I have compiled a new snapshot (i386 only) and uploaded the following flavours: MirOS bsd4grml, MirOS bsd4me-current (Live OS), MirBSD-current netboot (NetInstall for i386), the Midi-ISO (bi-arch manifold NetInstall), and the checksums.
The /MirOS/current/older/ subdirectory containing partial and incremental upgrades for older MirBSD-current snapshots is gone for now. The 20091115 (i386) snapshot is a security upgrade (contains the OpenSSL panic patch in its second version), bugfix (all errata mentioned in the “wtf ist hallowe’en” announcement are fixed if applicable), and feature upgrade: the installer and first boot recognise a Simtec Entropy Key if plugged in (for the installer, break into a shell and run /usr/libexec/ekeyrng if plugging it in later) for increased entropy generation; after first-time installation and reboot, the user is supposed to install ports/security/ekeyd and use that (for which there are binary packages as well).
The MirOS Project’s servers are or will be upgraded as well; please bear in mind this implies short outages of service. Furthermore, due to the TLS protocol design error, some things may not work any more, since we applied the OpenSSL “panic patch”, which disables all renegotiation, but allows applications to re-enable it, if they knew about that possibility at compile time, by setting a run-time flag before initiating the connection. (None we know of does, though.)
I now get about 4 KiB/sec on large streams (such as 64 KiB) reads from srandom(4), with 8 KiB/sec initially, in contrast to the less-than-100 Bytes per second (300 Bytes per second initially) without the eKey.
Of course, there’s still room for improvement – I fixed the ioctl(2) calls, removed strcpy(3) and sprintf(3) calls, and added arc4random_buf(3) calls for generating the nonce (which can now be made much larger than the 12 conservative bytes the original code reads from urandom(4)), and made it work at all on our platform (and, possible, OpenBSD). But I get statistics now, even if told that my ekeyrng mksh(1) script is “Cute”.
Make sure you update to at least luasocket-2.0.1-1 for some bugfix (pkg_info(1) has a bug preventing it from seeing that – what worries me even more are some outputs not sent with the mail), and that you have a recent kernel (post the “wtf ist hallowe’en” snapshot!) since lsusb (even when ported) doesn’t output anything, and nobody knows what arguments to ekey-ulusbd are needed to make it find the eKey.
ObInfo: new CA bundles are out too, and more binary packages.
Neil, I am happy with my eKey, and I would blog it if I had a blog ☺ (And yours doesn’t allow comments. But then, Daniel’s doesn’t, either.) I’d have liked proper (C flute / piano / voice) notes, though… never got the hang of string instruments.
Of course I still have to make a MirPort for that Lua dæmon, but for now, things work quite well. (I do have a rather large TODO and woke up with headaches and slight cold today.)
I came back from OpenRheinRuhr, and (apparently in contrast to many others) liked it, save for the (a)social event, which some organisers admit hasn't been what was promised to them. My hotel was actually some kind of Vereinshaus and Billard club, so I had to eat supper (after fleeing the Casino, I had wanted to eat with some others deciding to split/fork, but formorer couldn't decide, so I walked the 3km, but didn't find anything appealing on the way, since I walked towards the outside of the city) in a smokey bar. So 2007, that. But I watched some kind of Billard competition during that, the meal was good and much, and the beer good and rather affordable. (I even took a Krug to my room with me to flee smoke.) Breakfast was included, the quality much more than I had expected at that price (I paid almost twice that in Basel, where I didn't even have a private loo adjourning the room, much less a proper bathroom with douche). The city, despite confusing it with other Ruhrpott cities beginning with BO, was nice and quiet (although the visitor count suggests that it was too remote, I rather prefer this to the usual rush and street mob, and it was still lively).
I think you'll find more coverage, photographies (hopefully not of me, as I wore a pullover forbidding it) and opinions on the 'net soonish, even dissing if I may harbour a guess (not without reason, from what I've been told privately), and, as I still have a headache (as usual...) I refrain from writing more. The MirBSD^H^H^HGRML CDs will be distributed at 26C3 by formorer from the Grml team *grins and I wonder if the celebrities equipeed with a MirCD or MirUSB stick, like Werner Koch, will make good use of it ;-)
The next snapshot’s codename has been decided upon angrily today: “wtf
is with all these
Expect a fix for the latter sometime soon, it does in fact have more effect than most sites say, to avoid Panikmache (unlike that Schweinegrippe stuff); I’m lucky my online banking stuff keeps SIDs in the URI ipv Cookie, but still… very bad. Switching renegotiation off as a quick würgaround also is evil, for example, my SMTP setup (using X.509v3 SSL certificate auth for relaying) might break. But we are said to expect an amended SSL/TLS protocol soon, hopefully with OpenSSL patch.
ekeyrng is a very rough draft (shell prototype) currently driving, together with a small USB backport, a Simtec EntropyKey in herc into wrandom(4) (for now). Really, the Lua tools should be used, but this is good for the installer, although the TPM, eKey and truerand – cprng(8) – functionality should be combined into one small, efficient, C dæmon doing so (but without the hacks to keep cprng(8) within one memory page to cease swapping). Still, it’s great!
bsiegert@ will be offline for a week.
For compatibility reasons, the current version of Subversion in MirPorts is still 1.5. I tried to remedy the situation a few days ago and committed subversion-1.6.6-0 into a branch a few days ago. It is not yet in the trunk because it has some nasty bugs. For example this gem:
% perl -MSVN::Core -e 1 Bus error
This, of course, makes svk unusable, as it is written in Perl using the SVN perl bindings. svk is my way of making Subversion bearable, with easy replication, offline commits, and more.
I think I found the reason now: The SVN people managed to screw up the Perl module build so that the modules link against stuff in /usr/lib instead of $PREFIX. Incidentally, Darwin includes svn-1.4.4 in the base system. Sigh.
Wow, it seems that I have not written anything here in the last four months. Between my thesis and Real Life(TM), there is just not enough time for everything.
One more thing though: I have been attending a course on "Scientific Writing" at the Université de Haute Alsace, with excellent hints on article styles, writing readable scientific prose, and more. I can recommend such a course to every scientist, but also to all those who regularly publish things—including articles in CS journals, Free software project posters or announcements. There are also some excellent articles on how not to write. I especially recommend Martin W. Gregory, The infectiousness of pompous prose, Nature 360 11–12 (1992). Unfortunately, you will need a subscription to read it.
The GRUB2 「memtest86+」 bootmenu option in both 「wtf ist hallowe’en」 and Grml “Hello-Wien” does not work as-is (note that Grml uses ISOLINUX, unless you either select GRUB2 from the boot menu or dd(1) it onto a USB stick, CF/SD card, etc. for manifold-boot) because nobody told the Grml team that it must now be booted with 「linux16」 ipv 「linux」 – fix is to type ‘e’ to edit the entry, move right, type the “16” and hit ^X to boot. Just great… I’ve updated the article accordingly.
On the bonus side, I’ve tested the netboot.me 17001 boot, as well as the ISO (both file – in qemu – and CD-R on real hardware) on a SPARCstation 20, Setup (i386) on a VIA C7, grml and Live (i386) on an IBM X40 and in qemu… so I’d say it works. Oh, and memtest86+ on X40.
Netboot instructions: boot, e.g. via “qemu -m 256 -fda netbootme.dsk”, do not hit Ctrl-B, but hit the Anykey when it asks, “boot a configuration directly”, type 17001 and hit Enter; wait for the “boot> ” boot(8/i386) prompt, type “b bsd.rd” and hit Return. Voilà! (Or, select MirOS bsd4me, which loads a memdisk-ISO, either via the number 2038 or via “Live OSes” → BSD → “MirOS bsd4me current” and just press Enter on the prompt. The gPXE image can be dd(1)d onto a floppy disc.
Benny finally made ports/print/ttftot42 – thanks!
TPB has never been a viable tracker for us… h33t lost my login data… I hope Scarywater still holds up, we’ll be adding Openbittorrent to the mix… oh yikes, Demonoid is down. How great… NOT!
At least I finally managed to release things in time, and during the night, both ISO and CVS tarball, forming the torrent, will be available to the general public. I also already know of some interested parties, from remote areas like Romania and Mauritius.
The files will take some time until they are up. I do have an ADSL internet connection only and they’re huge.
The GNU Project is famous for its coding style – Linus Torvalds even suggests to print them out, but not read them; burning them is a great symbolic gesture. Legibility issues aside (Linus’ own are interestingly similar to style(9) aka KNF, the BSD coding styles), why is that so?
mksh-current (R40+) now supports pathnames in arbitrary lengths on Debian GNU/Hurd (I think; I only could test on gnubber.bddebian.org that it compiles, seeing that all existing installations set sysconf(_PC_PATH_MAX) to 1024 to be consistent with POSIX PATH_MAX) by using some glibc-only functions. This is because Hurd does not have PATH_MAX (some older systems also don’t have it, but there, we just define it to POSIX 1024 and good is). Now, why? Simple: because the GNU coding style says to have “no arbitrary limits” in your code.
I would like to call that ridiculous, but it’s actually dangerous:
if you are on a 32-bit machine and have a pathname of 512 MiB, you’re
in danger of freezing your system or at least crashing mksh, even if
you have the full 4 GiB worth of RAM, due to the amount of copying and
carrying around pathnames. This is a security relevant issue, in my
Now on to the ridicule part: This is Open Source, people! Change the limit (as it’s a – only one – constant in a header file) and recompile everything! Simple as that! The BSDs do it all the time! In GNU, it’s even simpler because you force developers, redistributors and some users to actually give up freedom and require them to put the source code alongside. Now, why doesn’t anybody see this? I can’t be the only one, can I? (I actually think that changeable limits would suffice the horrid GNU coding style, but find myself reluctant to read it again due to its sheer size – similar to their licences…)
On an unrelated note, I hope to have a bi-arch ISO format snapshot on BitTorrent by end of the month. Mika is also trying to put a new Grml release out by then, of course with an up-to-date MirOS bsd4grml ☺
mksh’s Build.sh can now generate Makefrag.inc snippets that reflect its environment and can be used like Rebuild.sh or integrated in, for example, the Android.mk files.
mksh(1) also is a great compiler testsuite: it regularily(!)
points out bugs in gcc’s -fwhole-program --combine and helped
to find (and fix) bugs in huge things like SunStudio, old things made
modern like pcc, as well as one-man
projects such as nwcc ☺
I wish compiler authors would just use mksh as testsuite regularily.
I released a new version of jupp for Unix® today: joe-3.1jupp12 (including a backported hex editing mode, as a late birthday present for waga (from IRC) who asked for it, a plethora of bug fixes, raw octet support in UTF-8 mode, UTF-8 support in the 8-bit modes, and more changes. If you already use it, update please. If not, give it a try! It’s included in at least FreeWRT already, and I build Debian packages (link on the jupp website) in my “play repository”, as well as packages for Univention Corporate Server at work (from these packages). I’m also using it on Solaris 8, Solaris 10 and AIX 5.3 ☻ (and many more)
There are currently quite a lot more things I would like to do but can’t seem to find the time for. I had originally planned a new MirBSD snapshot, including ISO, for mid→end of September – now, end of October seems more likely (if I can get a few days off work and some RAM for the SPARCstation 5). Several things, like the mksh prompt wlog entry and webpages for a few subprojects (BSD::arc4random; arc4random.c; the RANDEX protocol, plugins, implementations, proxies; kwalletcli; keystash) are lacking too, and the Grml project is also expecting code from me. Sorry. I am, after all, human too…
As sent to the mailing list I had a chance to compile mksh for Android today, thanks to Waldemar confirming that it works (with OpenADK's eglibc linked in statically) and CeKay's help in mastering the SDK and NDK. The posting contains all relevant information; it is virtually impossible to write an Android.mk file though.
On the other hand, I did submit a patch for Bionic (the libc) to have sys_signame like real BSDs, so that we could simply hard-code the appropriate CFLAGS and CPPFLAGS and let the NDK compile the mksh source *.c files (signames.inc would no longer be needed).
Maybe we'll submit mksh for inclusion somewhere, as this would be the first really usable shell. For this reason, I have uploaded a binary (gunzip(1) first) at ports/mksh-39.9.20090929-android15.tgz (MD5 64ee103453d65e947f2beb1aeb6450d2) which you can place in, for instance, /data/mksh then put a (modified, as the ls(1) and id(1) and possibly other utilities are more than reduced) dot.mkshrc from the source (CVSweb) as /data/.mkshrc and run it from adb (which, by the way, is the one responsible for some cursor keys etc. not working, as Android and mksh(1) do both fine in that regard) with # HOME=/data /data/mksh in the shell. I may post an Android specific patch for dot.mkshrc some day.
Update 10.10. – .gz → .tgz and Cygwin binary now too!
I tried to improve the Font Embedding as well as the CSS on this website again. The fonts actually used should be Gentium Regular, Gentium Italic, Gentium Basic Bold, Gentium Basic Bold Italic. If you have only the Book variants installed, they are fallback. Both CSS3 and IE/EOT embedding styles should work. (Bolding seems to be broken in my Opera-Linux 9.27 though…)
- b bold
- strong bold
- i italic
- em italic
- bold italic
Please do report any bugs (possibly with patches) again ☺ Things still look great in Lynx, so I̲ am content in any case…