Complete noob...

[Nick Guenther]

On 8/7/06, Woodchuck <djv at bedford.net> wrote:
> On Mon, 7 Aug 2006, Nick Guenther wrote:
>
> > > Wait for a little way until things have sunk in.  There is no great
> > > change between 3.9 from the CD and the STABLE version of 3.9.
> >
> > If he *is* coming from Windows (or even Linux) then you can't really
> > blame him for being antsy about upgrading... because you know...
> > hackers can hack so hard they can even kill your mom just by looking
> > at her, and security holes happen because you put too much strain on a
> > system and pieces of code start popping out like bolts on the titanic.
>
> Most security problems are configuration, not code, problems in
> OpenBSD.  The discovery of this hard fact is called the "moment of
> truth".  If you get haxed, it's the admin's mistake, probably.  The
> code is solid.  A naked, unfirewalled Windoze XP installation can
> be rendered into a fully-0wned spam zombie within a few minutes of
> its first connection to the 'net, even before it can download
> "Service Pak 1,843,544,566.22B" from mickeysoft.  What's the estimate
> now, about 1/3 Dozers on broadband are 0wned at present?


: Ok, pavlov's dog ain't gont nothin on me, I NEED that patch 'cause
: it's there - woof ;)

That's what I figured.

> I see some nice lady approriately named Rutkowska at Defcon rooted
> a Vista box.  (Using a "blob" as de Raadt calls them.)  What is
> that, a -100 Day Sploit?

Hahaha awesome.

> > I ran linux for a year. Didn't teach me anything, and when it stopped
> > working (turned out I'd run out of disk space and X couldn't start; of
> > course I didn't know this because it was fucking configured to start X
> > from the startup script, and it took me another year to learn the
> > skills just to get the log of X crashing extracted) I failed and gave
> > up. Then I discovered OpenBSD. In a day of reading manpages I'd
> > learned more about Unix than in that entire year.
>
> It is vicious to start up X at boot time for the new user.  Absolutely
> mean and inconsiderate.  It hides the actual system behind an attempt
> to be "friendly" and look like Windoze.  X is an add-on.  It's not really
> unix in the strict sense.  (Versions of it run/used to run on other
> OS's ... Decwindows was one such.)  Learning X is a separate problem.

It is horrible. OpenBSD's "show me your dmesg" approach is so simple
and just _sane_.

> > Oh, by the way, if you see x(n) it usually means "man n x", that is,
> > the manpage for topic 'x' in section n. I didn't figure this out until
> > months into my OpenBSD foray (yes I realize now that there is an
> > example of this in afterboot(8) but the notation is not pointed out).
>
> Another pointer is the -a switch to man, which will cycle through
> all man pages for a given subject.
>
> Heh.  "man man" for more details.
>
> the notation  something(digit) is ancient, and should be supported.
> I didn't want to confuse with it.
>
> Sometimes you'll see something like  sin(3m)   the m means the math
> library.

3p is perl, and apparently there is a "n" section for new commands.

> There is more than one shell, and they differ.  It's quite easy to write
> a rudimentary shell, it's a good exercise for an experienced C programmer
> transitioning to unix.

Well.. here I was the one who didn't want to confuse.

> > That's not entirely true. I have been running a month cumulative as
> > root and have learned lots from it.
>
> I've been running root since 1985.  Don't use it for learning on
> *somebody else's* machine.  I haven't wiped out a filesystem accidentally
> since 1989.

A nice thing about OpenBSD is that if you do wipe your filesystems
there's still hope. At install time you should just do
# fdisk wd0 > partitions.txt
# disklabel wd0 >> partitions.txt
and save the partitions file somewhere safe. If the disk gets
corrupted horribly you can just go in with your install disk, drop to
a shell, and reenter the values stored in partitions.txt

If you lose that file somehow there is still hope: if you can recover
your /var partition you can find a backup of your disklabel(8). And if
that doesn't work there is always scan_ffs(8) which works like
programs like R-studio: scans the entire disk and guesses out the
structure of an ffs filesystem.

Of course
# dd if=/dev/zero of=/dev/wd0c
is still a very very bad idea (see dd(1) and zero(4) before going near
any command like this). You might still be able to recover your data
after this, but it will require a dedicated lab and team of
specialists who can use electron microscopes and stuff to read the
echoes of the data.

> Our original newbie is NOT going to be aware of a lot of subtleties
> of the sh(1) command line until they have bitten him, even the meaning
> of wildcards (such as that they are called "regular expressions" or
> "filename globbing" in unix, man regex, man glob) and the clever ways
> in which they can be abused.

> > On the other hand, reinstalling
> > doesn't really matter; the official docs even say "be prepared to
>
> Try telling that to your client whose multiuser system you just
> skunked.

Oh, well, I meant "reinstalling is okay for your learning curve". I
guess if you're not doing this for fun what you said is true, but you
shouldn't be not doing this for fun while learning.

> > But using either requires deviating from pure C. Sticking to as few
> > components in a system from top to bottom is a good thing, generally.
> > That said, most unicies nowadays come with at least C/C++, shell (in
> > various flavours), perl, and sometimes fortran or lisp though these
> > last two aren't used to write core components.
>
> Fortran is almost a requirement.

Is it really? What part of the system is in Fortran?

>  ....
> > > BTW, learn the vi editor, no matter what anyone else says.  Unless you
> > > have experience with a similar editor, this will be like pulling teeth,
> > > but when learned, it is the fastest text editor you'll ever see. All
> > > unix systems, biggest to tiniest, have vi.  Learning this editor is
> > > a mandatory task.
> >
> > "I'm not trying to start a flamefest but..."
>
> No vi?  No unix.
>
> Two applications that are mandatory and require vi knowledge:
> visudo(8) and vipw(8).  Yeah, you can funny up things to use emacs
> or even some mailreader's toy editor (pico) as the editor, but that
> Just Isn't Right.

No, it's easy, just do
# export EDITOR=mg
and both those applications will use mg for you

>
> > .... from what I've seen the core developers are
> > all vi'ers
>
> There's a reason for that.  And now an old grey applications programmer
> tells you: learn vi.  I didn't believe it, either, until I finally
> saw a Master at work with it.  The only problem with vi and the PC is
> that the damned escape key is in a crazy place, hard to reach, slows
> your speed.  (It can be remapped to somewhere sane though -- sane meaning
> can be reached while your fingers are on the home row of the keyboard.
> vi is for touch typists. Maybe one of those silly windoze keys could
> be remapped to ESC.)

The heavy use of the escape key is OHGODWTF!?FGRB point number 2. I
didn't know vi supported mapping keys though; the windows key would
make an excellent substitute.

> To learn the vi editor, the ancients provided certain games like
> worm(6), wumpus(6), and tetris(6), which encourage use of certain
> vi motion keys.

Now that is a tip I can use. Maybe I will give vi another shot.

> Note: I'm making recommendations aimed at the beginning professional.
> Hence the vi pumping.
>
> Print out the man page for ed(1) and put it in your survival kit,
> too.  In single-user mode, you may not have the /usr filesystem and
> you may need to do some serious work.  ed(1) is the only editor available
> in single-user, typically.  Believe it or not, I used an editor
> very similar to ed(1) as the routine editor for many years back
> in the stone age, and was glad to have it.  Then there's teco,
> not just an editor, but a whole dark philosophy of life ...

I was actually looking into teco recently. Downloaded a copy of it. I
haven't tried it yet, but I've been meaning to.

> Menus in an editor are for wankers. (Personal opinion).  Memorize
> the commands.  You'll be using the editor all day, every day.  Even
> when I ran MSDOS at home, I had a port of vi to use.  It grows on
> you.

This is very good advice.

The amount you use a program should be inversely proportional to how
much onscreen help there is. A DVD player should have all its controls
labelled well, but a text editor, if you use it like you should (i.e.
for anything more complex than a single shell command) should stay out
of your way completely.

(might be an interesting experiment to make an interface that
automatically adapts according to how the user uses it.... but that
seems like a task for Apple, not us)

> > It does help to learn vi, especially if you will be going places where
> > there is no mg available (i.e. every other unix system ever) and you
> > can't get emacs (not that I'd want to get emacs either), but it will
> > *hurt*.
>
> emacs.  Ick.  That and that useless "info" stuff convinced me that
> Stallman has taken one too many hits from the crack pipe.

Oh god. Info pages. The few times I tried to use man on linux each
reading ended with "the full text is maintained as an info page; try
'info topic' to see" and then I tried that and got lost in the info
program.

Emacs is... yes, it is massive and huge. I lied when I said I've never
tried it because I got XEmacs for Windows just so I could have a
better editor than notepad. Anyway it scares me. I would not want to
use it from the command line; the menus which show the keybindings are
a requirement.

A DOS port of mg would be a nice thing... hmm. I'll look into that
while I do my clean up of mg that I've embarked on.

> Non-root users -- the temptation is to start X from root with startx.
> (Few have the courage for xdm(1).  I do, but I set it up many
> versions ago.)  Once it is started from root, xterms thereafter
> open as root, unless one is sly and begins programming the windown
> manager.  The default window manager (fvwm2, see fvwm(7)) has a
> Byzantine programming interface worthy of sendmail.

What
> A mozilla instance running as root can be a potential
> disaster.  Mozilla is NOT CLEAN CODE...it's cleaner than IE, but
> a urinal is cleaner than a slop bucket in a Mexican jail.

I knew that mozilla wasn't clean but I never considered that it might
be a security risk. I'll stop running it as root soon.

> BTW -- for GG -- one of the really nice things that OpenBSD has now
> is a man page for just about every configuration file found in /etc.
> man <name of file> usually is very interesting.  This was a great idea.

You mean... other systems don't do that? How can they not?

-Nick