Developers’ Weblog

Sponsored by
HostEurope Logo

Developers’ Weblog

All 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

I smell an antitrust case coming up

12.12.2009 by tg@
Tags: mksh rant security

Oh the joy…

20:54⎜«smultron» mira: i just upgraded the big server from 10.5 to 10.6... and apparently the upgrade script removed /bin/mksh... now I don't have a shell and quits immediately... any ideas?

My suggestion – ssh -t servername /bin/bash --login – doesn’t seem to help:

20:59⎜«smultron» oh great
20:59⎜«smultron» ssh just keeps asking for the password
20:59⎜«smultron» then gives this:
20:59⎜«smultron» Permission denied (publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive).

Maybe gecko2@ can help… or bsiegert@… who knows.

In other news, no reaction at all on the Android front on my proposal to get mksh either to replace NetBSD® 0.x ash, or, at least, add it for developers.

Bei VIAG Interkom einen Händivertrag (Händi, schwäbisches Fremdwort, von "Jo hän di denn do koa Kabel dran?") kündigt, geht das relativ gut, man bekommt nur zwei Monate später eine Rechnung über 0,00 €. Den T-D1 Mitarbeitervertrag (Azubi...) wird man auch gut wieder los, obschon er über die Laufzeit hinweg funktioniert (wohl ein Abschiedsgeschenk des Ausbildungskonzerns). Bei Debitel hingegen wird der postalische Eingang der schriftlichen Kündigung um ein paar Tage verzögert, und dann hat man den Vertrag noch knapp 15 Monate lang am Hals. Die Frechheit ist aber BASE: die Karte funktioniert, nach meiner Kündigung gegen Anfang des 2. Quartales 2008(!), immer noch. Auf Anfrage teilt man mir mit, daß "leider" in ihrem System keine Kündigung ersichtlich sei, und ich noch bis zum 5. Dezember 2010(!) damit leben müsse.

Hoffen wir, daß Netcologne, falls ich denn den dortigen Mobilfunkteil meines Kombipaketes mal loswerden will, angenehmer ist. Immerhin ist das die einzige Telko, die auch mal Bestandskundenaktionen macht, mit denen ich seit 2001 ununterbrochen extrem zufrieden bin, und die nur ein Mal größere Störungen hatten (November 2001, wohl noch neu) und einem für einen halben Monat öfters gestörten DSLs einen ganzen Monat Telephon- und DSL-Grundpreis erstattet haben; die defekte Splitter und Leihmodems (NTBBA) innert Stunden ohne große Fragen austauschen; die einem alle paar Jahre mal sowohl den Grundpreis reduzieren als auch der DSL Geschwindigkeit erhöhen...

Also, Leute, kauft nicht bei BASE! (ciruZ ist mit blau.de zufrieden, die sind aber Prepaid, das heißt zwar keine Knebelverträge, aber auch keine unlimitierten Telephonate im Ausland, z.B. um gecko2 auf belgischen Autobahnen zu helfen.) Daß es auch anders geht zeigt die Deutsche Bahn in einer anderen Kaufempfehlung (diese hier ist allerdings eher eine leicht frustrierte Verfehlung). Mein Brüderchen fand, ich sollte das hier dokumentieren/ablassen; keine Bange, das hier wird nicht wie bei Fefe eine Produktbashingseite werden (dafür sind einfach alle Sachen in Existenz zu... kaputt, das ist mir meine Zeit nicht wert).

Naja, mal die Kündigungsbestätigung aus den Altunterlagen raussuchen, um deren Zusendung ich letztes Jahr gebeten hatte. Warum wohl?

Happy Benzday!

07.12.2009 by tg@

Since I don't reach you via IRC, phone or Natel™ let me wish you a happy benzday here. ☺☻

I think it's perfectly okay for libobjc to depend on libgcc_s like libstdc++ does. So let's not disable gobjc from base. Rather, make everything except C version-dependent. (Bump base vsn afterwards, the gcc vsn has been already.) I think we'd also best rename the clang executable and make a wrapper using -L, -rpath and -I flags from its CCLD instead of always using these from the system compiler. (I wonder if it's worth the effort to make the C++ header files version dependent as well. Probably.)

We somehow need a way to differentiate ABIs in MirPorts, as there will be several compilers. On MirBSD: base-gcc3.4.6, port-gcc4.4.2, port-llvm-gcc4.2.1, port-pcc, port-nwcc (this list is for i386).

Benny, may I encourage you to hack on pkgtools the next Muttenzday? Especially I'd like to have that file extension retaining/cycling for auto-dependent packages in, it's basically a showstopper for LZMA compressed binary packages. (Will still be LZMA1 for some time, as there is not yet a stable xz release.)

The hardy at MirDebian "WTF" Repository section contains a KDE 3 source and binary package of KWalletCLI 2.00 (built for Debian Lenny and K?buntu Hardy). A KDE 4 package (for Debian squeeze/sid, newer *bunti and ones with KDE4-backport) will be worked upon as soon as I can get into the pkg-kde Alioth group.

I managed to create an avd "Android 2.0-current", with stuff completely built by myself. Now I "just" need to get project/external/mksh.git to be created and writable by me. Or, even better, nuke that NetBSD® ash they're currently using and replace it with a sensible shell, at least mksh-small. Then adb can be built without -DSH_HISTORY (which, with mksh, is required for usability).

I wonder if I could take over Mæmo as well... *grins*

On unrelated side notes, I'm trying to get the "debian" tagged entries aggregated on Plänet Debian, and I'm – again – in the NM process trying to become a DD, with slightly different goals this time. (But I'd also like these porting machines... 'sides, there's still an mksh+dietlibc on hppa bug open...)

I also got HP-UX back at HP PvP (not player versus player though ;) for mksh(1) porting/testing. Sadly, Itanic only, no humppa machines.

In case someone ever needs it, a collection of scripts called BitWeaver → MediaWiki does exactly that and has been released under GNU GPLv2 (only). Cheers!

Still happy with the eKey

25.11.2009 by tg@
Tags: debian

As I wrote, I asked for flute notes. Well, piano notes are ok too, although I don’t have my electric organ any longer, they can easily be transposed, even if I don’t know the software (could do it by hand though). And I might give midiplay(1) a shot (I bet it’ll sound like PC-Speaker emulation…). Vincent kindly provides more input (apparently one more of these Simtec people, but that’s just my guess).

Since ports/security/ekeyd runs happily on herc and most of my patches were not just applied but even appreciated, thanks Daniel, and the results speak for themselves (I even get stats from daily.local mailed to me every night), and we had some fun discussions, I like it. I think these whom I ordered additional ones for are, too. (I wonder if I should invest into a ten-pack bulk ones and re-sell them at conferences, but the next one is so close to the UK they probably will be there by themselves.)

I must admit I also have the context switching problem (but hey, that’s what you get for being a sysadmin, and our coffee (GEPA, ganze Bohne, im Eimer, fair gehandelt), even if not Café Libertad, who, incidentally, are Debian Wine distributors, is good), but since I’m usually not working for customer projects, I’m rarely time bound, and quite some good ideas have come from distraction (or timeouts, such as personal needs or getting coffee/food/…).

Now I still wish I could split myself in half to get more time for all the projects I have…

New MirBSD/i386 snapshots

15.11.2009 by tg@
Tags: news security snapshot

I have compiled a new snapshot (i386 only) and uploaded the following flavours: MirOS bsd4grml, MirOS bsd4me-current (Live OS), MirBSD-current netboot (NetInstall for i386), the Midi-ISO (bi-arch manifold NetInstall), and the checksums.

The /MirOS/current/older/ subdirectory containing partial and incremental upgrades for older MirBSD-current snapshots is gone for now. The 20091115 (i386) snapshot is a security upgrade (contains the OpenSSL panic patch in its second version), bugfix (all errata mentioned in the “wtf ist hallowe’en” announcement are fixed if applicable), and feature upgrade: the installer and first boot recognise a Simtec Entropy Key if plugged in (for the installer, break into a shell and run /usr/libexec/ekeyrng if plugging it in later) for increased entropy generation; after first-time installation and reboot, the user is supposed to install ports/security/ekeyd and use that (for which there are binary packages as well).

The MirOS Project’s servers are or will be upgraded as well; please bear in mind this implies short outages of service. Furthermore, due to the TLS protocol design error, some things may not work any more, since we applied the OpenSSL “panic patch”, which disables all renegotiation, but allows applications to re-enable it, if they knew about that possibility at compile time, by setting a run-time flag before initiating the connection. (None we know of does, though.)

I am, indeed, happy with my eKey. I’ve ported the ekeyd support software (but could not get ekey-ulusbd to work), created a real lot of patches, and discussed with «rjek» in IRC happily.

I now get about 4 KiB/sec on large streams (such as 64 KiB) reads from srandom(4), with 8 KiB/sec initially, in contrast to the less-than-100 Bytes per second (300 Bytes per second initially) without the eKey.

Of course, there’s still room for improvement – I fixed the ioctl(2) calls, removed strcpy(3) and sprintf(3) calls, and added arc4random_buf(3) calls for generating the nonce (which can now be made much larger than the 12 conservative bytes the original code reads from urandom(4)), and made it work at all on our platform (and, possible, OpenBSD). But I get statistics now, even if told that my ekeyrng mksh(1) script is “Cute”.

Make sure you update to at least luasocket-2.0.1-1 for some bugfix (pkg_info(1) has a bug preventing it from seeing that – what worries me even more are some outputs not sent with the mail), and that you have a recent kernel (post the “wtf ist hallowe’en” snapshot!) since lsusb (even when ported) doesn’t output anything, and nobody knows what arguments to ekey-ulusbd are needed to make it find the eKey.

ObInfo: new CA bundles are out too, and more binary packages.

I am happy with my eKey

12.11.2009 by tg@
Tags: debian

Neil, I am happy with my eKey, and I would blog it if I had a blog ☺ (And yours doesn’t allow comments. But then, Daniel’s doesn’t, either.) I’d have liked proper (C flute / piano / voice) notes, though… never got the hang of string instruments.

Of course I still have to make a MirPort for that Lua dæmon, but for now, things work quite well. (I do have a rather large TODO and woke up with headaches and slight cold today.)

got home

08.11.2009 by tg@
Tags: bug event snapshot

The snapshot has another bug I discovered after converting my laptop to a showcase: lynx(1) charset defaults, after disabling auto-detection, to the wrong one (the news item has been updated, again).

I came back from OpenRheinRuhr, and (apparently in contrast to many others) liked it, save for the (a)social event, which some organisers admit hasn't been what was promised to them. My hotel was actually some kind of Vereinshaus and Billard club, so I had to eat supper (after fleeing the Casino, I had wanted to eat with some others deciding to split/fork, but formorer couldn't decide, so I walked the 3km, but didn't find anything appealing on the way, since I walked towards the outside of the city) in a smokey bar. So 2007, that. But I watched some kind of Billard competition during that, the meal was good and much, and the beer good and rather affordable. (I even took a Krug to my room with me to flee smoke.) Breakfast was included, the quality much more than I had expected at that price (I paid almost twice that in Basel, where I didn't even have a private loo adjourning the room, much less a proper bathroom with douche). The city, despite confusing it with other Ruhrpott cities beginning with BO, was nice and quiet (although the visitor count suggests that it was too remote, I rather prefer this to the usual rush and street mob, and it was still lively).

I think you'll find more coverage, photographies (hopefully not of me, as I wore a pullover forbidding it) and opinions on the 'net soonish, even dissing if I may harbour a guess (not without reason, from what I've been told privately), and, as I still have a headache (as usual...) I refrain from writing more. The MirBSD^H^H^HGRML CDs will be distributed at 26C3 by formorer from the Grml team *grins and I wonder if the celebrities equipeed with a MirCD or MirUSB stick, like Werner Koch, will make good use of it ;-)

this snapshot CDs, next snapshot codename

06.11.2009 by tg@
Tags: bug event security snapshot

OpenRheinRuhr will see our latest snapshot on CDs (although we seem to be short of flyers ☹). Complete, with MirOS BSD (i386, sparc; i386 Live) and MirGRML (i386).

The next snapshot’s codename has been decided upon angrily today: “wtf is with all these bugs?”
Expect a fix for the latter sometime soon, it does in fact have more effect than most sites say, to avoid Panikmache (unlike that Schweinegrippe stuff); I’m lucky my online banking stuff keeps SIDs in the URI ipv Cookie, but still… very bad. Switching renegotiation off as a quick würgaround also is evil, for example, my SMTP setup (using X.509v3 SSL certificate auth for relaying) might break. But we are said to expect an amended SSL/TLS protocol soon, hopefully with OpenSSL patch.

ekeyrng is a very rough draft (shell prototype) currently driving, together with a small USB backport, a Simtec EntropyKey in herc into wrandom(4) (for now). Really, the Lua tools should be used, but this is good for the installer, although the TPM, eKey and truerand – cprng(8) – functionality should be combined into one small, efficient, C dæmon doing so (but without the hacks to keep cprng(8) within one memory page to cease swapping). Still, it’s great!

bsiegert@ will be offline for a week.

For compatibility reasons, the current version of Subversion in MirPorts is still 1.5. I tried to remedy the situation a few days ago and committed subversion-1.6.6-0 into a branch a few days ago. It is not yet in the trunk because it has some nasty bugs. For example this gem:

% perl -MSVN::Core -e 1
Bus error

This, of course, makes svk unusable, as it is written in Perl using the SVN perl bindings. svk is my way of making Subversion bearable, with easy replication, offline commits, and more.

I think I found the reason now: The SVN people managed to screw up the Perl module build so that the modules link against stuff in /usr/lib instead of $PREFIX. Incidentally, Darwin includes svn-1.4.4 in the base system. Sigh.

Wow, it seems that I have not written anything here in the last four months. Between my thesis and Real Life(TM), there is just not enough time for everything.

One more thing though: I have been attending a course on "Scientific Writing" at the Université de Haute Alsace, with excellent hints on article styles, writing readable scientific prose, and more. I can recommend such a course to every scientist, but also to all those who regularly publish things—including articles in CS journals, Free software project posters or announcements. There are also some excellent articles on how not to write. I especially recommend Martin W. Gregory, The infectiousness of pompous prose, Nature 360 11–12 (1992). Unfortunately, you will need a subscription to read it.

GRUB sucks! • More snapshot fallout.

01.11.2009 by tg@
Tags: bug rant snapshot

The GRUB2 「memtest86+」 bootmenu option in both 「wtf ist hallowe’en」 and Grml “Hello-Wien” does not work as-is (note that Grml uses ISOLINUX, unless you either select GRUB2 from the boot menu or dd(1) it onto a USB stick, CF/SD card, etc. for manifold-boot) because nobody told the Grml team that it must now be booted with 「linux16」 ipv 「linux」 – fix is to type ‘e’ to edit the entry, move right, type the “16” and hit ^X to boot. Just great… I’ve updated the article accordingly.

We are on Sümlink. Both of us. Sweet. Remember that this could’ve been MirOS #11-RELEASE, and should be treated by everyone except us as such ☺

On the bonus side, I’ve tested the netboot.me 17001 boot, as well as the ISO (both file – in qemu – and CD-R on real hardware) on a SPARCstation 20, Setup (i386) on a VIA C7, grml and Live (i386) on an IBM X40 and in qemu… so I’d say it works. Oh, and memtest86+ on X40.

Netboot instructions: boot, e.g. via “qemu -m 256 -fda netbootme.dsk”, do not hit Ctrl-B, but hit the Anykey when it asks, “boot a configuration directly”, type 17001 and hit Enter; wait for the “boot> ” boot(8/i386) prompt, type “b bsd.rd” and hit Return. Voilà! (Or, select MirOS bsd4me, which loads a memdisk-ISO, either via the number 2038 or via “Live OSes” → BSD → “MirOS bsd4me current” and just press Enter on the prompt. The gPXE image can be dd(1)d onto a floppy disc.

Benny finally made ports/print/ttftot42 – thanks!

All 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

MirOS Logo