Developers’ Weblog

Sponsored by
HostEurope Logo

Developers’ Weblog

All 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36

I managed to create an avd "Android 2.0-current", with stuff completely built by myself. Now I "just" need to get project/external/mksh.git to be created and writable by me. Or, even better, nuke that NetBSD® ash they're currently using and replace it with a sensible shell, at least mksh-small. Then adb can be built without -DSH_HISTORY (which, with mksh, is required for usability).

I wonder if I could take over Mæmo as well... *grins*

On unrelated side notes, I'm trying to get the "debian" tagged entries aggregated on Plänet Debian, and I'm – again – in the NM process trying to become a DD, with slightly different goals this time. (But I'd also like these porting machines... 'sides, there's still an mksh+dietlibc on hppa bug open...)

I also got HP-UX back at HP PvP (not player versus player though ;) for mksh(1) porting/testing. Sadly, Itanic only, no humppa machines.

In case someone ever needs it, a collection of scripts called BitWeaver → MediaWiki does exactly that and has been released under GNU GPLv2 (only). Cheers!

Still happy with the eKey

25.11.2009 by tg@
Tags: debian

As I wrote, I asked for flute notes. Well, piano notes are ok too, although I don’t have my electric organ any longer, they can easily be transposed, even if I don’t know the software (could do it by hand though). And I might give midiplay(1) a shot (I bet it’ll sound like PC-Speaker emulation…). Vincent kindly provides more input (apparently one more of these Simtec people, but that’s just my guess).

Since ports/security/ekeyd runs happily on herc and most of my patches were not just applied but even appreciated, thanks Daniel, and the results speak for themselves (I even get stats from daily.local mailed to me every night), and we had some fun discussions, I like it. I think these whom I ordered additional ones for are, too. (I wonder if I should invest into a ten-pack bulk ones and re-sell them at conferences, but the next one is so close to the UK they probably will be there by themselves.)

I must admit I also have the context switching problem (but hey, that’s what you get for being a sysadmin, and our coffee (GEPA, ganze Bohne, im Eimer, fair gehandelt), even if not Café Libertad, who, incidentally, are Debian Wine distributors, is good), but since I’m usually not working for customer projects, I’m rarely time bound, and quite some good ideas have come from distraction (or timeouts, such as personal needs or getting coffee/food/…).

Now I still wish I could split myself in half to get more time for all the projects I have…

New MirBSD/i386 snapshots

15.11.2009 by tg@
Tags: news security snapshot

I have compiled a new snapshot (i386 only) and uploaded the following flavours: MirOS bsd4grml, MirOS bsd4me-current (Live OS), MirBSD-current netboot (NetInstall for i386), the Midi-ISO (bi-arch manifold NetInstall), and the checksums.

The /MirOS/current/older/ subdirectory containing partial and incremental upgrades for older MirBSD-current snapshots is gone for now. The 20091115 (i386) snapshot is a security upgrade (contains the OpenSSL panic patch in its second version), bugfix (all errata mentioned in the “wtf ist hallowe’en” announcement are fixed if applicable), and feature upgrade: the installer and first boot recognise a Simtec Entropy Key if plugged in (for the installer, break into a shell and run /usr/libexec/ekeyrng if plugging it in later) for increased entropy generation; after first-time installation and reboot, the user is supposed to install ports/security/ekeyd and use that (for which there are binary packages as well).

The MirOS Project’s servers are or will be upgraded as well; please bear in mind this implies short outages of service. Furthermore, due to the TLS protocol design error, some things may not work any more, since we applied the OpenSSL “panic patch”, which disables all renegotiation, but allows applications to re-enable it, if they knew about that possibility at compile time, by setting a run-time flag before initiating the connection. (None we know of does, though.)

I am, indeed, happy with my eKey. I’ve ported the ekeyd support software (but could not get ekey-ulusbd to work), created a real lot of patches, and discussed with «rjek» in IRC happily.

I now get about 4 KiB/sec on large streams (such as 64 KiB) reads from srandom(4), with 8 KiB/sec initially, in contrast to the less-than-100 Bytes per second (300 Bytes per second initially) without the eKey.

Of course, there’s still room for improvement – I fixed the ioctl(2) calls, removed strcpy(3) and sprintf(3) calls, and added arc4random_buf(3) calls for generating the nonce (which can now be made much larger than the 12 conservative bytes the original code reads from urandom(4)), and made it work at all on our platform (and, possible, OpenBSD). But I get statistics now, even if told that my ekeyrng mksh(1) script is “Cute”.

Make sure you update to at least luasocket-2.0.1-1 for some bugfix (pkg_info(1) has a bug preventing it from seeing that – what worries me even more are some outputs not sent with the mail), and that you have a recent kernel (post the “wtf ist hallowe’en” snapshot!) since lsusb (even when ported) doesn’t output anything, and nobody knows what arguments to ekey-ulusbd are needed to make it find the eKey.

ObInfo: new CA bundles are out too, and more binary packages.

I am happy with my eKey

12.11.2009 by tg@
Tags: debian

Neil, I am happy with my eKey, and I would blog it if I had a blog ☺ (And yours doesn’t allow comments. But then, Daniel’s doesn’t, either.) I’d have liked proper (C flute / piano / voice) notes, though… never got the hang of string instruments.

Of course I still have to make a MirPort for that Lua dæmon, but for now, things work quite well. (I do have a rather large TODO and woke up with headaches and slight cold today.)

got home

08.11.2009 by tg@
Tags: bug event snapshot

The snapshot has another bug I discovered after converting my laptop to a showcase: lynx(1) charset defaults, after disabling auto-detection, to the wrong one (the news item has been updated, again).

I came back from OpenRheinRuhr, and (apparently in contrast to many others) liked it, save for the (a)social event, which some organisers admit hasn't been what was promised to them. My hotel was actually some kind of Vereinshaus and Billard club, so I had to eat supper (after fleeing the Casino, I had wanted to eat with some others deciding to split/fork, but formorer couldn't decide, so I walked the 3km, but didn't find anything appealing on the way, since I walked towards the outside of the city) in a smokey bar. So 2007, that. But I watched some kind of Billard competition during that, the meal was good and much, and the beer good and rather affordable. (I even took a Krug to my room with me to flee smoke.) Breakfast was included, the quality much more than I had expected at that price (I paid almost twice that in Basel, where I didn't even have a private loo adjourning the room, much less a proper bathroom with douche). The city, despite confusing it with other Ruhrpott cities beginning with BO, was nice and quiet (although the visitor count suggests that it was too remote, I rather prefer this to the usual rush and street mob, and it was still lively).

I think you'll find more coverage, photographies (hopefully not of me, as I wore a pullover forbidding it) and opinions on the 'net soonish, even dissing if I may harbour a guess (not without reason, from what I've been told privately), and, as I still have a headache (as usual...) I refrain from writing more. The MirBSD^H^H^HGRML CDs will be distributed at 26C3 by formorer from the Grml team *grins and I wonder if the celebrities equipeed with a MirCD or MirUSB stick, like Werner Koch, will make good use of it ;-)

this snapshot CDs, next snapshot codename

06.11.2009 by tg@
Tags: bug event security snapshot

OpenRheinRuhr will see our latest snapshot on CDs (although we seem to be short of flyers ☹). Complete, with MirOS BSD (i386, sparc; i386 Live) and MirGRML (i386).

The next snapshot’s codename has been decided upon angrily today: “wtf is with all these bugs?”
Expect a fix for the latter sometime soon, it does in fact have more effect than most sites say, to avoid Panikmache (unlike that Schweinegrippe stuff); I’m lucky my online banking stuff keeps SIDs in the URI ipv Cookie, but still… very bad. Switching renegotiation off as a quick würgaround also is evil, for example, my SMTP setup (using X.509v3 SSL certificate auth for relaying) might break. But we are said to expect an amended SSL/TLS protocol soon, hopefully with OpenSSL patch.

ekeyrng is a very rough draft (shell prototype) currently driving, together with a small USB backport, a Simtec EntropyKey in herc into wrandom(4) (for now). Really, the Lua tools should be used, but this is good for the installer, although the TPM, eKey and truerand – cprng(8) – functionality should be combined into one small, efficient, C dæmon doing so (but without the hacks to keep cprng(8) within one memory page to cease swapping). Still, it’s great!

bsiegert@ will be offline for a week.

For compatibility reasons, the current version of Subversion in MirPorts is still 1.5. I tried to remedy the situation a few days ago and committed subversion-1.6.6-0 into a branch a few days ago. It is not yet in the trunk because it has some nasty bugs. For example this gem:

% perl -MSVN::Core -e 1
Bus error

This, of course, makes svk unusable, as it is written in Perl using the SVN perl bindings. svk is my way of making Subversion bearable, with easy replication, offline commits, and more.

I think I found the reason now: The SVN people managed to screw up the Perl module build so that the modules link against stuff in /usr/lib instead of $PREFIX. Incidentally, Darwin includes svn-1.4.4 in the base system. Sigh.

Wow, it seems that I have not written anything here in the last four months. Between my thesis and Real Life(TM), there is just not enough time for everything.

One more thing though: I have been attending a course on "Scientific Writing" at the Université de Haute Alsace, with excellent hints on article styles, writing readable scientific prose, and more. I can recommend such a course to every scientist, but also to all those who regularly publish things—including articles in CS journals, Free software project posters or announcements. There are also some excellent articles on how not to write. I especially recommend Martin W. Gregory, The infectiousness of pompous prose, Nature 360 11–12 (1992). Unfortunately, you will need a subscription to read it.

GRUB sucks! • More snapshot fallout.

01.11.2009 by tg@
Tags: bug rant snapshot

The GRUB2 「memtest86+」 bootmenu option in both 「wtf ist hallowe’en」 and Grml “Hello-Wien” does not work as-is (note that Grml uses ISOLINUX, unless you either select GRUB2 from the boot menu or dd(1) it onto a USB stick, CF/SD card, etc. for manifold-boot) because nobody told the Grml team that it must now be booted with 「linux16」 ipv 「linux」 – fix is to type ‘e’ to edit the entry, move right, type the “16” and hit ^X to boot. Just great… I’ve updated the article accordingly.

We are on Sümlink. Both of us. Sweet. Remember that this could’ve been MirOS #11-RELEASE, and should be treated by everyone except us as such ☺

On the bonus side, I’ve tested the 17001 boot, as well as the ISO (both file – in qemu – and CD-R on real hardware) on a SPARCstation 20, Setup (i386) on a VIA C7, grml and Live (i386) on an IBM X40 and in qemu… so I’d say it works. Oh, and memtest86+ on X40.

Netboot instructions: boot, e.g. via “qemu -m 256 -fda netbootme.dsk”, do not hit Ctrl-B, but hit the Anykey when it asks, “boot a configuration directly”, type 17001 and hit Enter; wait for the “boot> ” boot(8/i386) prompt, type “b bsd.rd” and hit Return. Voilà! (Or, select MirOS bsd4me, which loads a memdisk-ISO, either via the number 2038 or via “Live OSes” → BSD → “MirOS bsd4me current” and just press Enter on the prompt. The gPXE image can be dd(1)d onto a floppy disc.

Benny finally made ports/print/ttftot42 – thanks!

Bittorrent trackers, …

31.10.2009 by tg@
Tags: rant

TPB has never been a viable tracker for us… h33t lost my login data… I hope Scarywater still holds up, we’ll be adding Openbittorrent to the mix… oh yikes, Demonoid is down. How great… NOT!

At least I finally managed to release things in time, and during the night, both ISO and CVS tarball, forming the torrent, will be available to the general public. I also already know of some interested parties, from remote areas like Romania and Mauritius.

The explanation is on the front page, of course. This link is for the benefit of RSS or aggregator (like Plänet Sümlink) readers.

The files will take some time until they are up. I do have an ADSL internet connection only and they’re huge.

The GNU Project is famous for its coding style – Linus Torvalds even suggests to print them out, but not read them; burning them is a great symbolic gesture. Legibility issues aside (Linus’ own are interestingly similar to style(9) aka KNF, the BSD coding styles), why is that so?

mksh-current (R40+) now supports pathnames in arbitrary lengths on Debian GNU/Hurd (I think; I only could test on that it compiles, seeing that all existing installations set sysconf(_PC_PATH_MAX) to 1024 to be consistent with POSIX PATH_MAX) by using some glibc-only functions. This is because Hurd does not have PATH_MAX (some older systems also don’t have it, but there, we just define it to POSIX 1024 and good is). Now, why? Simple: because the GNU coding style says to have “no arbitrary limits” in your code.

I would like to call that ridiculous, but it’s actually dangerous: if you are on a 32-bit machine and have a pathname of 512 MiB, you’re in danger of freezing your system or at least crashing mksh, even if you have the full 4 GiB worth of RAM, due to the amount of copying and carrying around pathnames. This is a security relevant issue, in my eyes.
Now on to the ridicule part: This is Open Source, people! Change the limit (as it’s a – only one – constant in a header file) and recompile everything! Simple as that! The BSDs do it all the time! In GNU, it’s even simpler because you force developers, redistributors and some users to actually give up freedom and require them to put the source code alongside. Now, why doesn’t anybody see this? I can’t be the only one, can I? (I actually think that changeable limits would suffice the horrid GNU coding style, but find myself reluctant to read it again due to its sheer size – similar to their licences…)

On an unrelated note, I hope to have a bi-arch ISO format snapshot on BitTorrent by end of the month. Mika is also trying to put a new Grml release out by then, of course with an up-to-date MirOS bsd4grml

mksh’s can now generate snippets that reflect its environment and can be used like or integrated in, for example, the files.

mksh(1) also is a great compiler testsuite: it regularily(!) points out bugs in gcc’s -fwhole-program --combine and helped to find (and fix) bugs in huge things like SunStudio, old things made modern like pcc, as well as one-man projects such as nwcc
I wish compiler authors would just use mksh as testsuite regularily.

I released a new version of jupp for Unix® today: joe-3.1jupp12 (including a backported hex editing mode, as a late birthday present for waga (from IRC) who asked for it, a plethora of bug fixes, raw octet support in UTF-8 mode, UTF-8 support in the 8-bit modes, and more changes. If you already use it, update please. If not, give it a try! It’s included in at least FreeWRT already, and I build Debian packages (link on the jupp website) in my “play repository”, as well as packages for Univention Corporate Server at work (from these packages). I’m also using it on Solaris 8, Solaris 10 and AIX 5.3 ☻ (and many more)

There are currently quite a lot more things I would like to do but can’t seem to find the time for. I had originally planned a new MirBSD snapshot, including ISO, for mid→end of September – now, end of October seems more likely (if I can get a few days off work and some RAM for the SPARCstation 5). Several things, like the mksh prompt wlog entry and webpages for a few subprojects (BSD::arc4random; arc4random.c; the RANDEX protocol, plugins, implementations, proxies; kwalletcli; keystash) are lacking too, and the Grml project is also expecting code from me. Sorry. I am, after all, human too…

All 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36

MirOS Logo