Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Last Chance - Get 15% off sitewide on Slashdot Deals with coupon code "BLACKFRIDAY" (some exclusions apply)". ×

Submission + - Book Review: "FreeBSD Mastery: Storage Essentials", by Michael W. Lucas (amazon.com) 1

Saint Aardvark writes: (Disclaimer: I received a free copy of this book for review. Disclaimer to the disclaimer: I would gladly have paid for it anyway.)

If, like me, you administer FreeBSD systems, you know that (like Linux) there is an embarrassment of riches when it comes to filesystems. GEOM, UFS, soft updates, encryption, disklabels — there is a *lot* going on here. And if, like me, you're coming from the Linux world your experience won't be directly applicable, and you'll be scaling Mount Learning Curve. Even if you *are* familiar with the BSDs, there is a lot to take in. Where do you start?

You start here, with Michael W. Lucas' latest book, "FreeBSD Mastery: Storage Essentials". You've heard his name before; he's written "Sudo Mastery" (which I reviewed previously), along with books on PGP/GnuPGP, Cisco Routers and OpenBSD. This book clocks in at 204 pages of goodness, and it's an excellent introduction to managing storage on FreeBSD. From filesystem choice to partition layout to disk encryption, with sidelong glances at ZFS along the way, he does his usual excellent job of laying out the details you need to know without every veering into dry or boring.

Do you need to know about GEOM? It's in here: Lucas takes your from "What *is* GEOM, anyway?" (answer: FreeBSD's system of layers for filesytem management) through "How do I set up RAID 10?" through "Here's how to configure things to solve that weird edge-case." Still trying to figure out GUID partitions? I sure as hell was...and then I read Chapter Two. Do you remember disklabels fondly, and wonder whatever happened to them? They're still around, but mainly on embedded systems that still use MBR partitions — so grab this book if you need to deal with them.

The discussion of SMART disk monitoring is one of the best introductions to this subject I've ever read, and should serve *any* sysadmin well, no matter what OS they're dealing with; I plan on keeping it around for reference until we no longer use hard drives. RAID is covered, of course, but so are more complex setups — as well as UFS recovery and repair for when you run into trouble.

Disk encryption gets three chapters (!) full of details on the two methods in FreeBSD, GBDE and GELI. But just as important, Lucas outlines why disk encryption might *not* be the right choice: recovering data can be difficult or impossible, it might get you unwanted attention from adversaries, and it will *not* protect you against, say, an adversary who can put a keylogger on your laptop. If it still make sense to encrypt your hard drive, you'll have the knowledge you need to do the job right.

I said that this covers *almost* everything you need to know, and the big omission here is ZFS. It shows up, but only occasionally and mostly in contrast to other filesystem choices. For example, there's an excellent discussion of why you might want to use FreeBSD's plain UFS filesystem instead of all-singing, all-dancing ZFS. (Answer: modest CPU or RAM, or a need to do things in ways that don't fit in with ZFS, make UFS an excellent choice.) I would have loved to see ZFS covered here — but honestly, that would be a book of its own, and I look forward to seeing one from Lucas someday; when that day comes, it will be a great companion to this book, and I'll have Christmas gifts for all my fellow sysadmins.

One big part of the appeal of this book (and Lucas' writing in general) is that he is clear about the tradeoffs that come with picking one solution over another. He shows you where the sharp edges are, and leaves you well-placed to make the final decision yourself. Whether it's GBDE versus GELI for disk encryption, or what might bite you when enabling soft updates journaling, he makes sure you know what you're getting into. He makes recommendations, but always tells you their limits.

There's also Lucas' usual mastery of writing; well-written explanations with liberal dollops of geek humour that don't distract from the knowledge he's dropping. He's clear, he's thorough, and he's interesting — and that's an amazing thing to say about a book on filesystems.

Finally, technical review was done by Poul Henning-Kamp; he's a FreeBSD developer who wrote huge parts of the GEOM and GBDE systems mentioned above. That gives me a lot of warm fuzzies about the accuracy of this book.

If you're a FreeBSD (or Linux, or Unix) sysadmin, then you need this book; it has a *lot* of hard-won knowledge, and will save your butt more than you'll be comfortable admitting. If you've read anything else by Lucas, you also know we need him writing more books. Do the right thing and buy this now.


Submission + - "Tactical Nuclear Penguin" launched today (bbc.co.uk)

cheros writes: No, it's not a new game, and it's not a new Linux distro either (although it would be quite a name), it's BEER.

What's more, it's not your average new taste either, it's incredibly strong stuff with 32% alcohol.

Please do not drink too much of this, or you'll become too risky to cremate..


Submission + - Press Release Services (and General Advice)

chiphart writes: "Imagine that you are on a team that has developed an amazing new product or service and you want to tell the world. The one person in your group with an English degree hacks up a press release — now what do you do with it? There are many different press release services out there...but do they work? Does anyone have any good or bad experience to share about these services? Are there any non-obvious methods for distributing press releases in an effective manner, especially for a group that has little in terms of marketing funds? One thing we learned from our journalist friends is to approach reporters directly in, to quote, obsequious fashion, but that has not lead anywhere yet. I will indicate my seriousness for a response to this question by not linking to the obviously amazing new product/service in an effort of self-promotion."

Submission + - Documenting Firewall Rulesets ?

An anonymous reader writes: I have a substantial amount of experience on "both sides of the firewall" and to date have used my knowledge and experience as wisely as possible. For much of the past decade I have been the primary administrator of an enterprise class firewall for a fairly large entity, having designed and built the current infrastructure from the initial installs. The firewall ruleset has grown quite large with our ever increasing dependence on internet connectivity and now supports several dozen DMZ resident systems as well as hundreds of site to site VPNs. We use an industry leader, enterprise class firewall, which allows central management of multiple enforcement points and does a nice job of self-documentation within the management console. I am now being asked by upper management to extract the detailed ruleset configuration from the safety of the management console and publish this information to an "internal document" which will be available to corporate resources other than the small team changed with firewall administration. It was offered that we can document the process of obtaining this information through the firewall management interface, but this was rejected and upper management is insisting that we publish every detail of the firewall ruleset to a shared directory on our network. Am I the only one that thinks this is a horrible idea and a potentially serious security issue? Can anyone provide any "best practices" documentation to support either side of the issue? I'm having real concerns with simply handing over the security information that I've spent many years protecting to those who may not understand the potential problems in publishing this data.
The Internet

Submission + - What content delivery network would you suggest? 2

cfelde writes: "I'm running a site that serves a lot of flash content (games). After a total redesign its traffic have increased (about 12 GB in August, 22 GB in September, 55 GB in October and we're currently serving 2,2 GB pr day this month.) At this rate I don't feel like trusting my hosting provider (which have served me very well so far) who have no limits on the amount of traffic I can use. So I'm currently looking into using Amazon S3 for all the flash content, but I'm wondering if the Slashdot community knows of any other CDN providers they would recommend? I need at least 99.9% uptime, and the pricing should be somewhat like that of the Amazon S3 service."
The Courts

Submission + - Non-Competes in California... do they hold up? 2

CrapTastix writes: I'm considering leaving the company I've worked at for the past several years, but in light of the whole Microsoft, Google and Kai-Fu Lee event I am wondering about real world experience with non-competes and California law.

I've worked several years at consulting company that has a very long non-compete section in their employment contract. I live in California and lived in CA when I signed it and have done most of my work for the company in California. In the contract it has the usual non-compete verbiage: can't work in their industry (or any industry they may get into), poach their employees or contact their clients for a year. The company is out of Washington State... that's why the Google/MS conflict comes to mind.

I am just rank and file, but was given the non-compete papers with all the other papers when I started and was faced with a, "sign these or don't get the job" moment. In the back of my head I had the factoid that California does not honor non-competes so I wasn't too worried about it.

Does anyone out there have a real world story with a non-compete and how California deals with it? Any suggestions for a smooth exit?

Submission + - Systems Administrators styles for managment?

simeeon writes: Dear /. After reading an article about how some companies IT sections are moving away from the traditional Waterfall model. I got to thinking, what model is best for more hardware orientated administrators, you know those grind it out day by day system and network administrators in large schools and corporate institutes etc? The Waterfall model is also based more for software implementation and design so what could be used for a company IT Systems Administrator? What do you or other Sys/network Admins use? I know another software management model would be the newer agile management system but this is still too focused on software design and development for a hardware junkie like me.

Submission + - How to take a vacation as a one man IT dept? 2

wgoodman writes: I work at a small company as the sole geek. It's been a few years now and I'm forced to actually use some of the vacation time that I've built up otherwise I lose it. Since I'll be gone for a few weeks with no cell phone and only intermittent internet access not to mention nearly constant drunkenness, what precautions and steps to avoid things going south in my absence do you recommend? I've scripted as much as i can of the day to day stuff, got a lackey to swap backup tapes, and given my boss contact info on the equipment that we have support contracts with. What am I forgetting?

Submission + - Who's the Expert here?

brainee28 writes: Recently, The IT Department for my company rebuilt from the ground up all infrastructure (servers, workstations and network switches)to deal with legacy issues from the last systems administrator. It was done in 2 phases, both of which were technically successful, but have created political issues.(I'm the administrator that advocated for the change. The political issues are that during the planning for this process, 2 engineers from one of our divisions were asked to consult because the IT Department was relatively new, and the president wanted other opinions. One used to build network switches for a discontinued LAN based product; the other created some of the basic VLAN software that's now used in most network switches. Both have expressed their dissatisfaction at the end result of this change; as it impacts some of their projects by the new structuring. One has now resorted to sniping, "testing" my system with potential backdoors, and advocating that the engineer's home network is better suited for his work than my corporate network, and general badmouthing. He unfortunately, has worked at this company for over 25 years, whereas I've been here for 8 years now. How would you handle this situation?

Submission + - Resolving IP to MAC address across a router

Bengie writes: From what I know about networks, you can't find out the MAC of an IP across a router. At some point I stumbled across a program that does just this. The only google hits I get talk about Netbios. Being able to do this would help out IT dept because our back-up registration page pulls MAC info from our DHCP server, but the DHCP database only syncs with our back-up database every 24 hours. If we build a new computer to replace an old one, our registration page can't get the new MAC for the Wake-on-LAN info until 24 hours later. We could use netbios if we had to, but that's kind of shady and won't work for our Mac computers since they don't have netbios. Is there a way of resolving the MAC of an IP across routers?
Operating Systems

Submission + - How many files does a modern OS really need? 2

mopomi writes: I'm setting up a home-office for my SO. Part of the company's requirement for the home-office is that the computer have an anti-virus package installed (because it will be connected directly to their network via a VPN). Since we don't like to use Windows for day-to-day work, we're running the VPN and remote display software under Suse 10.1. To be technically compliant with the AV requirement, I found and installed software from a big-name AV vendor (company is irrelevant). Last night I ran the AV scan on the entire system (bar /proc and /dev). This includes the Windows XP partition that is used for gaming.

The software scanned nearly three million files (with no positives!). My (somewhat rhetorical) question: Why are there so many files on modern operating systems? is every file necessary? is every tenth? how much of this is cruft?

Submission + - Typesetting documents containing source code? 1

An anonymous reader writes: I'm looking for advice on software to typeset technical documents containing lots of program listings and related material. I have an opportunity involving publishing various technical articles and possibly a book or two, and would need to produce suitably professional-looking documents output as bureau-ready PDFs. The content of the documents is not a problem, and I have enough budget to buy any of the major DTP or typesetting packages if necessary, but I've never found a good solution to typesetting program listings. Are there any Slashdotters with prior experience of this, who could recommend suitable software?

LaTeX has some useful packages available, but isn't my first choice because of other limitations, particularly the lack of support for professional-grade OpenType fonts and the general unreliability of mixing several complex packages together. The big name DTP packages don't raise these concerns, but I've never found a good way to automate the typesetting of the source code with formatting such as syntax highlighting and line numbering, and the ability to import the code directly from a file on disk so I can use the real, tested code. Perhaps there's some variant in the TeX family I haven't found that is better at this, or a plug-in for one of the major DTP packages? Any advice would be very welcome. Someone must have done this before!

My mother is a fish. - William Faulkner