Table of Contents for
Absolute FreeBSD, 3rd Edition

Version ebook / Retour

Cover image for bash Cookbook, 2nd Edition Absolute FreeBSD, 3rd Edition by Michael W. Lucas Published by No Starch Press, 2018
  1. Cover Page
  3. Absolute FreeBSD®, 3rd Edition
  4. Title Page
  5. Copyright Page
  6. About the Author
  7. About the Technical Reviewers
  8. BRIEF CONTENTS
  9. CONTENTS IN DETAIL
  10. FOREWORD by Marshall Kirk McKusick
  11. ACKNOWLEDGMENTS
  12. INTRODUCTION
  13. 1 GETTING MORE HELP
  14. 2 BEFORE YOU INSTALL
  15. 3 INSTALLING
  16. 4 START ME UP! THE BOOT PROCESS
  17. 5 READ THIS BEFORE YOU BREAK SOMETHING ELSE! (BACKUP AND RECOVERY)
  18. 6 KERNEL GAMES
  19. 7 THE NETWORK
  20. 8 CONFIGURING NETWORKING
  21. 9 SECURING YOUR SYSTEM
  22. 10 DISKS, PARTITIONING, AND GEOM
  23. 11 THE UNIX FILE SYSTEM
  24. 12 THE Z FILE SYSTEM
  25. 13 FOREIGN FILESYSTEMS
  26. 14 EXPLORING /ETC
  27. 15 MAKING YOUR SYSTEM USEFUL
  28. 16 CUSTOMIZING SOFTWARE WITH PORTS
  29. 17 ADVANCED SOFTWARE MANAGEMENT
  30. 18 UPGRADING FREEBSD
  31. 19 ADVANCED SECURITY FEATURES
  32. 20 SMALL SYSTEM SERVICES
  33. 21 SYSTEM PERFORMANCE AND MONITORING
  34. 22 JAILS
  35. 23 THE FRINGE OF FREEBSD
  36. 24 PROBLEM REPORTS AND PANICS
  37. AFTERWORD
  38. BIBLIOGRAPHY
  39. INDEX
  40. Absolute FreeBSD®, 3rd Edition
  41. Absolute FreeBSD®, 3rd Edition
  42. Absolute FreeBSD®, 3rd Edition
  43. Absolute FreeBSD®, 3rd Edition
  44. Absolute FreeBSD®, 3rd Edition

FOOTNOTES

INTRODUCTION

1. At the time, several thousand dollars for a computer was dirt cheap. You young punks have no idea how good you have it.

2. If you’re ever in a position where you need to prove that you are Alpha Geek amongst the pack, running Unix on a 1998 palmtop will almost certainly do it.

3. Original Trek. End of discussion. Fight me.

4. In the first edition of this book, I neglected to mention exactly how to do a similar Stupid Desktop Trick, which generated more questioning email than any other topic in the whole book. In the second edition, I swore I wouldn’t make that same mistake again but neglected to mention which software package provides the run-around daemons. They say the third time’s the charm.

5. This ugly thing takes the output of the last command, sorts it in reverse order by the contents of the sixth column, and presents it one screen at a time. If you have hundreds of lines of output, and you want to know which entries have the highest values in the sixth column, this is how you do it. Or, if you have lots of time, you can dump the output to a spreadsheet and fiddle with equally obscure commands for a much longer time.

1 GETTING MORE HELP

1. It’s called honesty. IT professionals may find this term unfamiliar, but a dictionary can help.

2. Computer hardware has gotten faster and smaller, but not particularly better.

3. And it’s one that’s in the Handbook, the FAQ, the mailing list archives, and the forums.

4. Yes, there is a standard for email signatures and how you should behave on the internet. RFC 1855 should be enforced with a spiked club and a gel-fueled flamethrower.

2 BEFORE YOU INSTALL

1. The i386 platform persists despite efforts to rename it amd32. I mean, who bought that pricey Intel hardware anyway?

2. I no longer have customers, so, sadly, I was unable to test on their hardware.

3. ZFS expert Allan Jude often declares that disks plot against us, but a disk’s plot pales next to a RAID controller’s perfidy.

4. Mind you, casual thieves will consider a laptop running FreeBSD effectively encrypted anyway.

5. While I won’t stand in the way of progress, I reserve the right to snicker when progress drives into the ditch.

3 INSTALLING

1. For those who skipped the Acknowledgments: Bert donated $800 to the FreeBSD Foundation in exchange for the privilege of being abused herein. I’m not gratuitously tormenting Bert; he paid real money for it.

2. Indiana, I’m looking at you.

3. This isn’t true. Bert’s not even that accomplished.

4 START ME UP! THE BOOT PROCESS

1. Such systems should be rare, but with your luck, you’ll find one.

2. I’m confident in my sed(1) and awk(1) hackery, but not quite “run this on 400 virtual servers and go home” confident.

3. And if you’ve never heard of ICMP redirects, run, do not walk, to your nearest book shill and get a copy of The TCP/IP Guide by Charles M. Kozierok (No Starch Press, 2005). Once you have it, read it.

4. For the youngsters: line noise, or interference, causes random junk to appear in your terminal session. Random junk other than what you typed, that is.

5. You know, the hardware manual. The booklet you pitched with the server’s shipping box.

6. All right, “even more insecure.” Happy?

7. This might not predate dinosaurs, but it was before spam and before the web. I miss that golden age.

6 KERNEL GAMES

1. Yes, I could make any number of editorial comments here, but they’re all too easy. I do have some standards, you know.

2. In truth, listening is optional.

3. Which anyone using a built-in floppy drive outside a lab fully deserves.

4. Actually, I probably won’t bother, as I’ll be shutting down the test host. But you get the idea.

5. You’ll discover that, actually, you failed your new kernel. But whatever.

7 THE NETWORK

1. Yes, I know about IPv4 Network Address Translation, where not all IP addresses are unique. NAT is a lie, and lying to your network is a good route to trouble—ask anyone who uses NAT on a really large scale. But even with NAT, if you’re on the public internet, your network has one or more unique IP addresses.

2. If my current research on reformatting and reinstalling users bears fruit, however, I will be certain to publish my results.

3. I’m not going to name sites accessible only via IPv4, because if I do, those sites will add IPv6 half an hour after this book reaches the printer.

4. I could go into history here, but suffice it to say: if someone tries to explain Class A, Class B, or Class C addresses to you, plug your ears and scream at them not to contaminate your brain with information made obsolete more than two decades ago.

5. Except, for some reason, many embedded devices. Put your Internet of Things behind a firewall, and don’t allow them general internet access!

6. Yes, Ethernet works over long distances if you have private fiber and multi-million-dollar switches, but if you have those you know why you’re the exception.

8 CONFIGURING NETWORKING

1. Each connection technology traditionally uses up-to-date cables plugged into previous-generation patch panels or vice versa. Those CAT6 cables in the CAT5 patch panel are part of a long custom of sysadmin outrage.

2. Reducing the internet’s popularity might not be a bad thing, mind you . . .

3. Because your life is still worth living.

4. Some readers have already replaced their cruddy hardware before considering software optimizations. These readers may perceive this comment as unwarranted. I sincerely, wholeheartedly, and without reservation apologize to all three of you.

9 SECURING YOUR SYSTEM

1. For interactive use, that is. Never, never, never program in any C shell. Read Tom Christiansen’s classic paper “Csh Programming Considered Harmful” for a full explanation.

2. Some even survived the experience.

3. Sadly, shells don’t come with tachometers.

4. It’s not funny enough to balance out intruders penetrating your server, of course, but it can provide a brief moment of joy in an otherwise ghastly day.

10 DISKS, PARTITIONING, AND GEOM

1. As this particular geom is part of a virtual drive, anything it says about the underlying hardware is a bald-faced lie meant to reassure you.

2. Bert.

3. In the quarter century since then, the BSD community has spent innumerable work-hours explaining and then justifying that decision. Learn from our pain. Don’t port your OS to commodity hardware.

4. Experienced sysadmins should start to feel sympathetic dread right about here.

11 THE UNIX FILE SYSTEM

1. I used a custom block size several times, but most often I didn’t need it and it hurt performance.

2. Again.

3. It’s probably sysadmin error, but you’ll probably blame the hardware.

4. In the first edition of this book, I said using fsdb(8) and clri(8) was like climbing Mount Everest in sandals and shorts. Really, it’s like you’re carrying your climbing guide too, except he’s a chubby author who eats too much gelato and wears a heavy coat because Everest is even colder than his native Michigan. And he’s live-tweeting your every misstep.

5. One could increase the reserved space percentage to make a filesystem appear extra full, thus emphasizing your manager’s urgency in ramming the new disk through Purchasing. But that would be wrong.

12 THE Z FILE SYSTEM

1. Proactively adding a performance-boosting SLOG or L2ARC is a valid solution for administrative problems, like soothing the boss.

2. Probably after several meetings about why the database server is sooo blasted slow.

3. If someone is so daft as to request an account on my systems, I treat them with all the respect they deserve: none.

4. Note that I have enough self-respect not to say “scrub a scrub.” Barely enough, but enough.

13 FOREIGN FILESYSTEMS

1. While formatting a flash drive touches comparatively few sectors and is probably easier on your drive than copying a large file to it, if I didn’t include this warning, I’d get complaint letters. So here it is.

2. Yes, Bert put his files in a directory called cdfiles. I’m not totally sure he knows the difference between UDF and ISO 9660.

3. It’s also a sysadmin rite of passage, so don’t feel too bad when it happens. Just feel bad enough never to do it again.

4. Why is there no safeguard against shooting yourself in the foot like this? Well, Unix feels that anyone dumb enough to do this doesn’t deserve to be its friend. Various people keep trying to put Unix in therapy for this type of antisocial behavior, but it just isn’t interested.

5. For Bert, of course, I’d add the read-only option.

14 EXPLORING /ETC

1. You think your home network is friendly? Oh, really. You really trust every device on it? Media players? Tablets? Televisions? The kids’ toys? Your networked stove would stab you in the back as soon as look at you.

2. Having weird crap in make.conf during a system upgrade will make people laugh at you when you ask for help. But commercial software support techs do that, too, so you’re probably used to it.

15 MAKING YOUR SYSTEM USEFUL

1. For decades, I threatened violence on anyone who named their software NG, or Next Generation. The name’s designed to go obsolete. I’ve reluctantly concluded that I just don’t have enough violence to go around.

2. Removal might do terrible things, but nothing that the package system can predict.

3. The answer to “Should I make my flunky do it?” is always “yes.”

16 CUSTOMIZING SOFTWARE WITH PORTS

1. 28,000 ports. 62-odd categories. Some categories have 9 members. You do the math.

2. Most of this nonexportable software is available from non-US sources and can be downloaded anywhere in the world. Meanwhile, ex-KGB cryptographers without these regulations will happily provide strong crypto to anyone at low, low rates. Mind you, they charge extra for crypto without obvious backdoors.

3. Some software is sufficiently insulting by its nature and doesn’t need additional help.

4. I haven’t looked to see whether LibreOffice can support SNMP, but I see no reason why it wouldn’t.

5. I expect the successor tool to be called detonation in Japanese, and then we’ll have smoking crater in Aramaic.

6. I’m not entirely sure why the installer has a 1MB swap partition, but whatever.

17 ADVANCED SOFTWARE MANAGEMENT

1. Or, perhaps, the libraries you believe are on your system aren’t the same as the libraries that actually are on your system. Never rule out your own failure until you conclusively identify the problem!

2. While most readers of this book will be sysadmins, you can tell your users to buy this book and read this section. They won’t, but maybe they’ll shut up and leave you alone.

3. OSF/1 is tied to defunct hardware (the awesome Alpha processor), while SVR4 is now so ancient nobody uses the feature any more. SCO Unix is hiding somewhere in shame.

4. Until you discover dtrace(1), that is.

5. Again.

18 UPGRADING FREEBSD

1. “In the data center, nobody can hear your power supply scream.”

2. No, “annoying users” isn’t a regular project for FreeBSD developers. It’s a fringe benefit. Entirely different.

3. Various FreeBSD developers have spent the last several releases working toward packaging the base system so that the packaging tools can handle upgrades. I expect that the release of this book will prompt them to immediately solve the remaining problems and obsolete this section.

4. Note that the while CVS is gone, CTM is still alive. More than one FreeBSD developer begged me not to document it, so I won’t. I await your bank transfers, gentlemen.

5. This is the voice of experience. Don’t do it. Really.

6. Unless things go wrong. Then everybody cares—a lot.

19 ADVANCED SECURITY FEATURES

1. Instead, I order flunkies to drive in, fix the problem, and apologize for me. Problem solved.

2. After learning these things, your own screams might wake you up at night for a few years. But you’ll get over it.

3. This really happened. And before you ask, no, I wasn’t the recipient! A friend gave me my high-end graphics workstations. Really. And they’re long obsolete now anyway. Plus, the statute of limitations is a thing.

4. Well, most of them, anyway. Quite a few. A few, at least. Oh, never mind.

5. Hi, Brad and Lucy!

6. Yes, changing secure to insecure improves security. Go figure.

7. I’d say intruder here except that the person in question was Ken Thompson, one of the creators of Unix and C. He had a miraculous ability to log into any Unix system, anywhere in the world, including systems developed years after he stopped working on Unix. Search out Thompson’s paper “Reflections on Trusting Trust.”

20 SMALL SYSTEM SERVICES

1. These links are leftovers from the days when disk space was really, really expensive. They made great sense in the 1980s. Consider this the next time you create any software.

2. It’s good for him. It’ll build character.

3. The most important time of all, of course, is the “time to go home.”

4. I preferred fortune -o, but FreeBSD sadly purged the offensive fortune database.

5. Answering the question “When will it be fixed?” with “However long it takes to fix, plus however much time I waste talking to you” never goes over well.

6. We’re right: you don’t know how good you have it.

7. Whatever that is.

8. Unless, of course, you’d like to try installing someone else’s server configuration file as the new IOS on your Cisco router. Be sure to tell the Cisco support tech to activate the phone recorder before you describe your problem; he’ll want to share this one with his coworkers.

21 SYSTEM PERFORMANCE AND MONITORING

1. Once you manage dozens or hundreds of servers, you’ll also find yourself installing Catci, Zabbix, Graphite, or one of their kin to monitor performance. You wanted to manage yet another application, right?

2. I won’t describe it anywhere, actually. If you want to know the horribly intimate details of FreeBSD’s virtual memory system, read the latest edition of “The Design and Implementation of the FreeBSD Operating System.”

3. My desktop has 32GB but uses only about 4. Yes, I’m compensating for something. The 1990s.

4. Besides, sysadmins already claimed “selfish” and “cranky” for themselves.

5. Being selfish doesn’t count as a good reason to renice -20 your processes. Or so I’ve been told.

22 JAILS

1. This book could be described as “a not even nearly comprehensive list of things for sysadmins to worry about.” This right here is the only counterexample.

2. Note that I used “sense of privacy” and not actual “privacy.”

23 THE FRINGE OF FREEBSD

1. “My own code” is #8 on my list of Reasons I Shriek Obscenities in the Office.

2. Because, sadly, at some time, we all need to override the override’s override.

3. Just for the record: if you have a sharp stick and the proper attitude, you can have my passphrases.

24 PROBLEM REPORTS AND PANICS

1. Also, do try not to swear. Much.

2. I’m increasingly convinced that the word panic was chosen to describe the sysadmin, not the system.

AFTERWORD

1. Yes, this includes a man who took his FreeBSD laptop on a cruise to Antarctica. With his wife. On their 20th anniversary. He’s never mentioned whether his wife threw the laptop overboard or not, but if so, he’s lucky he didn’t follow it into the briny deeps.

2. They won’t deliberately come for you in your sleep, though. It’s a global group—they don’t know when you’re sleeping.