter', and it's the native firewall code for OpenBSD. Here's the man page for the config file.
;-)
PF is fairly new compared to IPFW and IPFilter, but it has reapidly been gaining advanced features and capabilities. Porting it to other operating systems is a good thing IMO - the more competition in this field, the better
There's a summary of good practices at http://www.openbsd.org/porting.html#Security. The white papers that the team has produced (for example, on the str "l" variants) are also good reading.