Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Submission Summary: 0 pending, 107 declined, 51 accepted (158 total, 32.28% accepted)

Submission + - Book Review: Networking for System Administrators->

Saint Aardvark writes: (Disclaimer: I received a free copy of this book for writing a review.)

Michael W. Lucas has been writing technical books for a long time, drawing on his experience as both a system and a network administrator. He has mastered the art of making it both easy and enjoyable to inhale large amounts of information; that's my way of saying he writes books well and he's a funny guy. "Networking for System Administrators", available both in DRM-free ebook and dead tree formats, is his latest book, and it's no exception to this trend.

Like the title suggests, this book explains networking to sysadmins — both juniors new to this career, and those who have been around for a while but don't understand how those network folks live or what they need to do their job. If you're one of the latter, you might think "Oh I've read 'TCP/IP Illustrated' — I don't need another networking book." And it's true that there is overlap between these two books. But Lucas also explains about how to work with network folks: dealing with areas of shared responsibility, how to understand where your side ends, and how to talk to a network admin so that everyone understands each other — and more importantly, is both able and happy to help the other. This is something that is out-of-scope for a network textbook, and it's valuable.

So what's in this book? Lucas takes us through all the network layers, explaining how everything fits together. From physical ("If you can trip over it, snag it, break the stupid tab off the plastic connector at its end, or broadcast static over it, it's the physical layer.") to transport and application, he shows practical examples of how the OSI model maps (or doesn't) to the world of TCP/IP. He shows the happy path and the sad path at each layer, explaining how to understand what's going on and troubleshooting failures. This is the part with the strongest overlap with those other network textbooks. If system administration is a side gig (maybe you're a developer who has to maintain your own server), you'll have enough in this book to deal with just about anything you're likely to trip over. But if you're early in your sysadmin career, or you find yourself making the jump to Ops, you will want to follow it up with "TCP/IP Illustrated" for the additional depth.

Since you'll be troubleshooting, you'll need to know the tools that let you dump DNS, peer into packets, and list what's listening (or not) on the network. Lucas covers Linux and Unix, of course, but he also covers Windows — particularly handy if, like me, you've stuck to one side over the course of your career. Tcpdump/Windump, arp, netstat, netcat and ifconfig are all covered here, but more importantly you'll also learn how to understand what they tell you, and how to relay that information to network administrators.

That thought leads to the final chapter of this book: a plea for working as a team, even when you're not on the same team. Bad things come from network and systems folks not understanding each other. Good things — happy workplaces, successful careers, thriving companies and new friends — can come from something as simple as saying "Well, I don't know if it is the network's fault...why don't we test and find out?"

After reading this book, you'll have a strong footing in networking. Lucas explains concepts in practical ways; he makes sure to teach tools in both Unix/Linux and Windows; and he gives you the terms you'll use to explain what you're seeing to the network folks. Along the way there's a lot of hard-won knowledge sprinkled throughout (leave autonegotiation on — it's a lot better than it used to be; replace cables if there's any hint of flakiness in a server's network connection) that, for me at least (and be honest, you too) would have saved a lot of time over the years.

Who would I recommend this book to?
  • If you're a sysadmin at the beginning of your career, this book is an excellent beginning; take it, read it, and build on it — both with practical experience and further reading.
  • If you're coming into system administration the back way (as a developer who has to manage their own server, say, or who shares responsibility for a networked service with other admins), I can't think of a better single source for the practical knowledge you need. You'll gain an understanding of what's going on under the hood, how to diagnose problems you encounter, and how to talk to either system or network administrators about fixing those problems.
  • If you're a manager or senior sysadmin, buy this book and read it through before handing it to the juniors on your team, or that dev who keeps asking questions about routing and the firewall; you may learn a few things, and it's always good to read fine technical writing.

Link to Original Source

Submission + - Book Review: "FreeBSD Mastery: Storage Essentials", by Michael W. Lucas-> 1 1

Saint Aardvark writes: (Disclaimer: I received a free copy of this book for review. Disclaimer to the disclaimer: I would gladly have paid for it anyway.)

If, like me, you administer FreeBSD systems, you know that (like Linux) there is an embarrassment of riches when it comes to filesystems. GEOM, UFS, soft updates, encryption, disklabels — there is a *lot* going on here. And if, like me, you're coming from the Linux world your experience won't be directly applicable, and you'll be scaling Mount Learning Curve. Even if you *are* familiar with the BSDs, there is a lot to take in. Where do you start?

You start here, with Michael W. Lucas' latest book, "FreeBSD Mastery: Storage Essentials". You've heard his name before; he's written "Sudo Mastery" (which I reviewed previously), along with books on PGP/GnuPGP, Cisco Routers and OpenBSD. This book clocks in at 204 pages of goodness, and it's an excellent introduction to managing storage on FreeBSD. From filesystem choice to partition layout to disk encryption, with sidelong glances at ZFS along the way, he does his usual excellent job of laying out the details you need to know without every veering into dry or boring.

Do you need to know about GEOM? It's in here: Lucas takes your from "What *is* GEOM, anyway?" (answer: FreeBSD's system of layers for filesytem management) through "How do I set up RAID 10?" through "Here's how to configure things to solve that weird edge-case." Still trying to figure out GUID partitions? I sure as hell was...and then I read Chapter Two. Do you remember disklabels fondly, and wonder whatever happened to them? They're still around, but mainly on embedded systems that still use MBR partitions — so grab this book if you need to deal with them.

The discussion of SMART disk monitoring is one of the best introductions to this subject I've ever read, and should serve *any* sysadmin well, no matter what OS they're dealing with; I plan on keeping it around for reference until we no longer use hard drives. RAID is covered, of course, but so are more complex setups — as well as UFS recovery and repair for when you run into trouble.

Disk encryption gets three chapters (!) full of details on the two methods in FreeBSD, GBDE and GELI. But just as important, Lucas outlines why disk encryption might *not* be the right choice: recovering data can be difficult or impossible, it might get you unwanted attention from adversaries, and it will *not* protect you against, say, an adversary who can put a keylogger on your laptop. If it still make sense to encrypt your hard drive, you'll have the knowledge you need to do the job right.

I said that this covers *almost* everything you need to know, and the big omission here is ZFS. It shows up, but only occasionally and mostly in contrast to other filesystem choices. For example, there's an excellent discussion of why you might want to use FreeBSD's plain UFS filesystem instead of all-singing, all-dancing ZFS. (Answer: modest CPU or RAM, or a need to do things in ways that don't fit in with ZFS, make UFS an excellent choice.) I would have loved to see ZFS covered here — but honestly, that would be a book of its own, and I look forward to seeing one from Lucas someday; when that day comes, it will be a great companion to this book, and I'll have Christmas gifts for all my fellow sysadmins.

One big part of the appeal of this book (and Lucas' writing in general) is that he is clear about the tradeoffs that come with picking one solution over another. He shows you where the sharp edges are, and leaves you well-placed to make the final decision yourself. Whether it's GBDE versus GELI for disk encryption, or what might bite you when enabling soft updates journaling, he makes sure you know what you're getting into. He makes recommendations, but always tells you their limits.

There's also Lucas' usual mastery of writing; well-written explanations with liberal dollops of geek humour that don't distract from the knowledge he's dropping. He's clear, he's thorough, and he's interesting — and that's an amazing thing to say about a book on filesystems.

Finally, technical review was done by Poul Henning-Kamp; he's a FreeBSD developer who wrote huge parts of the GEOM and GBDE systems mentioned above. That gives me a lot of warm fuzzies about the accuracy of this book.

If you're a FreeBSD (or Linux, or Unix) sysadmin, then you need this book; it has a *lot* of hard-won knowledge, and will save your butt more than you'll be comfortable admitting. If you've read anything else by Lucas, you also know we need him writing more books. Do the right thing and buy this now.

Link to Original Source

Submission + - Book Review: "Sudo Mastery: User Access Control for Real People"->

Saint Aardvark writes: Disclaimer: I got a free copy of this book because I was a technical reviewer for it. Disclaimer to the disclaimer: I totally would have paid for this book anyway. Final disclaimer: a shorter version of this review appeared on Amazon.com.

If you're a Unix or Linux sysadmin, you know sudo: it's that command that lets you run single commands as root from your own account, rather than logging in as root. And if you're like me, here's what you know about configuring sudo:
  1. Run sudoedit and uncomment the line that says "%wheel ALL=(ALL) ALL".
  2. Make sure you're in the wheel group.
  3. Profit!

Okay, so you can now run any command as root. Awesome! But not everyone is as careful as you are (or at least, as you like to think you are). If you're a sysadmin, you need to stop people from shooting themselves in the foot. (Might also want to stop yourself from self-inflicted gunshot wounds.) There should be some way of restricting use, right? Just gotta check out the man page.... And that's where I stopped, every time. I've yet to truly understand Extended Backus-Naur Form (sue me), and my eyes would glaze over. And so I'd go back to putting some small number of people in the "wheel" group, and letting them run sudo, and cleaning up the occasional mess afterward.

Fortunately, Michael W. Lucas has written "Sudo Mastery: User Access Control for Real People". If his name sounds familiar, there's a reason for that: he's been cranking out excellent technical books for a long time, on everything from FreeBSD to Cisco routers to DNSSEC. He just, like, does this: he takes deep, involved subjects that you don't even know you need to know more about, and he makes them understandable. It's a good trick, and we're lucky he's turned his attention to sudo.

The book clocks in at 144 pages (print version), and it's packed with information from start to finish. Lucas starts with the why and how of sudo, explaining why you need to know it and how sudo protects you. He moves on to the syntax; it's kind of a bear at first, but Chapter 2, "sudo and sudoers", takes care of that nicely. Have you locked yourself out of sudo with a poor edit? I have; I've even managed to do it on many machines, all at once, by distributing that edit with CFEngine. Lucas covers this in Chapter 3, "Editing and Testing Sudoers", a chapter that would have saved my butt. By the time you've added a few entries, you're probably ready for Chapter 4, "Lists and Aliases".

sudo has lots of ways to avoid repeating yourself, and I picked up a few tricks from this chapter I didn't know about — including that sudo can run commands as users other than root. Need to restart Tomcat as the tomcat user? There's a sudoers line for that. I'm ashamed to admit that I didn't know this.

There is a lot more in this book, too. You can override sudo defaults for different commands or users (you can change the lecture text; maybe sometimes there *is* a technical solution for a social problem...). You can stuff sudo directives into LDAP and stop copying files around. You can edit files with sudoedit. You can record people's sudo commands, and play them back using sudoreplay. The list goes on.

Sounds like a lot, doesn't it? It is. But the book flies by, because Lucas is a good writer: he packs a lot of information into the pages while remaining engaging and funny. The anecdotes are informative, the banter is witty, and there's no dry or boring to be found anywhere.

Shortcomings: Maybe you don't like humour in your tech books; if so, you could pass this up, but man, you'd be missing out. There wasn't an index in the EPUB version I got, which I always miss. Other than that: I'm mad Lucas didn't write this book ten years ago.

Score: 10 out of 10. If you're a Linux or Unix sysadmin, you need this book; it's just that simple.

Where to buy:

  • You can buy the ebook version from Lucas himself.
  • You can also buy the ebook or a dead-tree version from Amazon.com.

Link to Original Source
Canada

Submission + - Canadian bureacracy can't answer simple question: What's this study with NASA?->

Saint Aardvark writes: "It seemed like a pretty simple question about a pretty cool topic: an Ottawa newspaper wanted to ask Canada's National Research Council about a joint study with NASA on tracking falling snow in Canada. Conventional radar can see where it's falling, but not the amount — so NASA, in collaboration with the NRC, Environment Canada and a few universities, arranged flights through falling snow to analyse readings with different instruments. But when they contacted the NRC to get the Canadian angle, "it took a small army of staffers— 11 of them by our count — to decide how to answer, and dozens of emails back and forth to circulate the Citizen’s request, discuss its motivation, develop their response, and “massage” its text." No interview was given: "I am not convinced we need an interview. A few lines are fine. Please let me see them first," says one civil servant in the NRC emails obtained by the newspaper under the Access to Information act. By the time the NRC finally sorted out a boring, technical response, the newspaper had already called up a NASA scientist and got all the info they asked for; it took about 15 minutes."
Link to Original Source
Canada

Submission + - Canada's online surveillance bill: Section 34 "opens door to Big Brother"->

Saint Aardvark writes: Canada's proposed online surveillance bill looked bad enough when it was introduced, but it gets worse: Section 34 allows access to any telco place or equipment, and to any information contained there — with no restrictions, no warrants, and no review. From the article: "Note that such all-encompassing searches require no warrant, and don't even have to be in the context of a criminal investigation. Ostensibly, the purpose is to ensure that the ISP is complying with the requirements of the act — but nothing in the section restricts the inspector to examining or seizing only information bearing upon that issue. It's still "any" information whatsoever." You can read Section 34 here.
Link to Original Source

Submission + - Samsung plants keyloggers on laptops it makes->

Saint Aardvark writes: "Mohammed Hassan writes in Network World that he found a keylogger program installed on his brand-new laptop — not once, but twice. After initial denials, Samsung has admitted they did this, saying it was to "monitor the performance of the machine and to find out how it is being used." As Hassan says, "In other words, Samsung wanted to gather usage data without obtaining consent from laptop owners." Three PR officers from Samsung have so far refused comment."
Link to Original Source
Canada

Submission + - Canada's copyright debate turns ugly->

Saint Aardvark writes: As reported by the CBC, the debate in Canada over the new copyright bill hit a new low. Minister of Heritage James Moore decried opponents of the bill as "radical extremists", with a "babyish" approach to copyright. As Professor Michael Geist points out, these "radical extremists" include a laundry list of educators, politicians and business leaders. The minister initially denied making any such remarks...until video surfaced showing the speech. Said one critic, "He has morphed from a personable, PR-savvy techno-nerd minister to a young Richard Nixon [with an enemies list]". As if that wasn't enough, Cory Doctorow waded into the debate with an article outlining his objections as a Canadian author, and a debate over Twitter with the minister himself. The thinly-veiled attack on Geist may backfire, though: "voters may ask if the bill's proponents are engaging in character assassination rather than rational policy debate because the proponents' actual arguments aren't that convincing."
Link to Original Source
Canada

Submission + - James Moore's Attack on Fair Copyright->

Saint Aardvark writes: Professor Michael Geist writes about Canadian Minister of Heritage James Moore's recent speech. In it, Moore condemned critics of his proposed new copyright bill, saying "Make sure that those voices who try to find technical, non-sensical, fear-mongering reasons to oppose copyright reform are confronted every step of the way and they are defeated. When we do that this bill will pass and Canada will be better for it."
Link to Original Source
Canada

Submission + - OpenParliament.ca launches->

Saint Aardvark writes: "Via Michael Geist comes the news that OpenParliament.ca has launched. It offers a searchable interface to 16 years of Canada's official record of parliamentary debate and votes, information on bills before Parliament, the ability to be alerted when your member of Parliament speaks, and much more. OpenParliament is a grass-roots effort, not a government initiative. This is all the more remarkable considering that, while the Hansard has been online since '94, it has to be parsed using a "wobbly tower of rules". Natch, it's Free Software."
Link to Original Source

Submission + - Creative Commons: 59 hours to reach $500k

Saint Aardvark writes: CreativeCommons.org is appealing for donations to help support them in 2010. Lawrence Lessig, a familiar name to Slashdot readers and the founder of Creative Commons, writes: "[T]he White House, Al Jazeera, and Wikipedia all adopted CC licenses. That happened this year. And now that it has happened, we all have an even stronger obligation to make sure this thing that thousands helped build over the past 7 years continues to grow and succeed and inspire." Their goal is to raise $500,000 by December 31st to ensure funding for the coming year. They've got just $80,000 left to go. You can donate here.
The Courts

Submission + - FSF Settles Suit Against Cisco->

Saint Aardvark writes: "The Free Software Foundation has announced that they've settled their lawsuit with Cisco (reported earlier here). In the announcement, they say that Cisco has agreed to appoint a Free Software Director for Linksys, who will report periodically to the FSF; to notify Linksys customers of their rights; and to make a monetary donation to the FSF. An accompanying blog entry explains further: "Whenever we talk about the work we do to handle violations, we say over and over again that getting compliance with the licenses is always our top priority. The reason this is so important is not only because it provides a goal for us to reach, but also because it gives us a clear guide to choosing our tactics. This is the first time we've had to go to court over a license violation.""
Link to Original Source
The Media

Submission + - USENIX opens access to conference proceedings->

Saint Aardvark writes: "USENIX has announced that is is opening up public access to all of its conference proceedings. Previously, these had been restricted to USENIX members until one year after publication. From LISA to FAST, from WOOT to USENIX' own eponymous conference, if you're in any way working in, for, near or around IT you want this information. Kudos to USENIX for doing this!"
Link to Original Source
Privacy

Submission + - Letter casts doubts on Yahoo! China testimony->

Saint Aardvark writes: "A hand-written letter, believed to be from Chinese police, has surfaced that sheds new light on the case of Chinese reporter Shi Tao. The letter "is essentially a standardized search warrant making clear that Chinese law enforcement agencies have the legal authority to collect evidence in criminal cases. This contradicts Yahoo's testimony to Congress in 2006 that they "had no information about the nature of the investigation." "One does not have to be an expert in Chinese law to know that 'state secrets' charges have often been used to punish political dissent in China," says Joshua Rosenzweig, manager of research and publications for The Dui Hua Foundation. Shi Tao was sentenced to 10 years in prison for his reporting on the Tianamen Square massacre."
Link to Original Source
Security

Submission + - OpenBSD: Now 2 remote holes in more than 10 years

Saint Aardvark writes: "CoreLabs released an advisory today about a remote hole in OpenBSD. The vulnerability, which affects versions 3.1, 3.6, 3.8, 3.9, 4.0 and the upcoming 4.1 release (for code obtained prior to Feb 26th; the upcoming CD is fine), comes from the way OpenBSD's IPv6 code handles mbufs. Theo's terse announcement is an interesting counterpoint to Core Security's timetable, which details their efforts to convince the OpenBSD team of the flaw's seriousness. The workaround is to block IPv6. Discussion continues on Undeadly.org, and a short discussion of the flaw's details can be found here."

You are in a maze of little twisting passages, all different.

Working...