Developers’ Weblog

Sponsored by
HostEurope Logo

Developers’ Weblog

All 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Debian is a bit like a school class…

09.10.2014 by tg@
Tags: personal rant

… which has never quite taken you as-is, bordering bullying maybe, and has now made up rules to include some new kids, using these as excuse to bully you around even more. You stay the outsider, having tried to struggle along for a while, except of course when they want to copy off your homework. Or, as happened to me, during a Maths test, with carbon paper. Then you're thanked for a short while, and after some time, you're alone again.

… except, it all happened in the city, not in the internet, which happily multiplies negative voices and likes to take things out of context, especially if part of the context was in private mail or other threads or long buried (closed as ignored/WONTFIX) bugreports.

Of course, some sorts of misbehaviour are okay, as long as those who do toe the party line ‒ and aren't outcast, to start with.

I still pride myself as independent thinker and like to play the devil's advocate rule (heh, double entendree, being a BSD person). Critically looking at something new has led to lots of tys moments. If people listened to my criticism in the first place, effort could have been saved.

It seems to be an anglo-american-australian thing, putting political correctness in expressions over real niceness. And the opinion about cursing, in general. And this SJW thing. You know, a good friend is someone who you can be silent with, while being happy together. One whom you can insult, be it in jest or in anger, and still stay friends.

And look at those newcomers! Shiny, with makeup that promises faster boot times (eh? I fail to see how this is relevant in a Unix…) and all that. But these superficial people, always jumping from one thing (HAL, consolekit) to the next, giving up their own projects which they forced upon others the minute before ‒ no consistency.

I'm too old for this shit. Ignore my rambling. Couldn't sleep.

mksh R50d released

07.10.2014 by tg@
Tags: bug debian mksh news pcli

The last MirBSD Korn Shell update broke update-initramfs because I accidentally introduced a regression in field splitting while fixing other bugs – sorry!

mksh R50d was just released to fix that, and a small NULL pointer dereference found by Goodbox on IRC. Thanks to my employer tarent for a bit of time to work on it.

mksh R50c released, security fix

03.10.2014 by tg@
Tags: android bug debian mksh news pcli release security

The MirBSD Korn Shell has got a new security and maintenance release.

This release fixes one mksh(1)-specific issue when importing values from the environment. The issue has been detected by the main developer during careful code review, looking at whether the shell is affected by the recent “shellshock” bugs in GNU bash, many of which also affect AT&T ksh93. (The answer is: no, none of these bugs affects mksh.) Stephane Chanzelas kindly provided me with an in-depth look at how this can be exploited. The issue has not got a CVE identifier because it was identified as low-risk. The problem here is that the environment import filter mistakenly accepted variables named “FOO+” (for any FOO), which are, by general environ(7) syntax, distinct from “FOO”, and treated them as appending to the value of “FOO”. An attacker who already had access to the environment could so append values to parameters passed through programs (including sudo(8) or setuid) to shell scripts, including indirectly, after those programs intended to sanitise the environment, e.g. invalidating the last $PATH component. It could also be used to circumvent sudo’s environment filter which protected against the vulnerability of an unpatched GNU bash being exploited.

tl;dr: mksh not affected by any shellshock bugs, but we found a bug of our own, with low impact, which does not affect any other shell, during careful code review. Please do update to mksh R50c quickly.

mksh R50b released

03.09.2014 by tg@
Tags: mksh news pcli

The MirBSD Korn Shell has got a new bugfix release. Thought you’d want to know ☺

mksh R50, jupp 27 released

29.06.2014 by tg@
Tags: jupp mksh news pcli

Both the MirBSD Korn Shell and jupp – the editor which sucks less have seen new releases today. Please test them, report all bugs, and otherwise enjoy all the bugfixes.

Other subprojects will also have new releases… once I get around doing so after hacking them…

Update 03.07.2014: New release for MirCPIO, that is, cpio(1) and pax(1) and tar(1) in a somewhat portable package.

-r--r--r-- 4 tg miros-cvssrc 141973 Jul 3 19:56 /MirOS/dist/mir/cpio/paxmirabilis-20140703.cpio.gz

Dear FSF, stop recommending Enigmail.

05.06.2014 by tg@
Tags: debian pcli rant security tip work

Dear FSF, stop recommending Enigmail, please. It is broken, simple as that. Even if you switch everything HTML-related off, it still defaults to the latin9 (ISO-8859-15) encoding instead of UTF-8, and possibly some other nasties. Worse, it’s based upon obsolete Thunderbird/Icedove technology, which is dead since the release of Firefox® 17 and will only degrate over time.

Side note: I was asked recently how much entropy is used while generating a PGP key using GnuPG on Windows®, after having done the same for OpenSSL on Debian (and possibly almost all other OSes). I had to try to find out which was the actual code (GnuPG 2 with libgcrypt, it turns out), and it was not pretty. (You are hereby adviced to create a 600-byte file ${GNUPGHOME:-~/.gnupg}/random_seed from a good source before even attempting to use GnuPG 2 for the first time. OK, you can run gpg -k once, to create the GNUPGHOME directory from a skeleton.)

Friseure!

21.05.2014 by tg@
Tags: personal rant

Mein Friseur hat zugemacht. Jetzt versuche ich seit Wochen, einen neuen zu finden. Der sollte aufhaben, wenn ich von der Arbeit komme. Technisch beëinflußt suche ich zunächst im Netz… aber liebe Leute, ich will keine 20 € und mehr ausgeben und dafür beim Friseur Kaffee aus einer Saeco trinken (das mache ich auf Arbeit kostenlos), oder für 36 € das 40-Minuten-Wellness-Paket mit irgendwelchen abgedrehten Pflegen haben oder von Promi-Friseuren beackert werden.

Ich will einfach nur nen verdammten normalen sommerlichen Kurzhaarschnitt, für ein Dutzend Quakes, ggfs. ein paar mehr, gern auch mit Rasur. Und zwar abends so zwischen 18 und 19 Uhr, oder samstags am späten (lies: 14 Uhr) Vormittag, wenn ich halbwegs wach bin.
Ist das denn so schwer?

(Okay, die meisten haben vermutlich keine Webseite. Aber wie findet man die? Und die zwei mit einer Facebook- aber keiner Webseite kommen, habe ich extra von der Arbeit aus nachgesehen, auch nicht in Frage.)

</rant>

More on the Vim thing

20.05.2014 by tg@
Tags: tip

As an update to the issue with Vim not treating a file as UTF-8 Benny wrote about earlier, there’s more to note:

  • The file in question contained two lines that were copied from the Other BSD, which were not UTF-8. This probably led to Vim not wanting to treat the entire file as UTF-8. (This is not normally a problem in vi(1), AFAIK (but in nvi in Debian, which truncates the file on write, with no way to recover), and jupp even has mixed-encoding files as a primary use case.)
  • When treating the file as UTF-8 forcefully, which Benny used, the file was saved with the offending bytes replaced by question marks (which was discovered by me in cvs(1) diff(1), leading to a fix and this post-mortem analysis)

This is apparently something every editor user should know about. Another lesson learned: run $VCS diff before committing!

And something for me to take from this: check file encodings when importing from poorer OSes, and in general.

Today I learned something about file encodings in vim. When your terminal is UTF-8 but Vim insists on treating the file you are opening as latin-1, here is what to do: Setting fileencoding on the already opened file will not work, it will only try to convert the file (i.e. the wrongly interpreted UTF-8 sequences) to UTF-8. Don't do this!

The solution is to reopen the file using

:e ++enc=utf8

or specify the ++enc parameter when opening the file from inside vim. The more you know.

Quotes of the day – SWB Engrish

17.05.2014 by tg@
Tags: fun

Stadtwerke Bonn conduct track works on the third
weekend of May 23-25th on several sections of the
line 61. The orbits of lines 61, 62 and 65 drive from
Friday 23 May to Sunday 25 May not on their usual
line paths
. Due the track works a train replacement
service by busses will be established.

Please note: The travel time of the shuttle busses
takes longer. It is recommend to adjust the traveling
plan.

We apologise for any inconvenience!

(Emphasis mine. Inconvenience, such as almost C|N>K…)

I’m holding a Debian packaging workshop for our trainees at work tomorrow, and have prepared a sample package for a simple PHP web application (just a handful of files) with DB connection (PostgreSQL of course), automatic setup via dbconfig-common, and with support for both Apache 2.2 (wheezy, precise) and Apache 2.4 (jessie/sid), configuration-wise. (It is possible to install this without Apache, just it does not configure the webserver then.) Schema updates on software updates are also tested (there is neither Flyway nor Liquibase – which are the tools we use at work for this, other than Roland Mas’ wonderful scripts for FusionForge – in Debian, but to my delight I discovered that dbconfig-common can also do this).

Comments, suggestions, flames, etc. welcome. I know that this should not be a native package, and will address this tomorrow, but I wanted something that serves as decent example for how to do this easily, Policy conformant and using modern techniques (even those I dislike myself – for the sake of simplicity).

Permission was granted by the business administration to reproduce this all under a BSD-style licence, so, enjoy sharing!

Thanks to Roland Mas, for making FusionForge such a nice project, and Arno Töll for some instant IRC help on the Apache side of this.

This is my first time using dbconfig-common, and now, I finally feel I know enough to finish the packaging of Kivitendo which I’ve started earlier. Beta testers for that welcome, too.

(And next week or so, I’ll need this for a Maven thingy. I’ll probably opt out on the DB side, there, though. Never did anything with that, either, not being a Java™ guy. I guess something web to go with tomcat7… anyone got this already?)

Lügen haben lange Leitern

13.05.2014 by tg@
Tags: debian fun politics rant twitxr

Photo von Laternenmast mit Wahlplakaten, oben Pro NRW, unten…

Endlich tut mal jemand was gegen die rechte Hetzpartei! – Ein Arbeitskollege fragt, ob man die nicht einfach mit einem langen Heckenschneider abmachen kann… aber sie so lächerlich zu machen hat auch was ☺

Finally, someone is doing something against this Nazi party! A coworker wondered whether it’s legal to cut them off with a long tool, but making them ridiculous like this is also funny ☻

(Explanation: the “Pro NRW” people put their campaign thingies (sorry, I don’t speak English well) up on lamp posts very high, because they are taken down by other citizens immediately otherwise, so there’s now people making fun of them for using long ladders (to put them up there, so the offended citizens need equally long ladders or tools with long arms) in leaning on the saying that lies have long legs ⇒ here: ladders.)

All 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

MirOS Logo