Chronophage.net Blog

Antsy for my long weekend.

I want to be Pranav Mistry when I grow up.

I recently read an article explaining why FreeBSD was not more popular. The conclusion of said article was that the installer was daunting, and archaic, and that it was too intimidating to utilize. So, basically, whoever wrote this article (I don’t like calling professionals out) didn’t get past installing the operating system. He assumes, that once it’s up and running, it’s the same as Linux. Nothing about the Ports system, nothing about administration. The sum total of his experience was that that installer was intimidating. He went on to state, and I am paraphrasing here, that only old, wizened Unix admins would use FreeBSD, sitting on high from their ivory corner of the office, replete with Star Trek posters, and choice snippets of their homemade 1994 BoFH day-by-day calendars strewn about their desks,  as they are the only ones who would defend such a terrible installer. This is the type that would utilize an operating system that requires disk slices and network configuration. The rest of us “modern” geeks don’t want to bother with such incantations, abjurations and divinations. They just want an operating system that works out of the box. Point-and-click-and-go!

Well, that tells me that you don’t get it. I’m not wasting my time with my installer. You’re wasting your time with yours. And with your point-and-click Linux install, you’ve installed an “operating system” dedicated to wasting time.

It’s all about the futz factor. And you just declared “I live to futz!”

<Here comes the biography>

I am not a wizened UNIX admin. I’m a Macintosh kid. I grew up with GUI objects, and hypercard. I thought that the most efficient way to work with a computer was with a graphic interface. I did some work with DOS, and frankly, thought it archaic, and backwards. Setting base pages for memory, batch scripting, who needed it?

My first experience with UN*X was MKLinux on a Mac LC (the pizza box) I futzed and futzed with it until I got it to boot. No idea what to do with it. 2 years later, my uncle gave me a PII 200Mhz and I put Mandrake Linux on it, to use it as a NAT’ing router and I thought: Cool! Windows sneaked into my life in my late teens, as I could not resist the lure of Counterstrike, Duke Nuke’m and Quake. Still, I enjoyed futzing with Linux. Breaking things, trying to figure out how they were put together, tinker tinker tinker.

I was still mostly a Mac guy when I started my latest job. And, actually, I still am. They were nice enough to furnish a Mac for me, which I happily use, as I like to keep my work environment “tinker free.” My new boss, frowned when he saw that I liked to play with Linux. “Linux is for people who’s time costs nothing.” I didn’t understand.

I fired up an old AMD 2200 based system, and decided to try FreeBSD. My Boss rolled up his sleeves and showed me how to install it. “The Handbook has too many reboots, it wastes time.” he muttered as we plowed through it. At first I was a bit confused, disk slices? Ports? Buildworld? Why??? But the more I worked with it, the more I realized that it was a recipe. A to B to C and you’ve got a fully patched, binary compatible operating system. And it ran Ports!

No hunting down programs that the “distro” didn’t want to install for political reasons; no RPM dependency issues. No graphical nonsense that got in the way. No looking for security vectors that automatically installed. I could have a single task server up in a fraction of the time for a linux install. And if I had to install anything additional, /usr/ports was right there: make config, make, make install distclean. Everything was where it was supposed to be! There was a unified file structure under /usr/local, no /opt /usr/etc /etc nonsense. Clean and neat and ready to rock and roll. Easy to administer, update and upgrade, and NO MAGIC.

What’s more, is that the three versions that have come out since I first started my FreeBSD odyssey have all had more or less the same install template. So I can push out a working server in a fraction of the time I can with Centos or Ubuntu or Gentoo. You want rapid deployment, go with FreeBSD.

Now, Linux is better for some applications. I don’t do Java on FreeBSD unless I know it will work for a certain app. Tomcat, no. I avoid some Perl apps, because BSDPAN is still a little…eh… But all of my LAMP stuff is BAMP, my mail is Postfix/Dovecot and I am happier for it.

I still futz, and when I futz, I tend to play with Linux. I have an Ubuntu workstation at home and an Ubuntu and Centos VM somewhere out there… I’m not opposed to running Linux, but if I want something cookie cutter, reliable and easy to manage, FreeBSD all the way. I don’t care about benchmarks, or raw IO, or sheer device compatibility on my servers. I just want something that doesn’t take up my time. I want more time to futz with other things. Because my time *is* worth something.

Keep your GUI installer. I’ll take my maintainability, upgradability, consistency and, frankly, sanity over it any day.

And before you decry *any* OS/Distro again, Mr Professional Columnist, do more than kick the tires. It’s ok if you don’t like the OS, but when you stop at the installer, and say “this ain’t no good!” you’re just plain ignorant.

I’m watching TED talks. My pretentiousness is growing as I supplement my community college education.

Certain…Parties… Have intoned I am  goofy for implementing weird “mail bouncy thing” that is sometimes frustrating and is a silly anti-spam technique. Well, that would be Greylisting, and while it’s weird, it also drops a lot of spam getting through.

Greylisting is a very simple technique. It basically is a daemon attached to database that keeps track of who externally sent mail to who internally. When a new domain/ip-address combination pops up, it bounces that transaction with a temporary, 450 bounce. This is per the RFC, and any properly implemented SMTP server should adhere to it, re-queue the message, and send it again later. If the server sends it before a specified “too early” window (in my case, 2 mins, but that’s fairly aggressive) it’s bounced again. If the message comes back after the “too early” window, but before 24 hours, it’s passed, and an entry is made in the database allowing that address to send mail unhindered for a few days. If enough messages come from the same ip address and the same domain pass greylisting, that whole domain is white-listed.

Greylisting is effective because it keeps non-compliant SMTP servers from sending mail to your server. Most virus infected computers that send or relay spam won’t re-queue messages, or will re-queue them for only the briefest amount of time.

Problems with Greylisting are legitimate, but mis-configured SMTP servers either not re-queuing the messages because they are set to treat 400 series bounces as 500 series, or permanent bounces. Or they re-queue the messages, but report to the original sender that the message bounced.

Yahoo implements a more esoteric set up, where they have 4 servers listed in the MX record, and at any time, any of them will bounce messages. This is another way to test for non RFC compliant servers, as a server is supposed to try all of the MX entries in turn, by weight value. Most virus infected computers won’t do that.

Because some of my users may have problems with receiving mail, I have a web-based interface to the Greylisting daemon’s database that allows me to opt addresses or domains out of Greylisting.

I’ve always run Greylisting, so I don’t have any comparison stats, but this guy does.

Software that I’m using for this:

• SQLGrey
• SQLGrey Web Interface (SGWI)