# Developers’ Weblog

## Updates to the last two posts

16.03.2017 by tg@
Tags: bug debian grml news pcli rant snippet tip work

Someone from the FSF’s licencing department posted an official-looking thing saying they don’t believe GitHub’s new ToS to be problematic with copyleft. Well, my lawyer (not my personal one, nor for The MirOS Project, but related to another association, informally) does agree with my reading of the new ToS, and I can point out at least a clause in the GPLv1 (I really don’t have time right now) which says contrary (but does this mean the FSF generally waives the restrictions of the GPL for anything on GitHub?). I’ll eMail GitHub Legal directly and will try to continue getting this fixed (as soon as I have enough time for it) as I’ll otherwise be forced to force GitHub to remove stuff from me (but with someone else as original author) under GPL, such as… tinyirc and e3.

My dbconfig-common Debian packaging example got a rather hefty upgrade because dbconfig-common (unlike any other DB schema framework I know of) doesn’t apply the upgrades on a fresh install (and doesn’t automatically put the upgrades into a transaction either) but only upgrades between Debian package versions (which can be funny with backports, but AFAICT that part is handled correctly). I now append the upgrades to the initial-version-as-seen-in-the-source to generate the initial-version-as-shipped-in-the-binary-package (optionally, only if it’s named .in) removing all transaction stuff from the upgrade files and wrapping the whole shit in BEGIN; and COMMIT; after merging. (This should at least not break nōn-PostgreSQL databases and… well, database-like-ish things I cannot test for obvious (SQLite is illegal, at least in Germany, but potentially worldwide, and then PostgreSQL is the only remaining Open Source database left ;) reasons.)

Update: Yes, this does mean that maintainers of databases and webservers should send me patches to make this work with not-PostgreSQL (new install/name.in, upgrade files) and not-Apache-2.2/2.4 (new debian/*/*.conf snippets) to make this packaging example even more generally usable.

Natureshadow already forked this and made a Python/Flask package from it, so I’ll prod him to provide a similarily versatile hello-python-world example package.

## Updated Debian packaging example: PHP webapp with dbconfig-common

08.03.2017 by tg@
Tags: debian pcli snippet tip work

Since I use this as base for other PHP packages like SimKolab, I’ve updated my packaging example with:

• PHP 7 support (untested, as I need libapache2-mod-php5)
• tons more utility code for you to use
• a class autoloader, with example (build time, for now)
• (at build time) running a PHPUnit testsuite (unless nocheck)

The old features (Apache 2.2 and 2.4 support, dbconfig-common, etc.) are, of course, still there. Support for other webservers could be contributed by you, and I could extend the autoloader to work at runtime (using dpkg triggers) to include dependencies as packaged in other Debian packages. See, nobody needs “composer”! ☻

Feel free to check it out, play around with it, install it, test it, send me improvement patches and feature requests, etc. — it’s here with a mirror at GitHub (since I wrote it myself and the licence is permissive enough anyway).

This posting and the code behind it are sponsored by my employer ⮡ tarent.

01.03.2017 by tg@
Tags: bug debian event grml news pcli rant security tip work

Some updates inline and at the bottom.

The new Terms of Service of GitHub became effective today, which is quite problematic — there was a review phase, but my reviews pointing out the problems were not answered, and, while the language is somewhat changed from the draft, they became effective immediately.

Now, the new ToS are not so bad that one immediately must stop using their service for disagreement, but it’s important that certain content may no longer legally be pushed to GitHub. I’ll try to explain which is affected, and why.

I’m mostly working my way backwards through section D, as that’s where the problems I identified lie, and because this is from easier to harder.

Note that using a private repository does not help, as the same terms apply.

### Anything requiring attribution (e.g. CC-BY, but also BSD, …)

Section D.7 requires the person uploading content to waive any and all attribution rights. Ostensibly “to allow basic functions like search to work”, which I can even believe, but, for a work the uploader did not create completely by themselves, they can’t grant this licence.

The CC licences are notably bad because they don’t permit sublicencing, but even so, anything requiring attribution can, in almost all cases, not “written or otherwise, created or uploaded by our Users”. This is fact, and the exceptions are few.

### Anything putting conditions on the right to “use, display and perform” the work and, worse, “reproduce” (all Copyleft)

Section D.5 requires the uploader to grant all other GitHub users…

• the right to “use, display and perform” the work (with no further restrictions attached to it) — while this (likely — I didn’t check) does not exclude the GPL, many others (I believe CC-*-SA) are affected, and…
• the right to “reproduce your Content solely on GitHub as permitted through GitHub's functionality”, with no further restructions attached; this is a killer for, I believe, any and all licences falling into the “copyleft” category.

Note that section D.4 is similar, but granting the licence to GitHub (and their successors); while this is worded much more friendly than in the draft, this fact only makes it harder to see if it affects works in a similar way. But that doesn’t matter since D.5 is clear enough. (This doesn’t mean it’s not a problem, just that I don’t want to go there and analyse D.4 as D.5 points out the same problems but is easier.)

This means that any and all content under copyleft licences is also no longer welcome on GitHub.

### Anything requiring integrity of the author’s source (e.g. LPPL)

Some licences are famous for requiring people to keep the original intact while permitting patches to be piled on top; this is actually permissible for Open Source, even though annoying, and the most common LaTeX licence is rather close to that. Section D.3 says any (partial) content can be removed — though keeping a PKZIP archive of the original is a likely workaround.

### Affected licences

Anything copyleft (GPL, AGPL, LGPL, CC-*-SA) or requiring attribution (CC-BY-*, but also 4-clause BSD, Apache 2 with NOTICE text file, …) are affected. BSD-style licences without advertising clause (MIT/Expat, MirOS, etc.) are probably not affected… if GitHub doesn’t go too far and dissociates excerpts from their context and legal info, but then nobody would be able to distribute it, so that’d be useless.

### But what if I just fork something under such a licence?

Only “continuing to use GitHub” constitutes accepting the new terms. This means that repositories from people who last used GitHub before March 2017 are excluded.

Even then, the new terms likely only apply to content uploaded in March 2017 or later (note that git commit dates are unreliable, you have to actually check whether the contribution dates March 2017 or later).

And then, most people are likely unaware of the new terms. If they upload content they themselves don’t have the appropriate rights (waivers to attribution and copyleft/share-alike clauses), it’s plain illegal and also makes your upload of them or a derivate thereof no more legal.

Granted, people who, in full knowledge of the new ToS, share any “User-Generated Content” with GitHub on or after 1ˢᵗ March, 2017, and actually have the appropriate rights to do that, can do that; and if you encounter such a repository, you can fork, modify and upload that iff you also waive attribution and copyleft/share-alike rights for your portion of the upload. But — especially in the beginning — these will be few and far between (even more so taking into account that GitHub is, legally spoken, a mess, and they don’t even care about hosting only OSS / Free works).

### Conclusion (Fazit)

I’ll be starting to remove any such content of mine, such as the source code mirrors of jupp, which is under the GNU GPLv1, now and will be requesting people who forked such repositories on GitHub to also remove them. This is not something I like to do but something I am required to do in order to comply with the licence granted to me by my upstream. Anything you’ve found contributed by me in the meantime is up for review; ping me if I forgot something. (mksh is likely safe, even if I hereby remind you that the attribution requirement of the BSD-style licences still applies outside of GitHub.)

(Pet peeve: why can’t I “adopt a licence” with British spelling? They seem to require oversea barbarian spelling.)

### The others

Atlassian Bitbucket has similar terms (even worse actually; I looked at them to see whether I could mirror mksh there, and turns out, I can’t if I don’t want to lose most of what few rights I retain when publishing under a permissive licence). Gitlab seems to not have such, but requires you to indemnify them… YMMV. I think I’ll self-host the removed content.

### And now?

I’m in contact with someone from GitHub Legal (not explicitly in the official capacity though) and will try to explain the sheer magnitude of the problem and ways to solve this (leaving the technical issues to technical solutions and requiring legal solutions only where strictly necessary), but for now, the ToS are enacted (another point of my criticism of this move) and thus, the aforementioned works must go off GitHub right now.

That’s not to say they may not come back later once this all has been addressed, if it will be addressed to allow that. The new ToS do have some good; for example, the old ToS said “you allow every GitHub user to fork your repositories” without ever specifying what that means. It’s just that the people over at GitHub need to understand that, both legally and technically¹, any and all OSS licences² grant enough to run a hosting platform already³, and separate explicit grants are only needed if a repository contains content not under an OSI/OKFN/Copyfree/FSF/DFSG-free licence. I have been told that “these are important issues” and been thanked for my feedback; we’ll see what comes from this.

① maybe with a little more effort on the coders’ side³

② All licences on one of those lists or conformant to the DFSG, OSD or OKD should do⁴.

③ e.g. when displaying search results, add a note “this is an excerpt, click HERE to get to the original work in its context, with licence and attribution” where “HERE” is a backlink to the file in the repository

④ It is understood those organisations never un-approve any licence that rightfully conforms to those definitions (also in cases like a grant saying “just use any OSS² licence” which is occasionally used)

Update: In the meantime, joeyh has written not one but two insightful articles (although I disagree in some details; the new licence is only to GitHub users (D.5) and GitHub (D.4) and only within their system, so, while uploaders would violate the ToS (they cannot grant the licence) and (probably) the upstream-granted copyleft licence, this would not mean that everyone else wasn’t bound by the copyleft licence in, well, enough cases to count (yes it’s possible to construct situations in which this hurts the copyleft fraction, but no, they’re nowhere near 100%).

## How to use the subtree git merge strategy

20.12.2016 by tg@
Tags: debian grml pcli tip work

This article might be perceived as a blatant ripoff of this Linux kernel document, but, on the contrary, it’s intended as add-on, showing how to do a subtree merge (the multi-project merge strategy that’s actually doable in a heterogenous group of developers, as opposed to subprojects, which many just can’t wrap their heads around) with contemporary git (“stupid content tracker”). Furthermore, the commands are reformatted to be easier to copy/paste.

To summarise: you’re on the top level of a checkout of the project into which the “other” project (Bproject) is to be merged. We wish to merge the top level of Bproject’s “master” branch as (newly created) subdirectory “dir-B” under the current project’s top level.

$git remote add --no-tags -f Bproject /path/to/B/.git$ git merge -s ours --allow-unrelated-histories --no-commit Bproject/master
$git read-tree -u --prefix=dir-B/ Bproject/master$ git commit -m 'Merge B project as our subdirectory dir-B'

$git pull -s subtree Bproject master  (mind the trailing slash after dir-B/ on the read-tree command!) Besides reformatting, the use of --allow-unrelated-histories recently became necessary. --no-tags is also usually what you want, because tags are not namespaced like branches. Another command you might find relevant is how to clean up orphaned remote branches: $ for x in $(git remote); do git remote prune "$x"; done


This command locally deletes all remote branches (those named “origin/foo”) that have been deleted on the remote side.

Update: Natureshadow wishes you to know that there is such a command as git subtree which can do similar things to the subtree merge strategy explained above, and several more related things. It does, however, need the præfix on every subsequent pull.

## “I don’t like computers”

13.11.2016 by tg@
Tags: debian pcli personal rant tip

cnuke@ spotted something on the internet, and shared. Do read this, including the comments. It’s so true. (My car is 30 years old, I use computers mostly for sirc, lynx and ssh, and I especially do not buy any product that needs to be “online” to work.)

Nice parts of the internet, to offset this, though, do exist. IRC as a way of cheap (affordable), mostly reliant, communication that’s easy enough to do with TELNET.EXE if necessary. Fanfiction; easy proliferation of people’s art (literature, in this case). Fast access to documentation and source code; OpenBSD’s AnonCVS was a first, nowadays almost everything (not Tom Dickey’s projects (lynx, ncurses, xterm, cdk, …), nor GNU bash, though) is on a public version control system repository. (Now people need to learn to not rewrite history, just commit whatever shit they do, to record thought process, not produce the perfect-looking patch.) Livestreams too, I guess, but ever since live365.com went dead due to a USA law change on 2016-01-02, it got bad.

28.07.2016 by tg@
Tags: debian news pcli rant

GMane has been down for a day or two, and flakey for a day before that. MidnightBSD’s laffer1 just linked the reason, which made me cry out loud.

GMane is really great, and I rely on the NNTP interface a lot, both posting and especially reading — it gives me the ability to download messages from mailing lists I don’t receive in order to be able to compose replies with (mostly) correct References and In-Reply-To headers. Its web interface, especially the article permalinks, are also extremely helpful.

This is a request for a petition to save GMane. Please, someone, do something! Thanks in advance!

## httpd CVE-2016-5387 “httpoxy” fixed

28.07.2016 by tg@
Tags: security

A small patch was applied to httpd(8) to not pass the HTTP Proxy header as HTTP_PROXY environment variable to CGI scripts, because those often call utilities such as ftp(1), lynx(1), GNU wget, etc. which may accept this as an alternative spelling of http_proxy which is used to set a proxy for outgoing connections — something e.g. the CGI scripts in MirKarte do.

## PSA: when upgrading to snapshots, boot into new kernel first

06.03.2016 by tg@
Tags: news plan snapshot tip

I’ll have to add O_DIRECTORY support to open(2) for more security in cpio(1), pax(1), and tar(1). (Maybe I’ll also add O_CLOEXEC while there…) Today’s paxmirabilis will however pick this up as soon as it’s there and thus fail if it is not supported by the running kernel yet.

Morale: when upgrading to a snapshot take care of the kernel first (install and reboot), userspace second.

To be clear: this will affect the first -current snapshot to be published after today on /MirOS/current.

## mksh R52c, paxmirabilis 20160306 released; PA4 paper size PDF manpages

06.03.2016 by tg@
Tags: bug debian mksh news pcli security

The MirBSD Korn Shell R52c was published today as bugfix-accumulating release of low upto medium importance. Thanks to everyone who helped squashing all those bugs; this includes our bug reporters who always include reproducer testcases; you’re wonderful!

MirCPIO was also resynchronised from OpenBSD, to address the CVE-2015-{1193,1194} test cases, after a downstream (wow there are so many?) reminded us of it; thanks!
This is mostly to prevent extracting ../foo – either directly or from a symlink(7) – from actually ending up being placed in the parent directory. As such the severity is medium-high. And it has a page now – initially just a landing page / stub; will be fleshed out later.

Uploads for both should make their way into Debian very soon (these are the packages mksh and pax). Uploading backports for mksh (jessie and wheezy-sloppy) have been requested by several users, but none of the four(?) DDs asked about sponsoring them even answered at all, and the regular (current) sponsors don’t have experience with bpo, so… SOL ☹

I’ve also tweaked a bug in sed(1), in MirBSD. Unfortunately, this means it now comes with the GNUism -i too: don’t use it, use ed(1) (much nicer anyway) or perlrun(1) -p/-n…

Finally, our PDF manpages now use the PA4 paper size instead of DIN ISO A4, meaning they can be printed without cropping or scaling on both A4 and US-american “letter” paper. And a Бодун from the last announcement: we now use Gentium and Inconsolata as body text and monospace fonts, respectively. (And à propos, the website ought to be more legible due to text justification and better line spacing now.) I managed to hack this up in GNU groff and Ghostscript, thankfully. (LaTeX too) Currently there are PDF manpages for joe (jupp), mksh, and cpio/pax/tar.

Also, new console-setup package in the “WTF” APT repository since upstream managed to do actual work on it (even fixed some bugs). Read its feed if interested, as its news will not be repeated here usually. (That means, subscribe as there won’t be many future reminders in this place.)

The netboot.me service appears to be gone. I’ll not remove our images, but if someone knows what became of it drop us a message (IRC or mailing list will work just fine).

PS: This was originally written on 20160304 but opax refused to be merged in time… Happy Birthday, gecko2! In the meantime, the Street Food festival weekend provided wonderful food at BaseCamp, and headache prevented this from being finished on the fifth.

Update 06.03.2016: The pax changes were too intrusive, so I decided to only backport the fixes OpenBSD did (both those they mentioned and those silently included), well, the applicable parts of them, anyway, instead. There will be a MirCPIO release completely rebased later after all changes are merged and, more importantly, tested. Another release although not set for immediate future should bring a more sensible (and mksh-like) buildsystem for improved portability (and thus some more changes we had to exclude at first).

I’ve also cloned the halfwidth part of the FixedMisc [MirOS] font as FixedMiscHW for use with Qt5 applications, xfonts-base in the “WTF” APT repo. (Debian #809979)

tl;dr: mksh R52c (bugfix-only, low-medium); mircpio 20160306 (security backport; high) with future complete rebase (medium) upstream and in Debian. No mksh backports due to lacking a bpo capable sponsor. New console-setup in “WTF” APT repo, and mksh there as usual. xfonts-base too. netboot.me gone?

## The things you find in upstream code…

13.02.2016 by tg@
Tags: archaeology bug pcli rant security snapshot

I had just gotten an eMail from the nightly /etc/security cronjob that the mailbox from the user foo.lock belongs to the user foo (name changed to protect the… innocent? well, I know that guy from #OpenBSD on IRC, so… YMMV… anyway). Of course, I wanted to change that to exclude mbox lockfiles…

# Mailboxes should be owned by user and unreadable.
ls -l /var/mail | sed 1d | \
awk '$3 !=$9 \
{ print "user " $9 " mailbox is owned by "$3 }


… oh wow. Needless to say I fixed that, although you must update your stat(1) first; it now has a possibility to generate NUL-terminated output (or any separator, really) which I used for this. (And no, Schily, I’m still of the opinion that NUL termination, even when one has to add it to each utility separately, is the better way to go.)

Dear OpenBSD developers, repeat after me:
Do n̲o̲t̲ parse ls(1) output!
Or write 100 lines of it, or something, until it sinks in.

(It can take some writing for it to sink in… just yesternight the fanfiction I was reading was at the point where Dolores Umbridge uses her Blood Quill on the students. Coincidence.)

## PDF manpages look better than before

10.02.2016 by tg@
Tags: mksh pcli

Our PDF manpages will, starting from now, be generated with Inconsolata instead of Bitstream Vera Mono as monospace font. The body font is still Gentium, of course.

To be more exact: the Teχ flavour of Inconsolata Regular and Bold, with the varl and varqu flags, is used, and because GNU groff also requires an Italic or at least Oblique font (also in its bold variant, which the mksh(1) manpage doesn’t use though), Inconsolata LGC (both Italic and Bold Italic) are plugged in there. I added them as PFA Type 1 fonts to GNU groff, so I had to make some fixes in FontForge (merging the variants into the main font, removing unused glyphs (not for LGC), fixing the validation (mostly, and not so much for LGC), autohinting where FontForge expressed a need for that, renaming glyphs to the names expected by afmtodit, …), but it works.

I’m not regenerating older PDF manpages though.

Inconsolata is also not all I wish for a monospaced font (and even bsiegert@ says nothing goes over FixedMisc) but it has, at least, a 0 (digit zero) with a correct stroke through it ☺

## expect turmoil

08.02.2016 by tg@
Tags: archaeology bug hardware news pcli personal plan rant

My network at home is unstable. NetCologne suggests to switch to fibre network, but that only comes with a dynamic IPv6 address and NAT64; completely unsuitable to running a server. (I could arguably tunnel a static IPv4 address from a dedicated server to home, but that would completely foil my plans for redundancy.) So I may need an ISP (phone isn’t important) that provides me with connectivity where a static IPv4 (and, ideally, a static IPv6 /64 or /48 – but only if the reverse DNS gets delegated to me, otherwise that’s unusable) ends up at a device of my choosing (and not a plastic router which can then “forward ports”; I require full internet to end up at my own device).

HostEurope is relocating the other server, both physically and network-wise. Their plan seems fool-proof so far, though.

gecko2@ is decommissioning the server on which eurynome is hosted, shortly. This will also be no small amount of fun for everyone involved. Expect old links, SSH host keys, etc. to break. This explicitly includes /etc/ssh/*known_hosts.

During all those moves, I will downsize my DNS zones and change some entries, so that old or duplicate records will be gone.

I’ll likely generate and publish completely new hostkeys (both gzsig(1) and PGP clearsigned) once this is all over. The current gzsig(1) key is at the end of /usr/share/doc/README in any installed system. (Do note MD5 is considered insecure.) My current PGP key is 9031955E7A97A4FDA32B2B8676B534B2E99007E0 but this requires GnuPG, so check both.

My seeming inability to remember rarely-used “secure” passwords, i.e. those not fitting into my normal schemata, led to me not attempting to run a CA myself any more. While, thanks to rsc, we have an official certificate for www.mirbsd.org now, I probably will get StartSSL for “all” other systems (i.e. herc, as I appear to be downsizing), despite it lacking the SSL client purpose (important e.g. to SMTP). This shouldn’t affect anyone.

PS: I still hate Karneval!

## FOSDEM

28.01.2016 by tg@
Tags: event

Of course, some MirBSD presence will be at FOSDEM this year. There’s no FOSDEM without mirabilos, after all.

We have no booth nor any other set place, and no planned talk schedule either, so coordination of meetups will be tricky. I’ll try to get into IRC at least occasionally, but WLAN is usually shitty.

## hardware problems on www.mirbsd.org solved (thanks HE) + snapshot

20.01.2016 by tg@
Tags: bug hardware news snapshot

Fearing loss of the server or the hard disc when reporting the hard disc issue I postponed that and created a snapshot (for i386) and a CVS repository snapshot and uploaded them first then backed up everything worthwhile on fish and created myself some custom rescue media.

(Some background info – this server is from 2006, and back then, they usually cost around 100 €, while this is partially sponsored. I was fearing stopping of the sponsoring or shutdown of such an old real iron hardware even though it works fine for my needs.)

Then I shut the server down and asked HostEurope support to check the HDD and, if possible, when replacing, put the old HDD into the second slot (I checked, the PowerEdge 750 has two of them). With a big German dedicated hoster that shall stay unnamed (it’s not the Uffline one), even with a RAID 1 you’re SOL because they refuse to just swap the discs, but I decided to try anyway.

So I put the request up in KIS and thought they’d do it during normal working hours (as off-hour work costs extra), but no more than four hours later, the HDD was checked as faulty, a new one (even bigger as they don’t stock 80 GB ones any more ☺) was put into the first slot and the old one into the second slot, and… oh well. The machine was booted into BIOS Setup, and I may connect with the DRAC III/XT (which needs a Java 1.4 plugin for MSIE, or telnet (not ssh), and whose password I forget due to unuse).

Some tricking around later I found out that their new netbootable rescue system (a Grml 2014.03 PONY WAGON) doesn’t work with my server, so I resigned to pay the 25 € to have someone boot it up with a Knoppix CD (uh-oh). After all, I just needed any system with which I could dd(1) the custom MirBSD installer ISO I previously made onto /dev/sda then boot into it.

To my surprise, I got an eMail telling me they had booted it with a Grml (not from network) and set it up so I could ssh(1) in… with the “initial password”. One eMail later I found out that this server predates passwords in KIS, and by now I’m in the process of restoring services by copying everything from the old to the new disc (only lost some directories under the anoncvs mirror from ocvs which is easily rsync’d right later)… ah, this completed during writing of this wlog/news entry.

In the end, this all worked perfectly fine, and I’ll be pointing the www RR back to fish after the bad disc was removed and everything has rsync’d back to my satisfaction.

## CVE-2016-0777 OpenSSH roaming leak

14.01.2016 by tg@
Tags: bug security snapshot

While our OpenSSH has (now: had) some code related to roaming, I believe our version not affected. If desired, CVS HEAD ships with the entire code removed.

I fixed lots of mksh bugs today!

## hardware problems on www.mirbsd.org

14.01.2016 by tg@
Tags: bug hardware news rant

I just got wd0a: uncorrectable data error reading fsbn style messages in dmesg(8) on the machine behind our website. This is rather unfortunate; it’s possible the website will be down for a while, depending on what service I’ll be able to get for the antique thing.

Update: it’s still there after a reboot; I’ll most likely ask the hoster for a hardware check early next week and take the website down durinf that.

## “git find” published; test, review, fix it please

07.01.2016 by tg@
Tags: debian fun mksh pcli tip

I just published the first version of git find on gh/mirabilos/git-find for easy collaboration. The repository deliberately only contains the script and the manual page so it can easily be merged into git.git with complete history later, should they accept it. git find is MirOS licenced. It does require a recent mksh (Update: I did start it in POSIX sh first, but it eventually turned out to require arrays, and I don’t know perl(1) and am not going to rewrite it in C) and some common utility extensions to deal with NUL-separated lines (sort -z, grep -z, git ls-tree -z); also, support for '\0' in tr(1) and a comm(1) that does not choke on embedded NULs in lines.

To install or uninstall it, run…

$git clone git@github.com:mirabilos/git-find.git$ cd git-find
$sudo ln -sf$PWD/git-find /usr/lib/git-core/
$sudo cp git-find.1 /usr/local/share/man/man1/ … hack …$ sudo rm /usr/lib/git-core/git-find \
/usr/local/share/man/man1/git-find.1


… then you can call it as “git find” and look at the documentation with “git help find”, as is customary.

The idea behind this utility is to have a tool like “git grep” that acts on the list of files known to git (and not e.g. ignored files) to quickly search for, say, all PNG files in the repository (but not the generated ones). “git find” acts on the index for the HEAD, i.e. whatever commit is currently checked-out (unlike “git grep” which also knows about “git add”ed files; fix welcome) and then offers a filter syntax similar to find(1) to follow up: parenthesēs, ! for negation, -a and -o for boolean are supported, as well as -name, -regex and -wholename and their case-insensitive variants, although regex uses grep(1) without (or, if the global option -E is given, with) -E, and the pattern matches use mksh(1)’s, which ignores the locale and doesn’t do [[:alpha:]] character classes yet. On the plus side, the output is guaranteed to be sorted; on the minus side, it is rather wastefully using temporary files (under $TMPDIR of course, so use of tmpfs is recommended). -print0 is the only output option (-print being the default). Another mode “forwards” the file list to the system find; since it doesn’t support DOS-style response files, this only works if the amount of files is smaller than the operating system’s limit; this mode supports the full range (except -maxdepth) of the system find(1) filters, e.g. -mmin -1 and -ls, but it occurs filesystem access penalty for the entire tree and doesn’t sort the output, but can do -ls or even -exec. The idea here is that it can collaboratively be improved, reviewed, fixed, etc. and then, should they agree, with the entire history, subtree-merged into git.git and shipped to the world. Part of the development was sponsored by tarent solutions GmbH, the rest and the entire manual page were done in my vacation. ## FixedMisc [MirOS] for GNU GRUB2 28.11.2015 by tg@ Tags: debian fun news If you install the xfonts-base package from my APT repository you now not only get the FixedMisc [MirOS] type from The MirOS Project type foundry for the X Window System, but now also for GNU GRUB2: Just add GRUB_FONT=/usr/share/grub/FixedMisc.pf2 to /etc/default/grub, make sure gfxterm is enabled (usually by commenting out GRUB_TERMINAL=console and removing the comment sign before GRUB_GFXMODE=640x480), run sudo update-grub and be happy at the next reboot. The combining and Katakana characters depicted in the above screenshot are the result of manual grub.cfg editing and for demonstration (bragging) purposes only. The RSS feed of my APT repository will also contain such news… ## no more Munzee in stats 13.11.2015 by tg@ My waypoint statistics and supporting scripts ceased to handle Munzee in any way whatsoever. This is because they’re getting ridiculous, especially in amount, and loss of play fun due to a too slow “äpp”. This means that my figure is now much closer to the real geocaching count, and you have to look at two, separate, statpics to get the entire scoop, but then, the separation does make it all clearer ☺ ## Oktobr Rain 27.10.2015 by tg@ Tags: fun twitxr The title is a pun on “November Rain” and “Красный Октябрь” (Red Oktober, or nice october)… as a follow-up on my earlier Sakura weblog entry. Again, small images as links to bigger ones: ## Go enjoy shell 27.08.2015 by tg@ Tags: debian fun pcli Dimitri, I personally enjoy shell… tglase@tglase:~$ x=車賈滑豈更串句龜龜契金喇車賈滑豈更串句龜龜契金喇
tglase@tglase:~ $echo${x::12}
車賈滑豈更串句龜龜契金喇
tglase@tglase:~ $printf '%s\n' 'import sys' 'print(sys.argv[1][:12])' >x.py tglase@tglase:~$ python x.py $x 車賈滑豈  … much more than Python, actually. (Python is the language in which you do not want to write code dealing with strings, due to UnicodeDecodeError and all; even py3k is not much better.) I would have commented on your post if it allowed doing so without getting a proprietary Google+ account. ## portable shebang for mksh on Unix and Android 27.06.2015 by tg@ Tags: mksh pcli carstenh asked in IRC how to make a shebang for mksh(1) scripts that works on both regular Unix and Android. This is not as easy as it looks, though. Most Unicēs will have mksh installed, either manually or by means of the native package system, as /bin/mksh. Some put it into package manager-specific directories; I saw /sw/bin/mksh, /usr/local/bin/mksh and /usr/pkg/bin/mksh so far. Some systems have it as /usr/bin/mksh but these are usually those who got poettering’d and have /bin a symlink anyway. Most of these systems also have env(1) as /usr/bin/env. Android, on the contrary, ships with precisely one shell. This has been mksh for a while, thankfully. There is, however, neither a /bin nor a /usr directory. mksh usually lives as /system/bin/mksh, with /system/bin/sh a symlink(7) to the former location. Some broken Android versions ship the binary in the latter location instead and do not ship anything that matches mksh on the$PATH, but I hope they merge my AOSP patch to revert this bad change (especially as some third-party Android toolkits overwrite /system/bin/sh with busybox sh or GNU bash and you’d lose mksh in the progress). However, on all official Android systems, mksh is the system shell. This will be important later.

The obvious and correct fix is, of course, to chmod -x the scripts and call them explicitly as mksh scriptname. This is not always possible or desirable; sometimes, people will wish it to be in the $PATH and executable, so we need a different solution. There’s a neat trick with shebangs – the absence of one is handled specifically by most systems in various ways. I remember reading about it, but don’t remember where; I can’t find it on Sven Mascheck’s excellent pages… but: the C shell variants run a script with the Bourne Shell if its first line is a sole colon (‘:’), the Bourne family shells run it with themselves or${EXECSHELL:-/bin/sh} in those cases, and the kernel with the system shell, AFAIK. So we have a way to get most things that could call the script to interpret it as Bourne/POSIX shell script on most systems. Then we just have to add a Bourne shell scriptlet that switches to mksh iff the current shell isn’t it (lksh, or something totally different). On Android, there is only ever one shell (or the toolkit installer better preserve mksh as mksh), so this doesn’t do anything (I hope – but did not test – that the kernel invokes the system shell correctly despite it not lying under /bin/sh) nor does it need to.

This leaves us with the following “shebang”:

:
case ${KSH_VERSION-} in *MIRBSD\ KSH*) ;; *) # re-run with The MirBSD Korn Shell, this is an mksh-specific script test "${ZSH_VERSION+set}" = set && alias -g '${1+"$@"}'='"$@"' exec mksh "$0" ${1+"$@"}
echo >&2 E: mksh re-exec failed, should not happen
exit 127 ;;
esac


## I have to give you that one

Tags: work debian

After seeing what the Wildfly (formerly JBoss AS) and Liferay combo does to /tmp, and somewhat attempting to fix it, I saw JVM_TMP in the Debian tomcat7 init script and thought, oh no, not another one.

Is that even safe, what they do here, or is that a possibility to instantly pwn?

The net is full of literature for how to obtain temporary files and directories, but there is nothing about how to reliably obtain paths under /tmp or, more generally, directories not just writable for one single user (think the g+w thing that got FusionForge CVE-2013-1423).

The scenario here is: I am root, and I want to start something as another user, and pass it a stable path, such as /tmp/liferay. So I can just mkdir /tmp/liferay || die; chown thatuser /tmp/liferay and, in the “stop” process, rm -rf /tmp/liferay, right? (Of course not. Also, bad example, as the liferay thing can also be started as thatuser, and our devs regularily need to do that, the init script is there just for the admin convenience and reboot-safety. But I still am interested if there is a secure way to achieve this.)

The tomcat7 scenario is “trivial”: on That Other Init System™, it would just get its private /tmp declared in the .service file, and good is, no more hassle. That's one I have to give you. (No idea if this is actually shipped in jessie. Our production systems run wheezy anyway, so there is not even the slightest bit of temptation. Plus, it would not solve the liferay issue, see above. Still, a point for going into the right direction.)

The idea here is the same. It creates a directory on start and tears it down on stop. If there was nothing to do on start, the init script could just use mktemp -d. Heck, maybe it still should, but it would need to note down, and communicate to the stop instance, the actual name used. What a drag…

This is something I see popping up from time to time. I want to use stable paths for SSH session multiplexing control sockets in my ssh_config(5) file, but have them on tmpfs (Linux) or mfs (BSD) so they get properly removed on reboot. No Unix traditionally has per-user temporary directories that are clean and created after reboot. (Adjusting the paths is trivial once you have them.) Android has it worse, what with not having a world-writable tmp directory, which the shell needs e.g. for here documents; there are two components here, to have a directory the current user can write to, and to know its location. Some fail at the first, some at the second, some at both, and the classic /tmp is not the cure, as we have seen. (But if you ever see mksh erroring out due to lack of write permissions somewhere (including /sqlite_stmt_journals which used to be it) as non-root on Android, or even as root, set TMPDIR to something writable; it's tracked, so the change gets active immediately.)

## tomcat7 log encoding

Tags: work debian

TIL: the encoding of the catalina.out file is dependent on the system locale, using standard Debian wheezy tomcat7 package.

Fix for ‘?’ instead of umlauts in it:

cat >>/etc/default/tomcat7 <<EOF
LC_CTYPE=C.UTF-8
export LC_CTYPE
EOF


My “problem” here is that I have the system locale be the “C” locale, to get predictable behaviour; applications that need it can set a locale by themselves. (Many don’t bother with POSIX locales and use different/separate means of determining especially encoding, but possibly also i18n/l10n. But it seems the POSIX locales are getting more and more used.)

Update: There is also adding -Dfile.encoding=UTF-8 to $JAVA_OPTS which seems to be more promising: no fiddling with locales, no breakage if someone defined LC_ALL already, and it sets precisely what it should set (the encoding) and nothing else (since the encoding does not need to correlate to any locale setting, why should it). ## tomcat7 init script is asynchronous Tags: work debian TIL: the init script of tomcat7 in Debian is asynchronous. For some piece of software, our rollout (install and upgrade) process works like this: • service tomcat7 stop • rm -rf /var/lib/tomcat7/webapps/appname{,.war} • cp newfile.war /var/lib/tomcat7/webapps/appname.war • service tomcat7 start # ← here • service tomcat7 stop • edit some config files under /var/lib/tomcat7/webapps/appname/WEB-INF/ • service tomcat7 start The first tomcat7 start “here” is just to unzip the *.war files. For some reason, people like to let tomcat7 do that. This failed today; there were two webapps. Manually unzipping it also did not work for some reason. Re-doing it, inserting a sleep 30 after the “here”, made it work. In a perfect world, initscripts only return when the service is running, so that the next one started in a nice sequential (not parallel!) init or manual start sequence can do what it needs to, assuming the previous command has fully finished. In this perfect world, those who do wish for faster startup times use a different init system, one that starts things in parallel, for example. Even there, dependencies will wish for the depended-on service to be fully running when they are started; even more so, since the delays between starting things seem to be less for that other init system. So, this is not about the init system, but about the init script; a change that would be a win-win for users of both init schemes. Update: Someone already contacted me with feedback: they suggested to wait until the “shutdown port” is listened on by tomcat7. We’ll look at this later. In the meantime, we’re trying to also get rid of the “config (and logs) in webapps/” part… PS: If someone is interested in an init script (Debian/LSB sysvinit, I made the effort to finally learn that… some months before the other system came) that starts Wildfly (formerly known as JBoss AS) synchronously, waiting until all *.?ar files are fully “deployed” before returning (though with a timeout in case it won’t ever finish), just ask (maybe it will become a dialogue, in which we can improve it together). (We have two versions of it, the more actively maintained one is in a secret internal project though, so I’d have to merge it and ready it for publication though, plus the older one is AGPLv3, the newer one was relicenced to a BSDish licence.) ## Java™, logging and the locale Tags: work debian A coworker and I debugged a fascinating problem today. They had a tomcat7 installation with a couple of webapps, and one of the bundled libraries was logging in German. Everything else was logging in English (the webapps themselves, and the things the other bundled libraries did). We searched around a bit, and eventually found that the wrongly-logging library (something jaxb/jax-ws) was using, after unravelling another few layers of “library bundling another library as convenience copy” (gah, Java!), com.sun.xml.ws.resources.WsservletMessages which contains quite a few com.sun.istack.localization.Localizable members. Looking at the other classes in that package, in particular Localizer, showed that it defaults to the java.util.Locale.getDefault() value for the language. Which is set from the environment. Looking at /proc/pid-of-JVM-running-tomcat7/environ showed nothing, “of course”. The system locale was, properly, set to English. (We mostly use en_GB.UTF-8 for better paper sizes and the metric system (unless the person requesting the machine, or the admin creating it, still likes the system to speak German *shudder*), but that one still had en_US.UTF-8.) Browsing the documentation for java.util.Locale proved more fruitful: it also contains a setDefault method, which sets the new “default” locale… JVM-wide. Turns out another of the webapps used that for some sort of internal localisation. Clearly, the containment of tomcat7 is incomplete in this case. Documenting for the larger ’net, in case someone else runs into this. It’s not as if things like this would be showing up in the USA, where the majority of development appears to happen. ## Debian/m68k hacking weekend cleanup Tags: work debian OK, time to clean up ↳ tarent so people can work again tomorrow. Not much to clean though (the participants were nice and cleaned up after themselves ☺), so it’s mostly putting stuff back to where it belongs. Oh, and drinking more of the cool Belgian beer Geert (Linux upstream) brought ☻ We were productive, reporting and fixing kernel bugs, fixing hardware, swapping and partitioning discs, upgrading software, getting buildds (mostly Amiga) back to work, trying X11 (kdrive) on a bare metal Atari Falcon (and finding a window manager that works with it), etc. – I hope someone else writes a report; for now we have a photo and a screenshot (made with trusty xwd). Watch the debian-68k mailing list archives for things to come. I think that, issues with electric cars aside, everyone liked the food places too ;-) ## Debian/m68k hacking weekend commencing soonish Tags: work debian As I said, I did not certain events that begun with “lea” and end with “ing” prevent me from organising a Debian/m68k hack weekend. Well, that weekend is now. I’m too unorganised, and I spent too much time in the last few evenings to organise things so I built up a sleep deficit already ☹ and the feedback was slow. (But so are the computers.) And someone I’d have loved to come was hurt and can’t come. On the plus side, several people I’ve long wanted to meet IRL are coming, either already today or tomorrow. I hope we all will have a lot of fun. Legal disclaimer: “Debian/m68k” is a port of Debian™ to m68k. It used to be official, but now isn’t. It belongs to debian-ports.org, which may run on DSA hardware, but is not acknowledged by Debian at large, unfortunately. Debian is a registered trademark owned by Software in the Public Interest, Inc. ## Tip of the day: prevent iceweasel from mkdir ~/Desktop Tags: work debian If you’re a Unix person instead of e.g. a Microsoft® Windows® person, you’ve probably been annoyed by Iceweasel (or Mozilla™ Firefox®) creating a ~/Desktop directory, among others (things like ~/Downloads). Here’s a quick fix I found somewhere in the ’net: mkdir -p -m0700 ~/.config cat >~/.config/user-dirs.dirs <<'EOF' XDG_DESKTOP_DIR="$HOME/"
XDG_DOCUMENTS_DIR="$HOME/" XDG_DOWNLOAD_DIR="$HOME/"
XDG_MUSIC_DIR="$HOME/" XDG_PICTURES_DIR="$HOME/"
XDG_PUBLICSHARE_DIR="$HOME/" XDG_TEMPLATES_DIR="$HOME/"
XDG_VIDEOS_DIR="$HOME/" EOF  Upon next start, Iceweasel (and other XDG-compliant applications) will throw stuff into ~/ instead. ## WTF is Jessie; PA4 paper size 12.12.2014 by tg@ Tags: debian pcli rant My personal APT repository now has a jessie suite – currently just a clone of the sid suite, but so, people can get on the correct “upgrade channel” already. Besides that, the usual small updates to my metapackages, bugfixes, etc. – You might have noticed that it’s now on a (hopefully permanent) location. I’ve put a donated eee-pc from my father to good use and am now running a Debian system at home. (Fun, as I’m emeritus now, officially, and haven’t had one during my time as active uploading DD.) I’ve created a couple of cowbuilder chroots (pbuilderrc to achieve that included in the repo) and can build packages, but for i386 only (amd64 is still done on the x32 desktop at work), but, more importantly, I can build, sign and publish the repo, so it may grow. (popcon data is interesting. More than double the amount of machines I have installed that stuff on.) Update: I’ve started writing a NEWS file and cobbled together an RSS 2.0 feed from that… still plaintext content, but at least signalling in feedreaders upon updates. Installing gimp and inkscape, I’m asked for a default paper size by libpaper1. PA4 is still not an option, I wonder why. I also haven’t managed to get MirPorts GNU groff and Artifex Ghostscript to use that paper size, so the various PDF manpages I produce are still using DIN ISO A4, rendering e.g. Mexicans unable to print them. Help welcome. Note, for arngc, you need a server component (MirBSD-current, of course; we’re rolling release nowadays). Config included, but I’m willing to open my firewall to people I know, provided they won’t use “too much” traffic (running a couple of arngc instances is fine, according to what I estimated). A largish article about how to use some other packages in the repo, such as dash-mksh, is yet to come. In the meantime, I wrote a bit more in README.Debian in mirabilos-support. ## Tip of the day: don’t use --purge when cross-grading Tags: work debian A surprise to see my box booting up with the default GRUB 2.x menu, followed by “cannot find a working init”. What happened? Well, grub:i386 and grub:x32 are distinct packages, so APT helpfully decided to purge the GRUB config. OK. Manual boot menu entry editing later, re-adding “GRUB_DISABLE_SUBMENU=y” and “GRUB_CMDLINE_LINUX="syscall.x32=y"” to /etc/default/grub, removing “quiet” again from GRUB_CMDLINE_LINUX_DEFAULT, and uncommenting “GRUB_TERMINAL=console”… and don’t forget to “sudo update-grub”. There. This should work. On the plus side, nvidia-driver:i386 seems to work… but not with boinc-client:x32 (why, again? I swear, its GPU detection has been driving me nuts on >¾ of all systems I installed it on, already!). On the minus side, I now have to figure out why… tglase@tglase:~$ sudo ifup -v tap1
Configuring interface tap1=tap1 (inet)
run-parts --exit-on-error --verbose /etc/network/if-pre-up.d
run-parts: executing /etc/network/if-pre-up.d/bridge
run-parts: executing /etc/network/if-pre-up.d/ethtool
Cannot find device "tap1"
Failed to bring up tap1.

… this happens. This used to work before the cktN kernels.

## The colon in the shell: corrigenda

09.12.2014 by tg@

Bernhard’s article on Plänet Debian about the “colon” command in the shell could use a clarification and a security-relevant correcture.

There is, indeed, no difference between the : and true built-in commands.

Stéphane Chazelas points out that writing : ${VARNAME:=default} is bad, : "${VARNAME:=default}" is correct. Reason: someone could preset $VARNAME with, for example, /*/*/*/*/../../../../*/*/*/*/../../../../*/*/*/* which will exhaust during globbing. Besides that, the article is good. Thanks Bernhard for posting it! PS: I sometimes use the colon as comment leader in the last line of a script or function, because it, unlike the octothorpe, sets$? to 0, which can be useful.

Update: As jilles pointed out in IRC, “colon” (‘:’) is a POSIX special built-in (most importantly, it keeps assignments), whereas “true” is a regular built-in utility.

## Munzee-Plazierungen

03.12.2014 by tg@
Tags: geocache

Wenn ich meine Geocaches so „genau“ ausmessen würde wie die Munzees hier in der Ecke sind, würden mir wütende Finder die Bude einrennen…

Und wieso überhaupt kann ich in der Ähpp ein DNF als Logtyp auswählen, aber beim Sync sagt er dann, ginge nicht? (NM geht. Note sollte auch.)

Alles in allem: besser als Ingress (nicht schwer…), aber ähnlich stromfressend; nerviger als Geocaching (die Ähpp ist auch furchtbar lahm). Und: it’s all about the numbers, aber teilt sich bei mir nunmal mit anderen GPS-Spielen die Statistik…

## Wegeskreuzungen, Pöller und Erkennbarkeit

30.11.2014 by gecko2@
Tags: geocache

Wußtest Du schon, daß eine Abzweigung (eine andere Straße oder sogar auch nur ein Feldweg) dadurch markiert wird, daß sie zwischen Pöllern mit orangefarbenen statt weißen Reflektoren steht?

(tg@ continuing…) Nein, wußte ich nicht, aber jetzt wo Du’s sagst… danke! Hilfreich! Daß die Pöller links wie ein Doppelpunkt und rechts wie ein senkrechter Strich geformt sind wußte ich immerhin schon. Ja, kann mir vorstellen, daß es bei der Navigation im Schnee hilft. Nein, in der Fahrschule hörte ich dies, und so manches anderes, nicht… komme mir im Nachhinein betrogen vor…

## RNG for MirBSD and subprojects

29.11.2014 by tg@
Tags: plan

Feel free to ignore those semi-unsorted ramblings of mine, they are unfinished, not binding, notes of plans that may come if I ever learn 影分身の術 (Kage Bunshin no Jutsu) or bilocality…

We currently have arc4random(9) in the kernel and arc4random(3) in userspace. We also have the urandom(4) stuff, but nobody should use them really. OpenBSD simplified theirs, but lost functionality like arc4random_addrandom(3) during that. I complicated ours, to get e.g. arc4random_pushb_fast(3), and for using userspace as additional pools, but that grew complex too, and few applications really add to their state other than using it anyway.

My idea thus far is to begin with those applications. That would be mksh(1) and ntpd(8) only, AFAICT. On the basis of the recently Spritz, an aRC4 successor with great sponge properties, I plan on creating s4random, which could serve their specific needs: an output state Spritz (like arc4random has); an input Spritz (which corresponds to the arc4random_roundhash) tweaked to have, every time Shuffle() is called by the absorption functions, four bytes sent to a BAFH state from Drip(); that 32-bit state is then used to randomly drop from the output state (in addition to a value from the output state itself like arc4random uses) for faster feedback (think state recovery attacks). The output state can then be seeded less often but in larger blocks, taking from the input state as well as arc4random(3) or sysctl(3) KERN_ARND or OpenBSD getentropy() or Linux getrandom() or /dev/urandom, with the usual pushback. It could also need only 16 bytes instead of 128/256 bytes from the kernel on such calls (possibly lowering the a4s_count equivalent for the first two trips). It would also need to work on lesser operating systems, so it can probably have a function to determine seed status (2 = third trip, kernel entropy; 1 = first or second trip, or Win32 CryptGenRandom; 0 = untrusted). Also consider skipping initialisation by hardcoding one at compile time, facilitated through Mirtoconf v2. (Also, reducing the maximum Squeeze() parameter to 64 before random dropping engages, instead of 256, makes sense. The BAFH state also needs feedback from the output state…)

Then, I could simplify MirBSD libc arc4random(3) as all other applications than those mentioned above (and maybe libcrypto, but that’s a special case anyway) don’t need this sort of fast feedback loop. I’ve not yet planned that part out. – Finally, the kernel may or may not adopt Spritz but I’ve got ideas wrt. that, faster feedback loops, less overhead for interrupt handlers, etc. as well. This can wait a bit, as Spritz is still very new, so I’d prefer to not lower the security level accidentally, but it can be prototyped for something eventually ending up in ntpd(8) where it has low impact, and mksh, where the MirJSON and Mirkev code will need it.

OpenSSL’s libcrypto is another case. Just using arc4random(3) now has effectively reduced its state size from about 8184 bit to about 1700 bit of aRC4 state while a Spritz state has about 1476‒1604 bit. Of course, it reads from the kernel, which doesn’t offer more anyway, and people say about security levels, but there’s still always EGD and, more importantly, ~/.rnd (or RANDFILE to be exact). So, an upscaling solution is needed, too, but I can construct one, similar to how arc4random_roundhash is comprised of 32 32-bit BAFH states with appropriate (but slow) mixing. But that’s specific to MirBSD anyway, and can take time.

Meh. Reminds me, I probably should add getentropy() before upgrading OpenSSH to a version doing the sandboxing. And let arc4random(3) use the new MAP_INHERIT_ZERO stuff; at least minherit(2) throws EINVAL as safe fallback but it still requires updating the kernel first. But then it has been there for months already.

## d-i preseeding is not the answer

25.11.2014 by tg@
Tags: debian rant work

This post details what the d-i team currently shows as the only way.

It has several shortcomings and one missing documentation part.

Shortcoming: --purge is missing from the apt-get invocation. This leaves packages in “rc” state (requiring a manual dpkg --purge to completely remove them later, as they are then invisible to apt).

Worse shortcoming: this still leaves all dependencies pulled in by systemd around on the system, because packages installed by debootstrap are not eligible for “apt-get --purge autoremove”. Additionally, it does not influence debootstrap’s (nōn-existent, see #557322, #668001, #768062) dependency resolver, leading to possibly pessimistic package selections.

Missing: you can just hit Alt-F2 and enter the command…

in-target apt-get --purge -y install sysvinit-core


… there, no need to preseed. But this does not eliminate the aforementioned shortcomings, of course.

## Valid UTF-8 but invalid XML

Tags: work debian

Another PSA: something surprising about XML.

As you might all know, XML must be valid UTF-8 (or UTF-16 (or another encoding supported by the parser, but one which yields valid Unicode codepoints when read and converted)). Some characters, such as the ampersand ‘&’, must be escaped (“&#38;” or “&#x26;”, although “&amp;” may also work, depending on the domain) or put into a CDATA section (“<![CDATA[&]]>”).

A bit surprisingly, a literal backspace character (ASCII 08h, Unicode U+0008) is not allowed in the text. I filed a bugreport against libxml2, asking it to please encode these characters.

A bit more research followed. Surprisingly, there are characters that are not valid in XML “documents” in any way, not even as entities or in CDATA sections. (xmlstarlet, by the way, errors out somewhat nicely for an unescaped literal or entity-escaped backspace, but behaves absolutely hilarious for a literal backspace in a CDATA section.) Basically, XML contains a whitelist for the following Unicode codepoints:

• U+0009
• U+000A
• U+000D
• U+0020‥U+D7FF
• U+E000‥U+FFFD
• U-00010000‥U-0010FFFF

Additionally, a certain number of codepoints is discouraged: U+007F‥U+0084 (IMHO wise), U+0086‥U+009F (also wise, but why allow U+0085?), U+FDD0‥U+FDEF (a bit surprisingly, but consistent with disallowing the backspace character), and the last two codepoints of every plane (U+FFFE and U+FFFF were already disallowed, but U-0001FFFE, U-0001FFFF, …, U-0010FFFF weren’t; this is extremely wise).

The suggestion seems to be to just strip these characters silently from the XML “document”.

I’m a bit miffed about this, as I don’t even use XML directly (I’m extending a PHP “webapplication” that is a SOAP client and talks to a Java™ SOAP-WS) and would expect this to preserve my strings, but, oh my. I’ve forwarded the suggestion to just strip them silently to the libxml2 maintainers in the aforementioned bug report, for now, and may even hack that myself (on customer-paid time). More robust than hacking the PHP thingy to strip them first, anyway – I’ve got no control over the XML after all.

Sharing this so that more people know that not all UTF-8 is valid in XML. Maybe it saves someone else some time. (Now wondering whether to address this in my xhtml_escape shell function. Probably should. Meh.)

## Debian init system freedom of choice GR worst possible outcome

19.11.2014 by tg@
Tags: debian rant work

Apparently (the actual results have not yet been published by the Secretary), the GR is over, and the worst possible option has won. This is an absolutely ambiguous result, while at the same time sending a clear signal that Debian is not to be trusted wrt. investing anything into it, right now.

Why is this? Simply: “GR not required” means that “whatever people do is probably right”. Besides this, we have one statement from the CTTE (“systemd is default init system for jessie. Period.”) and nothing else. This means that runit, or upstart, or file-rc, or uselessd, can be the default init system for zurg^H^H^H^Hstretch, or even the only one. It also means that the vast majority of Debian Developers are sheeple, neither clearly voting to preserve freedom of choice between init systems for its users, nor clearly voting to unambiguously support systemd and progress over compatibility and choice, nor clearly stating that systemd is important but supporting other init systems is still recommended. (I’ll not go into detail on how the proposer of the apparently winning choice recommends others to ignore ftpmaster constraints and licences, and even suggests to run a GR to soften up the DFSG interpretation.) I’d have voted this as “no, absolutely not” if it was possible to do so more strongly.

Judging from the statistics, the only thing I voted above NOTA/FD is the one least accepted by DDs, although the only other proposal I considered is the first-rated of them: support for other init systems is recommended but not required. What made me vote it below NOTA/FD was: “The Debian Project makes no statement at this time on sysvinit support beyond the jessie release.” This sentence made even this proposal unbearable, unacceptable, for people wanting to invest (time, money, etc.) into Debian.

Update: Formal result announced. So 358 out of 483 voting DDs decided to be sheeple (if I understand the eMail correctly). We had 1006 DDs with voting rights, which is a bit ashaming as well. That’s 48.01% only. I wonder what’s worse.

This opens up a very hard problem: I’m absolutely stunned by this and wondering what to do now. While there is no real alternative to Debian at $dayjob I can always create customised packages in my own APT repository, and – while it was great when those were eventually (3.1.17-1) accepted into Debian, even replacing the previous packages completely – it is simpler and quicker to not do so. While$dayjob benefits from having packages I work on inside Debian itself, even though I cannot always test all scenarios Debian users would need, some work reduction due to… reactions… already led to Debian losing out on Mediawiki for jessie and some additional suffering. With my own package repository, I can – modulo installing/debootstrap – serve my needs for $dayjob much quicker, easily, etc. and only miss out on absolutely delightful user feedback. But then, others could always package software I’m upstream of for Debian. Or, if I do not leave the project, continue doing so via QA uploads. I’m also disappointed because I have invested quite some effort into trying to make Debian better (my idea to join as DD was “if I’ve got to use it, it better be damn good!”), into packaging software and convincing people at work that developing software as Debian packages instead of (or not) thinking of packaging later was good. I’ve converted our versions of FusionForge and d-push to Debian packages, and it works pretty damn well. Sometimes it needs backports of my own, but that’s the corportate world, and no problem to an experienced DD. (I just feel bad we ($orkplace) lost some people, an FTP master along them, before this really gained traction.)

I’d convert to OpenBSD because, despite MirBSD’s history with them, they’re the only technically sound alternative, but apparently tedu (whom I respect technically, and who used to offer good advice to even me when asked, and who I think wouldn’t choose systemd himself) still (allying with the systemd “side” (I’m not against people being able to choose systemd, for the record, I just don’t want to be forced into it myself!)) has some sort of grudge against me. Plus, it’d be hard to get customers to follow. So, no alternative right now. But I’m used to managing my own forks of software; I’m doomed to basically hack and fix anything I use (I recently got someone who owns a licence to an old-enough Visual Studio version to transfer that to me, so I can hack on the Windows Mobile 6 version of Cachebox, to fix bugs in one of the geocaching applications I use. Now I “just” need to learn C# and the .NET Compact Framework. So I’m also used to some amount of pain.)

I’m still unresolved wrt. the attitude I should show the Debian project now. I had decided to just continue to live on, and work on the things I need done, but that was before this GR non-result. I absolutely cannot recommend anyone to “invest” into Debian (without sounding hypocriet), but I cannot recommend anything else either. I cannot justify leaving but don’t know if I want to stay. I think I should sleep over it.

One thing I promised, and thus will do, is to organise a meeting of the Debian/m68k people soonish. But then, major and important and powerful forces inside Debian still insist that Debian-Ports are not part of it… [Update: yes, DSA is moving it closer, thanks for that by the way, but that doesn’t mean anything to certain maintainers or the Release Team, although, the latter is actually understandable and probably sensible.] yet, all forks of Debian now suffer from the systemd adoption in it instead of having a freedom-of-choice upstream. I’ve said, and I still feel that systemd adoption should have done in a Debian downstream / (pure?) blend, and maybe (parts of) GNOME removed from Debian itself for it. (Adding cgroups support to the m68k kernel to support systemd was done. I adviced against it, on the grounds of memory and code size. But no downstream can remove it now.)

On a closing note: an Ewok told me I should not be surprised because of my communication style on the mailing lists. I just got private mails telling me that, indeed, I’ve been more civilised recently, plus I’ve not started out as aggressively as it became in the end of the heated systemd debate (with this GR result, I precisely lost what I had feared), plus I’ve hung on Usenet for too long… and I’m sometimes terse when I don’t want to repeat the, for me, same topic once again (I’ve usually looked at the things before and decided they’re just another hype, and know from experience to avoid them). So I feel this should not be held against me. Listen to advice, please. (I’m also somewhat shocked by certain people asserting systemd is “unavoidable”, now.)

## Tip of the day: bind tomcat7 to loopback i/f only

Tags: work debian

We already edit /etc/tomcat7/server.xml after installing the tomcat7 Debian package, to get it to talk AJP instead of HTTP (so we can use libapache2-mod-jk to put it behind an Apache 2 httpd, which also terminates SSL):

We already comment out the block…

    <Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
URIEncoding="UTF-8"
redirectPort="8443" />

… and remove the comment chars around the line…

    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />

… so all we need to do is edit that line to make it look like…

    <Connector address="127.0.0.1" port="8009" protocol="AJP/1.3" redirectPort="8443" />

… and we’re all set.

(Your apache2 vhost needs a line JkMount /?* ajp13_worker and everything Just Works™ with the default configuration.)

Now, tomcat7 is only accessible from localhost (Legacy IP), and we don’t need to firewall the AJP (or HTTP/8080) port. Do make sure your Apache 2 access configuration works, though ☺

## Debian is a bit like a school class…

09.10.2014 by tg@
Tags: personal rant

… which has never quite taken you as-is, bordering bullying maybe, and has now made up rules to include some new kids, using these as excuse to bully you around even more. You stay the outsider, having tried to struggle along for a while, except of course when they want to copy off your homework. Or, as happened to me, during a Maths test, with carbon paper. Then you're thanked for a short while, and after some time, you're alone again.

… except, it all happened in the city, not in the internet, which happily multiplies negative voices and likes to take things out of context, especially if part of the context was in private mail or other threads or long buried (closed as ignored/WONTFIX) bugreports.

Of course, some sorts of misbehaviour are okay, as long as those who do toe the party line ‒ and aren't outcast, to start with.

I still pride myself as independent thinker and like to play the devil's advocate rule (heh, double entendree, being a BSD person). Critically looking at something new has led to lots of tys moments. If people listened to my criticism in the first place, effort could have been saved.

It seems to be an anglo-american-australian thing, putting political correctness in expressions over real niceness. And the opinion about cursing, in general. And this SJW thing. You know, a good friend is someone who you can be silent with, while being happy together. One whom you can insult, be it in jest or in anger, and still stay friends.

And look at those newcomers! Shiny, with makeup that promises faster boot times (eh? I fail to see how this is relevant in a Unix…) and all that. But these superficial people, always jumping from one thing (HAL, consolekit) to the next, giving up their own projects which they forced upon others the minute before ‒ no consistency.

I'm too old for this shit. Ignore my rambling. Couldn't sleep.

## PSA: #shellshock still unfixed except in Debian unstable, testing, *buntu LTS

Tags: work debian

I just installed, for work, Hanno Böck’s bashcheck utility on our monitoring system, and watched all¹ systems go blue.

① All but two. One is not executing remote scripts from the monitoring for security reasons, the other is my desktop which runs Debian “sid” (unstable).

(Update, 2014-10-20: jessie, precise, trusty are also green now.)

This means that all those distributions still have unfixed #shellshock bugs.

• lenny (with Md’s packages): bash (3.2-4.2) = 3.2.53(1)-release
• CVE-2014-6277 (lcamtuf bug #1)
• squeeze (LTS): bash (4.1-3+deb6u2) = 4.1.5(1)-release
• CVE-2014-6277 (lcamtuf bug #1)
• wheezy (stable-security): bash (4.2+dfsg-0.1+deb7u3) = 4.2.37(1)-release
• CVE-2014-6277 (lcamtuf bug #1)
• CVE-2014-6278 (lcamtuf bug #2)
• jessie (testing): bash (4.3-10) = 4.3.27(1)-release
• CVE-2014-6277 (lcamtuf bug #1)
• CVE-2014-6278 (lcamtuf bug #2)
• sid (unstable): bash (4.3-11) = 4.3.30(1)-release
• none
• CentOS 5.5: bash-3.2-24.el5 = 3.2.25(1)-release
• extra-vulnerable (function import active)
• CVE-2014-6271 (original shellshock)
• CVE-2014-7169 (taviso bug)
• CVE-2014-7186 (redir_stack bug)
• CVE-2014-6277 (lcamtuf bug #1)
• CentOS 5.6: bash-3.2-24.el5 = 3.2.25(1)-release
• extra-vulnerable (function import active)
• CVE-2014-6271 (original shellshock)
• CVE-2014-7169 (taviso bug)
• CVE-2014-7186 (redir_stack bug)
• CVE-2014-6277 (lcamtuf bug #1)
• CentOS 5.8: bash-3.2-33.el5_10.4 = 3.2.25(1)-release
• CVE-2014-6277 (lcamtuf bug #1)
• CentOS 5.9: bash-3.2-33.el5_10.4 = 3.2.25(1)-release
• CVE-2014-6277 (lcamtuf bug #1)
• CentOS 5.10: bash-3.2-33.el5_10.4 = 3.2.25(1)-release
• CVE-2014-6277 (lcamtuf bug #1)
• CentOS 6.4: bash-4.1.2-15.el6_5.2.x86_64 = 4.1.2(1)-release
• CVE-2014-6277 (lcamtuf bug #1)
• CentOS 6.5: bash-4.1.2-15.el6_5.2.x86_64 = 4.1.2(1)-release
• CVE-2014-6277 (lcamtuf bug #1)
• lucid (10.04): bash (4.1-2ubuntu3.4) = 4.1.5(1)-release
• CVE-2014-6277 (lcamtuf bug #1)
• precise (12.04): bash (4.2-2ubuntu2.5) = 4.2.25(1)-release
• CVE-2014-6277 (lcamtuf bug #1)
• CVE-2014-6278 (lcamtuf bug #2)
• quantal (12.10): bash (4.2-5ubuntu1) = 4.2.37(1)-release
• extra-vulnerable (function import active)
• CVE-2014-6271 (original shellshock)
• CVE-2014-7169 (taviso bug)
• CVE-2014-7186 (redir_stack bug)
• CVE-2014-6277 (lcamtuf bug #1)
• CVE-2014-6278 (lcamtuf bug #2)
• trusty (14.04): bash (4.3-7ubuntu1.4) = 4.3.11(1)-release
• CVE-2014-6277 (lcamtuf bug #1)
• CVE-2014-6278 (lcamtuf bug #2)

I don’t know if/when all distributions will have patched their packages ☹ but thought you’d want to know the hysteria isn’t over yet…

… however, I hope you were not stupid enough to follow the advice of this site which suggests you to download some random file over the ’net and execute it with superuser permissions, unchecked. (I think the Ruby people were the first to spread this extremely insecure, stupid and reprehensible technique.)

• rsc points out that CentOS only supports 5.«latest» and 6.«latest», and paying RHEL get 5.«x».«y» but only occasionally. We updated one of the two systems in question and shut the other down due to lack of use.
• trusty (14.04): bash (4.3-7ubuntu1.5) = 4.3.11(1)-release
• none
• Yes, comments on this blog are disabled; mail ｔ．ｇｌａｓｅｒ＠ｔａｒｅｎｔ．ｄｅ for feedback.
• Since I was asked (twice): the namespace patches by Florian Weimer protect from most exploits. The bugs are, nevertheless, present:
root@debian-wheezy:~ # env 'BASH_FUNC_foo()=() { x() { _; }; x() { _; } <<'"$(perl -e '{print "A"x1000}'); }" bash -c : Segmentation fault 139|root@debian-wheezy:~ # dmesg | tail -1 [3121102.362274] bash[1699]: segfault at dfdfdfdf ip 00000000f766df36 sp 00000000ffe90b34 error 4 in libc-2.13.so[f75ee000+15d000]  • To one eMail sender: If you do not understand why a CGI or something else could invoke a shell, or what a segmentation fault trap is, do not bother me. Especially not in that tone. • To another eMail sender: Yes, quantal is end of life. It’s also upgraded. First and last time I ever used *buntu’s “do-release-upgrade”. Broke kernel and GRUB, and upgraded to saucy. I manually “apt-get --purge dist-upgrade”d to trusty (went surprisingly well). • precise (12.04): bash (4.2-2ubuntu2.6) = 4.2.25(1)-release • none • jessie (testing): bash (4.3-11) = 4.3.30(1)-release • none • Update 27.10.2014: Clearly, distributions are not fixing the lcamtuf bug series (Debian stable, CentOS), believing that the affix patch makes them invulnerable, while it just removes the most common/popular/exposed attack vector. Sad story. Thanks to ↳ tarent for letting me do this work during$dayjob time!

## mksh R50d released

07.10.2014 by tg@
Tags: bug debian mksh news pcli

The last MirBSD Korn Shell update broke update-initramfs because I accidentally introduced a regression in field splitting while fixing other bugs – sorry!

mksh R50d was just released to fix that, and a small NULL pointer dereference found by Goodbox on IRC. Thanks to my employer tarent for a bit of time to work on it.

## mksh R50c released, security fix

03.10.2014 by tg@
Tags: android bug debian mksh news pcli release security

The MirBSD Korn Shell has got a new security and maintenance release.

This release fixes one mksh(1)-specific issue when importing values from the environment. The issue has been detected by the main developer during careful code review, looking at whether the shell is affected by the recent “shellshock” bugs in GNU bash, many of which also affect AT&T ksh93. (The answer is: no, none of these bugs affects mksh.) Stephane Chanzelas kindly provided me with an in-depth look at how this can be exploited. The issue has not got a CVE identifier because it was identified as low-risk. The problem here is that the environment import filter mistakenly accepted variables named “FOO+” (for any FOO), which are, by general environ(7) syntax, distinct from “FOO”, and treated them as appending to the value of “FOO”. An attacker who already had access to the environment could so append values to parameters passed through programs (including sudo(8) or setuid) to shell scripts, including indirectly, after those programs intended to sanitise the environment, e.g. invalidating the last $PATH component. It could also be used to circumvent sudo’s environment filter which protected against the vulnerability of an unpatched GNU bash being exploited. tl;dr: mksh not affected by any shellshock bugs, but we found a bug of our own, with low impact, which does not affect any other shell, during careful code review. Please do update to mksh R50c quickly. ## git rebasing considered harmful Tags: work debian git rebase is problematic (from a version control system user point of view) because it rewrites history. We all knew that. But did you know that git pull --rebase, commonly used before a git push, can also be harmful, destroy history, and surprise users in a negative way? 10:08⎜<Beuc:#fusionforge> Lo-lan-do, we must have committed at the same time :) First time I rebase and my commit disappear ;) 10:11⎜«Lo-lan-do:#fusionforge» So who won? 10:11⎜«Lo-lan-do:#fusionforge» Aha, I did :-) This does fit git’s model of managing patches and tracking content, but is just irresponsible for a version control system. (Also, imagine incensed contributors whose commits just vanish.) So, danger, beware of using git rebasing when you use git as distributed version control system! In a related way: merge commits are good. Especially when merging between, into or from feature branches. (A friend had his .gitconfig set up to default to rebasing… ugh.) So there should have been one place where you used rebase: to avoid merge commits when people work on the same repository at the same time (but, ideally, on different files). Those were mostly annoying. But, as you can see above, the alternatives are even worse… ## mksh R50b released 03.09.2014 by tg@ Tags: mksh news pcli The MirBSD Korn Shell has got a new bugfix release. Thought you’d want to know ☺ ## iCalender and timezones Tags: work debian Okay. I just created three events at tomorrow 10:00 CEST (08:00 UTC), on three different accounts on the very same Debian Lenny machine. All three use nxclient to log into KDE 3, with Kontact/KDEPIM Version 1.2.9 (enterprise35 20131030.a834355). Then, I looked at the event invitations (METHOD:REQUEST BEGIN:VEVENT) in a simple eMail program (alpine). What I got made me beg to differ: $ fgrep -e DTSTAMP -e CREATED -e UID -e LAST-MODIFIED -e SUMMARY -e DTSTART -e DTEND s?

s2:DTSTAMP:20140812T114542Z
s2:CREATED:20140812T114541Z
s2:UID:libkcal-1345193151.365
s2:LAST-MODIFIED:20140812T114541Z
s2:SUMMARY:sk2
s2:DTSTART:20140813T080000Z
s2:DTEND:20140813T100000Z

s3:DTSTAMP:20140812T134551Z
s3:CREATED:20140812T134550Z
s3:UID:libkcal-579827798.725
s3:LAST-MODIFIED:20140812T134550Z
s3:SUMMARY:sk3
s3:DTSTART:20140813T100000Z
s3:DTEND:20140813T120000Z

s4:DTSTAMP:20140812T134559Z
s4:CREATED:20140812T134558Z
s4:UID:libkcal-743876151.470
s4:LAST-MODIFIED:20140812T134558Z
s4:SUMMARY:sk4
s4:DTSTART:20140813T100000Z
s4:DTEND:20140813T120000Z

I should mention that I created the events at roughly 13:45 CEST today (11:45 UTC), and the system timezone on the box as well as the “Time & Date” zone in the Kontact settings are all “Europe/Berlin”.

To add insult to injury: the calendar view on the accounts that created the event all do show it for tomorrow, 10:00 local time.

I cannot possibly imagine how this could go wrong, seeing as those are all on the same machine…

WTF is going on here?

Update: .kde/share/config/korganizerrc had TimeZoneId wrong. I had to change a different timezone (such as Europe/Bratislava), hit the OK button, confirm to “Keep Times”, then re-open the settings dialogue and change back to Europe/Berlin, for it to work.

## mksh R50, jupp 27 released

29.06.2014 by tg@
Tags: jupp mksh news pcli

Both the MirBSD Korn Shell and jupp – the editor which sucks less have seen new releases today. Please test them, report all bugs, and otherwise enjoy all the bugfixes.

Other subprojects will also have new releases… once I get around doing so after hacking them…

Update 03.07.2014: New release for MirCPIO, that is, cpio(1) and pax(1) and tar(1) in a somewhat portable package.

-r--r--r-- 4 tg miros-cvssrc 141973 Jul 3 19:56 /MirOS/dist/mir/cpio/paxmirabilis-20140703.cpio.gz

## Dear FSF, stop recommending Enigmail.

05.06.2014 by tg@
Tags: debian pcli rant security tip work

Dear FSF, stop recommending Enigmail, please. It is broken, simple as that. Even if you switch everything HTML-related off, it still defaults to the latin9 (ISO-8859-15) encoding instead of UTF-8, and possibly some other nasties. Worse, it’s based upon obsolete Thunderbird/Icedove technology, which is dead since the release of Firefox® 17 and will only degrate over time.

Side note: I was asked recently how much entropy is used while generating a PGP key using GnuPG on Windows®, after having done the same for OpenSSL on Debian (and possibly almost all other OSes). I had to try to find out which was the actual code (GnuPG 2 with libgcrypt, it turns out), and it was not pretty. (You are hereby adviced to create a 600-byte file ${GNUPGHOME:-~/.gnupg}/random_seed from a good source before even attempting to use GnuPG 2 for the first time. OK, you can run gpg -k once, to create the GNUPGHOME directory from a skeleton.) ## Friseure! 21.05.2014 by tg@ Tags: personal rant Mein Friseur hat zugemacht. Jetzt versuche ich seit Wochen, einen neuen zu finden. Der sollte aufhaben, wenn ich von der Arbeit komme. Technisch beëinflußt suche ich zunächst im Netz… aber liebe Leute, ich will keine 20 € und mehr ausgeben und dafür beim Friseur Kaffee aus einer Saeco trinken (das mache ich auf Arbeit kostenlos), oder für 36 € das 40-Minuten-Wellness-Paket mit irgendwelchen abgedrehten Pflegen haben oder von Promi-Friseuren beackert werden. Ich will einfach nur nen verdammten normalen sommerlichen Kurzhaarschnitt, für ein Dutzend Quakes, ggfs. ein paar mehr, gern auch mit Rasur. Und zwar abends so zwischen 18 und 19 Uhr, oder samstags am späten (lies: 14 Uhr) Vormittag, wenn ich halbwegs wach bin. Ist das denn so schwer? (Okay, die meisten haben vermutlich keine Webseite. Aber wie findet man die? Und die zwei mit einer Facebook- aber keiner Webseite kommen, habe ich extra von der Arbeit aus nachgesehen, auch nicht in Frage.) </rant> ## More on the Vim thing 20.05.2014 by tg@ Tags: tip As an update to the issue with Vim not treating a file as UTF-8 Benny wrote about earlier, there’s more to note: • The file in question contained two lines that were copied from the Other BSD, which were not UTF-8. This probably led to Vim not wanting to treat the entire file as UTF-8. (This is not normally a problem in vi(1), AFAIK (but in nvi in Debian, which truncates the file on write, with no way to recover), and jupp even has mixed-encoding files as a primary use case.) • When treating the file as UTF-8 forcefully, which Benny used, the file was saved with the offending bytes replaced by question marks (which was discovered by me in cvs(1) diff(1), leading to a fix and this post-mortem analysis) This is apparently something every editor user should know about. Another lesson learned: run$VCS diff before committing!

And something for me to take from this: check file encodings when importing from poorer OSes, and in general.

## Tip of the Day (Vim)

20.05.2014 by bsiegert@

Today I learned something about file encodings in vim. When your terminal is UTF-8 but Vim insists on treating the file you are opening as latin-1, here is what to do: Setting fileencoding on the already opened file will not work, it will only try to convert the file (i.e. the wrongly interpreted UTF-8 sequences) to UTF-8. Don't do this!

The solution is to reopen the file using

:e ++enc=utf8

or specify the ++enc parameter when opening the file from inside vim. The more you know.

## Quotes of the day – SWB Engrish

17.05.2014 by tg@
Tags: fun

Stadtwerke Bonn conduct track works on the third
weekend of May 23-25th on several sections of the
line 61. The orbits of lines 61, 62 and 65 drive from
Friday 23 May to Sunday 25 May not on their usual
line paths
. Due the track works a train replacement
service by busses will be established.

Please note: The travel time of the shuttle busses
takes longer. It is recommend to adjust the traveling
plan.

We apologise for any inconvenience!

(Emphasis mine. Inconvenience, such as almost C|N>K…)

## Debian packaging example: PHP5 webapp with dbconfig-common and Apache 2.2/2.4 support

15.05.2014 by tg@
Tags: debian snippet tip work

I’m holding a Debian packaging workshop for our trainees at work tomorrow, and have prepared a sample package for a simple PHP web application (just a handful of files) with DB connection (PostgreSQL of course), automatic setup via dbconfig-common, and with support for both Apache 2.2 (wheezy, precise) and Apache 2.4 (jessie/sid), configuration-wise. (It is possible to install this without Apache, just it does not configure the webserver then.) Schema updates on software updates are also tested (there is neither Flyway nor Liquibase – which are the tools we use at work for this, other than Roland Mas’ wonderful scripts for FusionForge – in Debian, but to my delight I discovered that dbconfig-common can also do this).

Comments, suggestions, flames, etc. welcome. I know that this should not be a native package, and will address this tomorrow, but I wanted something that serves as decent example for how to do this easily, Policy conformant and using modern techniques (even those I dislike myself – for the sake of simplicity).

Permission was granted by the business administration to reproduce this all under a BSD-style licence, so, enjoy sharing!

Thanks to Roland Mas, for making FusionForge such a nice project, and Arno Töll for some instant IRC help on the Apache side of this.

This is my first time using dbconfig-common, and now, I finally feel I know enough to finish the packaging of Kivitendo which I’ve started earlier. Beta testers for that welcome, too.

(And next week or so, I’ll need this for a Maven thingy. I’ll probably opt out on the DB side, there, though. Never did anything with that, either, not being a Java™ guy. I guess something web to go with tomcat7… anyone got this already?)

## Lügen haben lange Leitern

13.05.2014 by tg@
Tags: debian fun politics rant twitxr

Endlich tut mal jemand was gegen die rechte Hetzpartei! – Ein Arbeitskollege fragt, ob man die nicht einfach mit einem langen Heckenschneider abmachen kann… aber sie so lächerlich zu machen hat auch was ☺

Finally, someone is doing something against this Nazi party! A coworker wondered whether it’s legal to cut them off with a long tool, but making them ridiculous like this is also funny ☻

(Explanation: the “Pro NRW” people put their campaign thingies (sorry, I don’t speak English well) up on lamp posts very high, because they are taken down by other citizens immediately otherwise, so there’s now people making fun of them for using long ladders (to put them up there, so the offended citizens need equally long ladders or tools with long arms) in leaning on the saying that lies have long legs ⇒ here: ladders.)

04.05.2014 by tg@
Tags: debian fun twitxr

While taking the tram to our favourite Croatian restaurant, I spotted something dedicated to Ada. We’ll never know which one… the language, the famous programmer, or someone else. A “Maibaum (may pole, one of its many meanings). Click on the picture to get a slightly different one which has the text better legible.

## Stay off my computer, puppet!

18.04.2014 by tg@
Tags: bug debian fun geocache pcli rant tip work

I was out, seeing something that wasn’t there yet when I was at school (the “web” was not ubiquitous, back then), and decided to have a look:

pageok

Ugh. Oh well, PocketIE doesn’t provide a “View Source” thingy, so I asked Natureshadow (who got the same result on his Android, and had no “View Source” either apparently, so he used cURL to see it). We saw (here, re-enacted using ftp(1)):

tg@blau:~ $ftp -Vo - http://www.draitschbrunnen.de/ <!-- pageok --> <!-- managed by puppet --> <html> <pre>pageok</pre> </html>  This is the final straw… after puppet managed to trash a sudoers(5) at work (I warned people to not introduce it) now it breaks websites. ☺ (Of course, tools are useful, but at best to the skill of their users. Merely dumbly copying recipes from “the ’net” without any understanding just makes debugging harder for those of us with skills.) ObQuestion: Does anyone have ⓐ a transcript (into UTF-8) and ⓑ a translation for the other half of the OpenBSD 2.8 poster? (I get asked this regularily.) Update: One person sent me the Kanji and Kana for it in UTF-8 「俺のマシンに手を出すな！」, and they and one more person told me it’s “Hands off my machine!” or “Don’t lay a hand on my machine!”. Now I’m not studying Japanese, but it LGTM in FixedMisc [MirOS], and JMdict from MirPorts says: ore no mashin ni te (w)o dasu na (roughly: my machine; particle; hands; particle; put out; prohibition) ☺ Thanks all, now I know what to tell visitors who wonder about that poster on my wall. ObTip: I can install a few hundred Debian VMs at work manually before the effort needed to automate d-i would amortise. So I decided not to. Coworkers are shocked. I keep flexibility (can decide to have machines differ), and the boss accepts my explanations. Think before doing automation just for the sake of automation! ## Enough of IT… 14.04.2014 by tg@ Tags: geocache rant I’ve been only sleeping, cooking and geocaching this weekend. Rather productive. Better than being angry at idiots, slowpokes (StartCom and Mozilla in particular), etc. Food was rather tasty, although I held back and put only ten pieces of garlic into it; gecko2 added some Pul Biber to his… ## Heartbleed vs. Startcom / StartSSL 09.04.2014 by tg@ Tags: bug debian news rant security work First of all, good news, MirBSD is not vulnerable to The Heartbleed Bug due to my deliberate choice to stick to an older OpenSSL version. My inquiry (in various places) as to what precisely could leak when a vulnerable client connected to a nōn-vulnerable server has yet to be answered, though we can assume private key material is safe. Now the bad news: while the CA I use¹ and a CA I don’t use offer free rekeying (in general), a CA I also use occasionally² refuses to do that. The ugly: they will not even revoke the certificates, so any attacker who gained your key, for example when you have been using a certificate of theirs on a Debian system, will be able to use it (e.g. to MITM your visitors traffic) unless you shell over lots of unreasonable money per certificate. (Someone wrote they got the fee waived, but others don’t, nor do I. (There’s also a great Twitter discussion-thingy about this involving Zugschlus, but I won’t link Twitter because they are not accessible to Lynx users like me and other Planet Debian authors.) ① I’ve been using GoDaddy privately for a while, paid for a wildcard certificate for *.mirbsd.org, and later also at work. I’ve stopped using it privately due to current lack of money. ② Occasionally, for nōn-wildcard gratis SSL certificates for HTTP servers. Startcom’s StartSSL certificates are unusable for real SSL as used in SMTP STARTTLS anyway, so usage isn’t much. Now I’ve got a dilemma here. I’ve created a CA myself, to use with MirBSD infrastructure and things like that – X.509 certificates for my hosts (especially so I can use them for SMTP) and possibly personal friends (whose PGP key I’ve signed with maximum trust after the usual verification) but am using a StartSSL certificate for www.mirbsd.org as my GoDaddy wildcard certificate expires in a week or so (due to the aforementioned monetary issues), and I’d rather not pay for a limited certificate only supporting a single vhost. There is absolutely no issue with that certificate and key (only ever generated and used on MirBSD, only using it in Apache mod_ssl). Then, there’s this soon-to-be tax-exempt non-profit society of public utility I’m working with, whose server runs Debian, and which is affected, but has been using a StartSSL certificate for a while. Neither the society nor I can afford to pay for revocation, and we do not see any possible justification for this especially in the face of CVE-2014-0160. I expect a rekey keeping the current validity end date, and would accept a revocation even if I were unable to get a new certificate, since even were we to get a certificate for the society’s domain from someplace else, an attacker could still MITM us with the previous one from Startcom. The problem here is: I’d really love to see (all of!) Startcom dropped from the global list of trustworthy CAs, but then I’d not know from where to get a cert for MirBSD; Globalsign is not an option because I will not limit SSL compatibility to a level needed to pass their “quality” test… possibly GoDaddy, ISTR they offer a free year to Open Source projects… no idea about one for the society… but it would solve the problem of not getting the certificates revoked. For everyone. I am giving Startcom time until Friday after$dayjob (for me); after that, I’ll be kicking them off MirBSD’s CA bundle and will be lobbying for Debian and Mozilla to do the same.

Any other ideas of how to deal with that? I’d probably pay 5 € for a usable certificate accepted by people (including old systems, such as MSIE 5.0 on Win2k and the likes) without questioning… most of the time, I only serve public content anyway and just use SSL to make the NSA’s job more difficult (and even when not I’m not dealing with any payment information, just the occasional login protected area).

By the way, is there any way to access the information that is behind a current-day link to groups.google.com with Lynx or Pine? I can’t help but praise GMane for their NNTP interface.

ObFunfact: just when I was finished writing this wlog entry, I got a new eMail “Special offer just for you.” from GoDaddy. Sadly, no offer for a 5 € SSL certificate, just the usual 20-35% off coupon code.

## Sorry about the MediaWiki-related breakage in wheezy

01.04.2014 by tg@
Tags: debian work

I would like to publicly apologise for the inconvenience caused by my recent updates to the mediawiki and mediawiki-extensions source packages in Debian wheezy (stable-security).

As for reasons… I’m doing Mediawiki-related work at my dayjob, as part of FusionForge/Evolvis development, and try to upstream as much as I can. Our production environment is a Debian wheezy-based system with a selection of newer packages, including MediaWiki from sid (although I also have a test system running sid, so my uploads to Debian are generally better tested). I haven’t had experience with stable-security uploads before, and made small oversights (and did not run the full series of tests on the “final”, permitted-to-upload, version, only beforehand) which led to the problems. The situation was a bit complicated by the need to update the two packages in lockstep, to fight an RC bug file/symlink conflict, which was hard enough to do in sid already, plus the desire to fix other possibly-RC bugs at the same time. I also got no external review, although I cannot blame anyone since I never asked anyone explicitly, so I accept this as my fault.

The issues with the updates are:

• mediawiki 1.19.5-1+deb7u1 (the previous stable-security update) was not made by me but by Jonathan Wiltshire
• mediawiki 1.19.11+dfsg-0+deb7u1 (made by me) was fine, fixed the bugs it was supposed to, but was delayed after being uploaded to security-master-unembargoed
• mediawiki 1.19.14+dfsg-0+deb7u1 was supposed to be a mostly upstream update, but I decided to add changes to fix issues pointed out by lintian (not trivial ones), and mistakenly forgot to remove two lines that should not have crept in from sid
• mediawiki 1.19.14+dfsg-0+deb7u2 was quickly uploaded to fix this issue but took about half a day to be ACCEPTed
• mediawiki-extensions 3.5~deb7u1 should have be named 2.12 but could not, due to the aforementioned lockstep update requirement and version checks in maintainer scripts; it fixes the issues but does not add other changes from 3.5 in sid… unfortunately, the packaging uses cdbs (which I dislike quite a lot, but as the newcomer in the team I decided to accept it and go on; changing the existing packaging would be quite some effort anyway) and wants debian/control to be regenerated from control.in… which I thought I had done, and normally do…
• mediawiki-extensions 3.6 (in sid) fixes another dir/symlink conflict shown up after 3.5 was made. I’ve requested upload permission for regenerating debian/control and asked whether I am allowed to include this fix as well

My unfamiliarity with some of the packaging concepts used here, combined with this being something I do during $dayjob (which can limit the time I can invest, although I’m doing much more work on Mediawiki in Debian than I thought I could do on the job), can cause some of those oversights. I guess I also should install a vanilla wheezy environment somewhere for testing… I do not normally do stable uploads (jmw did them before), so I was not prepared for that. And, while here: thanks to the Debian Security Team for putting up with me (also in this week’s FusionForge issue), and thanks to Mediawiki upstream for agreeing to support releases shipped in Debian stable for longer support, so we can easily do stable-security updates. ## FreeWRT Archive 30.03.2014 by tg@ Tags: archaeology freewrt news pcli snapshot As previously announced, the FreeWRT Project has been archived. You can access the content at the FreeWRT Archive Site on the MirWebseite. ObRant: DST (Sommerzeit) sucks! ## KISS 06.02.2014 by tg@ Tags: archaeology debian fun jupp pcli Just saw this in my INBOX:  B. The default init system for jessie will be a single /etc/rc script  I’d certainly vote that❣ In unrelated news, jupp 2.8 for DOS runs on cable3, which means it’ll still run on an original 8088/8086 ☻ Update 10.02.2014: The unobfuscated version of cable3 is called 8086tiny under the MIT licence. Thanks to the author for doing that (and not just dumping the IOCCC code) and to RT from the mksh(1) IRC channel for finding it on the ’net! ## mksh build problem workaround 26.01.2014 by tg@ Tags: mksh As a workaround to the build problem of mksh R49 with some host shells, you can try removing every sequence of backslash + newline in rlimits.opt and sh_flags.opt, for example with the following sequence: cd /path/to/mksh for f in *.opt; do tr '\n' '' <"$f" | \
sed 's/\\//g' | \
tr '' '\n' >"$f.out" mv "$f.out" "$f" done  This will apply to every upcoming mksh(1) release until such time as this code has been rewritten in (host) C. Another thing that could be done is to add -r to both IFS= read line occurences in Build.sh, function do_genopt. ## Lacking hacking time. Puppet stinks. 22.01.2014 by tg@ Tags: personal rant work Meh. I announced a tree breaker. Would be nice if I actually found enough spare time to hack on it before, I think, end of March (which is roughly when I’m planning to decommission both eurynome and, for monetary reasons (not going to do an OpenBSD here and cry about needing funds, as those who know me know this is a constant), the manitu server). Took me 62 minutes to write a functioning OSIAM installer in mksh(1) after getting annoyed that the Puppet-lovers are either ill, not able to work on the project I have to finish by Friday, or not yet skilled enough to help. Got the entire thing working (but this week sees way too many overlong days at the workplace), estimate finishing with full success by tomorrow afternoon, with zero puppet but lots of mksh. Maintainable, too. ## FOSDEM preparations… done. 20.01.2014 by tg@ Tags: debian event fun grml mksh twitxr work I’ve produced several pin-on buttons to take with me to FOSDEM for giving away (as long as there are any left): First row (nice projects), from left to right: MidnightBSD; Glenda, the Plan 9 bunny; Teckids e.V. Second row (The MirOS Project): mksh; the Shilouette Dæmon; the “Triforce” (Live+Install CDs for i386 and sparc, with MirGrml); “the m” (alternative logo, vector) Third row (things originating from tarent): Freedroidz (now a Teckids project); OSIAM (Identity and Access Management); tarent (tarent AG, tarent GmbH), who sponsored production of these buttons Hm… jupp needs a button’able logo! FOSDEM meetup ## jupp, coming to a Fedora near you soon! 04.01.2014 by tg@ Tags: jupp news pcli Thanks to Robert Scheck, jupp – the Editor which sucks less (a WordStar™-compatible Unix editor with lots of features, including a hex editor) is currently on its way to Fedora and EPEL (RHEL/CentOS 5 and 6). Depending on your distribution, you will have it available within one to two weeks, I’m being told. This adds another distribution to the list; jupp has been available in Debian and its derivates (some of which may not be named) for some time (due to user request), and the webpage contains Win32 binaries (made with Cygwin, an oldish version to be compatible to Win9x). jupp is especially useful as programmers’ editor, but also used in teaching school-aged kids the joys of IT; Natureshadow has prepared a cheat sheet, which we will internationalise and localise, then link from the jupp homepage – so stay tuned! (I guess we’ll also need a concise list of jupp features, in lieu of advertising.) ## On modern VCSes 02.01.2014 by bsiegert@ There has been an ongoing discussion in the NetBSD community about migrating away from CVS (something that is not in question here, I know I know)—to the point that the tech-repository mailing list has been set up specifically for this discussion. Eric S. Raymond recently posted an article titled "bzr is dying; Emacs needs to move" on emacs-devel. Thomas Klausner remarked that if you apply sed -e "s/emacs/NetBSD/g" -e "s/bzr/CVS/g" to the post, then the same applies, frighteningly accurate in fact: In practice, I judge that sticking with CVS would have social and signaling effects damaging to NetBSD's prospects. Sticking to a moribund version-control system will compound and exacerbate the project's difficulty in attracting new talent. The uncomfortable truth is that many younger hackers already think CVS is a dinosaur – difficult, bulky, armor-plated, and generally stuck in the last century. If we're going to fight off that image, we cannot afford to make or adhere to choices that further cast the project as crusty, insular, and backward-looking. This is what I wrote in reply: Scary how spot-on this is after the above substitution. I fully agree. I know that this may spawn another centithread but: how about we use a "canary" for a VCS migration? For example, moving pkgsrc-wip to git would probably be trivial, considering that it's sourceforge that hosts it. Last time I checked, sourceforge supports hosted git repositories. As a new data point, I did some hacking on pkgsrc on MirBSD during 30c3 using a clone of github.com/jsonn/pkgsrc. This was in part to work around the freeze, in part to see how git copes with the typical pkgsrc workflows. I was positively surprised, I must say. Some observations: • you want distfiles/ and packages/ in gitignore. • not ignoring work directories is actually a convenient way to find stale work directories quickly. • downgrading a single package (in my case, to get autoconf-2.61 for some configure script) is easy to do, using git checkout$revision devel/autoconf This set the working copy back to the given revision and put the changes to HEAD into the index.
• branch/rebase/merge is a good workflow for upgrading single packages.

Thus, even if the NetBSD project is not prepared to move to git outright, we could do a move for pkgsrc-git, then pkgsrc. src could come later.

## Neo900

02.12.2013 by tg@
Tags: debian

I’ve did something I surely will (financially) regret, next year, and designated the Neo900 to be the successor to my PocketPC, due to the latter having only 64 MiB RAM and Geocaching applications being quite hungry. It’s got a lovely hardware keyboard, a “pen” display like the PocketPC (as opposed to the “wishy-washy” displays that Android and iPhone have), not only GPS but also GLONASS, fully free software with mostly free firmware (I’m okay with that, mostly), a Ctrl key (useful in ssh and locally and my text editor; ^I is Tab, so it’s useful in shell, too), WLAN, UMTS (I don’t think I need LTE and would rather it have the more RAM), USB host (OTG), and lots of other nice features.

In short, it’s a tinkerable device: one I can not only hack at, but also hack on.

Since I use a “dumbphone” for mobile phone anyway (pro: separate battery from the “toy” PocketPC/Smartphone – we’re talking two+ weeks of battery time when using it here, and easier use and less bugs, and a reliable fallback when I tinker “too much”), this is perfect for me.

I’m reposting this in the wlog mostly because it’s an interesting technical and OSS project, and because if 1000 people want one it will get less expensive for all of us (while here… shameless plug… any sponsors willing to contribute some EUR so I don’t ruin myself with this, in exchange for services of some kind?). I’ll probably run Debian on it (unless it goes systemd), maybe in a chroot – if the native OS has functionality needed that I can’t simply put into packages; they say Maemo has much better power management, but considering most use will have GPS, GLONASS and backlight on, battery isn’t going to last long anyway… – or maybe even native… I’ve been wanting to know what this “freesmartphone” stuff my m68k (Atari VM) buildd has been happily compiling, anyway… and some sort of Geocaching application (ideally a cross between something online, CacheWolf and an offline OSM (with most of Europe, but uninteresting tags stripped) and possibly access to the GS Live API but nevertheless supporting TC, NC, OC, gpsgames too), and my usual mksh(1), GNU screen, jupp(1), lynx(1), ssh(1) toolchain.)

Delivery is expected for mid to end of 2014, but once it’s there I’ll keep you informed ☺

On that matter… I’ve got my PocketPC (currently in production use) and another WinCE device and wonder about tinkering with them, too. It appears to be a rather open platform (compared to Android, anyway) but most official documentation is tied to Windows® host systems, and most utilities have been taken offline after the abomination called Windows Phone has taken over. Hm I’ve got PocketPython and some sort of cross GCC but nothing to tinker with the core OS / ROM image…

## MirBSD in jslinux

24.11.2013 by tg@

Bochs is not the only emulator. But Fabrice Bellard wrote more than just qemu, either – tonight I did a quick hack and started booting MirBSD in jslinux. Unmodified. Of course, there are still things to change before this goes into userspace, and the bootloader wants to be ported to ECMAscript as well, but… I got some dmesg(8)!

Feel free to call me crazy now. Anyway, more on this as time and legalese permits. This was a can-do test in about 2 hours of work, only.

## FrOSCon 2013, or, why is there no MirBSD exhibit?

23.08.2013 by tg@

FrOSCon is approaching, and all MirBSD developers will attend… but why’s there no MirBSD exhibit? The answer to that is a bit complex. First let’s state that of course we will participate in the event as well as the Open Source world. We’ll also be geocaching around the campus with other interested (mostly OSS) people (including those we won for this sport) and helping out other OSS projects we’ve become attached to.

MirOS BSD, the operating system, is a niche system. The conference on the other hand got “younger” and more mainstream. This means that almost all conference visitors do not belong to the target group of MirOS BSD which somewhat is an “ancient solution”: the most classical BSD around (NetBSD® loses because they have rc.d and PAM and lack sendmail(8), sorry guys, your attempt at being not reformable doesn’t count) and running on restricted hardware (such as my 486SLC with 12 MiB RAM) and exots (SPARCstation). It’s viable even as developer workstation (if your hardware is supported… otherwise just virtualise it) but its strength lies with SPARC support and “embedded x86”. And being run as virtual machine: we’re reportedly more stable and more performant than OpenBSD. MirBSD is not cut off from modern development and occasionally takes a questionable but justified choice (such as using 16-bit Unicode internally) or a weird-looking but beneficial one (such as OPTU encoding saving us locale(1) hassles) or even acts as technological pioneer (64-bit time_t on ILP32 platforms) or, at least, is faster than OpenBSD (newer GNU toolchain, things like that), but usually more conservatively, and yes, this is by design, not by lack of manpower, most of the time.

The MirPorts Framework, while technically superiour in enough places, is something that just cannot happen without manpower. I (tg@) am still using it exclusively, continuing to update ports I use and occasionally creating new ones (mupdf is in the works!), but it’s not something I’d recommend someone (other than an Mac OSX user) to use on a nōn-MirBSD system (Interix is not exactly thriving either, and the Interix support was only begun; other OSes are not widely tested).

The MirBSD Korn Shell is probably the one thing I will be remembered for. But I have absolutely no idea how one would present it on a booth at such an exhibition. A talk is much more likely. So no on that front too.

jupp, the editor which sucks less, is probably something that does deserve mainstream interest (especially considering Natureshadow is using it while teaching computing to kids) but probably more in a workshop setting. And booth space is precious enough in the FH so I think that’d be unfair.

All the other subprojects and side projects Benny and I have, such as mirₘᵢₙcⒺ, josef stalin, FreeWRT, Lunix Ewe, Shellsnippets, the fonts, etc. are interesting but share few, if any, common ground. Again, this does not match the vast majority of visitors. While we probably should push a number of these more, but a booth isn’t “it” here, either.

MirOS Linux (“MirLinux”) and MirOS Windows are, despite otherwise-saying rumours called W*k*p*d*a, only premature ideas that will not really be worked on (though MirLinux concepts are found in mirₘᵢₙcⒺ and stalin).

As you can see, despite all developers having full-time dayjobs, The MirOS Project is far from being obsolete. We hope that our website visitors understand our reasons to not have an exhibition booth of our own (even if the SPARCstation makes for a way cool one, it’s too heavy to lift all the time), and would like to point out that there are several other booths (commercial ones, as well as OSS ones such as AllBSD, Debian and (talking to) others) and other itineries we participate in. This year both Benny and I have been roped into helping out the conference itself, too (not exactly unvoluntarily though).

The best way to talk to us is IRC during regular European “geek” hours (i.e. until way too late into the night – which Americans should benefit from), semi-synchronously, or mailing lists. We sort of expect you to not be afraid to RTFM and look up acronyms you don’t understand; The MirOS Project is not unfriendly but definitely not suited for your proverbial Aunt Tilly, newbies, “desktop” users, and people who aren’t at least somewhat capable of using written English (this is by design).

Tags: work debian

Actually, there’s “link” (also “hardlink”) and “symbolic link” (short “symlink”). (Oh, and reparse points, but let’s not get there, lest we mention *.lnk files…)

Inspired by a posting on the klibc mailing list.

## SSD

Tags: work debian

Following the Wiki I put “discard” entries into my fstab(5) for swap (but not / as it’s suggested to use fstrim instead, and I had noatime for /boot and relatime for / already) and changed the scheduler. What wasn’t written there was to set vm.swappiness=0 in sysctl.d/local.conf *shrug* but it helps.

What they also didn't mention:

mount -t tmpfs swap /var/cache/apt/archives

And in sid, which my dayjob-laptop is running, APT _finally_ creates the missing “partial/” subdirectory itself. Thanks!

I had the filesystems already created, so I changed the ext options with tune2fs:

tune2fs -E stride=1024,stripe_width=1024 /dev/sda2 # 1 KiB blocks: /boot
tune2fs -E stride=256,stripe_width=256 /dev/sda4   # 4 KiB blocks: /

I wonder how well that works. I also did _not_ manage to find out my device’s flash block size (search engine fodder: erase block size), so I assumed 1 MiB (also used for partition alignment already) as worst-case scenario. Input welcome on how to find *that* out.

## mksh/Win32

18.07.2013 by tg@

Michael Langguth and Scalaris AG asked me to publish the mksh/Win32 Beta 14 source and binary archive, and it is with joy I’m doing this.

### Checksums and Hashes

• RMD160 (ports/mksh-w32-beta14.zip) = 0dc8ef6e95592bd132f701ca77c4e0a3afe46f24
• TIGER (ports/mksh-w32-beta14.zip) = 966e548f9e9c1d5b137ae3ec48e60db4a57c9a0ed15720fb
• 1181543005 517402 /MirOS/dist/mir/mksh/ports/mksh-w32-beta14.zip
• MD5 (ports/mksh-w32-beta14.zip) = b57367b0710bf76a972b493562e2b6b5

Just a few words on it (more in the README.1st file included): this is a port of The MirBSD Korn Shell R39 to the native WinAPI; it’s not quite got the full Unix feel (especially as it targets the Weihenstephan unxutils instead of a full Interix or Cygwin environment) but doesn’t need a full POSIX emulation layer either. It’s intended to replace MKS ksh and the MKS Toolkit. Source for the compatibility library is also included under The MirOS Licence; we aim at publishing it as OSI Certified Open Source Software like mksh itself. (There is a situation with dlmalloc/nedmalloc being resolved, and the icon is derived from the BSD dæmon which is a protected unregistered trademark, but we’re not Mozilla and allow distro packages to keep using it ☺) Rebasing it on a newer mksh(1) followed by (partial) integration into the main source code is a goal.

Have fun trying it out and hacking on it. It’s currently built with -DMKSH_NOPROSPECTOFWORK (so coprocesses and a few other minor things won’t work), but a SIGCHLD emulation is being worked on – but if you want to help out, I’m sure it’s welcome, just come on IRC or post on the mailing list, and I’ll forward things to Michael as needed. Reports on testing with other toolchain and OS versions are also welcome.

## MirWarm

07.07.2013 by tg@
Tags: debian fun

Time for more neighbours’ cat posts, apparently. It’s warm, so the cat’s sleeping outside. Not disturbed by much.

Me envious. Too warm to go to the ice salon (bike’s in repair, car’s hot enough to boil eggs on it, public transport not better).

## Send Alt-SysRq-* to virt-manager guest using virsh

Tags: work debian

virsh send-key guestname KEY_LEFTALT KEY_SYSRQ KEY_H

This doesn’t work in virt-manager, but the virsh CLI tool is just fine.

PS: zerofree rocks! And can be installed in Grml 2011.05 just finely.

## Fun with ssh pubkey auth

Tags: work debian

Okay, so imagine this: you just generated an SSH RSA key and threw its public part on system B into ~foo/.ssh/authorized_keys and its private part on system A into ~bar/.ssh/id_rsa but can’t login. Why?

Automated processes (Jenkins *cough*) often need you to ssh(1) manually once, to accept the remote host’s server key. Do that.

The id_rsa file on system A must be owned by the user bar and chmod 0600 or 0400 (similarily, the .ssh directory has strict permission checks, and everything in the path until there). Check those.

And, the most surprising one of the day: if there’s an id_rsa.pub it will be used for offering a key to the remote host (B) even if it does not match the secret key. Deleting A:~bar/.ssh/id_rsa.pub apparently makes OpenSSH generate the public part from the secret key each time (or just put the correct pubkey there), but if one’s there, it seems to like to use them. (That was the only part of this post that was news to even me, of course ☺)

And, as bottom line: hello to Planet Debian from “mirabilos at work”, too. I’ll occasionally tag posts so they show up here, if I think they’re of interest, since I’m doing Debian work at the dayjob, too.

## Current slow period

26.06.2013 by tg@

Just in case someone wonders… I haven’t found any time and “head capacity” to hack recently; $dayjob leaving me sucked dry, with the weather also playing in, etc. but neither did I disappear nor do I intend to drop anything planned. Sorry for keeping even medium and more severe bugs open for such a long time (several weeks by now, for some); recently I was assured my response time – especially for an Open Source volunteer – is very good still, even if I find it lacking sometimes. mksh, as one specific thing to mention here, will get an R47 release RSN™ (i.e. as soon as I get around to do it) which could be labelled R46b too (except I like integer version numbers more), it will (that’s a promise) be bugfix-only and ought to be dropped into any place that’s currently shipping R45 or R46, at the very least (and maybe R44 too, and no older versions should be around at all anyway). Note that me beginning to catch up the TODO list, like today’s cvs(1) upload to Debian, shall not be taken as a sign of me being back (just that I found myself to tackle something). It did take way too long, it’s 22:15 localtime already again, and I had planned to catch up on my leisure reading a bit this evening (damn…) but, well. At least I managed to put in some outdoor fun (to be exact, visiting some more waypoints) too (though I expect this weekend to be scary and it’s definitely underplanned ☹ – but who knows, maybe it’ll be great fun, and wbx@ and my biggest little brother are both a backup plan each.) Also toying a bit with BOINC again (MirBSD of course, and, this time, some spare CPU capacity at work, which did lead to detecting a hardware/system bug/malconfiguration, even!) prodded by the second (found!) and third (not found… yet) installment of a WCG LC. ## Waypoint Statistics 08.06.2013 by tg@ I’ve finally gotten around to listing all Waypoints (Geocaches, Opencaches, Closedcaches, Earthcaches, Terracaches including Locationless, Navicaches, etc.) I’ve found a box, enjoyful, educating, a good place to hide one myself, etc. and putting up a list and, of course, generate my own statpic. I’ll put them up for the other project members, too (already made a picture for gecko2@ but bsiegert@ still needs one; we also need to collect offline lists of found, owned and attended waypoints)… A bit of background story: I decided, years ago, to have an offline list of cache finds in case something would happen. Just, I had found way too many already, so this was a huge bit of work. Oh well… I of course procrastinated, and then something did happen (Opencaching wanting to force a Restricted Commons licence; me disagreeing and suggesting a change; some trigger-happy person immediately deleting my account without waiting for the discussion or the decision period to end; weeks of forum discussions; Opencaching allowing dual-licencing; them telling me they can’t restore my data – probably never heard of databa…sorry, MySQL backups). And I still didn’t have the list. Now I do; recreated even the OC information from what was still accessible and with help from one OC supporter (“mic@”, thanks); merged caches that are co-listed on several platforms, etc. (still need to put in the FTF/STF/TTF/4TF/LTF and voting/favourites information) and a statpic, all in Open Source and Open Data, in cvs(1) with mksh(1) and… a… frontend for libgd2 I admit, but we had been using that for the MirWebsite for a while already. I suggest every geocacher keep an offline or local record of all their finds (and hides and attended logs) for things like this, in case some platform decides to… let’s say, “put your data into the cloud… where it is? I don’t know”. ## DynDNS 20.05.2013 by tg@ Tags: archaeology debian Apparently (hi Zhenech, found on Plänet Debian), a Man does not only need to fork a child, plant a tree, etc. in their life but also write a DynDNS service. Perfect for opening a new tag in the wlog called archæology (pagetable.com – Some Assembly Required is also a nice example for these). Once upon a time, I used SixXS’ heartbeat protocol client for updating the Legacy IP (known as “IPv4” earlier) endpoint address of my tunnel at home (My ISP offers static v4 for some payment now, luckily). Their client sucked, so I wrote on in ksh, naturally. And because mksh(1) is such nice a language to program in (although, I only really begun becoming proficient in Korn Shell in 2005-2006 or so, thus please take those scripts with a grain of salt, I’d do them much differently nowadays) I also wrote a heartbeat server implementation. In Shell. The heartbeat server supports different backends (per client), and to date I’ve run backends providing DynDNS (automatically disabling the RR if the client goes offline), an IP (IPv6) tunnel of my own (basically the same setup SixXS has, without knowing theirs), rdate(8) based time offset monitoring for ntpd(8), and an eMail forwarding service (as one must not run an MTA on dynamic IP) with it; some of these even in parallel. Not all of it is documented, but I’ve written up most things in CVS. There also were some issues (mostly to do with killing sleep(1)ing subprocesses not working right), so it occasionally hung, but very rarely. Running it under the supervise of DJB dæmontools was nice, as I was already using djbdns, since I do not understand the BIND zone file format and do not consider MySQL a database (and did not even like databases at all, back then). For DynDNS, the heartbeat server’s backend simply updated the zone file (by either adding or updating or deleting the line for the client) then running tinydns-data, then rsync’ing it to the djbdns server primary and secondaries, then running zonenotify so the BIND secondaries get a NOTIFY to update their zones (so I never had to bother much with the SOA values, only allow AXFR). That’s a really KISS setup ☺ Anyway. This is archæology. The scripts are there, feel free to use them, hack on them, take them as examples… even submit back patches if you want. I’ll even answer questions, to some degree, in IRC. But that’s it. I urge people to go use a decent ISP, even if the bandwidth is smaller. To paraphrase a coworker after he cancelled his cable based internet access (I think at Un*tym*dia) before the 2-week trial period was even over: rather have slow but reliable internet at Netc*logne than “that”. People, vote with your purse! ## mksh R45 released 26.04.2013 by tg@ The MirBSD Korn Shell R45 has been released today, and R44 has been named the new stable/bugfix-only series. (That’s version 45.1, not 0.45, dear Homebrew/MacOSX packagers.) Packagers rejoice: the -DMKSH_GCC55009 dance is no longer needed, and even the run-time check for integer division is gone. Why? Because I realised one cannot use signed integers in C, at all, and rewrote the mksh(1) arithmetics code to use unsigned integers only. Special thanks to the people from musl libc and, to some lesser amount, Natureshadow for providing me with ideas what algorithms to replace some functionality with (signed shell arithmetic is, of course, still usable, it is just emulated using unsigned C integers now). The following entertainment… tg@blau:~$ echo foo >/bar\ baz
/bin/mksh: can't create /bar baz: Permission denied
1|tg@blau:~ $doch tg@blau:~$ cat /bar\ baz
foo


… was provided by Tonnerre Lombard; like Swedish, German has got a number of words that cannot be expressed in English so I feel not up to the task of explaining this to people who don’t know the German word “doch”, just rest assured it calls the last input line (be careful, this is literally a line, so don’t use backslash-newline sequences) using sudo(8).

## pkgsrc-2013Q1 binary packages available

13.04.2013 by bsiegert@
Tags: news pkgsrc

I uploaded a full bulk build of binary packages for MirBSD/i386 corresponding to the pkgsrc-2013Q1 release. About 7,000 binary packages are available in this build, including the pkgin package manager that makes installing binary packages as easy as apt.

See the pkgsrc page for instructions on how to install pkgsrc for MirBSD. Build logs are available on S3.

## Earthcache Master (Bronze)

24.03.2013 by tg@

Since a while…

 I am a proud

On the other hand… I should probably put up my own, local, list of found caches, considering what happened to me on “Open”caching. And maybe write intros for people new to geocaching, since it’d be virtually no work now had I done it initially. (And for fanfiction readers! I wish I’d kept a list of read fics, not just of these I currently read and/or are currently unfinished.)

## pkgsrccon 2013

24.03.2013 by bsiegert@
Tags: pkgsrc

On Saturday March 23, this year's pkgsrc conference (pkgsrccon 2013) took place in Berlin. Julian Fagir organized it with unending energy, even though pkgsrc is not the primary focus of his NetBSD work. He just took matters in his hands because no one else stepped forward. A big thanks for that!

The flight from Zurich to Berlin was uneventful. It was my first flight to TXL airport (I normally arrive at SXF), and arriving there is incredibly quick and convenient compared to the latter. The terminal is very small, and it takes just five minutes to go from the plane to a bus to the city.

Now for the conference itself: we started at 12pm on Saturday with a program of talks but no fixed schedule. Due to this, the conference took a long time (we finished only at 9pm or so) but on the other hand, it allowed for lots of interesting and fruitful discussion. At no point did we have to cut a question short because of a lack of time. Overall, I think that this was an excellent choice and made the conference more useful and productive.

We were about 21 people – mostly pkgsrc developers (of course) but also a Debian Developer (Ralf Treinen, who presented his work on Mancoosi), a FreeBSD dev and some interested users. I won't give an exhaustive recollection of all talks here but simply comment on a few ones that I found particularly interesting.

The most important theme of the conference was virtualization and cloud computing. Jonathan Perkin and Filip Hajny gave a talk about their company's product, SmartOS, and how it uses pkgsrc. SmartOS is a "cloud OS" based on OpenSolaris. It boots from a read-only medium (such as a CD) into a lean system that only does the administration of all the zones that it runs. All useful work happens in zones, which are a sort of lightweight VM solution specific to OpenSolaris. The zone images include access to a very complete set of pkgsrc packages for things such as a compiler. They can also run other OSes (NetBSD!) by setting up a zone that runs KVM. Joyent runs a large public cloud with SmartOS, where customers purchase virtual machines by the hour. This is similar to Amazon EC2 but with a focus on high performance.

Hubert Feyrer gave another talk about a similar theme. He described the use of Ansible for provisioning and setting up VMs. Ansible can automatically create VMs on EC2, gather the necessary information (such as the IP address) and do various setup tasks without further user interaction. This was all very impressive, even though the live demo failed. This was for two reasons: Somebody deleted the sudo package for amd64 from the NetBSD ftp server (boo), and the i386 VM failed to come up, the kernel paniced on startup. Joerg speculated that this was due to _some_ machines in their DC not having PAE enabled, while the i386 kernel uses PAE. This was interesting, as I had noticed the very same problem when I set up the netbsd-386-bsiegert continuous builder for Go.

Amitai Schlair alias Schmonz came out in a passionate defense of the venerable pkglint. He put the source on github and started refactoring the code and adding tests. He calls this approach TED for "Test Eventually Development" ;) and advocated a similar approach for the pkgsrc infrastructure: Every time a developer takes five minutes to understand a part of the infrastructure (when making a change, for instance), he or she should write a test for it. This is a very pragmatic and doable approach, in my opinion, and we should all do this.

I gave a slightly amended version of the "Go on NetBSD" talk I had given at FOSDEM 2013. There were a lot of valuable questions and discussion, both about the language and about how to package software written in it.

Aleksej Saushev ended the day with a talk that was not in the program about the Google Code-In and the problems that developers and particularly new contributors face. If pkgsrc can get more contributors, it gets more fixes, which in turn makes it more useful to users. More usefulness leads to more users, leading to more contributors. We should do more to get into this virtuous circle. There are about five different mechanisms to build and/or deploy packages in pkgsrc: build directly with "make package", pkg_chk, pkg_comp, the old bulk build scripts and pbulk. The basic frustration that should be overcome is the following: you want to upgrade a set of packages, the old ones are removed, new ones are rebuilt, and the build fails. Rolling back is difficult in general. pbulk could be a valuable solution to this, but its standard config is heavily tailored for a different use case, and its _two_ separate pieces of documentation are contradictory, incomplete and confusing. So the talk contained a call for action to fix those minor annoyances and generally document things better, which makes it easier for everybody.

My take-home message – and my next project idea – is the following: each time that I do a MirBSD bulk build using pbulk, I have to do a lot of painful steps to set up the right build environment on all my machines. This time, I will try to automate this process with Ansible, making up the recipes as I go along, and then (more importantly) publish these recipes for others to use and to share.

## Himbeerichüechli!

04.03.2013 by tg@
Tags: twitxr

*winkt Ventilator*

Natürlich mit MirKaffee (enthält Milch, Kakao, Kaffee, Rohrzucker)!

## Too much

23.02.2013 by tg@
Tags: personal

I’ve been doing too much lately, which has led to reduced performance and enjoyment. Also I’ve not been able to work the full hours of my dayjob, reducing what I had on my overtime account. I’ll be taking a step back and try to un-load. This is my notice, I’m not explicit on where, and I’m not cancelling anything special (not even those mentioned in the next paragraphs).

I’m disappointed with Google/Nianticproject Ingress. It’s frustrating (nothing lasts; also read this posting), buggy, battery-draining, sometimes too time-consuming (especially with only GPRS) and I don’t get warm with the Android 2.3 based Cyanogenmod on the borrowed device. Using it without a big screen device having the Intel map next to you is futile. I could go into detail but won’t. I won’t stop playing, as it’s a good excuse to go outside and combines somewhat with geocaching (unless you’re trying to actually play Ingress, in which case you’ll just be walking/cycling/driving between portals at maximum speed). And there’s that connection with Liferay…

Fun is important in securing volunteer work; bugs and other random happenings (example) can drain the fun.

To end on a positive note, I’m absolutely, totally happy with mksh user and distributor feedback, including the bug reports and feature requests, how well almost all people deal with feature rejection, and the speed of integration of mksh(1) updates lately. The only thing I’m unhappy wrt. mksh is my own lack of speed regarding implementing the cool new things I’ve been, as an mksh user, waiting for because I want and even need them for some cool programs written in mksh I would love to write, so I can use them.

I’ve got roughly 350 mails in my INBOX (all read, but most of them being action items; some due… before this weekend, evilly enough, the one I’m thinking of is GnuPG/MIME encrypted, which means extra effort to read it). Just so you know. (And a couple of other things that really could use some fixing, which I can, in theory, do. And lots of requests for spending real life time with.)

I’m still reachable via eMail and IRC (mostly), will respond, will try to persuade my employer to send me to CLT 2013 next month… just, don’t deadline me right now. I’m not taking a VACation either (though I probably should, had I money).

## GNU autotools generated files

20.02.2013 by tg@
Tags: debian rant

On Planet Debian, Vincent Bernat wrote:

The drawback of this approach is that if you rebuild configure from the released tarball, you don’t have the git tree and the version will be a date. Just don’t do that.

Excuse me‽

This is totally inacceptable. Regenerating files like aclocal.m4 and Makefile.in (for automake), configure (for autoconf), and the likes is one of the absolute duties of a software package. Things will break sooner or later if people do not do that. Additionally, generated files must be remakable from the distfile, so do not break this!

May I suggest, constructively, an alternative? (People – rightfully, I must admit – complain I’m “just” ranting too much.)
When making a release from git, write the “git describe” output into a file. Then, use that file instead of trying to run the git executable if .git/. is not a directory (“test -d .git/.”). Do not call git, because, in packages, it’s either not installed or/and also undesired.

Couldn’t comment on your blog, but felt strongly enough about this I took the effort of writing a full post of my own.

(But thanks for the book recommendation.)

## How to find out when to a git repository was last committed?

Tags: work debian
git log -n 1 --all --full-history --pretty=format:'%cD'

This should™ scan all branches, take the chronologically last commit and output its committer date. Still doesn’t take into account git-receive-pack times, but we can just look at the mtime of the projectname-commits@lists.forgename mailing list for that.

## PSA: Unicode codepoints, referring to

13.01.2013 by tg@
Tags: debian rant

PSA: Referring to Unicode codepoints.

If your Unicode codepoint is, numerically, between 0 and 65533, inclusive, convert it to hexadecimal and zero-pad it to four nibbles. For example, the Euro sign € is Unicode codepoint #8364 which is 20AC hex; the Eszett ß is 223 which is DF hex, padded 00DF.
Then write an uppercase ‘U’, a plus sign ‘+’, and the four nibbles: U+20AC U+00DF
In mksh, JSON, etc. it’s a backslash ‘\’, a lower-case ‘u’ and four nibbles.

Otherwise, your Unicode codepoint will be, numerically, between 65536 and 1114111, inclusive, that is hex 10000 to 10FFFF. (There’s nothing on 65534 and 65535, nor above these figures.) In this case, convert it to hex, zero-pad it to eight nibbles and write it as an uppercase ‘U’, a hyphen-minus ‘-’ and the eight nibbles. In C-like escapes for environments supporting the Unicode SMP, that’s a backslash ‘\’, an upper-case ‘U’ and eight nibbles. Do not, in either case, use less (or more) hex digits than specified here. For example, there’s a famous Unicode codepoint U-0001F4A9 “PILE OF POO”. That’s not the same as U+1F4A9. The latter reads as U+1F4A “GREEK CAPITAL LETTER OMICRON WITH PSILI AND VARIA” and a digit 9 (Ὂ9). Be educated.

Since this wlog runs on MirBSD, which limits itself to the Unicode BMP voluntarily, and as nōn-BMP is not widespread anyway, I cannot reproduce the “PILE OF POO” here, but you can just duckduckgo it.

## on the linguistic gender of hosts, with an xz reminder

04.01.2013 by tg@
Tags: debian

Let’s start a convention: bare-metal machines have the linguistic male gender („der Computer“, he needs to be rebooted), whereas VMs have the linguistic female gender („die virtuelle Maschine“, she runs better since the last upgrade of Linux-KVM), and neutral linguistic gender is used when you cannot or do not want or need to make such distinction.
This is, of course, entirely unrelated to human gender, but not unrelated to #debian-68k (on OFTC) discussions ;-)

ObRant: DO NOT USE xz COMPRESSION LEVELS ABOVE 6! (For -7 we can make exceptions, for example in Debian *-dbg or *-source packages.) You may use -e if you absolutely need the better compression, but please think of the poor sods who have to create the archives. You must not use the highest compression levels -8 or -9 since they have absolutely insane memory requirements on compression and will still hinder machines with less RAM on decompression. (Using -e only affects CPU usage at compression time; decompression is exactly as fast and memory-consuming as without.) Furthermore, DO NOT CHOOSE A COMPRESSION LEVEL WITH A DICTIONARY SIZE MUCH LARGER THAN THE DATA TO COMPRESS, as that makes absolutely no sense and will rather worsen than improve compression. As a reminder, xz uses the following dictionary sizes:

• 256 KiB at -0 (compresses better than gzip(1) and faster than either gzip(1) or bzip2)
• 1 MiB at -1
• 2 MiB at -2 (compresses better than gzip(1) and bzip2 without losing much speed)
• 4 MiB at -3 and -4 (the difference is in the match finder between these two levels)
• 8 MiB at -5 and -6
• 16 MiB at -7 (186 MiB RAM used to compress a file)
• 32 MiB at -8 (370 MiB RAM used to compress a file)
• 64 MiB at -9 (674 MiB RAM used to compress a file)

Decompression uses less than 1 MiB more than the dictionary size, but the dictionary must always be allocated wholly. (You’re fine to use custom presets, but mind the RAM usage!) As a general rule, if you have something of up to 20 MiB to compress, -4 is fine, and -5 will only be better if you have similar data spread across the whole of the file instead of close to each other. When I make mksh distfiles, I instead put files close to each other that have related content, which improves compression much more nicely without penalising low-memory systems; for example, you could put documentation, Makefiles, scripts, m4(1) files, and C source code into groups before archiving, instead of doing it alphabetically.

Another note on bzip2: its decompression is slow. I see no reason to use it any more, at all. Use gzip(1) if you care for compatibility or have an issue with xz not having a free copyright licence, and xz otherwise.

## Not just Amigas, editors and errnos

31.12.2012 by tg@
Tags: debian mksh

mksh made quite some waves (machine translation of the third article) recently. Let’s state it’s not just Amigas – ara5 is a buildd running the Atari kernel, an emulated though. On the other hand, the bare-metal Ataris used to be the fastest buildds, so I expect we get them back online soonish. I’m currently fighting with some buildd software bugfixes, but once they’re in, we will make more of them. Oh, and porterboxen! Does anyone want to host a VM with a porterbox? Requirements: wheezy host system (can be emulated), 1 GiB RAM, one CPU core with about 6500 BogoMIPS or more (so the emulated system has decent speed; an AMD Phenom II X4 3.2 GHz does just fine). Oh, and mksh is ported to more and more platforms, like 386BSD 0.0 with GCC 1.39, and QNX 4 with Watcom… and more bugfixes are also being worked on. And let’s not forget features!

jupp got refreshed: it’s got a bracketed paste mode, which is even auto-enabled on xterm-xfree86 (though the xterm(1) in MirBSD’s a tad too old to know it; will update that later, just imported sendmail(8) 8.14.6 and lynx(1) 2.8.8dev.15 into base, more to come) and will be enhanced later (should disable auto-indent, wordwrap, status line updates, and possibly more), lots of new functions and bindings, now uses mkstemp(3) to create backup files race-free, and more (read the NEWS file).

In MirBSD, Benny and I just added a number of errnos, mostly for SUSv4 compliance and being able to compile more software from pkgsrc® without needing to patch. This is being tested right now (although I should probably go out and watch fireworks in less than a half-hour), together with the new imports and the bunch of small fixes we accumulate (even though most development in MirBSD is currently in mksh(1) and similar doesn’t mean that all is, or worse, we were dead, which we aren’t). I’ll publish a new snapshot some time in January. The Grml 2012.12 also contains a pretty up-to-date MirBSD, with a boot(8/i386)loader that now ignores GUID partition table entries when deciding what to use for the ‘a’ slice.

## Der heilige… Frieden?

15.12.2012 by tg@
Tags: debian politics

(Apologies for putting this on Planet Debian, but it says the one or other non-English post is okay as long as it’s an exception. I feel I need to reach more people with this, but don’t feel like translating this into English right now.)
Update: Tanguy asked for a short English summary: it’s me ranting against the rioting against muslims and the call for more CCTV surveillance after a possible bomb was found at the train station.

In Bonn herrscht immer noch „Bombenstimmung“, wenn man z.B. auf die Webseite der Lokalzeitung schaut – von dem Amoklauf in Connecticut, über den sich im IRC gewunder wird, ist immer noch nichts zu sehen, dafür wird fleißig wider „Islamisten“ gehetzt.

Ich finde das besorgniserregend, muß doch jetzt jeder Angehörige des Islams fürchten, verfolgt oder benachteiligt zu werden. Das reizt doch erst recht zum Gegenschlag, bei dem dann auch Menschen, die absolut nicht mit der hier vorherrschenden Meinung und Politik übereinstimmen, getroffen werden können.

Ich persönlich habe kein Problem mit Menschen anderen Glaubens oder anderer Weltanschauung, solange wir friedlich miteinander leben können. Ich teile eure Unzufriedenheit mit dem herrschenden Staat, der immer weitergehenden Überwachung, Unterdrückung von Leuten, die nicht dem vorherrschenden Menschenbild entsprechen (egal an welchen Kategoriën), und bitte die, die dies lesen, nochmal nachzudenken, bevor sie etwas tun, was hinterher Unschuldige trifft oder gar in „friendly fire“ ausartet.

Hat eigentlich wer die in Bad Godesberg ausgegebenen Koran-Bücher sich mal angeschaut? Als ich davon las, war ich ja zugegebenermaßen neugierig, weil ich vom Koran leider eher wenig kenne, weiß aber nicht, wie neutral oder eben nicht die Übersetzung gehalten ist. Anhand dessen, was ich bereits mitbekam, sollte das eher friedlicher sein als was durch spätere Theologen festgelegt wurde – wie ja auch zum Beispiel im Christentum, aber über die Horrorepisoden der christlichen Kirche will ich jetzt auch nicht mich auslassen, in der Hoffnung, daß auch diese sich mit den Jahren gebessert hat. (Ist nur halt das Problem mit den Leuten, die die „alten Hetzparolen“ jetzt noch verbreiten. Ist wie im Netz mit den Groupies von Theo de Raadt, die noch asiger zu Leuten sind als er selber.) (Außerdem muß man ja befürchten, durch Besitz eines Korans schon vorverurteilt zu werden heutzutage *seufz*… ich finde das nicht gut!)

Update (ich vergaß): auch der Ruf nach mehr Videoüberwachung ist nur Panikmache. Das geht nur zu Lasten des Normalbürgers. Vielleicht lassen sich noch Kleinstdelikte wie Taschendiebstahl damit abschrecken, aber gerade diese Bomben und dergleichen sind doch oft von Leuten, die vor Konsequenzen keine Angst haben, organisiert. Die werden dann maximal Märtyrer. Ich wiederhole nochmal für die Politiker und die ganz langsamen unter den Lesern: Überwachung verhindert keine Straftat.

Update 11.01.2013: Mittlerweile hat auch Fefe was dazu.

## Call for Participation: BSD developers’ room at FOSDEM 2013

10.12.2012 by bsiegert@
Tags: news

There is one week left to submit your talk proposals for the BSD devroom at FOSDEM 2013. We still have quite a few slots open, so do not be shy! See the original announcement below:

FOSDEM 2013 will take place on February 2-3, 2013, in Brussels, Belgium. Just like in the last years, there will be both a BSD booth and a developer's room (on Sunday).

The topics of the devroom include all BSD operating systems. Every talk is welcome, from internal hacker discussion to real-world examples and presentations about new and shiny features. The talks will be 45 minutes including discussion. Feel free to ask if you want to have a longer or shorter slot.

If you want to do a talk, please submit your proposal to

and include the following information:

• The title of your talk (please be descriptive, as titles will be listed with ~400 from other projects)
• A short abstract of one to two paragraphs
• A short biography introducing yourself
• Links to related websites/blogs etc.

The deadline for submissions is December 17, 2012. The talk committee, consisting of Daniel Seuffert, Marius Nünnerich and Benny Siegert, will consider the proposals. If yours has been accepted, you will be informed by e-mail within one week of the submission deadline.

## Collision resolution in open addressing hashtables

07.12.2012 by tg@
Tags: debian

Before we begin, everyone should read up on hashtables and what open addressing / closed hashing is. The context is lines 111‥190 of Python’s Objects/dictobject.c as of today (so we get the line numbers straight).

(I’ve reworded this wlog entry a bit; I originally wrote it too late at night for it to read coherent.) Basically, I’ve got an application where I’d like to use a hashtable for a number of things – not as generic as Python, and with focus on small footprint. I’d like to offer associative arrays in a scripting language, where the keys are always arbitrary byte strings excluding NUL. Also, I’d like to use the hashtable as backend for indexed arrays, where the keys are uint32_t and the usual use case is sequential. Finally, I’m using it for several internal tables, such as a list of keywords, one of builtins, one of special variables, etc. which is a reason for me to not use a self-balancing binary tree as data structure (reading further below might suggest that, but getting a sorted list of hashtable keys is not the focus, though not unimportant).
My questions on this are:

① Why is the shift on perturb done after its first use? In my experiments (using 32-bit width everywhere), for the pathological case of an 8-element (i = 3) table with three entries 0, 0x40000000 and 0x800000000, the “second round” yields 1 for all three, so it cannot have to do with the upper bits. My lookup looks like:

mask = 2ⁱ - 1;
j = perturb = hash(key);
goto find_first_slot;

find_next_slot:
j = (j << 2) + j + perturb + 1;
perturb >>= PERTURB_SHIFT;
/* FALLTHROUGH */

find_first_slot:
if (!match(entry)) goto find_next_empty_slot;


This means that my first check is always the bare hash (so “only do it if needed” is no reason) and, since I’m using gotos, I could just move the perturb >>= PERTURB_SHIFT; line before the line recalculating the next j to use. This seems to make more sense, even in the face of Python. (I actually looked at the Python file’s comments again today because I thought to use a different resolution, but they have a good rationale for using the multiplication by 5.)

② Why can’t we just use i as the PERTURB_SHIFT? Sure, this changes a shift-right by a constant, which can possibly be encoded as immediate value in assembly (unless you’re on a pre-80186, which can only do SHR AX,1 and SHR AX,CL but not SHR AX,4, but that’s outside of mksh’s scope) into a right-shift by a variable, but i is already known, and I think the behaviour is better (it wouldn’t eat any bits; assume the same 8-entry hashtable and pathologic keys 0, 8 and 16). Again: who do I think I am to go against the wisdom of the Python people, who seem to have shed more thought on this than everyone else I saw, asked, read about (including Spammipedia). That’s why I’m asking here. On that reference: I don’t support spammers or people nagging for donations or premium accounts, like Xing and Groundspeak/Geocaching.COM, at all. In fact, I urge others to do the same, so it really hurts them; it may be their business model, but not if they spam me. Besides, OpenCaching.DE exists.

Another thing is: to avoid CVE-2011-4815, I’m randomising the hash used, with one “seed” value per hashtable, changed before a resize operation. I originally thought to seed it with nonzero, but then I have to rehash on hashtable resize, so I’ll be XORing the final hash value instead (thanks ciruZ for the idea). I’m thinking of omitting that for indexed arrays, as an attacker almost certainly cannot determine the keys there. (To directly use the indexed array keys, which are already uint32_t, as hashes makes using i from ② even more important.) The hash I’m using is a modified Jenkins one-at-a-time called NZAAT: it’s my new generic standard nōn-cryptographic hash, and the changes are thus: while adding a byte, another increment of the hash is done (so NUL counts), and the finaliser got prefixed with the shift-left-add+shift-right-xor sequence of the adder (but not adding any value or the +1), to get best avalanche for all bytes. I actually compiled several versions of Hash.cs on a Windows® VM at work to analyse the original one-at-a-time and all of my modifications; these turned out to be the simplest ones (I originally had added 0x100 instead of 1, but the effect was the same, and +1 is usually cheaper on most CPUs).

Also, to avoid people being able to get to the seed, a user will always get only a sorted list of hashtable keys (numeric for indexed arrays, ASCIIbetically otherwise; see also my thoughts on JSON from the previous wlog entry). What algorithm do I use? For strings, comparisons are much more expensive, so I’d like to keep them low. Memory use is also a factor; allocating one large(r) block is better than many small ones due to the pool allocator overhead and due to portability to ancient Unicēs (which is another reason for me to use a hashtable which is a small struct plus an array of pointers, and then pass the list of keys as array of string pointers, instead of a tree). For both reasons, I’m thinking a relatively simple MergeSort: I need to allocate the result array anyway, so I can just get two and free the one that isn’t the end result, and it’s AFAICT the cheapest on comparisons other than Tree Sort (which nobody really seems to use, and which would effect to using a balanced binary tree again). Since keys are unique, stability and duplicate handling is never an issue. I’d like to use only one algorithm and one data structure, not a combination, as compactness is a design goal.

Please drop your thoughts on Freenode, e.g. by /msg MemoServ send mirabilos your text here or per eMail to the domains debian, freewrt or mirbsd, which are organisations, with the localpart tg. Or just contact me as usual, if you’re already acquainted. Or lookup 0xE99007E0. Thanks in advance! (Especially, Python Developers’ thoughts are welcome.)

## Proposed extensions to the JSON specification

01.12.2012 by tg@
Tags: debian

The following proposal extends the JSON specification, with the idea of using JSON as an information interchange format, rather than just a way of writing certain ECMAscript values. They do not add anything but only restrict valid JSON content and encoders with some rationale.

First of, I’d like to remind everyone, including JSON’s author, that JSON is case-sensitive, except in the four hexdigits after a backslash-u sequence in a String.

Second, I’d like to remind everyone that JSON is not binary-safe. No way around that, it implements Unicode (actually, 16-bit UCS-2, and it doesn’t guarantee that UTF-16 surrogates are correctly paired) text. I also consider only UTF-{8,{16,32}{B,L}E} valid encodings for JSON. (No PDP endian, either. Sorry, guys.)

For my first proposal, I’d like to point out CVE-2011-4815 which was about overflowing hashtables. The obvious fix is to randomise the hash per hashtable; to ensure this doesn’t leak, we sort ASCIIbetically the keys of an Object in the encoder. (Using Unicode is good here – we can just sort the keys as UTF-8 strings by their uint8_t value or as Unicode (UCS-2 or even UCS-4 or UTF-16) strings by the codepoints.) JSON was never preserving the order of elements in an Object anyway so we make it standardised (we still accept any order, and, when parsing, in collision cases, the later value wins). This also helps diffs.

For my second proposal, I’d like to forbid \u0000, \uFFFE, \uFFFF in strings. The first because many implementations use C strings, and for an information interchange format this is better; it also has security implications to allow NUL in a string. The other two, but not unpaired UTF-16 surrogates (as ECMAscript uses UCS-2 and got UTF-16 only later) because they’re not valid Unicode; JSON was not binary-safe already so why bother. Among other benefits, this also helps implementations.

For my third proposal, I’d like to agree that implementations should impose a nesting depth limit that may be user-defined, and in the face of which, cyclic checking may be ignored by an encoder. I emit nesting depth overflows as literalnull; might also throw an error. Since I was asked, the common “standard” value is to restrict nesting depth is 32, unless the user specified one. (I also saw 8, but 32 WFM pretty well.) Most seem to use it even if it may seem low at first. Only specialised applications probably need more, and they can always pass a value.

For my forth proposal, backslash-escape U+007F‥U+009F always. It may upset humans, editors, databases, etc. (This paragraph is newly added, after some IRC discussion.)

All these do not permit anything that wasn’t accepted to be accepted afterwards. I’ve got a fifth proposal which changes acceptance rules – but only for a subset of parsers: formally JSON is defined in ECMA-262 as industry standard that, in contrast to RFC 4627, always allowed any Value as top-level element of a JSON text. I’d like to make it so, and ignore the RFC’s requirement for it to be an Object or Array. Even so, the first two characters (after the BOM, if any) of a JSON text always are in the non-NUL 7-bit ASCII range, allowing for encoding detection. (This is done by the NUL octet pattern in the first four octets.)

JSON has only taken off because it’s a tightly defined simple format that can be used “everywhere” and isn’t too awful for humans (escaping not needed for U+0020‥U+D7FF and U+E000‥U+FFFD after all, although I’d also take the C1 control characters out, see my forth proposal above). I’ve started to use a trailing comma in indexed and associative arrays in code I write at work, when the array values are one a line, to help version control systems to do their diffs, but refrain from asking for a JSON extension to permit that in order to not endanger compatibility any (no comment needed, it’s just not worth it), but I’d like my above proposals to be followed by implementators (and I’m one of them).

Some more discussion with Jonathan pointed out that JSON5 allows for trailing commata in Object and Array; IMHO the only feature of it that is not bad or outright harmful. I’ll probably keep from accepting them because, on their own, they’re not that useful, and I usually would run JSON texts, even configs, through a parser/encoder roundtrip to pretty-print them which would lose them anyway.

As for binary-safeness: probably best to just use base64 and let the outer layers worry about compression. The data is usually unrelated to the JSON-encoded structure, and even if it’s related to other data the base64 representation is usually similar (unless misaligned).

Update 02.12.2012 – Wrong I was about the first two characters: “"€"” is a valid JSON text. Still possible to peek at four octets and determine the encoding by ordering the tests; updated my notes.

## PostgreSQL #FAIL – Handarbeit nötig!

Tags: debian work

PostgreSQL hatte vor kurzem ein Problem, und zwar in der Version 9.1.5, welches zu Datenkorruption führen kann. Ist in der Version 9.1.6 (und 9.2.1) gefixt. Dummerweise muß aber jede Datenbank, die auch nur einmal mit 9.1.5 gestartet wurde, gefixt werden, weil es sonst zu Datenkorruption kommen kann.

Schlimmer: die kaputte Version 9.1.5 wird aktuell mit precise-security in Ubuntu ausgeliefert und war für ca. ein Dutzend Tage in wheezy!

Nach dem Upgrade auf 9.1.6 gestaltet sich das Fixen wie folgt, als Superuser:

• Die /etc/postgresql/9.1/main/postgresql.conf editieren: die Konfigurationseinstellungen (ggfs. erst hinzufügen) vacuum_freeze_table_age = 0 und vacuum_cost_delay = 50 setzen
• Die Datenbank stoppen: /etc/init.d/postgresql stop
• Prüfen, ob ps ax | fgrep postgres wirklich nix mehr zurückliefert
• Die Datenbank starten: cleanenv - /etc/init.d/postgresql start
• Ggfs. alle Anwendungen, die PostgreSQL (dauerhaft) benutzen, wie apache2 (Evolvis) und tomcat6 (Domisol) neu starten
• Zum Systemuser wechseln – su - postgres – und vernünftige Sprache auswählen: Debian export LC_ALL=C.UTF-8 Ubuntu export LC_ALL=C
• Alle Indicēs regenerieren: reindexdb -a
• Staubsaugen: vacuumdb -F -z -a (optional noch mit -v zum mehr (zu viel) sehen)
• Den PostgreSQL-User wieder verlassen: exit
• Die beiden Konfigurationsänderungen von oben wieder rückgängig machen
• Falls gewünscht, die Änderungen aktivieren: cleanenv - /etc/init.d/postgresql reload

Ich hab’ das mal für alle EvolvisForge- und tarent-activity-Maschinen gemacht, aber eure Desktops und so aktualisiert ihr bitte selber, wenn auch nur die Chance besteht, daß mal ein 9.1.5 oder 9.2.0 installiert war!

## Go on NetBSD

12.10.2012 by bsiegert@
Tags: golang

Starting today, I am running continuous builders for Go on NetBSD/386 and NetBSD/amd64. Both are running fine, so Go is now (semi-officially) supported on NetBSD. You need at least version 5.99.51 or, even better, a NetBSD-6.0 release candidate. In addition, the latest Go release (1.0.3) does not have the NetBSD support, so you must build from source on tip.

Go 1.1, which is expected for January 2013, will support NetBSD on x86 officially.

## Source Code Pro

12.10.2012 by bsiegert@

There are a lot of monospaced fonts or “programmer’s fonts” available these days. Personally, I like neither the default “sans” that is generally used in Gtk applications nor the default monospace font in Mac OS X, Menlo. Both fonts are very similar, as Menlo is based on Bitstream Vera Sans.

Now, Adobe has just released an excellent monospaced OpenType font, called Source Code Pro, as open source. The fonts can be directly downloaded from their SourceForge page.

(Of course, if you are into non-antialiased fonts, nothing beats the “fixed” font included with X.)

## pkgsrc-2012Q2 binary packages available

12.08.2012 by bsiegert@
Tags: news pkgsrc

Packages for pkgsrc-2012Q2 are now available on ftp.NetBSD.org. They have been built for MirBSD-current on i386. This time, there is notably a much larger selection of software for X11, due to a successful build of gtk+2. All in all, there are about 6300 packages available.

## Latest MirOS developments

12.08.2012 by bsiegert@
Tags: kernel jupp pkgsrc

There have been some interesting recent developments in MirBSD. As always, there has been development on mksh but tg@ is more qualified to write about this.

The kernel has also seen some improvements: bge(4) is now again included in the GENERIC kernel, and it supports some newer chips – for example the BCM5751 Gigabit Ethernet. This chip is the one in the machine graciously donated by Marc Balmer. The umsm(4) driver has been added, supporting certain 3G “surf sticks”.

There has been a new release of jupp, joe-3_1jupp21, containing several critical fixes regarding the use of uninitialized memory. It also contains a bugfix for syntax highlighting.

In pkgsrc, have been attacking the list of broken packages breaking the highest number others. The three versions of Ruby in the tree (1.8.x, 1.9.2 and 1.9.3) now build fine, as do ilmbase, blas and a few others. Fixing blas meant introducing a weird special case in libtool: Usually, MirBSD has no Fortran compiler; however, pkgsrc has f2c, which it uses as f77, confusing libtool. It actually needed a special-case entry to treat it like gcc (which it uses internally). There is also a weird failure in policykit, where an XSLT processor segfaults during the creation of one of the manpages. Maybe it hits an ulimit, I am not sure. Anyway, these fixes are now in pkgsrc-current.

10.08.2012 by bsiegert@
Tags: news

I (bsiegert@) have been interviewed by OSWorld, a Polish news site about open source software. The interview took place at FOSDEM 2012. I talk about the project, about the community and about some of the great things when using open source. Check out the video.

Read the original article (in Polish) over at OSWorld. Thanks guys!

(Update: Corrected the HTML. Again.

## Apache 2, https clients linked against GnuTLS, connection errors

16.07.2012 by tg@
Tags: debian tip work

I’ve been debugging a weird problem at work – after upgrading a complex system from lenny to wheezy, some https clients failed to connect: GNU wget and Debian’s version of lynx(1) which is linked against libgnutls26 fail. NSS applications continue to work, as does cURL; wget and lynx on MirBSD (linked with OpenSSL of course) work. Even Debian’s gnutls-cli tools from both gnutls26 and gnutls28 work. Huh. The error_log shows renegotiation problems, yet setting the new Apache 2 configuration option to “use insecure renegotiation” doesn’t help either. (The option is a total #FAIL: its only other value is “use secure TLSv1.x renegotiation”, but I don’t want/need SSL renegortiation at all, anyway.) Natureshadow told me this was a hot issue on Debianforum at the moment, yet, nobody had a clue or enough information to file a formal bugreport against (initially) apache2, as that’s what changed. I tracked it down on a new VM with no configuration otherwise, and here are my findings so others don’t run into it.

Tracking down the problem, this can be reduced to the following configuration (minimised, to show the problem) in /etc/apache2/sites-enabled/1one:

<VirtualHost *:443>
ServerName wiki-70.lan.tarent.de
RedirectMatch permanent . https://evolvis-70.lan.tarent.de/
SSLEngine on
SSLCertificateFile /etc/ssl/W_lan_tarent_de.cer
SSLCertificateKeyFile /etc/ssl/private/W_lan_tarent_de.key
</VirtualHost>


Do not mind the actual content, this is a very stripped-down demo on a not-actually-set-up-yet box.

Same is valid for the companion configuration file /etc/apache2/sites-enabled/2two:

NameVirtualHost *:443

<VirtualHost *:443>
ServerName evolvis-70.lan.tarent.de
SSLEngine on
# workaround for BEAST (CVE-2011-3389), short-term
SSLCipherSuite RC4-SHA
SSLCertificateFile /etc/ssl/W_lan_tarent_de.cer
SSLCertificateKeyFile /etc/ssl/private/W_lan_tarent_de.key
SSLProtocol TLSv1
</VirtualHost>


Turns out the BEAST workaround was at fault here: the differing SSLCipherSuites between the vhosts (on the same Legacy IP / TCP Port tuple, as we use Wildcard SSL Certificates) made Apache 2 want to renegotiate, so either commenting it on 2two or, better, adding it to 1one helped. Interestingly enough, the SSLProtocol directive did not matter (in my tests).

So, keep SSL settings synchronised between vhosts. In fact, those were already from include files, but 2two was from the “Evolvis 5” generation, whereas we added to 1one an Include of the httpd.ssl1.inc file generated by the previous releases of EvolvisForge and had not switched those legacy vhosts to the new configuration, as everything worked on lenny.

This wlog entry brought to you by the system administrators of tarent solutions GmbH and the Evolvis Project, based on FusionForge.

Update 17.05.2013 – Absolutely do not use RC4-SHA for SSL/TLS (https)! It can leak over 200 initial plaintext bytes easily. (arc4random(3) is not affected from this, especially on MirBSD, nor arc4random(9).)

## bubulle’s Cool prompt for git users with mksh

14.07.2012 by tg@
Tags: debian mksh pcli tip

Originally posted by bubulle on Planet Debian, a shell prompt that displays the current git branch, in colour on some terminals, after the current working directory. The following snippet does similar things for mksh users, except it doesn’t redefine your prompt but amend it – just throw it at the bottom of your ~/.mkshrc before that last line beginning with a colon (copy from /etc/skel/.mkshrc if you haven’t done that yet):

function parse_git_branch {
git branch 2>/dev/null | sed -n '/^\* $$.*$$/s//(\1)/p'
}

function amend_prompt_with_git {
local p q='$(parse_git_branch)' r if [[$TERM = @(xterm-color|xterm|screen*) ]]; then
if [[ ${PS1:1:1} =$'\r' ]]; then
p=${PS1:0:1} else p=$'\001'
PS1=$p$'\r'$PS1 fi q=$p$'\e[1;33m'$p$q$p$'\e[0m'$p
fi

p=${PS1%%*( )[#$]*( )}
if [[ $p != "$PS1" ]]; then
# prompt ends with space + #-or-$+ space, we can amend r=${PS1: ${#p}} PS1=$p$q$r
fi
}
amend_prompt_with_git
unset -f amend_prompt_with_git


The indirection by use of a function is not strictly necessary but allows the use of locals. I took the liberty of adding an asterisk after “screen” to match the GNU/Linux nonsense of having TERM=screen.xterm or somesuch.

## Tricks for dealing with modern-day X.org

15.06.2012 by tg@
Tags: debian pcli tip

KiBi is my hero of the day. I’ve long wondered why I couldn’t select fixed-misc as font on my workstation at the dayjob, which is running K?buntu Hardon Heroin. (Luckily, I managed to avoid upgrading to Prolonged Pain.) Now I guess that’ll work again.

My work laptop (running testing) also has got this X.org thingy. My keyboard layout now has got a grml branch (named after the person who first cursed about the insane idea of those toy-breaking boys to rearrange the keycodes) that works with it. Since Debian is marginally more sane than K?buntu, in contrast to the gnu branch I use on my orkstation, the grml branch still has Meta on the left Alt key, not Mode_switch, as it still works in uxterm, which reduces the diff between the MAIN branch (HEAD) on XFree86® and this beast.

And finally: X.org defaults to a black screen and disabled mouse pointer until an application first requests it. Totally unacceptable for evilwm(1) users, and letting people think it crashed, to boot. The Arch Linux guys found this, among others; the fix is: startx(1) users edit /etc/X11/xinit/xserverrc to add -retro behind the X, or copy the file to ~/.xserverrc and change it there:

#!/bin/sh

exec /usr/bin/X -retro -nolisten tcp "$@"  For display managers, similar files exist in /etc/kde4/kdm and related places. Update: Also, newer xterm(1) justify an update to ~/.Xresources for we can finally get rid of cut buffers, and get a blinking underline cursor to boot! On the other front, worked on Debian packaging, and upstream on pax(1) and jupp, with more things to follow (especially in mksh). Also fixed about ⅔ Linux klibc architectures and learned why I’m a BSD developer despite all the bad parts of it ☺ and fixed fakeroot with pax(1) on Hurd… incidentally in code originally designed to support the Linux pax. My dayjob’s keeping me busy, but I’ve got plans to run mksh(1) through Sonar, in addition to the static code analysēs done by (once again, thanks!) Coverity (commits to mksh pending) and Clang/LLVM scan-build. Uhm, what can I say more, grab me in IRC if you need it. Ah, and some other mksh things coming up that may be of interest to people needing to support legacy scripts. ## MirBSD goes webservice – manpages and WTF‽ 19.05.2012 by tg@ Tags: debian mksh news pcli tip While wtf(1) always has been a bit central to MirBSD, and the acronym database has been accessible by CVSweb, what we never had was a DAU compatible (and shellsnippets compatible) lookup. This has now changed: the above link to the acronyms file is a persistent link to its latest version (well, latest when the website was last recompiled), tooltips may very well follow soon, and we’ve got an online WTF lookup service. Contributions to the acronym database are welcome, of course; just eMail them to tg＠mirbsd．org. Not to stop there, our online HTML manpage search is also new, shiny, and should replace the “!mbsdman” DuckDuckGo hash-bang shortly. (Both of these services offer a DDG search as fallback. Note that DDG is an external service included herein by linking, under their request to spread it, and not affiliated with The MirOS Project. They do, however, donate some advertising money to Debian.) For all those who didn’t know: only manpages for software in the MirOS BSD base system and for the MirPorts Framework package tools are listed, not for third-party applications installable using ports or, recently, pkgsrc®. Still, if you want to have a peek at a modern classic BSD’s documentation, you’re welcome. (Not to mention content like re_format(7) and style(9) and that some of our documentation is much more legible than others.) And because writing all that perl(1) made me ill, not to mention I don’t even know that language, I’ve hacked a bit more in the mir﻿make(1) and mksh(1) parts of the MirWebsite, finally implementing pointing out where in the navigation sidebar the visitor currently is. We also have exciting mksh porting news involving RT trying a larger number of ancient platforms than I dare count, me fixing bugs in Linux klibc and diving into other things, learning more about why I consider me lucky for hacking a BSD operating system… sorry, I want to keep this short as it’s mostly an announcement. The MirWebsite source code is, of course, also available. Improvements welcome. Except for these three CGIs, our website is fully statically precompiled, and that’s a good thing. Please help in making the CGIs secure. ## blog @ TNF 20.03.2012 by bsiegert@ So now I am even posting over at TNF on blog.NetBSD.org. Julian Fagir made new NetBSD flyers, and I committed them to the TNF website. I know that I should write more here but there is not much new on the MirBSD front. I updated the showcase to NetBSD-6_BETA on the Dom0, and now X refuses to start. Oh well. X does start when using a GENERIC kernel. This is very bad for showcase use, of course :(. pkgsrc is going into freeze very soon, and I did not do a whole lot of MirBSD fixes this time around. This is due to illness, searching for a new job, and working on the Go programming language, which is expected to hit version 1.0 Real Soon Now(TM). I brushed up my Algorithms and Data Structures a bit by reading the third volume of TAOCP. Fantastic book. ## FOSDEM 2012: “pkgsrc on MirBSD” 05.02.2012 by bsiegert@ Tags: event pkgsrc This weekend, the FOSDEM 2012 took place in Brussels. We gave away DVDs with the latest MirOS BSD snapshot and about 3 GiB of binary packages for pkgsrc. I gave a talk entitled “pkgsrc on MirBSD”. It gives a short introduction to both MirBSD and pkgsrc and details how we managed to get MirBSD supported as a platform, including some details on the new-developer process at the NetBSD foundation. The slides are now available on slideshare or as a PDF for download. — The showcase is doing strange things. The NetBSD-current kernel panics reproducibly when the network card, an alc, does not have a link. Thus, I put it on a switch with no other connection to “fix” the problem. Furthermore, I have a half-finished pkg_rolling-replace on the NetBSD side; various things now give Memory Errors, including running xfce4-session. Oh well. WindowMaker to the rescue … I am planning on redoing the setup on this machine anyway, once NetBSD-6-alpha will have been branched. I would also like to use LVM to set up the partitions for the Xen domains, to avoid going through a vnd(4) device. ## Today's piece of Unix history 22.01.2012 by bsiegert@ Courtesy of Rob Pike on Google+ and Richard Kettlewell in the comments: In Plan 9 and Research Unix, rm(1) also removes empty directories. Why doesn't it in Unix? In V7 Unix, only privileged users could unlink() a directory. Thus, rmdir(1) was a setuid executable. rm(1) actually called rmdir(1) via fork()+exec() in its recursive mode. Of course, there were some bugs in rmdir ... ## Clone a disc with progress indicator 05.01.2012 by tg@ Tags: debian pcli tip On MirBSD and other sane OSes, you can just press ^T (Ctrl-T) when dd(1) runs; this sends it a SIGINFO (cf. sigaction(2)) which asks it to display (progress) information to the tty. This includes kFreeBSD, btw. Update 07.01.2012 – this also works on Hurd. Linux neither has SIGINFO nor (cooked mode tty) support for it. There’s also pv: dd if=/dev/mapper/vg01-${customername}--hudson bs=1048576 | \
pv -pter -B 1048576 -s 85899345920 | \
xz -0 >/mnt/ci-${customername}-snap-20120105-lenny.img.xz  I used this At wOrk today to back up a Jenkins VM before upgrading its underlying operating system for evaluation. Here, the -s flag is the total size (in bytes; don’t forget to multiply by 1024 when reading from Linux’ /proc/partitions) so pv can calculate a total and an ETA; -B is the same as bs; and xz is the currently best compressor to use, in any situation, unless you must stay compatible to gzip(1)-only systems. (Except that it’s not under an Open Source licence.) clpbar might also be worth looking into. XTaran points out sid has this as bar. PSA: Last of June, 2012, will be a leap second. ## Quick! A webserver! 04.01.2012 by bsiegert@ Tags: golang tip If, like me, you occasionally want to transfer some files via http—like the sets for a MirOS installation—but are much too lazy to set up apache, here is a simple web server in nine lines of Go: package main import ( "log" . "net/http" ) func main() { Handle("/", FileServer(Dir("."))) log.Fatal(ListenAndServe(":8080", nil)) }  It simply exports the current directory via http on port 8080. Neat! ## MirBSD-current snapshot uploaded, some things gone 28.12.2011 by tg@ Tags: news snapshot What’s going on in MirOS Project land? Other than all developers being buried in dayjob work, of course… (sorry for that, guys; even tg@ has now succumbed to an ever-growing backlog but will be back, some time) tg@ uploaded a new MirBSD-current/i386 snapshot (20111228) plus a full set of HTML manpages for all architectures (so they all are in the new amber style), and redid the usual combined i386+sparc cdrom10.iso Midi-ISO as well as the netboot.me kit. Older binary packages may no longer be supported: the old libgcc_s DLL is no longer provided in fixes10.ngz, and it may be time to reduce the amount of packages in MirPorts to concentrate on those worth the effort and receiving enough care. Thanks to bsiegert@’s amazing work, the pkgsrc® kit of anno 2007 could finally be deleted. The page about pkgsrc® on MirOS describes instructions to use instead. At some point, we may release a binary bootstrap kit along with the snapshots as set ready for pickup by the installer. No MirGRML based on the latest Grml 2011.12 release will be made. We’ll be investigating a possible solution for a flavour of the popular GNU/Linux OS to accompany full Triforce Live CDs in the future (for now, we’ll keep the old MirGRML 2009.10 on them). We hope to be able to return to investing more spare (heh…) time into development some time. For now, we apologise for the slowed down development and reaction even in important subprojects such as mksh. Occasionally, they do have updates, e.g. the latest Jupp/Win32 release, or fixes in CVS. ## pkgsrc-2011Q3 binary packages for MirBSD-current 18.12.2011 by bsiegert@ Tags: pkgsrc news This is a very late announcement. Binary packages for pkgsrc-2011Q3 are now available on ftp://ftp.netbsd.org/pub/pkgsrc/packages/MirBSD/i386/10uAE_2011Q3/. The repository contains 5330 packages built on MirOS-current. Any MirOS BSD version from 2011 should work. The packages are self-contained in /usr/pkg: The VARBASE has been set to /usr/pkg/var, and the package database is in /usr/pkg/db. This matches the MirPorts defaults and facilitates using pkgsrc and MirPorts side by side. In this quarterly release, the new default for MirBSD is to use “modular” X11, i.e. install Xorg libraries and programs as packages instead of using the system X libs. This improves the compatibility with many newer programs, which expect for example that the X libraries have pkg-config files. This should not change anything for the user, however. For more information on how to use these packages, consult the pkgsrc page on mirbsd.org or the relevant section of the pkgsrc guide. ## Jenkins und die APT-Repositories Ⅱ Tags: work debian As reported earlier (in “Jenkins und die APT-Repositories” part 1) we’ve got some kind of Jenkins/APT integration, with automatically generating as many repositories as a job desires. News are that the builds host has moved, so the URIs to the repositories have changed. The new syntax is https://ci-something.lan.tarent.de/ for the Jenkins ⇒ “deb https://ci-something-debs.lan.tarent.de/jobname/ distribution suite …” and currently only usable in the company-internal network. We’ve also got some more magic mksh code to automate the entire process – check the code out from SCM (required, as Jenkins’ svn checkouts are broken), build a Debian source package, NEW! ask cowbuilder to compile it in a clean chroot environment, and call mvndput.sh for APT repository publication. Sample projects are ci-evolvis/virtualscreen (git) and ci-dev/portal-setup (svn). Talk to me if you have any questions. This allows for a one-line “run a shell command” build step! Everybody else is, of course, invited to take and re-use our code, and maybe even improve upon it and submit that back. It’s all Open Source, after all. tl;dr Jenkins Jobs now have integration with cowbuilder. There’s a new script to automate the whole build pipeline. The APT repositories have moved with the recent move. ## Those small nice tools we all write 22.11.2011 by tg@ Tags: debian mksh news pcli release This is both a release announcement for the next installment of The MirBSD Korn Shell, mksh R40b, and a follow-up to Sune’s article about small tools of various degrees of usefulness. I hope I don’t need to say too much about the first part; mksh(1) is packaged in a gazillion of operating environments (dear Planet readers, that of course includes Debian, which occasionally gets a development snapshot; I’ll wait uploading R40c until that two month fixed gcc bug will finally find its way into the packages for armel and armhf). Ah, we’re getting Arch Linux (after years) to include mksh now. (Probably because they couldn’t stand the teasing that Arch Hurd included it one day after having been told about its existence, wondering why it built without needing patches on Hurd…) MSYS is a supposedly supported target now, people are working on WinAPI and DJGPP in their spare time, and Cygwin and Debian packagers have deprecated pdksh in favour of mksh (thanks!). So, everything looking well on that front. I’ve started a collection of shell snippets some time ago, where most of “those small things” of mine ends up. Even stuff I write at work – we’re an Open Source company and can generally publish under (currently) AGPLv3 or (if extending existing code) that code’s licence. I chose git as SCM in that FusionForge instance so that people would hopefully use it and contribute to it without fear, as it’s hosted on my current money source’s servers. (Can just clone it.) Feel free to register and ask for membership, to extend it (only if your shell-fu is up to the task, KNOPPIX-style scripts would be a bad style(9) example as the primary goal of the project is to give good examples to people who learn shell coding by looking at other peoples’ code). Maybe you like my editor, too? At OpenRheinRuhr, the Atari people sure liked it as it uses WordStar® like key combinations, standardised across a lot of platforms and vendors (DR DOS Editor, Turbo Pascal, Borland C++ for Windows, …) ObPromise: a posting to raise the level of ferrophility on the Planet aggregators this wlog reaches (got pix) ## Geocaching-Literaturverlosung in Franken 29.10.2011 by tg@ Tags: geocache Es gibt eine Literaturverlosung im Themengebiet Geocaching auf dieser Geocaching Franken Seite. Man kann dort zwei Fachbücher „Geocaching – GPS-Freizeitspaß für Abenteurer” und zwei Exemplare der Zeitschrift „Outlife“ zu ebendiesem Thema gewinnen. Nun hoffe ich natürlich, einen Gewinn zu reißen, gerade weil ich der Meinung bin, dies als stolzer Opencacher (und damit meine ich das echte OpenCaching-Netzwerk und nicht den billigen, ungepflegten Garmin-Ripoff (OC.COM alias OXnnnnn), der vor einiger Zeit eine feindliche Übernahme des guten Namens versucht hat). Stets im Kampf gegen diese, die unseren Sport zu kommerzialisieren versuchen mit Premiummitgliedschaften bei GC.COM; gekauften Anwendungen für Windows®, um ihr Profi-Navi besser bedienen zu können; und dergleichen. Außerdem hoffe ich, hierduch einen besseren Einstieg in die Rätselcaches, die mir bisher, durch Mangel an Kontakten in der Geocacher-Stammtischrunde (fühle mich dort ein wenig wie ein Windows®-Nutzer beim Linuxstammtisch…), sich nicht erschlossen. Außerdem bin ich gerade, auf Basis der OC.de-Karte, an einer „MirKarte“ am basteln, die einfach nur eine Google-und-OSM-Karte, die auch in älteren Browsern wie Opera 9 funktioniert, ist (relativ statisch, aber mit einigen Features wie der supergenialen Anzeige der Koordinaten unterm Mauszeiger). Bin noch nicht fertig, da ich mein ECMAscript erst auffrischen muß und auch die Maps-API-Dokumentation nochmal lesen will, aber immerhin. (Außerdem mag ich minimalen Code, und was ich bisher habe ist bloated. Und buggy.) Vielleicht weiß man auch meine Beiträge zu den ganzen Open Source Projekten zu schätzen? (maps.geocaching.de scheint down zu sein, und weder die neue neue noch die neue alte GC.COM-Karte tun im Opera… somit kann ich im Moment sowieso, von CacheWolf und Umkreissuche mal abgesehen, nur nach OC-Caches Ausschau halten.) So, dann mal Gruß nach Franken aus der Eifel. Ich werde auch den Franken, die ich kenne, den GAV-Button nahelegen. ## benz’ wedding, fun before 24.10.2011 by tg@ Tags: debian event fun My dear MirBSD co-developer Benny did not only get his Doctor title but also recently married. There will be another post detailing this, including better photos of the two Doctors and the cake (with a Dæmon she made herself) on the wlog, but this is some fun beforehand: Apparently, it is forbidden in France to drive GPL cars. (Without safety valve – but you have to admit the picture was fun. And we were like ＷＴＦ？ since the thing actually meant is LPG in German. Just like UTC is CUT (Coordinated Universal Time) in English, TUC (Temps Universel Coordonné) in French…) I’m also working on improving our xterm(1) and GNU screen config, and other things. Explaining acronyms on our webpages is also coming some time. Benny is importing weird stuff from TNF for better pkgsrc® support, so there is activity. Just we’ve got dayjobs and a life… and mksh(1) still rocks (pdksh got orphaned in Debian today). ## eMail 06.10.2011 by tg@ Tags: debian pcli rant tip Would MTAs please stop sending hi-bit7 messages to other MTAs which do not advertise 8BITMIME! Recode it to QP or BASE64, damnit! The receiving MTA is entitled to strip the set bit7, which kinda makes things hard to read (while I know how to deal with blvde Stra_e, the advent of UTF-8 makes that blC6de StraC?e, introduces C0 control characters and makes typographic quotation marks into NUL-containing octet sequences (as their UTF-8 representation contains 0x80 octets) which let every sensible MDA terminate the line there). I even filed in the Debian BTS against the BTS (might be Drexim's fault, though). Would MUAs please default to Quoted-Printable! And mail hosters should use the same server when retrying delivery, to benefit greylisting. Or at least publish a list of outgoing IPv4 addresses they use for sending. Or use IPv6. Oh, and STARTTLS, while we are on my wishlist. It's a sad day when the percentage of correctly encoded eMail messages in my INBOX is smaller than that of my Spambox... ## Improvements welcome 30.09.2011 by tg@ Tags: debian tip No I don’t really know any SQL. In fact, even at vocational school, where we focussed on database normalisation anyway, I tried hard to avoid the topic. Feel free to access here my entire knowledge about SQL ☺ (I did use Amaya, Arena and Arachne though. Liked only Arachne out of these three, and then, only under DOS, not its Unix version. Maybe the WWW could be named AAA instead? But then, lynx(1) is the one true browser…) Ah, well. While at it… the entirety of my Perl knowledge is here: perltoc(1) with quick links to perlfunc(1). The entirety of my (X)HTML and ECMAscript knowledge, DE: SELFHTML; although, the spec and DTD helped; and to write my notes on JSON, I took a peek at the formal ECMAscript spec as well… à propos, does anyone know a (good enough) indent(1) equivalent for ECMAscript, as I am trying to strip down some, inherited (GPL, yes) code for a hobby project, but Geo-people seem to produce illegible code? ## pkgsrc frozen 20.09.2011 by bsiegert@ Tags: pkgsrc So the pkgsrc tree has been frozen in preparation for the 2011Q3 release. I managed to sneak in a few interesting commits just after the deadline *cough*. Firstly, Python 2.6 and 2.7 now build fine. The corresponding Python bug was marked wontfix though—even though it only touches six lines or so. Apparently they have a policy not to support what they call “marginal platforms” even when people submit them patches. Compare to perl, where more changes were required, but they were all committed upstream, and all new releases support MirBSD out of the box. The second change concerns X11. Many new packages want to have X11R7 and/or xcb libraries, which our X11 does not provide. Thus, after a some discussion on tech-pkg, I switched the MirBSD platform to modular X libraries. This means that libX11 etc. are built as packages inside pkgsrc instead of relying on /usr/X11R6. If you already use pkgsrc, you might need to recompile X11-using packages after this change, or use pkg_rolling-replace. Incidentally, I had to fix a few bugs in libX11 ;). The final thing concerns the texlive packages, which should all be working now. They were using pax -rw to copy files around without creating the destination directory first. This is an error condition in paxmirabilis, and it should also be elsewhere. For example, pax in Darwin accepts it although the manpage says otherwise. Strange. ## MirBSD online manpages major facelift 14.09.2011 by tg@ Tags: debian news pcli snapshot Our MirBSD online manual pages and other assorted BSD documentation (except of course the merely copied ncurses, lynx etc. documentation and the texinfo generated HTML pages) has just gained a major facelift. They look alike in lynx(1) – best web browser ever – and less(1)/man(1) now, and remind of a DEC VT420 on a CSS capable Buntbrause. Thanks to our contributor XTaran for aid with the colour scheme! Since these are generated from catmanpages, heuristics are used for things like where should bold/underline begin/end (since nroff(1) is not always the brightest… but working on that), and hyperlinks can only be generated for other manpage references (whose targets may or may not exist, for example if they aren’t part of MirOS base/XFree86®). But on the other hand, Valid XHTML/1.1 and CSS speaks for itself ☻☺ ## Cat weather 04.09.2011 by tg@ Tags: debian fun Another cat posting, about 100 KiB worth of images embedded so follow to the main article to read it, I don’t want Planet readers to suffer from traffic overuse. Hot and humid (it’s rained a bit overnight, but has almost dried up quickly) seems to be cat weather. I went to buy breakfast at the local bakery when three cats lay around the house door in a half circle – my two black friends from the last posting and their human can opener’s third owner. When I came back I wondered whether the small guy wanted to travel: The big guy has hidden indoors, but needed only very little coaxing to head back outside in a measured speed: The car’s owner arrived when I closed the door behind that cat, and not only did the little guy jump off… but also did the third cat… get out from under the car. Huh… ## Saturday Noon Cat wlog-entry-writing 03.09.2011 by tg@ Tags: debian fun geocache As written about here earlier, cats have a nice life. I walked into my home seeing three cats in a row, all black: two lazing around, the third (with white spots, and belonging to a different neighbour from the other two) ambulating. I went up and got my PocketPC with the already mentioned camera application to take a shoot. Sadly, the more shy cat went away, but I got some pictures of the other two – here they are, internet photo stars ☺ follow the hyperlink to get a large version. Later I came back from geocaching (2 GC.COM-only, 1 OC-only *yay!* found, one not found due to not taking any hardware with me) the bigger guy lazed around in the bush next to where I usually park my bike. Lucky… ## MirOS BSD users portrait – polarhome, Sweden 03.09.2011 by tg@ Tags: news Zoltan Arpadffy has let us know that he has set up a MirBSD installation at polarhome in Stockholm, to aid its “purpose [to] serve the healthy part of the already, rather badly MS infected Universe - and MirOS is definetevly on that part”. He wrote that “MirBSD is a very nice easy to use BSD system”, thanking us with “gratitude and respect for developing a such a nice OS”. He also sent a list of things he ran into while installing (although we can guess some of them are related to using VirtualBox, which is not at all supported, as base) so we can fix them, and offered help, e.g. in adding ports of software they use. Well, Zoltan, you’re definitively welcome ☺ polarhome.com is non commercial, educational effort for popularization of shell enabled operating systems and Internet services, offering shell accounts, mail and other online services on all available systems (currently on Linux, OpenVMS, Solaris, OpenIndiana, AIX, QNX, IRIX, HP-UX, Tru64, SCO OpenUnix, UnixWare, FreeBSD, OpenBSD, NetBSD, DragonFly BSD, MirBSD, Ultrix and OPENSTEP). Well guys, talk to us – we know we have one to several hundred users world-wide but don’t really get a lot of feedback (so we assume you like it). ## Subversion for Dummies (or visitors of the #cvs IRC channel) 01.09.2011 by tg@ Tags: debian fun rant Oh well – someone came into the #cvs channel on IRC without a clue, again. I’ve made a nice picture to show “the competition” (rival, whatever) to newbies (warning, sarcasm ahead)… SCNR. But trying to “cvs co” a websvn repository view… honestly! Yes, I’m biased. And known to be proud of the things I use. ## FrOSCon 2011, Day 0 and 2 27.08.2011 by tg@ On Day 0, we were at my favourite Jugoslawian restaurant, and during eating and verpeiling, Andi took some pictures: Take special note of the fun expressions everyone has… Day 2, nothing of note at the conference itself – according to Jana, the only interesting talk (that tcpdump(8) GUI) was cancelled, and everything else was PHP and Web 2.0 crap. The food also was different, at least what I got, from Day 1. But it wasn’t as hot as on the previous day, and we did more socialising. I also managed to get the MirBSD ISO distributed some more. Then I took my fellow DDs Enrico and madamezou geocaching for their first time, together with benz; they then took a Travelbug I found on Day 1 (with rsc) to Italy so it’ll end up in Rome, a next step on its mission. Other rarely-seen people, such as Dr. Pfeffer, made an appearance, but overall the second day was quite relaxed. Ah, and Benny is a Doctor in Germany now as well. On Monday, I slept quite a bit ☺ ## Netsplit – so let’s answer in the wlog 26.08.2011 by tg@ Tags: debian pcli security 14:31⎜*<* Signoff: XTaran (*.net *.split) … doesn’t prevent me from telling him… 14:39⎜<mira|AO> XTaran: n̲i̲e̲ n̲i̲e̲ n̲i̲e̲ n̲i̲e̲ n̲i̲e̲ n̲i̲e̲ n̲i̲e̲ ⎜empfiehlt man k̶i̶l̶l̶a̶l̶l̶, i̲m̲m̲e̲r̲ nur p̲k̲i̲l̲l̲! “Now playing: Monzy — kill dash” ⇒ good idea… ☺ By the way, you were probably looking for this…  -x Require an exact match of the process name, or argument list if -f is given. The default is to match any substring.  … excerpt from the pkill(1) manual page, where you can see it stems from grep(1) clearly. Yes, this website (and thus the RSS export) is Lynx on uxterm -fn -misc-fixed-medium-r-normal--18-120-100-100-c-90-iso10646-1 -fw -misc-fixed-medium-r-normal-ko-18-120-100-100-c-180-iso10646-1 on XFree86® optimised. Your browser might not do combining. ## FrOSCon 2011, Day 1 20.08.2011 by tg@ Built the ISO [torrent link deleted 2014-05-13] in the morning, today. Finally. Whew. It was much too warm in the mēnsa, and why did I have to get up so early anyway? Real Conferences™ don’t start before 10 o’clock, and there are no sensible activities before 11 o’clock anyway… Talked to a lot of people, introduced my favourite Fedora Packager to Geocaching. Now my throat is sore and I’m tired. Social Event was not my case, as usual. (And even the vegetarian food now costs money as opposed to, I think, two years ago.) At least dry and not too loud. Still, best thing of FrOSCon is the Friday Evening Jugoslawian Food Mealtime ;-) ## New MirBSD/i386 NetInstall snapshot 18.08.2011 by tg@ Tags: news snapshot Almost ☺ in time for FrOSCon there’s a new binary snapshot of MirBSD-current (10uAF-20110818) compiled, right now waiting for me to do the usual post-compilation work of preparing the cdrom and floppy images for serial console, signing and uploading. Of course, the online manpages will be updated then as well. The snapshot will, as usual, end up on the mirrors, i.e. We’ll also have it with us at FrOSCon. Maybe on CDs, but on a laptop ready for netboot and netinstall is a promise. Update 20.08.2011 – we’ve got an ISO: • MD5 (MIRB0818.ISO) = 805c4a34bae523ef5d838e79ecdcdad8 • RMD160 (MIRB0818.ISO) = 93df98d24b2d877502e7be8af580907311d2d8cc • SHA1 (MIRB0818.ISO) = 6dacb045675184c06a00401357a0a510dd3e6edb • SIZE (MIRB0818.ISO) = 727711744 • TIGER (MIRB0818.ISO) = ff0c145b93988c306530963fd881ad7972d5eb2d2e0ce298 • BitTorrent download is [no longer, 2014-05-13] available ## How not to create DEB files 18.08.2011 by tg@ Tags: debian Once upon a time, there was Deb and Ian. That was about exactly 18 years ago. We don’t talk about the 0.939000 format any more, but they eventually settled on: $ ar rc pkg_1.0_all.deb debian-binary control.tar.gz data.tar.gz
$hexdump -C pkg_1.0_all.deb | head 00000000 21 3c 61 72 63 68 3e 0a 64 65 62 69 61 6e 2d 62 |!<arch>.debian-b| 00000010 69 6e 61 72 79 20 20 20 31 33 31 33 36 38 33 35 |inary 13136835| 00000020 32 39 20 20 31 30 30 36 20 20 32 30 30 20 20 20 |29 1006 200 | 00000030 31 30 30 36 34 34 20 20 34 20 20 20 20 20 20 20 |100644 4 | 00000040 20 20 60 0a 32 2e 30 0a 63 6f 6e 74 72 6f 6c 2e | .2.0.control.| 00000050 74 61 72 2e 67 7a 20 20 31 33 31 33 36 38 33 35 |tar.gz 13136835| 00000060 32 39 20 20 31 30 30 36 20 20 32 30 30 20 20 20 |29 1006 200 | 00000070 31 30 30 36 34 34 20 20 31 33 39 31 20 20 20 20 |100644 1391 | 00000080 20 20 60 0a 1f 8b 08 00 00 00 00 00 00 03 ed 59 | ............Y| 00000090 eb 6f db 36 10 f7 d7 f0 af b8 3a 5e 9b 74 b1 f5 |.o.6......:^.t..|  By then, systems were a.out(5), and everything was good. (Of course, if you look at the mtimes, you’ll notice I faked this. But it’s really equivalent to the real thing. But oh horror! GNU binutils, not always everyone’s friend, switched from using BSD style “Unix Archiver” libraries in ar(1) to SYSV style libraries on elf(5) systems: $ ar rc on-elf debian-binary control.tar.gz data.tar.gz
$hexdump -C on-elf | head 00000000 21 3c 61 72 63 68 3e 0a 64 65 62 69 61 6e 2d 62 |!<arch>.debian-b| 00000010 69 6e 61 72 79 2f 20 20 31 33 31 33 36 38 33 35 |inary/ 13136835| 00000020 32 39 20 20 31 30 30 36 20 20 32 30 30 20 20 20 |29 1006 200 | 00000030 31 30 30 36 34 34 20 20 34 20 20 20 20 20 20 20 |100644 4 | 00000040 20 20 60 0a 32 2e 30 0a 63 6f 6e 74 72 6f 6c 2e | .2.0.control.| 00000050 74 61 72 2e 67 7a 2f 20 31 33 31 33 36 38 33 35 |tar.gz/ 13136835| 00000060 32 39 20 20 31 30 30 36 20 20 32 30 30 20 20 20 |29 1006 200 | 00000070 31 30 30 36 34 34 20 20 31 33 39 31 20 20 20 20 |100644 1391 | 00000080 20 20 60 0a 1f 8b 08 00 00 00 00 00 00 03 ed 59 | ............Y| 00000090 eb 6f db 36 10 f7 d7 f0 af b8 3a 5e 9b 74 b1 f5 |.o.6......:^.t..|  Can you spot the difference? Of course, ELF is what you want™, so there is little choice. Unix Archiver libraries are system dependent, and no format has ever been normed, but DEB files use it as format… so what is one to do? $ GNUTARGET=a.out-i386-linux ar rc with-aout \
> debian-binary control.tar.gz data.tar.gz
$md5sum pkg_1.0_all.deb with-aout on-elf 248f78d42f8ca8f2a3560f9800b2bf01 pkg_1.0_all.deb 248f78d42f8ca8f2a3560f9800b2bf01 with-aout 09eca70c9b11b6b55bbadcab5c3201fb on-elf  “OK, and what do I do on my Debian/m68k system?” ar(1) uses bfd, and GNU binutils can not only forcibly set the target emulation but also show them:  debian_m68k$ ar -h 2>&1 | grep '^ar: supported targets' ar: supported targets: elf32-m68k a.out-m68k-linux elf32-little elf32-big plugin srec symbolsrec verilog tekhex binary ihex trad-core debian_i386$ar -h 2>&1 | grep '^ar: supported targets' ar: supported targets: elf32-i386 a.out-i386-linux pei-i386 elf32-little elf32-big elf64-x86-64 elf32-x86-64 pei-x86-64 elf64-l1om elf64-k1om elf64-little elf64-big plugin srec symbolsrec verilog tekhex binary ihex trad-core debian_i386$ ar -h 2>&1 | grep '^ar: supported targets' # binutils-multiarch ar: supported targets: elf32-i386 a.out-i386-linux pei-i386 elf32-little elf32-big elf64-alpha ecoff-littlealpha elf64-little elf64-big elf32-littlearm elf32-bigarm elf32-hppa-linux elf32-hppa elf64-x86-64 elf32-x86-64 elf64-l1om elf64-k1om elf64-ia64-little elf64-ia64-big pei-ia64 elf32-m68k a.out-m68k-linux coff-m68k versados ieee a.out-zero-big elf32-tradbigmips elf32-tradlittlemips ecoff-bigmips ecoff-littlemips elf32-ntradbigmips elf64-tradbigmips elf32-ntradlittlemips elf64-tradlittlemips elf32-powerpc aixcoff-rs6000 elf32-powerpcle ppcboot elf64-powerpc elf64-powerpcle aixcoff64-rs6000 aix5coff64-rs6000 elf32-s390 elf64-s390 elf32-shbig-linux elf32-sh-linux elf32-sh64-linux elf32-sh64big-linux elf64-sh64-linux elf64-sh64big-linux elf32-sparc a.out-sparc-linux elf64-sparc a.out-sunos-big pei-x86-64 elf32-m32r-linux elf32-m32rle-linux elf32-spu plugin srec symbolsrec verilog tekhex binary ihex trad-core mirbsd_i386$ar -h 2>&1 | grep '^ar: supported targets' ar: supported targets: elf32-i386 coff-a29k-big a.out.adobe aix5coff64-rs6000 a.out-zero-big a.out-mips-little epoc-pe-arm-big epoc-pe-arm-little epoc-pei-arm-big epoc-pei-arm-little coff-arm-big coff-arm-little a.out-arm-netbsd pe-arm-big pe-arm-little pei-arm-big pei-arm-little b.out.big b.out.little efi-app-ia32 efi-app-ia64 elf32-avr elf32-big elf32-bigarc elf32-bigarm elf32-bigarm-symbian elf32-bigarm-vxworks elf32-bigmips elf32-cr16c elf32-cris elf32-crx elf32-d10v elf32-d30v elf32-dlx elf32-fr30 elf32-frv elf32-frvfdpic elf32-h8300 elf32-hppa-linux elf32-hppa-netbsd elf32-hppa elf32-i370 elf32-i386-freebsd elf32-i386-vxworks elf32-i860-little elf32-i860 elf32-i960 elf32-ia64-hpux-big elf32-ip2k elf32-iq2000 elf32-little elf32-littlearc elf32-littlearm elf32-littlearm-symbian elf32-littlearm-vxworks elf32-littlemips elf32-m32r elf32-m32rle elf32-m32r-linux elf32-m32rle-linux elf32-m68hc11 elf32-m68hc12 elf32-m68k elf32-m88k elf32-mcore-big elf32-mcore-little elf32-mn10200 elf32-mn10300 elf32-msp430 elf32-nbigmips elf32-nlittlemips elf32-ntradbigmips elf32-ntradlittlemips elf32-openrisc elf32-or32 elf32-pj elf32-pjl elf32-powerpc elf32-powerpc-vxworks elf32-powerpcle elf32-s390 elf32-sh elf32-shbig-linux elf32-shl elf32-shl-symbian elf32-sh-linux elf32-shl-nbsd elf32-sh-nbsd elf32-sh64 elf32-sh64l elf32-sh64l-nbsd elf32-sh64-nbsd elf32-sh64-linux elf32-sh64big-linux elf32-sparc elf32-tradbigmips elf32-tradlittlemips elf32-us-cris elf32-v850 elf32-vax elf32-xstormy16 elf32-xtensa-be elf32-xtensa-le elf64-alpha-freebsd elf64-alpha elf64-big elf64-bigmips elf64-hppa-linux elf64-hppa elf64-ia64-big elf64-ia64-hpux-big elf64-ia64-little elf64-little elf64-littlemips elf64-mmix elf64-powerpc elf64-powerpcle elf64-s390 elf64-sh64 elf64-sh64l elf64-sh64l-nbsd elf64-sh64-nbsd elf64-sh64-linux elf64-sh64big-linux elf64-sparc elf64-tradbigmips elf64-tradlittlemips elf64-x86-64 mmo pe-powerpc pei-powerpc pe-powerpcle pei-powerpcle a.out-cris demo64 ecoff-bigmips ecoff-biglittlemips ecoff-littlemips ecoff-littlealpha coff-go32 coff-go32-exe coff-h8300 coff-h8500 a.out-hp300hpux a.out-i386 a.out-i386-bsd coff-i386 a.out-i386-freebsd a.out-i386-lynx coff-i386-lynx msdos a.out-i386-netbsd i386os9k pe-i386 pei-i386 coff-i860 coff-Intel-big coff-Intel-little ieee coff-m68k coff-m68k-un a.out-m68k-lynx coff-m68k-lynx a.out-m68k-netbsd coff-m68k-sysv coff-m88kbcs a.out-m88k-mach3 a.out-m88k-openbsd mach-o-be mach-o-le mach-o-fat coff-maxq pe-mcore-big pe-mcore-little pei-mcore-big pei-mcore-little pe-mips pei-mips a.out-newsos3 nlm32-alpha nlm32-i386 nlm32-powerpc nlm32-sparc coff-or32-big a.out-pc532-mach a.out-ns32k-netbsd a.out-pdp11 pef pef-xlib ppcboot aixcoff64-rs6000 aixcoff-rs6000 coff-sh-small coff-sh coff-shl-small coff-shl pe-shl pei-shl coff-sparc a.out-sparc-little a.out-sparc-linux a.out-sparc-lynx coff-sparc-lynx a.out-sparc-netbsd a.out-sunos-big sym a.out-tic30 coff-tic30 coff0-beh-c54x coff0-c54x coff1-beh-c54x coff1-c54x coff2-beh-c54x coff2-c54x coff-tic80 a.out-vax-bsd a.out-vax-netbsd a.out-vax1k-netbsd versados vms-alpha vms-vax coff-w65 coff-we32k coff-z8k elf32-am33lin elf32-ms1 srec symbolsrec tekhex binary ihex netbsd-core  Wow. While binutils share no single supported working target, they can be built multiarch, or (on MirBSD) with --enable-targets=all --enable-64-bit-bfd. Doesn’t help if you want to stay portable: GNUTARGET=srec is common on all Debian (sid) binutils versions (single or multiarch), but errors out on older binutils. The a.out-* targets are not common. Sure, you could hack around things, but… this is tedious. If you follow things or know me a little, you might already have guessed that I wouldn’t let that stand. pax(1) to the rescue. On MirBSD, we use paxtar, which has cpio(1) and tar(1) front-ends and supports multiple formats (4 cpio and 2 tar variants) and has already been extended a lot and is lovingly called paxmirabilis (mirabilos’ peace in Latin) – it has options to anonymise archives: set uid and gid to zero, set mtime to zero, (for ustar) only write the numeric uid and gid to the archive, (for cpio formats) serialise inodes and device information, write content of hardlinked files only once (breaks partial extraction but saves a lot of space, e.g. 2 MiB off the Grml initrd.gz). And, recently, the ability to append a trailing slash to pathnames of ustar members which are directories (GNU tar does it – and I thought some Debian utilities check for it). So why not… (the -M dist and fakeroot set the uid/gid to 0) $ find debian-binary control.tar.gz data.tar.gz | \
> mircpio -oHar -Mdist >with-mircpio
$mirpax -w -M dist -f with-mirpax -x ar \ > debian-binary control.tar.gz data.tar.gz$ mirtar -M dist -A -cf with-mirtar \
> debian-binary control.tar.gz data.tar.gz
$GNUTARGET=a.out-i386-linux fakeroot ar rc with-aout-ar \ > debian-binary control.tar.gz data.tar.gz$ md5sum with-*
a466e2fd57cdee141fe585a43245548f  with-aout-ar
a466e2fd57cdee141fe585a43245548f  with-mircpio
a466e2fd57cdee141fe585a43245548f  with-mirpax
a466e2fd57cdee141fe585a43245548f  with-mirtar


Voilà. I got it, and even appending is possible. It supports the BSD format with special focus on DEB files, and deals with long filenames, but not symbol or filename tables (used by ranlib(1) or strange formats, respectively, but since we don’t create *.a files to use with some native linker/binder/loader, we don’t need that anyway).

On extraction (oh, and listing!) it deals with SYSV style filenames as well.

$mirtar tvf on-elf -rw-r--r-- 1 tg tg 4 Aug 18 16:05 debian-binary -rw-r--r-- 1 tg tg 1391 Aug 18 16:05 control.tar.gz -rw-r--r-- 1 tg tg 18135 Aug 18 16:05 data.tar.gz$ mirtar tvf with-aout
-rw-r--r--  1 tg       tg          4 Aug 18 16:05 debian-binary
-rw-r--r--  1 tg       tg       1391 Aug 18 16:05 control.tar.gz
-rw-r--r--  1 tg       tg      18135 Aug 18 16:05 data.tar.gz


One of the real benefits is that you can use the front-ends interchangably – for example, “mirtar tzf foo.cpio.gz” would work (which GNU tar can’t do), and mircpio’s ustar implementation, unlike GNU cpio’s, is not horribly broken.

Of course, there are some drawbacks: it’s not GNU tar or GNU cpio, so there are absolutely zero --long-options. Some of their features are missing (but tar’s -O is implemented now), so it’s no replacement (but very well usable alongside it). The format called pax, committee-designed to replace ustar, isn’t yet supported ironically, but that’s on the TODO.

So, what do you think?

tg@frozenfish:~/Debs/dists/sid/wtf/Pkgs/mircpio $ll *.deb -rw-r--r-- 2 tg freewrt 78140 Aug 17 11:04 mircpio_20110817-0wtf2_amd64.deb -rw-r--r-- 3 tg freewrt 72262 Aug 17 11:00 mircpio_20110817-0wtf2_i386.deb -rw-r--r-- 1 tg freewrt 67446 Aug 17 18:21 mircpio_20110817-0wtf2_m68k.deb  Should I upload this to Debian proper? As for the licence: 3-clause UCB (and 2-clause BSD, which is a subset of it), so no problem. I’m asking because the other package which I had been using for a long time and not uploaded, jupp, got uploaded recently (during DebConf) on user input (people wondered why it did not yet exist in Debian proper). I guess the old saying “if it’s not in Debian, it doesn’t exist” holds true in many parts of the OSS world. It’s up to date wrt. standards btw, and lintian-clean save for two pedantic-class warnings (no upstream changelog file, no homepage link) which aren’t fulfillable (could link this wlog entry as homepage). If you know Alioth you’re familiar with the software formerly known as SourceForge, formerly known as GForge, currently known as FusionForge. My employer both uses it and contributes to it, we run an adapted (mostly themed, prototyping new functions that often end up in FusionForge itself, and backporting functions from FF to our “production codebase”) version. I’ve backported the extratabs plugin to appease project managers and other non-technical people while we move our codebase to FF 5.1, and I did so on an installed version of the plugin rather than the source because the latter was tightly integrated with rather heavy packaging style changes. […] dh_builddeb # create fusionforge-plugin-extratabs binary package toplev=$$(pwd); cd plugins/fusionforge-plugin-extratabs; \ p=$$(print -r -- $$(sed -n '/^Package: /s///p' C/control | head -1)); \ v=$$(print -r -- $$(sed -n '/^Version: /s///p' C/control | head -1)); \ a=$$(print -r -- $$(sed -n '/^Architecture: /s///p' C/control | head -1)); \ d=$${p}_$${v}_$${a}.deb; \ rm -f $$toplev/../$$d control.tar.gz data.tar.gz; \ (cd control; find . | fgrep -v /.svn | sort | \ mircpio -oC512 -Hustar -M0x0B -Mgslash) | gzip -n9 >control.tar.gz; \ (cd data; find . | fgrep -v /.svn | sort | \ mircpio -oC512 -Hustar -M0x0B -Mgslash) | gzip -n9 >data.tar.gz; \ mirtar -M dist -Acf $$toplev/../$$d debian-binary cont*gz dat*gz; \ rm -f control.tar.gz data.tar.gz; \ cd $$toplev; dpkg-distaddfile$$d non-free/devel optional  The hardest part of extending debian/rules with that was to get the autobuild and dpkg-distaddfile call right. This works, even though I’d call it a temporary kludge. (No need to tell me I should have used && – I know. And I only shell out to mksh(1) because the “inner” part was already there from before, when I still used ar(1). This was slightly edited for the wlog.) In the meanwhile, apt-extracttemplates can deal with SYSV style filenames in DEB files – on Debian sid, but not on K?buntu hardy, which some people are using as Desktop OS still… Update 03.03.2012 – Jonathan Nieder replied quickly with a suggestion to instead take over the “pax” package in Debian. Eventually, I uploaded pax (1:20120211-1) from the former “mircpio” package to Debian, after I managed to talk to its previous maintainer Bdale Garbee (thanks for handing over). It is now present in Debian wheezy and Zubunt! precise as /bin/pax with /bin/paxcpio and /bin/paxtar offering the other interfaces. ## FrOSCon 2011 18.08.2011 by tg@ Tags: debian event grml news This year without our friends from Grml, but The MirOS Project (all two active developers and our Booth Babe gecko2@) will of course attend FrOSCon, nicknamed Froschkon, again. We’ll have a pre-event meal time at my favourite Jugoslawian Restaurant on Friday (20:00 CEST) – contact me privately for the coördinates if interested. On Saturday and Sunday we’ll staff a booth and answer questions about the many projects we have (more or less) running, including but not limited to paxmirabilis (aka MirCPIO), The MirBSD Korn Shell aka mksh(1), jupp the editor, and developers’ private projects such as slowly undermining Debian or Google-Go. While slow we are still working on World Domination. And teaching people good shell programming by example code. We might even bring CDs, but I’m still working on the ISO… last night’s build aborted because the OS grew a bit making the floppy image not fit any more. (Solution, drop ping(8) and rtsol(8), but re-add sf(4) and bce(4) now that they fit again.) ## Not a good idea… 18.08.2011 by tg@ Tags: debian fun Sometimes, when you develop WUIs (Web UI), you really have to test them against a variety of browsers, not all of which are available for the operating system installed on peoples’ desktop PCs, or working in Wine. (For theming QA, Wine is also a #FAIL, but for technical QA, MSIE 1.5, 3.0, 5.02, 5.5, 6.0 work fine, and MSIE 7.0 can be used under rare circumstances.) In these cases, you use VMs running certain operating systems. One VM had an interesting idea of which hardware you can “safely remove” a couple of days ago when I was hacking it anyway: ## 「??? ???」 • or • mira meets d-i 18.08.2011 by tg@ Tags: bug debian fun (originally published on 2011-01-26, but reposting so the people on Plänet Debian can have some fun) While helping a cow-orker setting up an encrypted hard disc (basically, putting / and swap into LVM inside cryptsetup, and /boot outside), mirabilos managed to discover an entirely new side of K?buntu 10.10 on his voyage… … wo noch nie ein Debian Developer zuvor gewesen ist… oder? (Only a reboot helped at that point. Earlier, the dialogue box was shown only once, but upon re-entry of the partitioning clickibunti d-i tool, neither button did anything save redrawing this… interesting, informative and intuitive error message.) ## Evolvis-Wikis und die Suchmaschine Tags: work (Dieses Posting wurde ursprünglich im internen Blog veröffentlicht, ist jetzt jedoch hierhin umgezogen. Firmeninterne Information wurde gekürzt, ist aber für Mitarbeiter im Mailinglistenarchiv ersichtlich.) Neues aus der Adminstube (und vom Evolvis-Team) für unsere Projektmanager: Im Rahmen der tarent-Suche werden die Wikis indiziert; dies ist natürlich nicht immer gewünscht, auch wenn die Suche nur Mitarbeitern zugänglich ist. Darum gibt es jetzt eine Möglichkeit, pro Projekt das Wiki öffentlich oder privat zu setzen. Im Moment werden nur die Wikis auf evolvis.org und dev.tarent.de indiziert, ab dem 20.06.2011 aber auch auf den Kundenevolvinēs – daher stellt eure Wikis bitte ein! Wir werden jedes Wochenende den Suchindex leeren und neu aufbauen, das heißt, zukünftige Änderungen von öffentlich auf privat werden erst in der Folgewoche aktiv! Die Einstellung betrifft den XML-Export, die tarent-Suche und die Sichtbarkeit für nicht eingeloggte Besucher. Wenn ihr die Einsicht eines Wiki vor Mitarbeitern, die keine Projektmitglieder sind, verstecken wollt, müssen wir weiterhin die Rechtefreigaben von Hand anpassen. Die aktuelle Konfiguration ist wie folgt: [… gekürzt …] ## Jenkins und die APT-Repositories Tags: debian work (Dieses Posting wurde ursprünglich im internen Blog veröffentlicht, ist jedoch hierhin umgezogen. Es sind keine sensitiven Informationen enthalten, allerdings können die Links nur im Firmennetz angesteuert werden.) Neues aus der Adminstube (und vom Evolvis-Team) für unsere Entwickler, die wir, nachdem wir die Projektmanager schon bedient haben, auch nicht zu kurz kommen lassen wollen: Wenn ihr einen Jenkins-Job habt, der Debian-Pakete (oder für Derivate) erstellt, könnt ihr ab sofort (mindestens) ein Repository pro Job haben, in dem ihr die Pakete „veröffentlichen“ könnt. Diese Repositories werden automatisch signiert, und durch tarent-keyring werden die Signaturen bereits seit Dienstag verteilt, sodaß auch SecureAPT funktioniert. Im folgenden wird die Arbeitsweise am Beispiel von Saschas WIP-Portalinstaller erklärt. Ausgangspunkt ist ein Jenkins-Job, in diesem Fall auf dem test-hudson, hier mit dem Namen „portal-setup“, der unter „Build“ den Punkt „Execute shell“ aktiv hat. Hier wird durch diverse Kommandos ein Debian-Paket (Source und Binary) gebaut, das wirklich wichtige hierbei ist folgender Ausschnitt: cd portal-setup-$pv
dpkg-buildpackage -rfakeroot -us -uc
cd ..
#rm -rf portal-setup-$pv  Der Befehl dpkg-buildpackage übernimmt das Bauen und schmeißt die erstellten Pakete (Source *.dsc und Binaries *.deb) und, ganz wichtig, die *.changes-Datei, ins Elternverzeichnis (daher die cd-Aufrufe). Nun möchte Sascha, daß diese Pakete einfach von Kollegen getestet werden, und ändert daher den Codeschnipsel so ab: cd portal-setup-$pv
dpkg-buildpackage -rfakeroot -us -uc
cd ..
#rm -rf portal-setup-$uv portal-setup-$pv

/opt/mvn-debs/mvndput.sh portal-setup squeeze main *.changes


Im ersten Teil bleibt alles beim alten, aber ein neuer Befehl ist am Schluß hinzugekommen. Was macht der?

Nun, /opt/mvn-debs/mvndput.sh ist die Magie, die unterhalb des Pfades /opt/mvn-debs ein Debian-Repository mit dem Jobnamen portal-setup anlegt. Wir publizieren Pakete in die „dist“ squeeze, und darin in die „suite“ main. Das ist hier lediglich eine Konvention; normalerweise heißt die dist so wie die Debian-Version (sarge, dapper, etch, hardy, lenny, squeeze, …), für die das Paket gedacht ist, und die suite ist eine Unterkategorie – also zum Beispiel main/contrib/non-free oder main/restricted/universe/multiverse oder wtf/tarent/evolvis (in unserem Adminrepo). Man kann die aber auch frei Schnauze nennen (ich hab zum Beispiel im m68k-Repo eine dist namens „cross“, unterhalb derer eine Cross-Toolchain liegt).

Das letzte Argument ist *.changes, was die Shell für uns expandiert: alle Dateien, die auf „.changes“ enden, werden dort (ASCIIbetisch sortiert) der Reihe nach aufgelistet.

Das Skript prüft nun zunächst die Namen und Dateien auf Plausibilität (es sind schließlich immer nur gewisse Zeichen erlaubt) und schiebt dann vermittels dput ein Release (also eine *.changes + alle drin enthaltenen *.deb + dazugehörige *.dsc, *.diff.gz/*.debian.tgz, *.orig.tar.gz, oder *.tar.gz bei native packages) ins APT-Repository und läßt danach den Index regenerieren und PGP-signieren. dput ist ein schlaues Tool, es schreibt nämlich nach getaner Arbeit eine *.upload-Datei, in welcher dieser Fakt verzeichnet wird, sodaß Pakete auch wenn man den workspace nicht jedes Mal wegschmeißt nur einmalig hochgeladen werden. (Es existiert allerdings hier kein Schutz davor, den workspace zu leeren und ein Paket mit derselben Version aber anderem Inhalt ein zweites Mal hochzuladen. Nur die Systeme, die das installieren wollen, mögen einen dann ggf. nicht mehr so gerne.)

mvndput.sh ruft nun also mvndebri.sh auf, was allerdings mehr macht als nur das Äquivalent von Debians dak oder CentOS’ createrepo. Es erstellt nämlich auch einen Index.

http://test-hudson-debs.bonn.tarent.de/portal-setup/debidx.htm heißt der Gute, und ist eine Auflistung aller Pakete nach dist, suite, Source und Binary im Repository. Weiterhin steht oben nochmal, um welches Repository es sich handelt, und welche dists und suites verfügbar sind. Der Name bildet sich aus „http://“ + Jenkins-Systemname + „-debs.bonn.tarent.de/“ + Jenkins-Jobname + „/debidx.htm“ – wenn man den Dateinamen wegläßt kann man das auch direkt als Verzeichnisstruktur anschauen.

Der Clou: die passende sources.list-Zeile steht auch schon da! (Allerdings muß man die suiten ggf. auf die, die wirklich benötigt werden, reduzieren.)

deb http://test-hudson-debs.bonn.tarent.de/portal-setup squeeze main

Das funktioniert auf allen acht Jenkins-Systemen, allerdings natürlich nur aus dem tarent-Netz heraus – dafür ohne https oder aufwendige Authentifizierung. Einfach so.

Bitte achtet darauf, den Namen des Jenkins-Jobs als erstes Argument zu mvndput.sh zu verwenden, ggf. gefolgt von einer Kennzeichnung, falls ihr mehr als ein Repo pro Job braucht (warum, weiß ich nicht, aber es geht). Da alles als maven-User läuft findet keine Abgrenzung statt.

Wenn ihr Pakete aufräumen möchtet, so loggt euch (als User maven) auf dem entsprechenden Jenkins ein und schaut auf der Verzeichnisebene nach; einen direkten Link gibt’s auch, wenn man das [dir] im tabellarischen Index anklickt, zum Beispiel http://test-hudson-debs.bonn.tarent.de/portal-setup/dists/squeeze/main/Pkgs/portal-setup/, was im Dateisystem dem Verzeichnis /opt/mvn-debs/portal-setup/dists/squeeze/main/Pkgs/portal-setup/ entspricht.

Nachdem ihr händisch Änderungen dort vorgenommen habt, müßt ihr natürlich den Index neu generieren lassen, das geht dann so:

mksh /opt/mvn-debs/mvndebri.sh /opt/mvn-debs portal-setup squeeze

Wenn ihr nicht nur eine dist angefaßt habt, könnt ihr die auch auflisten:

mksh /opt/mvn-debs/mvndebri.sh /opt/mvn-debs portal-setup hardy squeeze

Oder einfach weglassen, dann macht er alle:

mksh /opt/mvn-debs/mvndebri.sh /opt/mvn-debs portal-setup

Das ist dann auch der Unterschied zwischen dists und suites: letztere teilen sich ein Release-File, erstere nicht, nur den XHTML-Index.

So, ich hoffe, ihr findet das so nützlich wie Sascha und so arbeits- und zeitersparend wie ich ☺

PS: Der Code ist mittlerweile auch publiziert. Wer solch ein Szenario noch woanders aufsetzen möchte ist uns herzlich willkommen.

## Photos from the (inofficial) DC11 Booth Party ☺

29.07.2011 by tg@
Tags: debian event fun

The pictures are hypertext references to large versions. Of course, your photographer (me, although Samuel helped to set up the PocketPC’s camera application correctly, 10x) also had some Kruškovac ☺ (imported from Croatia into Bosnia)…

Of course we were not above closing Front Desk either ☻☺

## jupp: new release, new distro package

27.07.2011 by tg@
Tags: debian news

jupp 3.1.17 uploaded today, mostly thanks to user input suggesting I improve things, especially the syntax highlighting. (Maybe more to come.) I like users who don’t complain but give helpful comments and send in patches even.

Since the Debian FTP masters complain that the NEW queue is empty for the first time in ages, I also uploaded jupp to Debian proper (got requests, several, from actual users – independent of each other). I originally thought I were the only user, it’s not worth it, maybe too close to joe (which segfaults a lot more and has some ugly things, so I cherry-picked the better features of it instead of rebasing jupp), but it’s had a package in mports (MidnightBSD ports) for ages, users submitted one to FreeBSD® last year and keep it updated, there’s even a WIP package in pkgsrc®, and who knows where else or how many people are using my OpenSuSE Buildservice package or have had installed the previous DEB package I uploaded to my play repo. So now I feel it worth to upload.

I even invested some major packaging rework, such as splitting the build-arch and build-indep parts from each other, and importing the upstream source into the packaging VCS, as I have learned in the “packaging with git” talk here at DebConf. (No guys, I will stick to CVS as git doesn’t give me anything.)

## Бања Лука (Banja Luka)

27.07.2011 by tg@

Been hot and dry today (although the sky is now back full of dark clouds), so I had a headache most of the morning until way past noon. Better now though, and I found a place where I could get Cevapi, which are really some sort of quick imbiss / fast food here (no Đuveč pirinač though, and she didn’t have any Ajvar nor did she speak any language other than the local, but that wasn’t a problem, only a bit dry because I didn’t give in and took the offered Ketchup). Bought a 1ℓ bottle of Kruškovac (from Hrvatska, though) and some small plastic glasses, then.

I wonder how many people would, now, be willing to give Bosna i Hercegovina a try as holiday region (which might have been the intent of having a Balkan DebConf). I’m sure I do.

To all attendees: the hotel will give you some kind of stamped hardpaper card which states where you stayed on the trip, and for how long – give that to the border guards when exiting Bosnia.

## DebConf

25.07.2011 by tg@

Sitting in Бања Лука, Република Српска, Босна и Херцеговина (Banja Luka, Republika Srpska, Bosna i Hercegovina) let’s just say the country is pretty nice. People are okay, the beer is not called “Nektar” by accident, and the Mark (subunit Fennig, funnily enough) is worth 1 DM. Price niveau is below Germany (even when we had the DM) in some things, below or at modern European in others. In short, very affordable. They don’t accept paper money though, it’s really hard to get coins in most places, and they only want those. The food is okay, and my hotel is very luxurious. It’s also got LAN.

The weather is not so nice at the moment though: raining a lot, and expecting 30°C too-hot sun in two days. And there are still no Geocaches in the area.

Anyway, DebConf is going on, I’m acclimating and trying to get people, faces, nicknames and realnames connected. And accents. (And pronunciation of names – for example, Ian differs totally from what I’d use.) We even have working wire network (LAN) most of the time ;-)

We’re indeed still working on resurrecting m68k, but that’s no news. More on that later, I’d say.

## 35, a.k.a. it’s time for a blog posting again ☺

Tags: work

Evolvis 4.8.35 has been released this week. This is an amazing upgrade within the 4.8 series of development, to bridge the time gap until such time as the 5.1 series can be used.

As announced earlier, our APT Repository contains packages targetting Debian Lenny (amd64, i386), including side packages and backports needed for a standard EvolvisForge installation, add one of these lines to your /etc/apt/sources.list to use it. These packages might work on Debian squeeze, maybe even *buntu, but will probably have issues with multiarch on Debian unstable.

First the big caveat: support for old-style (Jutta Horstmann) external Wiki instances has been removed, since we migrated all Evolvis installations to use gforge-plugin-mediawiki a while ago already.

Now the big news: bug trackers (old and new) contain several predefined search queries useful for Software Engineering and Quality Assurance. There’s a new standard tracker type called “Funktionsreferenz” (functionality specification) on every newly created project. The Extratabs plugin, backported from 5.1 then enhanced, allows adding arbitrary tabs as link or IFRAME (embedding content) to any project. And the DatePicker component allows easily entering a date, or a date plus time-of-day, using an ECMAscript pop-up while also accepting simple strings, for instance from Lynx users. The format used for displaying dates can be configured in “My Account” between d.m.y, y-m-d and m/d/y; the software accepts all three formats, always, nevertheless. Furthermore, the ECMAscript DatePicker widget is available in a number of languages for all three formats – English, German (Deutsch), Spanish (Español), French (Français), Italian (Italiano), Dutch (Nederlands), Polish (Polsku), Portuguese (Portugues), Romanian (Românesc), Bulgarian (Български), Russian (Русский), Hungarian (Magyar), Norwegian (but I’m not sure if it’s Nynorsk or Bokmål).

Now the small improvements: a robots.txt file is present by default, allowing wget and asking all crawlers to slow down; system administrators may configure it (in gforge.conf) to switch to one disallowing search engine spiders. Newly created Tasks have a default duration of two weeks (standard Scrum timeframe), not one week. /usr/share/gforge/bin/scm-newsubrepo.php supports easily adding new git repositories to a project already using them.

And finally, the most important / visible bug fixes: Sorting tables in Tasks works again, and the search drop-down boxen in Tracker are now sorted. The modify task/tracker forms have more “Submit” buttons and have been slightly rearranged to improve User Experience. “Copy+Close” a task works again. Some links, labels and translations (German only) have been corrected. Project members are now added to the default mailing lists correctly, i.e. to the -discuss group always, to the -commits group if they have SCM Write permissions. Custom Tracker fields of type Checkbox no longer have the “100 None” option. Tasks do not show up on “My Page” several times now, once is enough ;-)

Last but not least, a look at the future: we’re working on our Jenkins Plugin, which we might provide for Evolvis 4.8 if it’s functioning quickly enough. We’re also working on getting Evolvis 5.1 into a usable shape, and porting all Evolvis 4.8 functionality to it. Much has been integrated in the recently released FusionForge 5.1 already. A new functionality to mark bugs as duplicate, followup or having a simple, nontyped relationship to another tracker item is being worked on, as are improvements (new items, better look’n’feel) to the “My Page”. And that’s just the big news.

A German language User’s Guide / Handbook is also being worked on. It’s a Wiki, so feel free to help ☺ (although the licence is CC-BY-NC-SA and thus non-free, sorry for that, but the software itself is GPLv2+). And as usual, there’s a full changelog and you can look at the svn revision log.

We wish you an enjoyable software development and lifecycle management, your tarent solutions GmbH Evolvis Project Team

## Progress with pkgsrc and other things

19.07.2011 by bsiegert@
Tags: pkgsrc

pkgsrc-2011Q2 has been released. This is the first release which is really usable on MirOS. Bootstrapping works without applying patches before; I updated the pkgsrc instructions accordingly. During the freeze, there were two last-minute fixes to important base packages (gmake and glib2) which did not go in before the branch was cut off. One of them (gmake) has been pulled up on my request after Alistair G. Crooks encouraged to do so.

I finally managed to get a MirOS instance running on Xen with HVM using NetBSD-current as the Domain-0. I had to compile my own DOM0 kernel to include support for the alc ethernet driver—yes, the one where I did not manage to fix the driver under MirOS. The first impression: Compilation and other CPU-intensive tasks are very fast, while I/O is quite slow. The qemu-dm process, which provides hard disk and network drivers to the DomU, seems to get congested quite rapidly. Btw, emulating an Intel Gigabit network card works very well with our em(4) driver.

To profit from the VM, I set up a bulk build with a fresh pkgsrc-2011Q2 checkout, using the pbulk framework. Technically, it looks very nice and more sane overall than a simple recursive make: there is a scan phase at the start, where a dependency tree of all packages is constructed. Then, a master process decides which package to build next. It can optionally distribute the builds over several machines at once. However, I found the documentation to be severely lacking; what’s more, the pkgsrc guide and the doc/HOWTO-pbulk file have obviously been written by persons with different approaches w.r.t. suggested directory layout etc.

I created a NetBSD slice of 55 GiB, mounted in MirOS under /pbulk, for all data relative to the bulk build and added it as a physical device in the VM configuration. However, the I/O congestion becomes worse after some time building things. The ssh connection becomes more or less unresponsive, and qemu-dm takes 100% of the Dom0 cpu. Even after stopping the build with ^Z, the hard disk is thrashing for several minutes with qemu-dm at 100% cpu, before slowly going back to normal after a few minutes. WTF? For what it is worth, the VM has 1 GiB of RAM allocated and no swap. More tuning required …

## mksh R40b; joe 3.1jupp16 and 2.8jupp2 released

17.07.2011 by tg@
Tags: debian mksh news pcli release

mksh R40b (nowadays with filled in user’s caveats (for R40, too!) and packager’s upgrade hints) has just been released. This is a should-have upgrade, fixing a number of – admittedly some obscure – bugs, changing things begun in R40, improving upon others. Thanks to the PLD Linux guys for spotting all these errors; thanks to them and phpnet.org both for adopting mksh so well.

I have also fixed a bug in nroff(1) which will lead to an even nicer looking HTML manpage mksh(1) (after the next rebuild and upload of a MirBSD snapshot – scheduled RSN).

jupp 3.1.16 took on the task of merging Debian joe changes (aiming at an upload). I also split the jupprc file into three versions (2.8 generic/DOS, 3.1+jupp and 3.7/Unix) because of the differences in the baseline executables making rc files partially mutually incompatible (think Insert key), annoyingly warning (think syntax, hmsg), or less usable (joe’s new menu system).

jupp 2.8.2 is a companion to jupp 3.1.16 – mostly because of the new help window “character map” ☺

Binaries for jupp should be updated RSN too.

Considering Banja Luka is arriving quickly, the “r” in RSN should be taken with a few grains of salt. I’ve also scheduled working on the pcc Debian package for the next future; updating lynx and maybe others like OpenSSH in MirBSD is also due; cvs(1) will receive more of my time, but before the next Upload I’d like to fix LP#12230 once verified.

Builds for Debian/m68k are also still running. I note I did in fact not manage to make a new base image, yet (but 2.6.39 kernels miss a patch, anyway, so waiting for 3.0 is ok). It’s still using gcc-4.4 because nobody tests gcc-4.6 and gcj-4.6 FTBFS due to SIGSEGV, but that’s ok in my books. rsyslog is broken but sysklogd works.

The #ksh|Freenode page finally got a well-deserved link to Planet Commandline. Throw more my way!

Acronyms and translations, too. (Got Norwegian and Rumanian covered in the meantime. No idea whether any RTL languages will work in that beast. But I’m young and need the money)

Since I’m writing a wlog entry anyway… let me thank Gunnar for a nice summary on the current Free Culture discussion; my comments on Nina’s site seem to be eaten, but let me support it fully, although, of course, I normally use a copycenter style licence, which is specifically written for general works of authorship under copyright law, not limited to software. I did in fact have that in mind. Maybe some people will like it (it’s less than one Kibibyte long) either generally or just for their everyday random musings (they can then keep CC-BY-SA for the “big works” if they so desire).

Wouter, grass background makes green headlines illegible. I’ve never liked, and never installed manually, cups either. (Benny tells me that Apple’s new version refuses to talk with a non-Apple cups, kinda defeating the whole idea I think.) Port 9100 is JetDirect (probably with an HP in front and some subset of ©®™ trailing) and just nice. (Being able to talk ESC/P with your printer like print '\033K\x07\0\x3E\x81\x99\xA5\xA5\x81\x3E' >/dev/lpa too rocks though, IMHO. Yes, mine can, and I still can. /dev/lpa is BSD.)

Kai, thanks for your vimrc lines:

:highlight TrailWhitespace ctermbg=red guibg=red
:match TrailWhitespace /\s\+$\| \+\ze\t/  Automatic removal is harmful, though – I just fell into the trap since jupprc contains needed whitespace at EOL… but manual removal (bound to ^K] in jupp) rocks. And I like that your solution uses such strong a colour – vim users are the single most represented offender group for actually leaving the redundant whitespace at EOL there, and it should hurt their eyes. (Sadly there is some vehement disagreement preventing them from inclusion in grml-etc-core – but that’s why I re-post them here.) Ah, and jupp can of course display whitespace visibly (although it uses ‘·’/‘→’, replacing the arrow with ‘¬’ if no UTF-8, not ‘»’), accessible with ^Ov. Steve, want to put up a checklist for sites? We can “crowdsource” the… testing… to maybe get some interesting results… Some other people would get more comments if they were idling in IRC (Freenode) or allow comments on their blog, specifically without too high an entrance barrier – OpenID is ok, but many other things, and ECMAscript, are not; but I can’t really say that loud because our wlog is static HTML compiled from a flat plaintext data source so it doesn’t allow such either. I often forget what I wanted to add if I can’t get it out quickly enough (especially at work). Sowwy… Me like the cat picture postings (Amayita, Tiago, ¡Gracias!). ## New releases 11.07.2011 by tg@ Tags: debian mksh You might have noticed the release of mksh R40 recently, after more than a year of development. Well, stay tuned for both R40b (with accumulated fixes) and R41 (intent to speed up array handling a lot and prepare for what we postponed to mksh R42 now – associative, multi-dimensional arrays). You should also upgrade, if you have not yet done so, to kwalletcli 2.11. Finally, jupp 3.1.15 was left out to the world, including Minix 3 users this time, by special request of one of these on our mailing list. In addition to the MidnightBSD mport – which has been there in like forever – and the MirPort and the FreeWRT package, in December 2011 a user submitted it to FreeBSD® ports, and Benny is going to add it to NetBSD® pkgsrc® soon, he said. (He also updated their mksh source package. Thanks!) I’ve been asked by two people, independent from each other, when I’ll upload it to Debian proper, instead of the private-repo packaging. Maybe I should indeed do that, comments? ## Yugoslawia, I’ll be back 11.07.2011 by tg@ • √ Agreement to pay from company • √ Going to drive with some apparently speed-loving brits • √ Registration accepted • √ Dienstreiseantrag prepared • √ Sent that beast to the office ticket queue So yes, this means I’m to what used to be Yugoslawia when I was there the last time, although in the Poreč region of Istria, Hrvatska. ## mksh R40 is out, so what now? Tags: work debian mksh R40 has been released Sunday 12nd June. So, what can you do with The MirBSD Korn Shell? Have a look at the collection of shell snippets, which admittedly is only the beginning – most scripts don’t make use of the cool new features yet. But they eventually will. The Shell-Toolkit project is definitely worth a visit! (Admittedly not using my most ❦ dear SCM, but with a DVCS, every checkout is a clone, i.e. a backup, and none of the contributors must fear a central repo being taken down, which, for such a loose collection, is desirable.) ## synchronise environment between two shells 06.06.2011 by tg@ (First posting to Plänet Commandline! Tag: pcli) Vutral asked in IRC how to synchronise two shells’ environment while they’re running. As you may know, POSIX systems cannot change a process’ environment vector after it has been started, only the process itself can. Well, the shell can, and we’ll use a variety of things for this. This trick assumes you have$HISTFILE set to the same pathname in both shells (obviously, they run under the same user). It uses export -p to render the current list of exported variables, then transforms the list from newline-separated to a single big one-line export statement.
Then it transforms all remaining newlines (which will be part of a single-quoted string, since that’s mksh(1)’s export format) into the sequence '$'\n'' which means: terminate current single-quoted string, append$'\n' and open up a new single-quoted string immediately; concatenate these three.
Now, $'\n' is just a fancy way of saying newline, and part of mksh because David Korn (yes, the Korn in Korn Shell) strongly suggested to me that this functionality be included – but, as we can see here, it pays off. Finally, the so transformed string is prepended by unset \$(export); which, when executed, will cause the shell to unset (and unexport) all currently exported variables. The shell parameters that are not exported, i.e. not in the environment, are not affected by this code (except for $x and$nl, but… whatever).
This string is then passed to read -s (plus -r and clearing IFS to enable raw mode), which means, read into the parameter $REPLY (which we conveniently don’t use – but it’s trashed too, thus) but store into history at the same time. Ah hah! Now, the persistent history feature comes into effect! After running the below statement in the “source” shell, switch into the terminal running the “destination” shell, press Enter once on the empty line (Ctrl-U to empty it if it wasn’t), then Cursor-Up (↑) to recall… voilà, an insanely large line with the previously created string sorta expanded… and press Enter again to run it. Now your set of exported parameters is the exact same (minus if you exported IFS, nl, x or REPLY) as in the “source” shell. I’ve added extra spaces and a linewrap below, this is really just one big line: nl=$'\n'; x=$(export -p); x=${x//${nl}export/}; IFS= read -rs <<<"unset \\\$(export);${x//$nl/\'\$\'\\\\n\'\'}" Of course, this makes a nice function, for your ~/.mkshrc or somesuch. ## How (not to) encode MIME headers Tags: work debian I was just tracking down why some mails seem to have garbled Subjects. It looked like this in Alpine: Subject: [BOFH commits] r2040: fix directory struct =?UTF-8?Q?ure=E2=86=B5=20unix?=/mirror/=?UTF-8?Q?=20=E2=86=92=20mirror?=. bonn The raw header sight was this: Subject: [BOFH commits] =?utf-8?q?r2040=3A__fix_directory_struct__=3D=3FUT?= =?utf-8?b?Ri04P1E/dXJlPUUyPTg2PUI1PTIwdW5peD89L21pcnJvci89P1VURi04P1E/?= =?utf-8?b?PTIwPUUyPTg2PTkyPTIwbWlycm9yPz0uIGJvbm4=?= Ein Schelm, wer Böses dabei denkt… First suspect was, of course, Mailman – after decoding, this showed the classical signs of a double-encode. (After ruling out general header brokenness, but no, 76 chars is ok.) I thus hand-crafted an eMail with the correct header line and sent that out: Subject: [BOFH commits] =?utf-8?q?r2040=3A_fix_directory_structure?= =?utf-8?b?4oa1IHVuaXgvbWlycm9yLyDihpIgbWlycm9yLmJvbm4=?= Huh? Mailman and Python weren’t the culprit, thus – this is correct mangling. Okay, let’s dive into the Perl code that actually sends out the eMails. To make a long story short, have a look at this, then RFC 2047: tglase@tglase:~$ perl -MEncode -e '$subject = "r2040: fix directory structure↵ unix/mirror/ → mirror.bonn"; Encode::from_to($subject, "UTF-8", "MIME-Q"); print "{Subject: ".$subject."}\n";' {Subject: r2040:=?UTF-8?Q?=20fix=20directory=20struct?= =?UTF-8?Q?ure=E2=86=B5=20unix?=/mirror/=?UTF-8?Q?=20=E2=86=92=20mirror?=. bonn} Amazingly enough, PHP’s mb_encode_mimeheader, despite being talked to trash in the comments on its online documentation, does manage to get it right: tglase@tglase:~$ php -r 'mb_internal_encoding("UTF-8");echo "{".mb_encode_mimeheader("Subject: r2040: fix directory structure↵ unix/mirror/ → mirror.bonn", "UTF-8", "Q")."}\n";' {Subject: r2040: fix directory =?UTF-8?Q?structure=E2=86=B5=20unix/mirror/?= =?UTF-8?Q?=20=E2=86=92=20mirror=2Ebonn?=}

Wow. Now, the Perl guys I know told me to use Perl’s Mail tools… which are much too high-level though, for all I have and want is the subject string and an RFC 822 header line. I told them I’m not above doing this, and so I did. The 3P languages can really be annoying.

Why’s Perl’s output wrong anyway? I don’t know for sure, but I think the atoms must be separated, so unquoting /mirror/ in the middle, with no spaces around it, are wrong. (Besides, Encode::from_to can’t do the job right anyway, as it misses the name of the header, which is included in the 76 chars allowed for the first line. BAD • Broken As Desdigned.)

Disclaimer: I don’t really know any Perl, I fight my way through PHP and, barely, Python. (But I can code.)

## Progress with other things

21.05.2011 by tg@

I’m still working on mksh and doing some MirBSD core and ports work in between. On the other hand, since a lot of things suck so much, and other things become unacceptable, I’m seriously considering writing things like a libc (probably not complete, not totally from scratch – no way I’m going to code sunrpc – and not fast but at least correct. I’ve written quite some code for the MirBSD libc already, as well as kernel and bootloader. Most of it is shared between these, and I’ve digged in enough others (klibc, dietlibc, µClibc, musl, glibc) to have seen more. I was thinking of static linkage only at first, mostly for bootloader and compiler support code and, later, to link mksh statically against it on some OSes. But cnuke@ wanted a “correct” libc with dynamic linkage. Hmm… (On the other hand, we all know that these are dreams and a RL job can be time and will consuming.)

Roland Mas is hacking on Alioth this weekend, which runs code from me and some coworkers via FusionForge – more coverage ☺ I’m also doing okay with Debian/m68k (still slowly of course, but then, as BSD developer, I’m used to that *g*) and one of the old m68k buildds may very well be resurrected soonish. (Still need to port elfutils…) By the way, XHTML sucks, some things are hard to get right, and writing a DTD should be obsolete…

I took over cvs(1) in Debian and replaced it with my previously private package of MirPorts’ cvs. Way to go! (Thanks to Steve for handing over maintainership.) Now, everyone, please test it and recheck whether your old bugs still apply. Oh, and send patches. But pserver, PAM etc. are gone for good, don’t bother.

## Progress with pkgsrc

19.05.2011 by bsiegert@
Tags: pkgsrc

The MirOS support for pkgsrc is progressing, albeit very slowly. This is because I spend more time traveling for work than in the office. After a long day of meetings and conferences, I am no longer motivated to code in my free time. What’s more, several different projects at work have tight deadlines.

Having said this, I committed MirOS support for libtool-2.2.6b in pkgsrc the other day, after a positive review by agc. As for the bmake patch, which is still available from our pkgsrc page, I was told to redo the patch, this time for src/usr.bin/make directly. When this patch will have gone in, somebody else (joerg?) will sync pkgsrc/devel/bmake, and MirOS will be able to bootstrap pkgsrc without patches. Let’s try to get to this point before the 2011Q2 branch.

The new “showcase” machine that I bought a while ago, does not have working network connectivity and SATA under MirOS. tg@ recommended an installation into an HVM guest under Xen. I am currently trying to set this up, however I must first succeed to get a stable NetBSD Dom0 system. I am using NetBSD-current because it has the right network driver and a custom kernel, however the console seems flakey, and accessing /kern/xen (even just ls!) leaves the process hanging in the “tstile” state. pkgsrc has four versions of Xen, so I should just test them all until I find one that works.

PS: My Go package, image/tiff is now part of the standard library. Yay!

## :(

19.05.2011 by bsiegert@

I hope I will never again have to attend a funeral for a friend who committed suicide.

That is all.

## JSON

Tags: work debian

tl;dr: Full JSON encoder/emitter and decoder/parser in Pure PHP now available as part of FusionForge/Evolvis under GPLv2. Do not use PHP’s built-in code, it’s broken. Read on for details and links.

I’ve pimped the minijson code in EvolvisForge to be a full-blown JSON encoder and decoder (lexer/parser) now. You wouldn’t believe just how much is broken in PHP (its own json_encode handles floats wrong in most locales, and mb_check_encoding doesn’t check the encoding of a multibyte string… at least, unlike Python, PHP manages to get 8bit okay though).

Anyway, thought you want to know. If you ever need a Pure PHP JSON encoder/decoder, you know where to look. It’s 100% my code (although written during dayjob, so the exploitation rights are with tarent GmbH). Current licence is GPLv2+ or AGPLv3+. If you spot any bugs, you know where to report them. I think it should be good though. (Do note that JSON is case-sensitive, so “NULL”, “True” and “\N” or “\U20AC” are not valid, “null”, “true”, “\n” and “\u20AC” or “\u20ac” are.)

I plan to store the “art_cust123” information in the user_prefs table in JSON now, instead of ‘|’-separated values, to avoid problems like these we had with broken database format and subsequent corruption of values, by using a dictionary (JSON Object) instead.

The ECMA 262 standard (ECMAscript and JSON) is freely available, though. JSON is also additionally specified in RFC 4627 which differs slightly (see my notes for details, mostly the goal element).

Tags: work

The blogs have been moved from *.blogs.evolvis.org to *.blog.tarent.de to provide proper SSL certificates. This also means that the use of blogs for people who are not employees of tarent GmbH, tarent AG or one of its subsidiaries is currently not available. (If that should become necessary, please contact us.

The feed has moved to http://evolvisforge.blog.tarent.de/feed/ for this blog (similarily to the others), but just in case, you’ll get redirected (although only to the https version, which Planetplanet doesn’t seem to like).

Planet Evolvis will be set up anew using Planet Venus software shortly.

All in all, the Greater Evolvis Platform is undergoing updates and improvements.

## in-target: E: Kaputte Pakete

11.04.2011 by tg@
Tags: bug debian rant

*buntu Hardy kann zur Zeit nicht installiert werden (der Kernel (in main) dependet auf Pakete aus restrictet, das ist aber zum Installationszeitpunkt nicht aktiv und sowieso unfrei; und wieso ist eigentlich das hardy-updates Repo im d-i eingeschaltet und nicht erst hinterher?).

Lustiger aber: „Einige Pakete konnten nicht installiert werden. Das kann bedeuten, dass[sic!] Sie eine unmögliche Situation angefordert haben oder dass[sic!], wenn Sie die Unstable-Distribution verwenden, […]“

gecko2s Kommentar dazu nur, daß unstable bei *buntu stable heiße. Ich habs dann auf LTS korrigiert (ist nicht das erste Mal – und sowieso, wieso tauschen die in einer stabilen Version PostgreSQL-Majorversionen aus?) und dabei haben wir’s belassen: Debian unstable = *buntu LTS.

Naja, wie wir das letztens Simon gesagt haben (Upgrade innerhalb einer Version von *buntu auf einem Server hat grub durch grub2 ausgetauscht): Mit Debian wär’ das nicht passiert!

## Various joys

26.03.2011 by tg@
Tags: debian

I’m online again. (In case you didn’t notice, duh…) Seems as if we (the Telco/ISP guy and me) just needed to look at it hard enough for it to go away – first he could dial in, using my account data, which I probably should change now, then herc with ppp(8) and pppoe(8) was working (although at about 50 KiB/s down, he showed me 508 KiB/s – a rate I had never achieved – with his WiXP), then I took my notebook, which worked with pppoe(4). Now herc’s working again. (Maybe altq(9) can explain the slowdown? Hm, from debian.netcologne.de I get 500 so it looks okay.)
But eurynome isn’t, oh the joy. Luckily, gecko2 who administers its host system just woke up.

Things we do want to see: the Telco/ISP guy accepting that I run MirBSD on a P-233MMX box with Hercules graphics card and a 9″ monitor with no comment other than considering its age (and that it usually runs 24/7) as partial cause for the bug. Thanks, Netcologne!

Things we don’t want to see:
Mar 26 10:40:02 blau /bsd: signal 11 received by (screen:16857) UID(2999) EUID(2999), parent (screen:19111) UID(2999) EUID(2999)
“Suddenly the Dungeon collapses!! - You die...” (luckily, I get it about once a year only)

ObCoffeeSpices: Marrakech (Cumin, Allspice, Cumin Aroma) – though, due to its relative strength compared to the others, the only coffee spice I have left. And another hint: pre-warming the coffee cup with hot water, so it doesn’t cool down too fast with the amounts of milk I put in, rocks.

I just wore the Squeeze Release (FOSDEM, Spacefun) T-Shirt to the bakery and got asked by a neighbour: “Oh, a Debian fan?” “Developer, even” – now imagine the typical “informed interested guy” talk for a conference booth of your OS of choice here. How proud he was to get his wife and himself Windows®-free at home; how he likes to tinker a bit (if he’s got any time left), which has become harder with Windows; how his time constraints have him at OpenSuSE currently but asked how squeeze is; and the usual complaints at places like $ork where they have to use Windows® and MSIE (apparently you can’t centrally manage Firefox, eh, good someone tells me, because that’s what we do…). Wow. Anyway, it’s spring, so people, wear your shirts. (Hrm, what do I make of the fact that this is my only Debian shirt – although I’m thinking how to get Tartan Trousers if money were no issue – and nobody had ever commented on my various BSD, FOSDEM, FrOSCon, etc. wear…) ## Debugging PPPoE 24.03.2011 by tg@ ⸘Did you know… sudo tail -f /var/log/messages & sudo tcpdump -ovvlns1500 -eine3 & sudo ifconfig pppoe0 debug up  … still no network ☹ but at least I got some more information, and the L-Technicians will have a look at it tomorrow as well. ## ’M back. 21.03.2011 by tg@ Two DNF out of four geocaches, well… one was too muggled, the other was no longer there, judging from the previous visitors’ log entries. Cached with natureshadow and bought his book on how not to cycle across Germany. CLT was a blast, and it’s refreshing to attend an event without having to drive a booth of our own. Talked to lots of people. Since the boss was paying, even did some mingling in that area. My ADSL line has been hiccupping ☹ ## Yawn. 19.03.2011 by tg@ Tags: debian event geocache grml Will drive to Chemnitz now. Maybe meet me there. No booth, just visiting to meet everyone again, rather spontaneous. ## HOWTO OpenID Delegate with Launchpad Login Service 16.03.2011 by tg@ Tags: debian grml tip Rhonda suggested I document how to use the LLS (Launchpad Login Service – their implementation of an OpenID provider) as Delegate, which basically means, you can put something up on your webpage, which can be a simple static (X)HTML page like mine (a /index.htm is especially nice, a /~user/index.htm works too), and use its URI and not https://launchpad.net/~me to login. For example, this often hides the LLS from view e.g. in blog comments, such as those where Canonical is being criticised ☺ – but it’s also yours, easier to type and to change if you switch service providers. The basic idea is to go to your Launchpad user page and view its page source. Look for openid relation links in the header – on Rhonda’s the value we’re looking for is “cyLQbcp”, and you see it several times. Now you put this on your web page: <!-- begin: OpenID delegation to LP --> <link rel="openid.server" href="https://login.launchpad.net/+openid" /> <link rel="openid.delegate" href="https://login.launchpad.net/+id/cyLQbcp" /> <link rel="openid2.provider" href="https://login.launchpad.net/+openid" /> <link rel="openid2.local_id" href="https://login.launchpad.net/+id/cyLQbcp" /> <!-- end: OpenID delegation -->  Of course, insert your, not Rhonda’s, ID. Do note that we don’t copy the X-XRDS-Location tag (that breaks things for some unknown reason), but otherwise, what we insert on our page is pretty much a copy of the info on the user page (maybe it’s a Delegate page, too?). As usual, try at your own risk, bug Canonical if it breaks. It works with AO3, Gerrit Code Review, and others though (interestingly enough, better in Lynx than GUI browsers because I stay logged in across Lynx sessions (and just have to confirm sending “my information” to the accessing site), whereas I have to re-login to the LLS in every GUI browser session). As with the LLS generally, “to access a site which is not recognised” is expected and worked on with low urgency (mostly cosmetical, I think). ## Impressions of the Go programming language 12.03.2011 by bsiegert@ Tags: golang A few days ago, somebody sent me an e-mail with a few questions about the Go programming language, of which I am a coauthor and contributor. The questions concerned my general impression, the experience I had in it, the future and some good areas of application. Here is my reply. In my experience, when people try Go, there are two phases: On a first glance, it does not seem very special. However, many that do try it quickly become hooked. I myself was primarily programming in C when I started using Go. I had written some code in Limbo, which an be seen as the antecessor of Go, so trying it seemed natural. I quickly discovered that it is a very well-designed language, whose constructs make perfect sense and are easy to grasp. The standard library is also very well done and makes many common programming jobs easy. I decided to write a project I did for work in Go. However, the target was a Windows system, so I became involved in the Windows port. My first contributions were to the path package. It is a nice experience working with such bright and professional people as the Go developers. While they can be sometimes a bit terse in code reviews, they are very talented people. I found myself thinking a long time about a single sentence in a review before finally “getting it”. Speaking of which, the code review process is very efficient for the development of the language. In the future, I think Go will get a much wider adoption, and be usable also for writing “native” graphical user interface programs. There is a WinAPI port for creating Windows GUIs, and there is a very good Gtk+ adapter for Unix-like systems. I can also see it being used a lot for network servers, such as HTTP application servers and so on. In these two areas, parallelism is a key point. In a GUI application, you want the interface to remain reactive during calculations and I/O, which is very easy to do with multiple goroutines. In a network application, you also have to process many requests in parallel. Go has the potential to scale significantly better than other languages. Maybe will even be one of the answers to the problem of programming for ever more parallel machines, as almost all new computers have multiple CPU cores. I also think that there will be more optimization so the language will get much faster in the future. It is already faster than Python in most cases (easy, since it is a compiled language) but just as easy for many. ## I am now a NetBSD developer! 11.03.2011 by bsiegert@ Tags: pkgsrc Since 2011-03-09, I am now a NetBSD developer. My allocated work area is MirBSD support for pkgsrc. This is now much simpler, as I have direct commit access to the repo. My sponsors are Guillaume Lasmayous (glc) and Alistair G. Crooks (agc). The whole thing would never have happened if Marc Ballmer had not started the new-developer process during FOSDEM 2011. A big “Thank you” goes out to these three persons in particular as well as to all those that warmly welcomed me on the NetBSD developer mailing list. ## mksh gains recursive parser for command substitutions –$(…)

06.03.2011 by tg@

mksh-current has just gained an experimental recursive parser for command substitutions, fixing RedHat BZ#496791 and decades-old complaints about the pdksh codebase, compared to AT&T ksh93. (GNU bash could also do the example, but not some other things mksh(1) parses fine now.)

This means that things like the following work now.

# POSIX, should “always” work
echo $(case 1 in (1) echo yes;; (2) echo no;; esac) # POSIX optional, works now in mksh, works in GNU bash echo$(case 1 in 1) echo yes;; 2) echo no;; esac)
# GNU bash seems to choke on comments ending with backslash
# a comment with " ' \
x=$( echo yes # a comment with " ' \ ) # No non-recursive COMSUB parser can pass all of the above # tests and these below at the same time (some extensions) echo$(typeset -i10 x=16#20; echo $x) echo$(typeset -Uui16 x=16#$(id -u) ) . echo$(c=1; d=1
typeset -Uui16 a=36#foo; c=2
typeset -Uui16 b=36 #foo; d=2
echo $a$b $c$d)
# the ‘#’ is especially tricky, that’s why the above cases


Next on my TODO is the complete rewrite of the read built-in command, as well as its documentation. I think that the (reduced) goals for mksh R40 will have been met by then, except porting to LynxOS and MPE, but we’re working on it, and re-testing Syllable and Plan 9). Of course, a release implies testing on a lot of the supposedly supported platforms, so it won’t be out “immediately”. Though, associative arrays have been removed from the R40 goals, so that I can at least get a new release out. Note that Debian and OpenSuSE Buildservice users have been provided with somewhat well-tested mksh-current snapshots for a while already, and Gentoo users can use the “live ebuild”; there’s always compiling from source too…

## (Free)BSD vs. Linux

03.03.2011 by tg@
Tags: debian event ill mksh rant

Warning: this is a rant against BSD (specifically FreeBSD®, but don’t let me get started on DragonFly, who think it’s wise to drop all shells except ash from the base system and rely on pkgsrc® – yay let’s compile a dozen packages just to get a shell with tab completion, not to mention boxen with no network access – for the task – although others seem to go into that direction too…; you know, there’s BSD, and then there’s FreeBSD…) – don’t like, don’t read.

If you want to change something in the BSD world, you gotta fork your own BSD – no other way around the thickheads. Ok, back then, I ran into a particularily thick one, but others tend to not be much better. Users share the thickness. If you want to change something in the GNU/Linux world, just make a package, have someone upload it, prod (or pay, Hanno got a Radler) people to do it, or just upload it yourself.

At the BSD booth at FOSDEM, despite me bringing the Windows® Mobile 6 Professional devive, strictly for Geocaching mind you, Macintosh boxen had a share of more than 50% – I didn’t manage to tip the scale. At the Debian booth, almost everyone had a “I want to buy a new laptop some day, but it just keeps on working and doesn’t break” pre-Lenovo IBM laptop. No hyping of Google either. (Last year’s CLT saw BSD people advocating pro-Schily – the guy with the broken encoding in his name – shockingly.)

Honestly, tcsh, FreeBSD® people? Sorry. While I agree that there is merit on having the same script and interactive shell, as someone has pointed out (copy-paste examples into the command line), there’s those zsh users who use mksh or GNU bash for scripting. Or just POSIX shell. And that’s with an interactive shell which can be used for scripting. On the other hand, the C shell (both csh and tcsh) cannot.

And what’s with pretending the accent gravis is non-combining, called “backtick” (such a thing does not exist); and advocating it? Sorry, if your csh/tcsh doesn’t handle the POSIX $(…) you should just drop it. (By the way, there is a convention that example command lines are prefixed with for csh and for sh (or but we write$ sudo  instead, these days). Use it. Or leave it. If you have examples that substitute another process’ output, be specific.) It’s funny to see how one person tries to defuse my arguments against csh by telling me “it’s just an interactive shell”, while the other argues that people copy-paste between them, to which that was my response. Read the thread!

And please, get your facts right. “I would prefer that the standard shell be at least Bourne-compatible.” You don’t want Bourne (“^” instead of “|” for pipes), you want POSIX. That GNU bash is called the Bourne-Again Shell in one of their usual semi-bad puns doesn’t help the global perception of such things any. Also, the root shell and /bin/sh are disjunct.

(Plus, why change the root shell, use sudo(8), plain and simple.)

ObNote: in jupp (should I package that for Debian, btw? rather upload, packages are ready…) the ‘’ key is used as præfix for Ctrl-X (X) or to directly enter numerical (decimal, octal, sedecimal/hexadecadic) ASCII, 8-bit or Unicode codepoints. Yay!
And even the FSF has seen the light; for a few releases already, GCC uses “'…'” instead of “…'” for quoting in messages, even without locales. Great job there! (LC_MESSAGES=en_GB.UTF-8 usually works, too, though.)

ObDisclaimer: I have an (yes, Google…) Alert on the word “mksh”, so I know when it’s being discussed. This obviously includes certain fora. Also, I’m a shell implementer and bound to know a certain amount of details. Plus, mksh’s build script runs with pretty much any Bourne/POSIX/Z Shell which has functions and not too many bugs. I wrote it. Go figure. No lowly trolling.

FWIW, mksh(1) has the cat(1) builtin both because Android has no cat(1), and as speed hack. Almost all other shells have worse speed hacks, like a printf(1) builtin. And recently, builtins have become direct-callable, so this actually reduces the overall system footprint. (Its inclusion also provides for some other possibilities, internally.) And as two final side notes, if you haven’t seen this: determine which shell we are run under (CVS) and I still offer a prompt conversion service (send me any GNU bash or oksh $PS1 and I’ll send that to you in mksh(1) syntax – optionally with adjustments/improvements, like cwd uses only up to 1/3 of screen width). ## Where in the world is Carmen Sanbuggo? 19.02.2011 by tg@ Tags: debian mksh Eh. Why does mksh built with (a patched: mkstemp(3) added) klibc work suddenly, unexpectedly? To reproduce, I just uploaded mksh_39.3.20110218-1.dsc and you can run DEB_BUILD_OPTIONS=mksh-static=klibc,dietlibc,eglibc dpkg-buildpackage -rfakeroot to verify it, once you have mkstemp(3). (I will probably send a smaller implementation of that in, later.) I have that and the open fix and the m68k patch applied, nothing else… where did my bug go? ObQuestion: what’s the legal (copyright/trademark) status of the Atari logo (the one in rainbow colours, with three things going up, right and left “leg” looking like an umbrella stand’s)? ## FOSDEM was a blast! 13.02.2011 by tg@ I just need to work more on bilocality. While I did find two geocaches, one at the South/Noon Train Station (taalverwarringen…), one in the buurt of the University, I did manage to miss the AW building completely and utterly. Wow. Except, that Haiku guy came over to talk for a bit (nice). And I drew. An Atari logo with swirl, for that weird stuff I recently have been found doing. More mksh-current news coming soon, stay tuned. In the meanwhile, I met bonsaikitten IRL (at FOSDEM, yes, too) who kindly made a “live ebuild”, i.e. a source package building -current. Finally let’s say a big thank you to the person mostly manning our booth, gecko2, and to Benny for talking to people, getting That Other Packaging Thingy working, and pimping the website a bit. ## On SecureAPT 25.01.2011 by tg@ Tags: debian rant Dear Opera Software A.S.A. It’s nice that you employ SecureAPT for your package repository, however, the effect is slightly lost by you replacing the key each year, never signing any of them, and putting them up on an http but not https site. Update 18.08.2011 – please refrain from putting a file /etc/apt/sources.d/opera.list inside your binary DEB packages, as well. As a system administrator, we may very well have mirrored the binary packages, and do not want accesses to external APT repos, for a shitload of reasons. Honestly. (Lintian could warn about it…) If you don’t get the message, please contact me. Or any of my fellow Debian Developers. Thank you very much. ## FOSDEM snapshot; next mksh release 23.01.2011 by tg@ Tags: event mksh I’ve just prepared an ISO for FOSDEM Ⅺ which we might export on BitTorrent soon. Benny has provided an upgraded desktop background image, thanks. The next mksh release… well I’ll bite the sour apple and will release it without associative arrays but hope I get around to hack a few things (especially the read and sleep builtins) before releasing. One lession learned, don’t brag with oh-so-big plans when you haven’t got a deliverable yet. Real Life will interfere. Oh, and Murphy, of course. (mksh R41 might have the associative arrays then. But mksh-current has${foo@#} which is hash($foo). ## Evolvis: git and scm, SOAP WSDL, Jenkins, … Tags: debian work tl;dr: New Evolvis release, scmgit plugin, bidirectional merge with FusionForge 5.1; committing tarent features back to Mediawiki and Mailman packaging in Debian; Fairtrade Software tarent GmbH now offers both git and Subversion as Source Code Management systems in their Evolvis platform. The scmsvn plugin of EvolvisForge was amended with the scmgit plugin, backported from a newer FusionForge release, while work to upgrade the main forge code to the soon-to-be-released FusionForge is ongoing in parallel. Of course, most features, such as commit mails (in git, they’re really sent out after a “git push” from the developer), are already available for both; others will follow after the code base upgrade for simplicity. Already, git repositories can be used for all regular tasks – although it’s currently not possible to have both git and svn repositories in a project. During the migration (as well as regular development), many features of Evolvis will show up in regular FusionForge to benefit the broad community of Forge users, courtesy of the Open Source policy of tarent GmbH, who has contracted the FusionForge project leader to improve both projects, following the mantra of “Fairtrade Software”. Among other changes, the SOAP WSDL has been corrected and is now versioned, and other areas (especially the Tasks and Tracker) have been improved. There’s a release announcement of the new version at Evolvis, in case you want to know the details. Finally, an Evolvis developer has set foot not only in the Mediawiki packaging team at Debian but also the Mailman packaging team. Expect many, if not all, improvements to show up there within some time. Did you know that Hudson is now called Jenkins? This is a change in name only, due to trademark concerns, but rest assured the Evolvis platform will continue to offer Continuous Integration in a usable fashion, no matter the technology behind (there was Continuum, now Hudson, soon Jenkins). In our evergoing quest to improve the Evolvis platform, we wish you a pleasant user and developer experience! //The Evolvis team ## FOSDEM 2011 – Let the beards grow! 15.01.2011 by tg@ Tags: debian event mksh rant ❧ Who’s not? ☺ Same procedure as every year. (okay, lolando prefers skiïng but…) Anyway. A cow‐orker told me that Belgium again/still has no gouvernment, and they have been asked to grow out their beards until they do. I found “evidence” on the ’net but won’t link it here, also it’s on German… anyway. Let’s all join in. (Besides, I now have an excuse to not shave, maybe even my grandmother will accept this one…) RT said on IRC that mksh will probably work on MSYS. My Debian/m68k stuff is coming around nicely, but I still haven’t gotten around to do everything planned, plus I need to grow a new kernel and eglibc, after the latest uploads, and the 2.6.37 based one panics. Also I’ve got to take care to not overwork myself. (And make a MirBSD ISO for FOSDEM.) But hey, it’s been not working for some time and better now. And slow anyway ☺ yet we’re progressing. Does anyone know how to debug that a C programme only calling res_init(3) segfaults? Benny is apparently not just working on making NetBSD® pkgsrc® available on MirOS BSD (picking up my work from 4+ years ago) but also replacing The MirPorts Framework with it. Sad, as I got a request for a gajim MirPort over a cocktail just this evening… ## pkgsrc Mini-Howto 31.12.2010 by bsiegert@ 27C3 brought significant advancements in pkgsrc support for MirOS BSD. I am in contact with a NetBSD developer, who is favourable to including the patch upstream in pkgsrc. For them, there are two parts for this: (a) the mere addition of a "MirBSD" stanza, which is unproblematic, and (b) other code changes, which need more review. Note that pkgsrc is currently frozen before the 2010Q4 release, so our patches will likely be deferred until after the freeze. If you would like the current patches, which are still in a bit of a rough shape, here is how to use it: 1. Make sure there are no mentions of MirPorts in your current environment. Most importantly, remove /usr/mpkg/bin and /usr/mpkg/sbin from your PATH. This is needed when building or installing packages; the reason is that the package tools from MirPorts and pkgsrc have the same name but are incompatible with each other. 2. Check out pkgsrc, for example to /usr/pkgsrc: cvs -qd anoncvs@anoncvs.netbsd.org:/cvsroot co -P pkgsrc 3. To be sure that the patches will apply, downgrade the patched directories: cd pkgsrc cvs -q up -Pd -D2010-12-27 bootstrap devel/{bmake,libtool*} lang/perl5 mk 4. Apply pkgsrc-bootstrap.diff, then pkgsrc-libtool-miros.diff: cat pkgsrc-bootstrap.diff pkgsrc-libtool-miros.diff | patch -p0 5. Check that there are no rejected patches: find . -name "*.rej" should give no results. 6. Bootstrap pkgsrc. In this example, we install (using sudo) into /usr/pkg. The dbdir should be inside the prefix to avoid conflicts with MirPorts. cd bootstrap ./bootstrap --prefix /usr/pkg --pkgdbdir /usr/pkg/db 7. Add /usr/pkg/bin and /usr/pkg/sbin to your path: export PATH=/usr/pkg/bin:${PATH}:/usr/pkg/sbin
8. I recommend to install perl first because it is needed by many other packages and because it needs a workaround at the moment:
cd ../lang/perl5
bmake install && cd /usr/pkg/lib && ln perl5/5.12.0/*/CORE/libperl.so.* .

You can now use pkgsrc to build whatever you like. Please test this procedure and report whether it works for you.

## pkgsrc on MirOS

11.12.2010 by bsiegert@

Like we decided on FrOSCon this august, I restarted work on getting pkgsrc working again and then, on adding support for MirOS BSD to pkgsrc upstream. The thing is, while our MirPorts infrastructure is, in my opinion, outstanding, many of the ports themselves are highly out of date. Having pkgsrc would free us from the burden of maintaining thousands of ports ourselves. Many of the technical arguments that had originally been brought up against pkgsrc (such as missing support for "faking") have been addressed in the last few years.

As a first step, I applied Thorsten's old diff against the pkgsrc-2006Q4 stable branch, which was created shortly after the diff had been made. Next, I am porting these changes to a current pkgsrc branch in order to get them integrated. However, this will involve porting libtool 2 to MirOS, as newer pkgsrc versions only use this version. Wish me luck :).

I will be on 27C3 in Berlin from December 27 to 30, even though tg@ will not.

## Sorry for accidentally spamming ~60 people/lists

07.11.2010 by tg@
Tags: debian

When doing porter uploads, one must not forget to pass -m"My Name <my@email.addr>" to dpkg-buildpackage, e.g. with --debbuildopts for cowbuilder. Thanks Aurélien and sorry to everyone who got the upload mails.

(How are the rules for sponsored uploads? I get conflicting info on these, and indeed, the one I sponsored never showed up on my QA DDPO page…)

## Debian/m68k progress, MirBSD notes

06.11.2010 by tg@

I’m almost finished with “sort of re-bootstrapping” Debian/m68k (I can use etch-m68k as well as what was in unstable at the moment as dependencies, so it was not that much, still, 305 binary packages build from 84 source packages, most for unstable (very few for unreleased, with very responsive maintainers, thanks all, who will include the patches in their next uploads) is a bit… including rebuilds with newer versions, more patches, more testing or newer dependencies installed. I’ll probably upload on Sunday evening, as I’ll be off for 2-4 days at least from then (see below). Ingo tried to test on real hardware, but as Murphy wants a hard disc failed… we’ll still try to get something done over the weekend. If you want to have a look, see my repository index (sources.txt contains a sample sources.list file, 0-NOTE.txt some hints, including the right debootstrap/cowbuilder magic and speed tricks). I’ll need to learn how to use LVM and set up a buildd now…

I’ve not been in much of a hacking mood recently – all these visits to the dentist leave me in unrest and disturb my equilibrium. Hence, not much activity even in mksh even if there was need, almost none in MirBSD. This is only temporary, but I won’t attend OpenRheinRuhr, or, if I come at all, it’ll be for socialising only and probably only one day. Benny’s done with his Doctor (in France, no idea whether it’s one in Germany as well) of Chemistry and has returned to hacking some (World of) Google-Go(o) code. I expect MirBSD activity to slowly raise once we can come back. Please accept our apologies.

## Debian/m68k re-bootstrapping

16.10.2010 by tg@
Tags: debian

I’m currently working on something which will eventually amount to a re-bootstrapping of sorts of the Debian/m68k (Linux) port – patches to the Linux kernel, gcc, etc. are prepared (some have been accepted into upstream or the packages already). I will probably have more, once the compile processes finish, anyway (even emulated, it’s slow).

I think that, once I get past that TLS (thread-local storage, needed by eglibc) migration, I will try to find out a list of packages needed for debootstrap (AFAICT: all packages marked Essential, or of priority important, and all marked Build-Essential (for the *-builder variant), and their dependencies (although I’ll substitute sysv-rc with file-rc, which is better and needs less deps)) and pull arch:all from sid, then build the rest myself using a consistent snapshot of sid possibly with patches going to unreleased. Then I can use cowbuilder to make cleaner packages, which can eventually be uploaded (once I get enough to get a buildd running – kernel, bootloader, etc) – binNMUs are way to go here I suppose. I will only upload once it’s self-hosted, installable (seen by edos-debcheck), clean, etc. (i.e. I’ll rebuild all binaries) and probably keep a bootstrap repo around (until m68k caught up) so that unstable (possibly amended by unreleased for a while) will not again become uninstallable, e.g. if arch:all packages change their dependencies (Python, gcc-defaults are some I’ve seen). That bootstrap repository is needed anyway because debootstrap can’t install from two separate repositories (unstable+unreleased for example).

Progress is slow because I try to keep as close to official packages as possible, refuse to cross-compile, and try to produce uploadable if possible packages all the time. Getting patches into packages, so that I can build from unstable, instead of debian-ports.org unreleased, has proven time-consuming and occasionally frustrating as well. Although I would like to thank the people who helped me on the way already. (I am not naming any in fear of forgetting some, but you know who you are ☺) They are among the Debian (gcc, kernel, m68k) and Linux-68k crowd.

(Why does genattrtab in gcc-4.4 take 3½ hours when it took less than half an hour in gcc-4.3 anyway?)

I’m also still working on mksh and some Python ISO hacks for mika and some minor stuff, and further cleaning up MirBSD.

Well, did I mention dentists are sadists?

## Minor annoyances, BitTorrent trackers; construction work finished

26.09.2010 by tg@
Tags: news rant release security snapshot

openbittorrent.com has, apparently, bitten the dust as well. Oh the joy. DHT to the rescue, over the last few days, for those who could do it. I’m now running bttrack.py, yes the original, on eurynome and have (again) reannounced this project’s torrents. Please download the *.torrent files again. And don’t bother asking, I’m not running a public tracker. Clarification: The content is unchanged, only the torrent metafile has changed!

The updated CVS and new RNG code seem to behave well; I also fixed old bugs in the process. I will probably update our main server within some foreseeable future (this would be the ideal time to push out a snapshot again as well, even if it’s “just” netinstall).

People have shown interest in my djbdns patches. Consider forking, even putting it into the base system. I need to solve the problem of the remaining non-v4-transport-capable v6-transport binaries though, I think only dnscachet6 is remaining, so we’ll get only one set of binaries again. Also look for SRV RR patches. I wonder whether someone will code DNSSEC support…

The msdosfs LFN code is also still on my TODO, as are some other things. But hey, at least there’s movement; even Benny, despite being offline, unreachable by phone, etc. commits Google-Goo code. (Hi!)

mksh currently is being reviewed by the Android Security team, who like it on a first look. I’ve already addresses the first concerns even. I might release R39d soonish, also because I’d like a stable release before going on to associative, and since it’s easier to do than prohibit, multidimensional arrays – which have been welcomed in #ksh already…

You might want to update src/sys/net/netisr.h if running #10-stable, or upgrade to the latest kernel. I ran dieharder, and the results look good. The latest RNG subsystem pulls from many more sources and mixes better; I’ll summarise it later probably.

## Don’t use HEAD right now, working on RNG and CVS

16.09.2010 by tg@
Tags: snapshot

I’m currently working on two very important subsystems to MirBSD: the entropy subsystem arc4random(3), arandom(4), arc4random(9); the cvs(GNU) implementation. That’s why it’s extremely encouraged to not update to -rHEAD right now.

The entropy subsystem receives completely – except arc4random_uniform(3) – rewritten arcfour and arc4random* code (userspace already done) including quite a speedup, and a new structure of the kernel pools and how they interact (also for speedup, but better hashing as well).

Our GNU CVS implementation has received a number of patches from Debian’s, and not only did I synchronise the port with base again, but also created I an (unofficial) “WTF” *.deb package from it, since Debian’s has, as we discovered years ago, some broken (but hey, ISO compliant!) date format.

I’d suggest let me finish doing, unbreaking ;-) and testing it.

## 25 ☺

Tags: work

tl;dr: EvolvisForge 4.8.3+25 with Permalinks and unique IDs for Task and Tracker items, automatic links for RFC conformant hrefs and [#123] style texts in comments and commits, better Task manipulation, improved Mediawiki integration and SOAP functionality, automatic mailing lists and greylisting, better debugging and less PHP and XHTML errors has been released.

And again, with a plethora of bugfixes, improvements and new features, EvolvisForge 4.8.3+evolvis25 was released and deployed. Read on for more details!

In task/tracker item comments (as well as the initial comment, named “detailed description”), hyperlinks are made “clickable” automatically as well, using RFC-compliant matching (i.e. http://foo/möp is not a valid link – to be exact, it’ll link to http://foo/m – but http://foo/m%C3%B6p is).

It is now possible to change the “percent complete” column of Tasks in a bulk update. The Copy+Closed functionality now works almost correctly (a minor detail for better tarent-Activity usability will be changed later). The comments are now displayed in chronological order, instead of antichronological, for better human readability.

The state and percent complete of linked tasks are shown in the detail view of a Tracker item (bug, feature request, …), and related tasks can be unlinked there as well, instead of just in the tasks’ detail view.

The search now ignores double quotes and searches for the combination of all words by default.

The MediaWiki plugin sees Interwiki capability: the Interwiki table is global (per-forge) instead of per-wiki and filled with all præficēs automatically, using the Project’s unix name. It can also be edited with the new Special:Interwiki MediaWiki extension. The mw-wrapper.php script works correctly again, and nightly XML dumps of every Wiki are available, for example for backups. It is now possible to use both English (File:foo.jpg, #REDIRECT, Special:Weird) and German (Datei:foo.jpg, #WEITERLEITUNG, Spezial:Seltsam) syntax in the Wikis. Pages like Login/Logout, Create Account and Lost Password, that have no value in the MediaWiki plugin, redirect to the Forge’s equivalent functionality.

The SOAP WSDL now compiles cleanly and sees a few bugfixes as well as a new API “addUploadedFile” which works with the File Release System and manual (SFTP) uploads, to facilitate automatic deployment, e.g. from a Hudson running Maven.

The Document Manager has received some fixes and the ability to use manual (SFTP) upload like the FRS.

All projects will have a -commits and a -discuss mailing list; all members with SCM commit access will be added to the former, all proect members no matter what to the latter automatically upon joining the project (you can, of course, unsubscribe). Postings to the -commits list bear the -discuss list as followup. The Postfix MTA will be configured to use Postgrey for greylisting to reduce spam income.

There’s now a suggestion list for project tags. In most places where a history was kept (project, task, tracker), not only the old but also the new value are stored and shown now, and the sort order has been reversed to chronological as well.

EvolvisForge will now work better with Python 2.6 and PHP 5.3 on Debian unstable, although Debian Lenny (with backports) is still the only supported platform; *.deb files are available on request, we’ll allow others to install EvolvisForge and related software by and for themselves now (although most of the functionality is supposed to be achievable by using FusionForge, our upstream Open Source project). (In fact, in between writing this Release Announcement for the Evolvis Project and formatting it for the Blog, Roland Mas has begun merging improvements into FusionForge trunk. Nevertheless, contact evolvistodo {klammeraffe} tarent {punkt} de if you want to set up an EvolvisForge instance yourself. Remember that Evolvis is more than just the Forge, it’s also Wikis (now included in the Forge though), Blogs, Planet, Continuous Integration (soon to be integrated in the Forge), Domisol, and more.)

Some minor things have been fixed too, for example, there was a tremendous effort to fix all PHP warnings found and make all pages XHTML 1.0/Transitional compliant (if one isn’t, it can now be considered a bug), which led to the redesign of some pages, such as the Task “Select Columns” facility and the project Admin page. Wrong output, texts and translations in some places have been fixed. Developers of EvolvisForge now have better help in debugging: the “pink pop-up” can display calls to db_query{,_params} and backtraces when PHP warnings/errors occur. The licence information of a project will not be shown, as it currently cannot be set (we’re working on that). Several theme issues have been corrected, and to Mozilla™ Firefox® users (and users of other Gecko-based browsers), fields’ elements will now appear white-on-black by default with black-on-white (instead of white-on-blue) for selected items, due to a bug in that browser series. And, of course, the bugfixes from our upstream, FusionForge, have been merged when applicable as well.

The complete changelog and our MediaWiki Plugin demonstration page are still available for your convenience.

We wish you a pleasant experience using the new, improved EvolvisForge, as well as the rest of our Evolvis platform! -- The Evolvis team

PS: Sorry for the very long posting, but I’ve already tried to go down on detail and only mention the important things, mostly from a user’s PoV, and condensed… it’s just a lot happened and some co-workers are really excited about those features yet.

## mksh, encodings, MirBSD, BitTorrent, WinCE

28.08.2010 by tg@
Tags: android debian geocache hardware mksh news release snapshot

mksh was merged into Android (both AOSP and Google’s internal master tree) in the night 24/25th August, and is expected to be the one shell to rule them all, for Gingerbread.

mksh(1) now also has a cat builtin, for here documents mostly. It calls the cat(1) command if it receives any options. The shell is nevertheless smaller than yesterday because of improved string pooling.

There’s another reason to use the MirOS OPTU-16 encoding instead of PEP 383, on which I already wrote: try passing a wide-char filename to a function such as MessageBoxW, or create a filename on a system using wide chars, such as FAT’s LFN or ISO 9660’s Joliet, or one that only allows Unicode (canonically decomposed – ü → ü – out of all things) like HFS+. OPTU-8 at least maps to somewhat reserved codepoints (would, of course, be better to get an official 128 codepoint block, but the chance’s small of getting that in the BMP). Still.

Oh well, the torrents. I’ve remade them all, using one DHT seed node and OpenBitTorrent as tracker and put them on a very rudimentary BT page that will be completely redone soonish. Please re-download them. I currently do not believe f.scarywater.net will return.

Finally, I fell victim to a selling-out and may have just bought a Windows Mobile 6 based phone (Glofiish X650) and an SDHC card and an extra battery with double capacity. Well, at least it’s said to run CacheWolf well. I still would like to have something like Interix, Cygwin, UWIN, coLinux, or maybe some qemu-for-WinCE variant that runs Android, Maemo, Debian/armhf (or armel or arm) at near-native speed (and is usable – the device sadly doesn’t have a hardware keyboard, but it comes with SiRFstar Ⅲ GPSr). It only has 64 MiB RAM, like the Zaurus SL-C3200 and the jesusPhone, though. ☹ Any chance to get MirWorldDomination onto that device as well?

Tomorrow, eight years ago, is the date we now use as birthing point for MirOS. The thing is, we did not really want to create a BSD of our own, fork, or whatnot. We were mostly happy OpenBSD users (really happy before the first eMail exchange with its developers, where Theo de Raadt did indeed stand out but was not the only one – just the one with the authority to deny us), improved it locally and submitted patches and ports. We were flamed for that or, worse, ignored. I begun putting up my “OpenBSD patchkit” on my homepage (back then, at Tripod) and still tried to feed things to upstream and OpenBSD. Then, at some point, Theo de Raadt made it clear he did not want me and the patch kit had grown (from one 4M file into several of them), so I ended up doing a “cvs -d /cvs init” and went from there. Benny’s story is similar – he laughed at me while trying to get ports added to OpenBSD, then discovered his ports were added to the MirPorts Framework and getting commit access there was easier than getting some random developer to commit something of his to OpenBSD. (This trend ended there though… every single person I approached since has become OpenBSD ports committer – I wonder whether they used my invitation letter to blackmail Theo?) It’s often thought that there was a clash of opinions between Theo and me. I think while we might disagree in certain aspects or priorities things should have, in the end we both wanted the same thing, I just was promised to never become a member of the OpenBSD project, so it’s really just “them” being uncooperative. (They (Henning and others) did burn the T-Shirt I gave Theo as a gift some day for making OpenBSD what it was. I won’t comment on that, again, now.)

## FrOSCon 2010 and today’s resumée

24.08.2010 by tg@
Tags: debian event mksh snapshot

FrOSCon was a blast. I had two booths of my own – MirBSD and FreeWRT – as well as shares of Debian and Grml. Well, MirBSD was run by Benny and gecko2 because I just didn’t have any time for it, despite XTaran’s help with the FreeWRT booth. All I did was the initial setup of both booths, while at the same time answering about three questions regarding FreeWRT in parallel. Wow. What a little small, open hardware can do to you. XTaran and I had fun and we’ll do FreeWRT booths again; I managed to flash my two FON2100 devices (“La Fonera” – the FON2200 can use the same image, says nbd of OpenWrt) and will fix the port’s remaining few bugs I found; XTaran will try to push the WL-500gPv2 development. The social part was nice as well, although I think the greek restaurant in the city will not be visited by me again. Anyway, if you didn’t attend FrOSCon, your own fault…

Since the BitTorrent tracker used by MirOS is down, here’s the link to the [updated 2010-08-28] [deleted 2014-05013] current (FrOSCon 2010 Edition) snapshot’s torrent, Triforce as usual. We’ll probably rewrite torrent files for all our ISOs and publish them on the MirBSD website. I’m currently considering OpenBitTorrent plus one or two DHT seed nodes with no statistics. Maybe with webseed. (Need to update the libtorrent/rtorrent MirPorts first, though…) Other options would be different trackers or running one of our own. I will announce the outcome as news entry, once done.

On the plus side, the review process of mksh(1) in Android continues, and I fixed the realpath builtin to behave even more POSIX-ish.

## New snapshot 2010-08-15 (i386), sparc reloaded

15.08.2010 by tg@
Tags: snapshot

I’m currently putting the finishing touches on a new MirBSD snapshot for i386, targetting FrOSCon. Due to German patent 69429378 (EP0618540) I had to update the sparc kernel (GENERIC and RAMDISK) as well though. For now, mount_msdos(8) LFN support is disabled entirely, but a code rewrite to support LFNs in FAT in a non-infringing way (although for a file with LFN, no SFN will be generated any more then) is planned already (just not done before FrOSCon). This situation, in general, sucks.

The HTML manpages have also been updated, and the PDF manpage for mksh is now PDF 1.4 – something closely resembling, if not, PDF/A actually.

The snapshot will, as usual, end up on the mirrors, i.e.

## FrOSCon 2010 and other sundries

06.08.2010 by tg@
Tags: debian event grml

The FrOSCon 5 - 21./22. August 2010 booth plans have finalised, I am rather content:

┌──┐              I ❦ STANDPLAN FROSCON 2010
│ F│reeWRT
├──┤
│ M│irBSD
│  │
├──┤
│ D│ebian
│  │                 C = Collectd
├──┼────┐
│C │   G│rml
└──┴────┘


This is especially good, as XTaran will be shared among (at least) Debian, Grml, FreeWRT; same for me plus of course MirBSD; kimnotyze is FreeWRT but may help with MirBSD; benz and gecko2 probably are MirBSD but gecko2 could help with FreeWRT, tokkee was interested in FreeWRT too… anyway.

Some days, you just love software.

Aug  6 13:55:01 blau firesomething-bin: stack overflow
in function VFY_EndWithSignature
Aug  6 13:55:01 blau /bsd: signal 6 received by
(firesomething-bi:1146) UID(2999) EUID(2999),
parent (sh:9059) UID(2999) EUID(2999)


Thus, let me reïterate it for all of you:

Well, now that the Debian Release Managers have sent their freezing bits around… *shudder*… Squeeze is frozen. Well, at least everything I have my hands in has migrated. I’m still… not persuaded. I also can’t decide which looks worse (KDE 4 or Win 7), tending towards KDE 4…

Why does all the horrid software (Solaris, Java™, OpenSSO, MySQL, etc.) tend to end up at Oracle at the moment? Let me quote from some Debian mailing list:
>>What happened to the Unix philosophy?
>Modern Solaris engineers
Is that similar to high-speed horse carriages?

My RPM repository has been pimped a bit – I ported some stuff from my DEB repository and updated them in both (rdate(8) and ntpd(8), specifically). Still ought to work more on them, but currently MirBSD base is most important, although I’m dying for mksh associative and multi-dimensional arrays, as well as more sh(1) conformance assorted bug fixes.

Well, there’s a life besides the computer. I’ve taken today off, wanting to hack on MirBSD’s most urgent problems (but probably end up doing that tomorrow), slept long, and will meet with cnuke@ and gecko2@ for Greek style dinner. The latter will almost certainly end up with a long-time work contract at the same place where I run a lot of things already, so congratulations. In the meanwhile, bsiegert@ has almost become a Doctor of Chemistry, and my brother’s finished his Maths and Economics diploma.

Also, I’ve put up the logo of the company where my new dedicated server is hosted; they reduce the monthly fee in exchange for this, so humour me and pay them a visit. They’re IPv6 pioneers, actually. (The server is now installed but not completely set up yet, and I have yet to begin moving services; it’ll be better than the VM eurynome is, but the clock could use the new timekeeping subsystem in the kernel as well as socket send (ÆrieBSD) and receive timestamps as it’s off by 0-1000 ms.)

Speaking of kernel stuff, yesterday I considered moving wscons(4) to UTF-8 again (since everything is CESU-8, we need to take raw octets into account also). I’ve seen OpenBSD begun importing Citrus… *shudder* Anyway, that’s my part, but I’d like volunteers for backporting things like the timekeeping stuff (and possibly more hardware support), and writing a pivot_root like thing (explained on some mailing list already) so we can use ramdisc root to do loopback root.

## FrOSCon 2010 (“Birthday FrOSCon”) approaching

25.07.2010 by tg@
Tags: debian event geocache grml

FrOSCon 5 - 21./22. August 2010 is approaching rapidly. I’m a bit envious at some of the tracks (I mean, really, geocaching (ok, I did the surrounging caches over the last years but still), learning python by means of game programming, etc. really sounds interesting – and I know people who could benefit from a non-kids version of that as well) but this year’s FrOSCon is nothing for me to curse about either: I managed to get both a booth for The MirOS Project (MirBSD, mksh and other subprojects) as well as one for Waldemar’s FreeWRT (although wbx@ – if he comes – won’t join there since he forked his own fork since its conception). Booth staff are, currently: tg@ and bsiegert@ (Developer), gecko2@ (Staff) for MirOS, tg@ and “XTaran” abe@ (Developer), kimnotyze (Hacker) for FreeWRT. (XTaran will probably be helping Debian/Grml too.) This year, it’ll be my job (after 2 years of aptituz) to keep the Altbier-Fraktion watered, I’m thinking one crate of Schlösser Alt and one crate of Hannen Alt?

Have a look at the Program and don’t tell me you won’t come! It will rock! (Except there won’t be Formorer’s Chilli, but that’s no reason, there’s enough other stuff in manageable distance.)

Besides interesting booths and talks, FrOSCon is still looking for helpers who will not only get free entrance but also catering during operation.

## What’s with mksh bugs at the moment?

21.07.2010 by tg@
Tags: debian mksh

Well, I suppose I should be happy that mksh is actually used…

• [tg] Correct shf buffer I/O routines to avoid a memory corruption bug discovered by Waldemar Brodkorb and other bad effects
• [tg] Fix NULL pointer dereference during iteration loop when checking for alias recursion; discovered by Michal Hlavinka

That’s OpenADK (Waldemar’s fork of FreeWRT, which is Waldemar’s fork of OpenWrt), and Red Hat Enterprise Linux, respectively. Popcon in Debian and its derivates is also pleasant.

I could use some help bugfixing this though:

(sleep 3; exit 12) &
bgprocpid=$! sleep 6 # background process is done by now wait$bgprocpid
# POSIX mandates that, since $! was asked # for, wait is to reply its errorlevel  Somehow, JF_KNOWN is never set – and I can’t debug this with gdb(1). (There’s also a dashism in some *buntu start scripts that does pretty much the same except it uses “wait %1” there. In fact it doesn’t even seem to use$! – no idea whether we can support that at all in a POSIX shell – which dash clearly isn’t… – without keeping track of background processes forever.)

## On ASLR (Address Space Layout Randomisation)

12.07.2010 by tg@
Tags: debian mksh

I’ve got some interesting results using r1.1 of an example test programme (r1.2 got cleaned up and more output) on various systems, regarding ASLR. The 1.1 revision tests everything mksh R40+ will use (except there will probably no larger than page sized allocations) for its LCG PRNG. On OpenBSD (MirBSD, ÆrieBSD) malloc(3) uses in fact mmap(2), which is randomised. (Though -pie doesn’t yet work as it’s supposed to.) Some OSes are better than others… but look for yourself. (Read on to continue, not part of the RSS for size reasons. This wlog entry may be updated – with bumped date – unperiodically.)

### MirBSD-current/i386

tg@blau:~ $mgcc -static x.c x.c:0: note: someone does not honour COPTS correctly, passed 0 times x.c: In function foo': x.c:27: warning: function returns address of local variable tg@blau:~$ ./a.out
0xa9332000 0xaba65000 0xa0ae7000 0xcfbed990 0xcfbed994
tg@blau:~ $./a.out 0xa91b4000 0xa02b1000 0xa1602000 0xcfbf8680 0xcfbf8684 tg@blau:~$ ./a.out
0x9f731000 0x9cb2a000 0xa94ca000 0xcfbf5840 0xcfbf5844
tg@blau:~ $./a.out 0x9c2af000 0xa6a0b000 0xa4ce1000 0xcfbefac0 0xcfbefac4 tg@blau:~$ ./a.out
0xa3b61000 0xa96de000 0xa96df000 0xcfbedcc0 0xcfbedcc4

### Debian Ätsch/i386

tg@frozenfish:~ $gcc -static x.c x.c: In function ‘foo’: x.c:27: warning: function returns address of local variable x.c: In function ‘bar’: x.c:33: warning: function returns address of local variable tg@frozenfish:~$ ./a.out
0x80b2a20 0x80b2a30 0xb7745008 0xbf985ce0 0xbf985cd4
tg@frozenfish:~ $./a.out 0x80b2a20 0x80b2a30 0xb7726008 0xbfb911b0 0xbfb911a4 tg@frozenfish:~$ ./a.out
0x80b2a20 0x80b2a30 0xb7784008 0xbf83d040 0xbf83d034
tg@frozenfish:~ $./a.out 0x80b2a20 0x80b2a30 0xb77e8008 0xbfc0f840 0xbfc0f834 tg@frozenfish:~$ sid
I: [sid chroot] Running command: “mksh -l”
tg@frozenfish:~ $gcc -static x.c x.c: In function ‘foo’: x.c:27: warning: function returns address of local variable x.c: In function ‘bar’: x.c:33: warning: function returns address of local variable tg@frozenfish:~$ ./a.out
0x80c86a8 0x80c86b8 0xb77c3008 0xbfaa1900 0xbfaa18f4
tg@frozenfish:~ $./a.out 0x80c86a8 0x80c86b8 0xb77d2008 0xbfcc0260 0xbfcc0254 tg@frozenfish:~$ ./a.out
0x80c86a8 0x80c86b8 0xb77c1008 0xbfbe2120 0xbfbe2114

uname: Linux frozenfish 2.6.18-6-686 #1 SMP Fri Feb 19 23:40:03 UTC 2010 i686 GNU/Linux

### Solaris 8/sparc64

tg@stinky:~ $gcc -static x.c x.c: In function foo': x.c:27: warning: function returns address of local variable tg@stinky:~$ ./a.out
595f0 59bf0 59d00 ffbefbb4 ffbefb5c
tg@stinky:~ $./a.out 595f0 59bf0 59d00 ffbefbb4 ffbefb5c tg@stinky:~$ ./a.out
595f0 59bf0 59d00 ffbefbb4 ffbefb5c
tg@stinky:~ $gcc x.c x.c: In function foo': x.c:27: warning: function returns address of local variable tg@stinky:~$ ./a.out
20950 20f50 21060 ffbefb3c ffbefae4
tg@stinky:~ $./a.out 20950 20f50 21060 ffbefb3c ffbefae4 ### MidnightBSD/amd64 mirabilos@stargazer:~$ gcc -static x.c
x.c: In function 'foo':
x.c:27: warning: function returns address of local variable
x.c: In function 'bar':
x.c:33: warning: function returns address of local variable
mirabilos@stargazer:~ $./a.out 0x800603080 0x800605040 0x800700000 0x7fffffffe62c 0x7fffffffe62c mirabilos@stargazer:~$ ./a.out
0x800603080 0x800605040 0x800700000 0x7fffffffe63c 0x7fffffffe63c

## Back home

11.07.2010 by tg@
Tags: bug debian event geocache mksh news release snapshot

Bordeaux was very nice (and towards the end much cooler… it’s actually hotter here at more than 50½° north – too warm to think, or do anything) but the LSM/RMLL was very french. They’ll be in Straßburg and Lüttich the next two years so we can probably be expected to attend. I don’t think I can eat duck (which, in south-west france, is a vegetable) or like all that classic french multi-course food so much, but I had enough Couscous Merguez and Thé à la menthe fraîche… and similar good stuff. Many people spoke English and actually asked me whether I do (probably they couldn’t bear me trying to spea^W^W^Wbutchering the language of the Grande Nation) and in general were a friendly bunch. I did see some people with machine guns in the city on the last day, though. No idea what/why… didn’t dare asking ☻

Just another reason to boycott flying: Mario Lang (one of the speakers) was apparently held on the airport and treated as a terrorist due to his Braille line… they thought it was a bomb or somesuch thing.

Travelling with the Thalys and TGV was nice (but I loathe the Métro parisienne… they should build a ring train like the Berlin S-Bahn and just put another stop before Paris Nord and Montparnasse for people who just want to switch trains to take the ring train to the other line). And I want air conditioned trams in Germany too!

I met Uriel (invited him for some food and talked lengthy with him and some 9grid guy), XTaran (who was rather busy organising things), and a number of other people. Did some PGP keysigning as well. There’s now an experimental MirOS presence at Launchpad, not sure what exactly we’re going to do with it but, as Canonical does not care (as Jonathan said in his talk – great slides, by the way, really impressive), there’s no harm in having it. Some Perl guy from America (USA… just to make sure ☺) wanted a photograph of me with a sign “I love CVS” just so people back at home would believe him he’s met such a person *grins* of course I plugged in a little advertising but cvs(GNU) is honestly good. The forge hacking session was a little under-visited (but still a success in terms of getting more communication and maybe collaboration underways, especially thinking of common interfaces, DC, semantic web, OSLC-CM) and since the room was (in contrast to my hotel room and the trams!) not air conditioned we didn’t get much hacking done. The Debian booth was about 40% of one FOSDEM style table wide… and subsequently crowded. There were more people (of course, I was trying to get mksh into Haikuports, Mandriva, and other things; talked about KDE 3.5.11 (Trinity), Qt 3 vs Qt 4, and kwalletcli, and in general to a not-so-usual bunch of suspects – like I said, LSM/RMLL really is pretty french-only).

It is too hot, but I still committed src/etc/rc,v version 1.110 which you want to upgrade your /etc/rc to before upgrading mksh(1) in MirBSD. (All in the name of better performance on platforms such as Debian/m68k and not raiding Linux’ inferior RNG… but it does simplify things.)

I could probably write more but at the moment just want to lie down and die until it gets cooler… even the rain didn’t help. My feet hurt (Montparnasse-Bienvenue didn’t help) too.

## LSM/RMLL; mksh R40, R41 plans

05.07.2010 by tg@
Tags: bug debian event mksh

The current version of mksh had use of arc4random(3) removed, including “set -o arc4random”, to speed it up (on some architectures, a lot) – this will break some existing scripts (such as /etc/rc *cough* on MirBSD…). Hence I decided to publish the next version of mksh(1) as R40 based upon current development, and defer plans for associative arrays (and multidimensional arrays) for mksh R41. There’s also already the change to Build.sh arguments, so this suits me quite fine.

(Read: if running MirBSD, don’t upgrade mksh at the moment.) There will be a new MirBSD snapshot once this is fixed, maybe a few more changes to the shell for better POSuX compliance, and the recently mentioned patent on LFNs (long filename) in FAT will be taken into account with a patch to msdosfs.

I’ll travel to LSM/RMLL 2010, the Libre Software Meeting (Rencontres Mondiales du Logiciel Libre) tomorrow until the weekend, to hack some on FusionForge (this is worktime for me), visit XTaran, Uriel, and maybe a couple of other “usual people”.

Thundersday, between 10:00 UTC and 12:00 UTC, eurynome will be shut down by gecko2@ due to power supply maintenance on the host system data centre.

We have a new mirror in the Americas, thanks a lot to Mike 'Fuzzy' Partin! Benny will mention it on the webpages once it’s working.

## 21

Tags: work

No, it’s not just half the answer. I think we’re much farther down the way than that ☺ while there are still improvements planned, under development, and to come, we’ve gone a long ways from 4.5 based Evolvis platform releases.

I have just upgraded all tarent-internal instances of Evolvis, as well as the public evolvis.org forge, to a new version of the FusionForge based EvolvisForge as well as MediaWiki and its extensions.

There are several new extensions, almost all of them enabled by default. You can see a tech demo of these at https://evolvis.org/plugins/mediawiki/wiki/evolvis/index.php/PluginDemo (which will automatically show you an English- or German language version depending on your web browser’s preferences). The extensions are:

• Math
• Cite
• Collection
• CreateBox
• Footnote
• GraphViz
• ImageMap
• InputBox
• LanguageSelector
• News
• PageCSS
• ParserFunctions
• Polyglot
• SpecialCite
• SyntaxHighlight_GeSHi

The MediaWiki extensions are “driven” (configured) by the forge semi-automatically, for example RSS_Reader uses a per-project (forge group) cache directory instead of disabling the cache (which needed to be done for the Debian package, since the default installation does not have the luxury of a directory writable for the Apache user). The configuration closely matches the “old-style” (JH) Wiki integration that has been done for Evolvis 4.5 previously.

Further changes include a fair number of bugfixes to the code, theme, wiki, extensions (fed upstream), and XHTML compliance. We know there are still enough bugs to keep us busy for a while, but you might notice some improvements; others are hidden but shorten the Apache error_log noticeably ☺

To further summarise from the developer/package management system changelog the (non-bugfix) changes from the last version include:

• reduced space requirements by using the xz compressor instead of gzip for nightly Subversion backups
• give forge (group/project and site) admins more permissions in the Wiki by default
• Konqueror users have clickable sftp:// links in the places where SFTP/manual file upload can be used
• displaying filenames of uploaded files, including rules for them, has been improved
• there are now two automatic mailing lists (for newly created groups/projects): unixname-commits (where every member with commit rights will be added automatically) and unixname-discuss (where every member will be added automatically); of course there’s still the option to unsubscribe or, for non-members, to subscribe (a new Mailman integration is being worked on)
• new values for PM (Tasks) status fields
• the ability to copy a task to another subproject
• customisable display for the Tasks area

Notable bugfixes:

• the SCM URLs now always use the correct hostname
• help window pop-ups are working again
• Evolvis can now almost fully be used with PHP 5.3 on Debian unstable (although we are still formally targetting Debian Lenny (with select backports and custom packages) specifically)
• font sizes (in the forge and the wiki) are finally consistent
• slight performance improvements

The time tracking area in Tasks has been disabled, since there is a company-internal tool doing the same, with an Evolvis integration being developed.

We hope you enjoy the latest installment of the Evolvis platform!

-- Thorsten Glaser, for the tarent Evolvis task forge, FusionForge and Mediawiki

17.06.2010 by tg@

My laptop odem has a somewhat split personality… half of it ended up in the waste bin, the other half will probably end up being sold under price to someone who may then sell the parts separately from each other (I’m not in the mood to do packaging and shipping). Salvaged parts: some PC133 SO-SDRAM (probably 512 and 256 MiB), an Athlon XP 1400+ CPU, an Acer Aspire 1300XC(?) BIOS, floppy drive, DVD-ROM/CD-RW drive, complete display (panel, inverter and chassis), CMOS battery, a lot of screws, the fan, some cables, the upper half of the chassis, the keyboard, and probably other things.

In case someone noticed: the mksh web page now looks nicer, and it’s even mentioned in some forum thread as the “popular” shell ☺

tg@blau:~ $ls  The command sticks in the history, and is not immediately shown in the next interactive input line, which I consider a plus in most use cases. Anyway, try mksh (just a-g i it), there are a lot of goodies. I found out about Ctrl-O only a year or so ago myself… I wonder why schizo didn’t write about how to do it in posh tho ☺ ## Hello, World! 22.05.2010 by tg@ Tags: mksh Just a random status update: I’ve been too busy with the dayjob, now ill for about two weeks already. There have been some minor mksh fixes but I’d still like to catch up on the Austin ML postings before releasing R39d; Android discussion is live. The base system has some issues found, but I will take a while (no hacking mood, even when not ill). Scan this! and Google’s playable logo is just weird (at least no sound in Opera) but at least it’s not Fläsh. I played it but there’s no second level. Tonnerre likes «Forth op de Fiets» (as a pun on Ruby on Rails), which lets me remember the Forth Glockenspiel. Sorry for the lack of updates, but MirBSD is still pretty much a fun project, and Benny is working on his Doctor thesis too. FWIW: Patents on software are evil and times are worsening. I suppose, if we’ll be able to continue MirBSD at all, I need to disable FAT LFN support. Sucks. ## New pkgtools stuff 13.05.2010 by bsiegert@ The bsiegert-cfgfile branch of the MirPorts package tools is coming along nicely. Today I committed a patch to info/perform.c that puts its logic from the head on its feet, making the function more readable and, incidentally, getting rid of two gotos. The header of the information has become a little more informative. Watch: % pkg_info foo pkg_info(foo): cannot find package 'foo' installed or in a file! % pkg_info tiff | head -4 Information for tiff-3.7.4-1 (installed): Comment: library routines for working with TIFF images  Something new that I got working is support for giving the name of an uninstalled package in a repository mentioned in the new /etc/pkgtools/pkgtools.conf file. This works for both local and remote repos: % pkg_info tiff-cxx | head -4 Information for /usr/ports/Packages/tiff-cxx-3.7.4-1.cgz: Comment: C++ API for working with TIFF images % pkg_info mc | head -4 >>> ftp -o - http://www.mirbsd.org/MirOS/Pkgs/current/i386//mc-4.6.1-16.cgz Information for /var/folders/Xk/XkVpSyd8F0WZnoK9NwgsWU+++TI/-Tmp-//instmp.4OV2INPVOK: Comment: free Norton Commander clone with many useful features  Actually, in the last case, the output could be improved some more :). You can also give it a package specification such as "tiff->=3.0". If more than one package matches the specification given, then a menu is displayed from which you choose one. This happens, for instance, if you have an older version built locally and a newer version of the same package in a remote repo, or if several flavours of the package are available. The changes are not in the HEAD branch yet, I will merge them when I consider it "done". ## Migration successful! Tags: work tl;dr: EvolvisForge 4.8 deployed on *all* tarent systems now. Let’s party! Stay tuned for even more cool features. I just installed EvolvisForge 4.8.3+evolvis12 (after quite some bugfixing) on evolvis.org and the last remaining internal instance. This means that tarent is no longer running GForge 4.5 so let’s celebrate! You’re hereby cordially invited to check out the public Evolvis and what makes it so good (FusionForge based) and then even better (our hard work ☺). This is the latest and greatest, but still work in progress, we have a lot of further improvements planned, so stay tuned! ## How to upgrade SKS Berkeley DB (bdb) etch→lenny 09.05.2010 by tg@ Tags: debian pcli Some things are ugly. Waldi’s suggestion fails. db4.6_upgrade: Program version 4.6 doesn’t match environment version 4.4 db4.6_upgrade: DB_ENV->open: DB_VERSION_MISMATCH: Database environment version mismatch Can’t start it manually. debian-sks@dev:~$ /usr/sbin/sks recon
Fatal error: exception Bdb.DBError(“Program version 4.6 doesn’t match environment version 4.4″)

The log only shows:

2010-05-09 16:59:29 Opening log
2010-05-09 16:59:29 sks_db, SKS version 1.1.0
2010-05-09 16:59:29 Copyright Yaron Minsky 2002, 2003, 2004
2010-05-09 16:59:29 Licensed under GPL. See COPYING file for details
2010-05-09 16:59:29 http port: 11371
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Opening KeyDB database
2010-05-09 16:59:29 Shutting down database

The solution is ugly as hell, too:

root@dev:/ # su – debian-sks
debian-sks@dev:~$cd DB debian-sks@dev:~/DB$ db4.4_checkpoint -1
debian-sks@dev:~/DB$db4.4_recover debian-sks@dev:~/DB$ db4.4_archive
log.0000002839
log.0000002840
log.0000002841
log.0000002842
log.0000002843
log.0000002844
log.0000002845
debian-sks@dev:~/DB$db4.6_archive -d debian-sks@dev:~/dump$ cd ../PTree/
debian-sks@dev:~/PTree$db4.4_checkpoint -1 debian-sks@dev:~/PTree$ db4.4_recover
debian-sks@dev:~/PTree$db4.4_archive debian-sks@dev:~/PTree$ db4.6_archive -d
debian-sks@dev:~/PTree$logout root@dev:/ # /etc/init.d/sks start Starting sks daemons: sksdb.. sksrecon.. done. Wow, our internal keyserver works again. Thank you, Debian… This solution courtesy of Uwe Hermann, although it was for Suckwürstchen. ## Upcoming migrations 03.04.2010 by tg@ I finally managed to move my arse and buy a new Socket 7 CPU fan for herc, two new 160 GB IDE HDDs for tear, and plan a number of other migrations. Within the next time, the SSL certificates will be renewed (changed away from CAcert to some as of yet undefined CA for the main (web)server and to ca.mirbsd.org for the secondary services), www will possible move to a dedicated box, cvs from herc to tear for sure though. I’m at gecko2@’s place right now though, so it’ll take a while more (obviously). I’ll take the chance to re-design a number of things during the process and clean up old, no longer used things, as well. I know I should probably have written something about CLT (it was great, except for the social event, which confused everyone about the who where etc. and I had a headache and the sounds they provided (no music…) didn’t help either, but it was planned and exercised very well and much cleaner than ULB too ☺) and that I managed to do two geocaches in East Germany… and a plethora of other things (I did staff the Debian booth, there were neither a MirBSD nor FreeWRT booth after all; there is interest in makefs(8) but the 31/32-bit limit must go; etc). I’ve had a demanding three weeks at work though, and I’ll probably not write much content for the website anyway any more, but I’ll try to get more hacking done. mksh got more POSIX compliance, and we’re discussing about the things on the Austin Group mailing list. I’ll be writing a bootloaderloader for mika and Grml, with special consideration for a blind user. I need to get screws, RAM, a hard disc and a PSU for my new Cobalt Qube2 and put Debian on it to debug things. I plan to buy the upgrade kit (to 20 MiB RAM) and a new battery for nwt (and use glue to put the broken-off edge back there) just like I started renovating my hardware pool. OpenSSH needs an import, others may need work. So, I’ve got a TODO longer than a lifetime, so I get to pick my things ;-) There will not be a MirBSD booth at LinuxTag in Berlin. If I’m going (even that’s not sure), I join a shared AllBSD booth, which seems to not happen, or… bsiegert@ will be at some conference for his Chemistry stuff again, and it’s too far for gecko2@ to attend, so I would’ve been alone anyway. At FrOSCon, though, we’ll be sure to happen (I’m even trying to cobble together a FreeWRT booth again, but there are not enough volunteers coming who aren’t expected as another booths’ staff). gecko2@ upgraded ports/editors/nano and desired documentation, possibly in the form of a tutorial, on how to do it. And I hope bsiegert@ will remember that Google’s “Go” is the second one of that name and use something like ports/lang/google-go (on second thought, a company name in a directory is bad too). And there’s kencc in ports already so I’d like an Inferno port first. ciruZ said that Syllable is pretty much dead… sad, since mksh now works on Haiku and both Syllable and Plan 9 had similar issues with it, so I was hoping we could get them fixed… (bsiegert@ is our resident Plan 9 expert, so I need to push him into looking at it.) Speaking of MirWorldDomination, /system/bin/sh on Android-x86 is an mksh(1) already ☺ ## Go 02.04.2010 by bsiegert@ Today was a fine day, which I spent at the excellent Zoo de Mulhouse. Alas, most of the plants there are still in “winter mode”. Recently, i mentioned in a thread on reddit that Limbo (under Inferno) is “my favorite obscure programming language”. Someone else replied that “it is now called Go”. This led me to take a look at the Go programming language made by Google. Sure enough, there are big names behind it: Rob Pike and Ken Thompson, of Unix (and Plan9) fame, and also Russ Cox, one of the most prolific Plan 9 fans. When you compile Go, the first thing that is built is a lib9, which contains Plan 9 code, such as the rune routines for UTF-8. The Go compiler is derived from kencc. For the 386 architecture (the one I tested), you get 8g (Go), 8c (C), 8l (linker) and 8a (assembler). For the record, there is also a Go compiler using gcc, which is able to call C code. Leaving obvious syntax differences aside, Go indeed resembles Limbo quite closely. There is no first-class list data type however, and there exists a curious difference between arrays and slices. Slices are some sort of pointer to (part of) an array. Arrays are passed by-value to functions while slices are passed by reference, it seems. There is also an associative array type that maps one data type of your choice to another, for example a string to an int. Other Limbo niceties, such as easy string manipulations, are also present. The first thing I tried was porting a scientific program I had written in Limbo before. The math module looks almost like its counterpart in Inferno but is missing the gemm() function (generic matrix multiplication) from BLAS3. Thus, I ported it from the Inferno sources, where gemm() is written in C. (By the way, that code looks like it has been ported from Fortran 77.) Porting from C just involves removing a few parentheses (in if and for clauses) and semicolons (just about everywhere). I have not explored it much further yet. But it does look very interesting for system programming and similar things. The only thing missing now is a MirPort ... ## Just deployed evolvisforge 4.8.3+evolvis2 Tags: work tl;dr: EvolvisForge 4.8.3+evolvis2 deployed, almost all systems converted; FusionForge 5.0 coming Really Soon Now, faster if YOU help! I’m happy. I just was able to deploy a new version with many improvements on almost all of our systems (save the two which are not yet on 4.8 but stuck on 4.5 codebase). For example, Roland has provided code to set the roles’ default permissions in a new forum, tasks or tracker subproject to some (sane) default value, instead of Read – now that they’re suddenly honoured, the bug (of them not being set to e.g. Tech) surprised many people. I’ve written a CAPTCHA for user self-registration, in the hope of fooling automated login bots to fight spam accounts like we see at evolvis.org quite often these days (maybe spammers have special bot codes for *forge?). The automated creation of ~user/.forward to enable mail forwarding for «user»@«forge» the same way «user»@users.«forge» is already handled now also works well. Other nifty things include bug fixes and more features in our theme (which should not be considered public) and the mediawiki plugin (allowing better control over importing, editing the Sidebar, logos, etc) and better XHTML/CSS compliance and browser compatibility. Admins will love this: one can now set the password of any user if one is a Site Admin! (Before, this involved quite some database fiddling after calling md5(1) and encrypt(1) manually.) The only sad things I see are that we cannot yet upgrade all instances we run to gforge-plugin-mediawiki, so they keep running the old-style separate wikis, which run on the same database though, preventing it from being upgraded from PostgreSQL 8.1 to 8.3 (due to the age of the mediawiki engine being used), and that our internal forge and the public one, evolvis.org, cannot yet be upgraded (especially as I’ll be on vacation RSN). Still, we hope our cow-orkers enjoy the new release. On the other track, we’re already running towards a stable 5.0 release, which will rock. One of my colleagues is helping with translating the strings into German upstream, and the branch is created; the code is being stabilised now and short of a release (also, thanks to the speedy help of the Debian FTP masters, with a detailed and correct debian/copyright file and a DFSG free distfile). Some tarent/evolvis extensions have found their way in there already; FusionForge 5.1 will have more, we guess. Keep up the great work, FusionForge people! FAQ: When will FusionForge 5.0 be released? ⇒ As soon as it’s ready. Faster if you help. EvolvisForge will migrate to a 5.0-based code some time after, taking care of possible regressions and merging our changes, some of which will then wander into FusionForge trunk, hopefully ☺ ## CLT 2010 07.03.2010 by tg@ Quite surprisingly, I’ll attend the Chemnitzer Linuxtage 2010 in Eastern Germany. This is a happenstance, I managed to get fast transportation (via my boss) and accomodation (in a hotel). I will try to help staffing the booth of Debian this time (so I cannot be called Traitor any longer). Schedule, due to the spontaneousness of this, no, though. I may not even be there on Sunday, dunno… No RCBD (or night) though, some real life and a new release (with fix of an FTBFS-on-hurd-i386 bug) though: RMD160 (/MirOS/dist/mir/makefs/makefs-20100306.tar.gz) = f65bd8ef5cf3306a9112587dd4915b6255e479fe This version pulls in NetBSD® changes (Acorn Archimedes support, for one), but I’ve also coded support for boot-info-table (J�rg compatible), as well as setting the PVD dates (used by GNU GRUB 2 for “UUID”s). On MirBSD, cdio(1) can now be used to burn (TAO) and blank (quick) CD-RW media (I backported some OpenBSD changes) too. ## RCBD #2 04.03.2010 by tg@ Tags: debian My ex-AM now sort-of mentor Zack asked for help of an Autoconf/Libtool guru with an RC bug... well, The MirPorts Framework taught benz and me, under consumption of a bottle of wine, how to deal with that stuff. So I've fixed #559822 (CVE-2009-3736, another of them...) and NMU'd. Sort of a PITA, considering gettextize runs interactively, and there's a lot of files to remove in debian/rules:clean for a double-build to not add nonsensical files to the .diff.gz; but I did it in the end. ## On ranting... 04.03.2010 by tg@ Tags: debian Yes, my rant was more against the things I encountered during keysigning, not keysigning itself. However, I still feel X.509 doesn't have these problems, and nothing I can think of will persuade me to think PGP/MIME better than Inline PGP. (Especially when the recipient's key contains a notation that he wants the latter, but not the former.) Jonathan does have some good points about the (PGP) Web of Trust. Again, that wlog entry of mine was a rant; I had let the topic stew over night, trying to get the anger out, but on the next day it just wanted to get out of me, I merely wanted a good old rant. I think I'll not include Planet Debian next time I do rant, though (it's not the place to do so). ## CLI for the KDE Wallet • 2.02 03.03.2010 by tg@ Tags: debian news The Command-Line Interface for the KDE Wallet, Version 2.02, has been released and dput into Debian unstable. (The lenny-backports version will follow.) It took me quite a while to reproduce, then track down, the bug; having unrelated problems at the same time didn’t help either… ## EvolvisForge blog created Tags: work It took us a while, but we’ll be participating at Plänet Forge soon as well. We, that is the Evolvis team at tarent GmbH: • Thorsten Glaser (that’s me), a sysadmin at tarent and an Evolvis developer • Sven Frommeyer, an apprentice sysadmin at tarent • Stefan Walenda, our project manager • … and potentially others To clean up the nomenclature… • Evolvis is the platform consisting of EvolvisForge and others, such as a Continuum or Hudson build server, an Alfresco DMS, a MediaWiki, … • EvolvisForge shall be the name of the customised installation (not fork) of FusionForge (formerly gforge-*.deb) that is used by Evolvis • evolvis.org is the public platform where tarent GmbH is presenting their open-sourced projects • There are other Evolvis installations at *.tarent.de domains, which are private. EvolvisForge customisations mostly consist of: take a stable FusionForge version plus bugfixes, sometimes backports (such as the FF 5.0 MediaWiki integration), change some defaults, and add Evolvis branding such as our theme. Also, some integration with the other Evolvis components, Univention/LDAP, etc. This is a welcoming posting, so I better keep it short. We’ve been in Issy-les-Moulineaux (I hope I spelt that correctly) breaking up the French cabal, but they’re all nice people. Let’s try and improve all the forges! ## Rant about PGP keysigning problems 23.02.2010 by tg@ Tags: debian mksh rant Update: This wlog entry uses aggressive tone because I somehow needed to vent frustration from using some of the tools. I should probably provide some constructive critics, too... but this is a rant. Be warned. Keysigning is useless. I boot up a suitable live GNU/Linux system, install signing-party, take the trouble that is to set up caff, transfer my secret key from the secure box, sign. I think caff providing the keys in a different order than they're given on the command line sucks and just run caff once per key. I did even start Postwreck. But no, people just don't accept any mail from "EHLO grml" systems, and I still cannot control my reverse DNS despite having a static IPv4 address (and IPv6, which looks to be unused). People also pretend I'm on dial-up. Great! I will no longer participate in any (mass) PGP keysigning but will continue to do so on a per-person basis. Probably sign but one uid, either apply common sense and upload it to t̲h̲e̲ keyserver, or mail the entire signed key to one address. By the way, how crazy is it that I need to use the deprecated$CONFIG{'mailer-send'} to pass an envelope-from to the mailer? It also suffers from the same delusion as e.g. nmudiff, namely that my Debian box is a fully set up workstation able to send out eMail and configured correctly. At least, it, unlike a number of others, does not assume I use mud (Mutt). grml…

Oh, and caff does a protocol violation (by always sending out GnuPG/MIME and not offering the standardised Inline OpenPGP), I think people just don't care about such. (There is a notation people can use to signal they want PGP/MIME, Inline PGP – which is called "partitioned" – or both (and which order of priority) but, alas, despite Inline PGP being the only one useful for the MUAs without integratin, and being more widely spread than that PGP/MIME crap, the followers of the latter do some (FSF-style?) kind of vendor lockin by not speaking anything else.

Anyway. I'm all for X.509 except there seems to be no sane CA (Startcom is... trouble, even with Opera; CAcert.org is dying). I'll just buy a certificate (not from Verisign though) for www, and roll my own again (I can do it, I have experience with that actually).

On an unrelated side note, still waiting for an OpenSSL patch for that recent TLS extension...

ObRant: password policies, be they required characters or any kind of length restrictions, suck. People I will eventually end up with less secure passwords on such systems, because even if some of mine may appear to be derived from some kind of dictionary (what language that is I'd be interested in, though...) they aren't, and I have my schemes. You got to have them with a gazillion of passwords used. And I probably will forget them more often (and sending them via eMail is also not a solution).

Unrelated notice: mksh R39c with bug fixes coming RSN.

(Updated 24.02. because I was, rightfully, told the language, and the title, were too strong. I also would like to excuse for going so low as to write an ad-hominem attack, which I've since redacted.

## After FOSDEM 2010

08.02.2010 by bsiegert@
Tags: event

FOSDEM was a great success. Once more, thanks to Daniel Seuffert, Marius Nünnerich and the others from the AllBSD project. We distributed 400 CDs with the latest snapshots, of which about 350 were distributed on Saturday alone. There was a stronger demand for French flyers compared to the last years; I think that more locals (i.e. Belgians) attended the conference. Many of these people were only there on one of the two days.

Kudos also to the people from the Debian booth (especially Axel “XTaran” Beckert) for lending us a screen for the showcase computer. Due to communication problems, the others had not brought a spare screen as usual, and I could not bring one on the plane.

I held my talk about Build Systems with autoconf, automake and libtool on Sunday at noon, with a very interested public who posed some very concrete question. I conclude that there is a real need for this kind of “HOWTO”. I will write a bit more on the subject of autotools, in the meantime the slides are available at SlideShare, where you can view the presentation online (Flash required) or download a PDF.

Oh, and contrary to “popular” belief, the food at the Pakistani (!) restaurant on Saturday was excellent :).

## the day after FOSDEM

08.02.2010 by tg@
Tags: event

Bauch wieder OK, dafür nen recht wehtuënden Frosch im Hals, Hammerkopfschmerzen, Rückenschmerzen und bißchen Gliederschmerzen. Grml. Ich mach' im Moment erst mal nix.

## FOSDEM 2010, day #2

07.02.2010 by tg@
Tags: event

Ich glaube, das Essen gestern (war eh’ scheiße, heh… anyway, der Couscous-Laden hatte zu, und Benny und gecko2@ und Anhäne haben mich zum Inder geschleppt) ist schuld, daß es mitr im Moment scheiße (heh…) geht. Mist.

Ich freue mich schon auf das Essen gleich, hoffe, daß es frischen Minztee in großen Mengen geben wird. Und daß ich die Reise nach Hause unbeschadet überstehen werde. Immerhin haben wir gut, aber zu wenig ☺ wie immer… geschlafen.

XTaran hält gerade seinen Vortrag. Dem Benz seiner war gut.

## FOSDEM 2010, day #0

05.02.2010 by tg@

Yesterday, I arrived in Bruxelles, coming from the Issy/Paris FusionForge meeting which will be described more later by Roland on Plänet Forge. Please tell Ohlol if you use it, for more visibility.

There is a new inter-forge mailing list as well, see the info page. People from Coclico and the various *forges may want to subscribe there (forge developers, not so much users (hosters) or end-users (hosted project developers/users) though).

At FOSDEM, Benny and I (and maybe gecko2) will be running the MirBSD booth, so no Debian staffing for me, sorry. But I will be there. Also please do ask me about mksh – the MirBSD Korn Shell etc.

There are flyers in German (not updated), English and French too! (One of the *forge guys did install mksh(1) after reading it, in fact.)

Don't you people dare miss the two talks: from Benny about how to package with autotools and libtool correctly and from XTaran explaining Debian GNU/kFreeBSD. Benny's also famous for his talk about Painless Perl Ports with cpan2port; XTaran's famous for a whole bunch of other things.

I still have some catching up (wlog entries, keysigning, webpages, etc.) to do, please bear with me. I don't really have a proper work environment with me.

There's a chance I will not be attending the Beer Event in the Delirium Tremens café (last year's still remembered). Benny will certainly be there, though.

Could someone please order nice weather? I still need to eat some lunch and find a supermarket to shop for the weekend!

## Hello, Debian!

31.01.2010 by tg@
Tags: debian

I got an eMail tonight. I guess this means I can say hello officially now. (Everything else is details, waiting and fixing some bugs and technicalities, or so.) Thanks to everyone involved, I learned a lot already. Oh, and I had a look into madduck's book (the old sarge edition, which I got for free recently) and found a nice graphic explaining what non-native English speakers (I even had Latin first, and 3 programming languages!) don't, from the Debian constitution.

Congratulations XTaran for making it as well, even visible on the website already!

Please don't file an "Please package mksh R39b" bug again, I am aware there's a new version ;-) as I'm upstream too. I'm just short of time at the moment, and I'd like to put out high-quality packages. Besides, the webpage needs fixing first (while the checksums and the changelog for the release are there, no proper announcement is yet, and I'd like, for this version, to add a "upgrading caveats" section, since due to bugfixes and better standards compliance some scripts need to be updated; some of the pdksh behaviour favoured Bourne over POSIX even!

30.01.2010 by tg@
Tags: snapshot

The 2010-01-30 snapshot was uploaded to /MirOS/current/ with i386 (actually had to restart due to cid 1004B6372DA2A612787, then manually incorporate cid 1004B6448D51D101C96 and re-do the floppy, and then, cid 1004B64C58E652566A6+1004B64C5FC627C5254 and especially 1004B64D0994DA8A990 are still not honoured), sparc (built 2010-01-25 though), MirOS bsd4grml and MirOS bsd4me (with another number of commits). If I had more time, I'd probably rebuild them both. As things are, I consider pimping all four of {i386,sparc}/{,x}etc10.ngz before making the FOSDEM Live-ISO. Maybe even put the re-built boot.fd into base10.ngz and re-do all of the ramdisk kernels, floppies and CDs. Ugh.

## To do.

28.01.2010 by tg@

The MirOS Project will have a booth at FOSDEM 2010, business as usual. If you thought otherwise, you’re crazy ☺

I know I should write a wlog entry about the BSP, write more, release mksh R40, fix the TaC of it and the kwalletcli webpage (thanks again, it’s now in Debian sid!) etc.pp but I also need to prepare an ISO for FOSDEM, etc. Heck, I should prepare a talk for FOSDEM, but I’m not going to. If I need to stand there and talk, I’ll talk, not hold a presentation. I’ll just see what people are interested in, talk about The MirOS Project, and improvise.

I’m busy, and there’s only so much computing you can do in a day. This does include the dayjob. At least, my NMUs are in Debian now and probably can help people (and I submitted info about other bugs too).

Anyway, watch the news in the months to follow… can’t talk about everything now.

## Various topics, and, at least *some* people think!

20.01.2010 by tg@
Tags: debian event mksh rant snapshot

Marc Fleury, JBoss founder joins the ranks of Tonnerre, me, and other people requesting that MySQL (and MariaDB!) please finally die. Everyone, don't even fork it. Use a real database instead. Or, at least, SQLite. Really.

We're going to FOSDEM 2010 (of course – I've been at every FOSDEM that was not just an OSDEM, Benny and gecko2 are regular attendees as well, as are other projects of mine such as FreeWRT and Debian GNU/kFreeBSD, by proxy). There will be a recent MirBSD snapshot I've yet got to build, with the new floppy format ustarfs (idea, but no single line of their stinking ridiculously huge code, stolen from NetBSD®) and other improvements (albeit less than I wanted to get done by then). The days before, I'll attend the first FusionForge meeting to break up the French Cabal, with my work hat on. That is also my first time in France (outside of the Elsaß). People, make a good impression on me to overcome the classic prejudices ;-)

This weekend I'm going to meet my Debian Application Manager zack, have some good beer (ugh... first this, then Paris, then good belgian beer...) and fix some bugs, all while learning even more. Sounds like fun, but I almost feel overwhelmed, in contrast to the years of much less travelling from my past. I've also started sort-of mentoring Simon, one of our apprentices at work, into the Debian processes. (On an unrelated side note, formorer recently said bpo will become bp.d.o soon. Great!)

Please don't laugh at this excuse for a webpage, as I've yet to fill it in, but my CLI for the KDE Wallet is hereby deemed ready for public consumption, with a bug-fix release 2.01 (bugs actually found during preparation of a port to Debian sid and KDE 4, which is much much worse than KDE 3, plus it looks so absolutely disgusting I'm not even sure Windows® Mistda is worse). I hope the package will end up in NEW soon (and once progressed to testing I may be able to make the KDE 3 variant official via lenny backports; my WTF *.deb repo will hold them until then.

There are more webpages I need to fill in... mksh's TaC, arc4random (which needs some major redesign as well) and BSD::arc4random, the RANDEX protocol (entropy exchange over IRC) and its plugins and patches, ...

Not just Mac OSX (and, I hope, iPhoneOS) will soon come with mksh(1), but also Android (I prepared patches to make it /bin/sh, which works quite well – although I need to find out how to make a hardlink so that #!/bin/mksh scripts will run) and Maemo, for which I wrote an mksh package in a garage project, which also needs some love w.r.t. testing on actual devices, menu integration, etc. (Please contact me if you can help with either of the three.) We also have «lewellyn:#ksh» making a package for the new OpenSolaris system (thanks again). People persuading Apple to put it on the jesusPhone are also welcome. (This does not mean I endorse any of these – right now, I'd probably get the most of a WinCE PDA with built-in GPSr, WLAN and maybe GSM/GPRS.)

English and French native speakers, please review, and Dutch native speakers may contribute a translation of, our flyers. (Source code for these is not available, sorry. Benny makes them in Quark on System 7 in Basilisk II, used to be Classic until Apple yanked it. But still, they use only free fonts, free imagery or such the MirOS Project is allowed to use, and beat every single other FOSS project flyer I've ever seen by far!)

There's probably more I could write, I bet I forgot half of it anyway, but I'll leave it at that for now. Get yourself a nice cup of hot chocolate, pour an Espresso into it, and enjoy the mix with a piece of cake (I'd say strawberry or mousse-pear but all they had was cassis-créme) and pity me for not knowing any French next month.

## new MirBSD-current snapshot; more TODO done

03.01.2010 by tg@
Tags: debian snapshot

The MirBSD Midi-ISO (bi-arch manifold boot) and NetInstall for both i386 and sparc have been upgraded to the 20091226 snapshot (sorry for the delay). A separate news announcement will be done when a full ISO (MirBSD + MirGRML) is done.

Other than that, I have fixed a couple of things all over the place, jupp for example. The planned release of mksh R39b is still not done though, as I’m only human as well, and too much hacking isn’t something one can do without relaxing some in between.

On the Debian front, my RCBD #1 was continued, here’s #1½ results:

• Carry over from day #1
• bug #552791 – acorn-fdisk – Copyright file does not contain verbatim copy of the license or a pointer to one
• bug #562647 – gidentd – Does not work with ipv4 after recent change in netbase
• bug #531937 – autossh – FTBFS on mipsel due to missing -fPIC
• New ones
• bug #563522 – acorn-fdisk – cleanup patches
• bug #563525 – gidentd – cleanup patches

Explanations: I did go overboard during the first patching session, but I suppose this is what the NM learning period is for too. The autossh maintainer said thanks and will probably integrate my patches, so I don’t need to NMU. I could close the dietlibc bug. The other two didn’t look as good, I had to separate the fix for the RC bug (and other required fixes, such as ftp-master rejects – there were none though) and my other fixes; I submit the former as NMU diffs again and pointed Zack to the .dsc files, and opened the aforementioned two new bugs with the rest of the diffs, so the proper maintainers can take and apply them.

There’s questioning if gidentd should be removed (see the PR for more); the acorn-fdisk upstream (arm-fdisk it’s called there) is not actively developing but will receive patches; the autossh maintainer said thanks but I didn’t yet hear back from upstream.

The binutils as intel_mode bug was fixed upstream and in experimental for my case, but I had to reopen things because the variant documented in binutils-current still doesn’t work, so others (who use the new, more intel-like, syntax) don’t run into it.

Luk sent me a request to do more mipsel-FTBFS-due-to-toolchain-bugs workarounds. Will do (but can’t promise to do so before the upcoming BSP.

Robert Millan incorporated something like manifold-boot into GRUB 2, after I described it to him (the debian-bsd@ people are currently sorting out some heisenbugs with it, though). Now there’s three variants (but then, this helps spotting bugs that don’t appear in all implementations).

sendmail 8.13.4 is out, I wonder when OgreBSD will upgrade… I could do it myself again, but this time it’s not that urgent. Still waiting for the TLS extension, though…

## catching up the TODO

01.01.2010 by tg@

Wow. Cleaned up mksh, did NMUs for T&S 1, tested nwcc, validated mksh-current (what will be the base of R39b) on HP-UX, but there’s still a lot of things I need to do. A new MirBSD snapshot awaits, more ports fixes, new LLVM, I’ve got to fix the typos I found, and much more. And it’s already this late. At least I feel like I’ve achieved somewhat much ☺ I somehow need to put an order or priorities to tasks.

The 26C3 gang has also returned, with delays that seem funny to those not involved… and tonight snow came back as well. Benny still works on the pkgtools configuration stuff. I wonder how much effort it would be to patch both pkgtools and apt to play together optionally… we wouldn’t lose that what pkgtools already have as high-level functionality, gain some of dpkg’s low-level functionality (must be reimplemented though), and for these who want, a (GPL’d…) high-level tool for binary package management.

FreeWRT is also slowly gaining a little more traction, even from its founder (who asserts that FreeWRT 1.0-stable is the only OS for WRT-like devices that does WDS correctly, and feeds us patches). I still think we need MirWRT ☺ with a ports-like instead of buildroot-based system, but will never have enough time and interest to do that…

And: our website source code is in fact superiour to many others ☻ and quite extensible and flexible…

## RCBD #1

01.01.2010 by tg@
Tags: debian

My first RC Bug-squashing Day (or rather night):

• bug #552791 – acorn-fdisk – Copyright file does not contain verbatim copy of the license or a pointer to one
• bug #562647 – gidentd – Does not work with ipv4 after recent change in netbase
• bug #531937 – autossh – FTBFS on mipsel due to missing -fPIC

I picked all of them mostly randomly from the list Zack gave me, and except dietlibc they are packages I had not even heard of before. The first one begun easily (track down licencing information, pimp debian/copyright, but I ended up fixing compiler and lintian warnings and even wrote a manpage for it while there (but for this one, I didn’t bump the Standards-Version). The second one was only the second one to complete because the others took longer; it’s basically a change of a dæmon to use two instead of one listening socket, to work with a “doble stack” OS instead of just a “dual stack” OS by not using v4-mapped IPv6 addresses (I considered if to use select(2) or poll(2), or to just fork and have two dæmons running, but that seemed too ressource-consuming to me so I chose the less-complicated poll(2) method, looking at popa3d(8)’s source code (inherited from OpenBSD) in the MirBSD tree since I could not find my network programming book. The third one was basically communicating with upstream; the bug can be blosed with no change to the package. The fourth one took me a while; luckily I have qemu 0.11.0 on MirBSD, and aurel32’s mipsel qemu images helped a great deal; however, cowbuilder --create failed for me, so I ended up waiting almost the entire night for a-g d-u to finish; in the end, it was simply a bug in upstream’s configure.ac which is only exposed due to a toolchain bug on mips(el).

To do: my AM Zack needs to upload the NMUs (after checking, of course); I need to communicate some of the fixes upstream (the gidentd upstream is NXDOMAIN ☹), produce a very small testcase for the mipsel toolchain bug, maybe fix some more mipsel FTBFSen as I have a working qemu instance now, but maybe I’ll do that at the BSP when I can’t find IPv6 bugs or so that I feel I can fix (I also want to do an mksh release which has to be prepared first RSN, and there’s still the need to formally publish the MirBSD-current bi-arch snapshot and make another ISO out of it for BT and prepare the multi-BSD USB stick for allbsd.de…).

Annoyances: a-g d-u could ask me things at the start before working for some four+ hours instead of in the middle, and the same questions several times (PAM restart). The sid kernel doesn’t boot today but did yesterday, the lenny kernel produces this:
Starting the hotplug events dispatcher: udevdudevd[320]: udev: missing sysfs features; please update the kernel or disable the kernel's CONFIG_SYSFS_DEPRECATED option; udev may fail to work correctly
(I hate udev.) And, worst of all, these annoying fireworks (some sounded like originating from inside our staircase, I pity the neighbour’s cats) when one wants to hack… Finally, I *loathe* CDBS. Debhelper v5 rules!

Oh, and I also was under the impression that “Firstname LASTNAME” was a French thing, and to a much lesser extent Asian. (@bubulle)

## new snapshot upcoming

29.12.2009 by tg@
Tags: snapshot

I’m almost there: i386 and sparc have compiled complete. Now I “just” need to do some release engineering (consider whether to re-roll the ports10.ngz dist set; creating the combined manifold Midi-ISO, various things with checksums and signatures, announce and upload) then we’ll have a new snapshot. Finally, I also plan to create a big ISO to replace the “wtf ist hallowe’en” edition. No new MirGRML but nevertheless bugfixes for grub.cfg (memtest and vga modes).

The other side is that I didn’t have to do much for this, luckily; I was still suffering from some kind of cold+stomach ache. I hate that. I bought vitamines etc. for $alot € yesterday to fight it better though. OpenBSD can build the kernel with pcc now, nice. I thought ÆrieBSD was the one with switching to a GNU-free toolchain goal though… ## speling[sic!] 27.12.2009 by tg@ Tags: debian With the Lintian 2.3.0 saturday-after-christmas release (by the way, over here if it’s done twice it’ll really become tradition) I’ve run its spelling tests over all of MirOS CVS repository. The result: 293 kinds of typos in 35857 souce files. (Although there are the case things too. Without them, I have 51 typos in 7206 files. Asides from false positives (I used fgrep -rwl[i], and -i and -w don’t play well together, and -w mis-catches “GTK+” as “GTK”) I probably can’t (API, source code) or won’t fix all of them though.) However, I have some rather hot asia-style food to eat right now, and will need to get up early tomorrow for work, so I am not applying/fixing them right now. (bsiegert@ and gecko2@ however are enjoying themselves at 26C3, see their wlog entries.) Note that all of today’s fixes will not make it into the next MirBSD snapshot already, since it’s built (i386) and building X11 already (sparc). On the other hand, the next bunch of WTF *.deb files will have them. I also need to fix makefs upstream for Hurd… and continue the T&S questionnaire… *sigh* Update: I suppose this is my “Hello, Plänet Debian!” posting (thanks aptituz!)… well, my packages in the archive were already lintian clean, in case someone wonders (I did recheck with 2.3.0 though). My point was, why not use checking tools from one “universe” for another one, viceque versa? (Similar to synergy effects from knowledge.) ## 26C3, day 0 and 1 27.12.2009 by bsiegert@ Tags: event I finally have a wristband for 26C3. The wristband is what is controlled on the entrance. I had preordered the ticket and paid by bank transfer, and the receipt with the barcode only arrived on december 25. In earlier years, you came on the 26th, crashed in the hackcenter, and at some point, when there were only ten people in the queue at the cash desk, you got your ticket easily. Well, this year, things were a little different. First, there was a semi-public ticket presale. What's more, rumors about a very limited number of tickets were floating around. And finally, while the cash desk was said to open at 2000, the software was not ready by then (!) and the opening was deferred to 2130. The "fast line" cash desk for people with presale tickets was only opened around midnight, when I had already given up hope and joined the huge queue of several hundred desperate hackers. (Thanks, btw, to ScottyTM for pointing out that the "fast line" had been opened.) Finally, I was told that my ticket "did not exist in the system", that I was an evil cracker for trying to enter with a fake ticket, and that I should check back on the 27th. Great. The end was happy and somewhat anticlimactic: I checked back this morning, there was no queue, and my presale ticket was accepted without any problem. Most of the talks I saw today were about network neutrality, censorship and related topics. I found the talk by Jérémy Zimmermann from La Quadrature du Net especially interesting. Part of the talk was an introduction to lobbying: calling your EuroParl representative, sending e-mails and insisting on your point "raises the political cost of certain decisions". ## Just another Office suite 26.12.2009 by tg@ In addition to OpenOffice 2.0 (Linux-i386 on MirBSD) and the Lotus SmartSuite Millennium, I downloaded SoftMaker Office 2008 for Linux-i386 (on MirBSD) and Windows® (free serial numbers until end of 2009, since SoftMaker Office 2010 (for Windows®) is out). This was pretty easy: extract tarball, throw away installer, extract the second tarball in /opt/SMo (along with /opt/OOo), and it Just Works™ (with ports/emulators/fedora installed). So now I have three choices for creating documents (although I won’t use OOo for it, I think it’s unreadable), and three for reading files in MS Office format, and two (OOo and SMo) for reading documents in some weird .ZIP-like format (OASIS or something), if they get sent to me. I’ll toy around with SoftMaker Office 2008 on both platforms and will see how it compares to Lotus WordPro. So this is basically positive press to show another Linux-i386 blob that works as-is on MirBSD/i386 with compat_linux(8) – thanks! Others make this much more difficult. ## Disappointed 26.12.2009 by tg@ Tags: snapshot I somewhat had hoped the TLS extension would be finished this month. Too bad. I will still wait for an OpenSSL patch, and maybe options for clients to control behaviour (on connections to servers that don’t have it implemented yet), such as lynx(1). Alas, we need a snapshot by January, to put on AllBSD.de USB sticks, so I’m compiling one. Other than that, recovering a little over the weekend, will need to work next week as well. Taking things slower. I think I caught a slight cold+stomach ache last weekend, when it was freezing pretty hard. Benny is at 26C3, but there’s probably no official MirOS presence. You’re still cordially invited to talk to him and gecko2@ who’s there as well. ## Stehen, Warten, Beten 17.12.2009 by tg@ Tags: rant SWB. Stehen, Warten, Beten. Am Dienstag Abend waren wir mit Roland in der Bonner Innenstadt. Hiernach wollte ich gerne nach Hause fahren, aber die StadtWerke Bonn machten mir, wie so oft, einen Strich durch die Rechnung. Das ist eigentlich gar nicht so schlimm, denn wäre ich zu Fuß gegangen hätte ich sicherlich nicht mehr als eine Dreiviertelstunde benötigt. Aber wir haben ja das tolle Informationssystem, das uns allerdings nur anzeigte: „Betriebsstörung. Unregelmäßigkeiten im Fahrplan möglich.“ Bei „möglich“ wäre ich hellhörig geworden, aber das stand schon den ganzen Tag da, und morgens auf dem Weg zur Arbeit war eigentlich nichts los und wurde nichts durchgesagt. Also warte ich auf die nächste Bahn. Eine ganze Viertelstunde lang – anscheinend ist (gestern Abend nach der Arbeit übrigens auch) mal wieder eine Bahn ausgefallen, ohne daß dies angezeigt oder durchgesagt wurde, trotz moderner Technik. (Die Deutsch Bahn schafft dies zumindest auf ihrer Webseite, und Durchsagen gibts auch öfters, Anzeigetafeln sind dort ja etwas unflexibler.) Dann kam die Bahn, ich frag’ was denn los sei. „Ja, ich fahre auch nur (1 Haltestelle), von da aus müssen Sie zu Fuß (2 Haltestellen) laufen, da fahren wieder Bahnen, wir haben da ein Riesenloch in der Straße.“ (Kurzum ein ganzer Streckenabschnitt abgeschlossen, ohne eine Möglichkeit, dort weitere Verkehrsmittel reinzubringen.) Ich laufe also, frustriert, und stehe mir an der Zielhaltestelle – wohlgemerkt bei Minusgraden – wieder die Füße in den Bauch. Die gerade gewendet habende Bahn eine knappe Viertelstunde lang gut sichtbar für uns auf dem Stumpfgleis, Lichter an, tätigkeitslos. Alles in allem habe ich annähernd eineinviertel Stunden nach Hause benötigt, und das ist bei einem monatlichen reduzierten Abonnementpreis von 66.50 € einfach inakzeptabel, zudem die tollen neuen Anzeigetafeln intakt waren. Hätte ich das gewußt wäre ich gelaufen oder hätte mir ein Taxi genommen, aber nein, die StadtWerke Bonn machen ihrem Namen „Stehen, Warten, Beten“ alle Ehre. Wenn ich nicht mein Abonnement eh’ schon bei der Deutschen Bahn hätte würde ich es sofort kündigen. To add insult to injury, die Anzeigetafeln waren mit einem teils statischen teils durchlaufenden Text so dermaßen „voll“ belegt, daß man es nicht für nötig hielt, die normalerweise dort verfügbare Uhr (man sieht schön, daß alle Bahnen an den Endhaltestellen immer eine Minute zu spät abfahren – aber von einem Ex-1€-Mitarbeiter weiß ich ja, daß die SWB drei(!) unterschiedliche Fahrpläne haben…) anzuzeigen. Dann hätte man ja entscheiden können zu laufen – insbesondere wenn man informiert gewesen wäre. (Oder zumindest dann drei statt zwei Haltestellen laufen und eine Bahn früher nehmen. Oder zwei, je nachdem.) Ich meine, für den Wasserrohrbruch zwischen Straßen- und U-Bahn können die ja nix, aber informieren können hätte man mich wenigstens, denn am nächsten Tage (gestern) mußte ich sehr früh ’raus. ## RFC: New pkgtools features 13.12.2009 by bsiegert@ Yesterday, I posted the following proposal to the mailing list. I am putting it here, too, for future reference. I have been thinking about how we can improve the pkgtools with some new and useful features. There are two that would be easy to implement and would give us some kind of "poor man's apt": Replace PKG_PATH, which at the moment is either a single URL or a colon-separated list of local paths, by a simple config file. It could also include a few other directives, like the default pager for MESSAGE files. I am thinking of the following: Pager=less Source=1,/usr/ports/Packages Source=255,https://www.mirbsd.org/MirOS/Packages/i386/ The "source" lines are just local paths or URLs with a priority value, where 0 is the highest one. For http, we have the problem of getting the file names. I propose to put an index.txt file, with just one filename per line, into each "repository". The indices might be cached so that we know what files are where. For http, we could even automatically update by using an "If-Changed-Since" header, or have something akin to "apt-get update". It would be very easy to just search the repos in order of priority and take the first match for the pkgspec given. Or we could use findbestmatchingname() to decide which package to take. These changes can be implemented in a reasonable amount of time, I think. Maybe during the CCC? ## I smell an antitrust case coming up 12.12.2009 by tg@ Tags: mksh rant security Oh the joy… 20:54⎜«smultron» mira: i just upgraded the big server from 10.5 to 10.6... and apparently the upgrade script removed /bin/mksh... now I don't have a shell and quits immediately... any ideas? My suggestion – ssh -t servername /bin/bash --login – doesn’t seem to help: 20:59⎜«smultron» oh great 20:59⎜«smultron» ssh just keeps asking for the password 20:59⎜«smultron» then gives this: 20:59⎜«smultron» Permission denied (publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive). Maybe gecko2@ can help… or bsiegert@… who knows. In other news, no reaction at all on the Android front on my proposal to get mksh either to replace NetBSD® 0.x ash, or, at least, add it for developers. ## BASE – schlimmere Verbrecher als Debiltel 11.12.2009 by tg@ Tags: rant Bei VIAG Interkom einen Händivertrag (Händi, schwäbisches Fremdwort, von "Jo hän di denn do koa Kabel dran?") kündigt, geht das relativ gut, man bekommt nur zwei Monate später eine Rechnung über 0,00 €. Den T-D1 Mitarbeitervertrag (Azubi...) wird man auch gut wieder los, obschon er über die Laufzeit hinweg funktioniert (wohl ein Abschiedsgeschenk des Ausbildungskonzerns). Bei Debitel hingegen wird der postalische Eingang der schriftlichen Kündigung um ein paar Tage verzögert, und dann hat man den Vertrag noch knapp 15 Monate lang am Hals. Die Frechheit ist aber BASE: die Karte funktioniert, nach meiner Kündigung gegen Anfang des 2. Quartales 2008(!), immer noch. Auf Anfrage teilt man mir mit, daß "leider" in ihrem System keine Kündigung ersichtlich sei, und ich noch bis zum 5. Dezember 2010(!) damit leben müsse. Hoffen wir, daß Netcologne, falls ich denn den dortigen Mobilfunkteil meines Kombipaketes mal loswerden will, angenehmer ist. Immerhin ist das die einzige Telko, die auch mal Bestandskundenaktionen macht, mit denen ich seit 2001 ununterbrochen extrem zufrieden bin, und die nur ein Mal größere Störungen hatten (November 2001, wohl noch neu) und einem für einen halben Monat öfters gestörten DSLs einen ganzen Monat Telephon- und DSL-Grundpreis erstattet haben; die defekte Splitter und Leihmodems (NTBBA) innert Stunden ohne große Fragen austauschen; die einem alle paar Jahre mal sowohl den Grundpreis reduzieren als auch der DSL Geschwindigkeit erhöhen... Also, Leute, kauft nicht bei BASE! (ciruZ ist mit blau.de zufrieden, die sind aber Prepaid, das heißt zwar keine Knebelverträge, aber auch keine unlimitierten Telephonate im Ausland, z.B. um gecko2 auf belgischen Autobahnen zu helfen.) Daß es auch anders geht zeigt die Deutsche Bahn in einer anderen Kaufempfehlung (diese hier ist allerdings eher eine leicht frustrierte Verfehlung). Mein Brüderchen fand, ich sollte das hier dokumentieren/ablassen; keine Bange, das hier wird nicht wie bei Fefe eine Produktbashingseite werden (dafür sind einfach alle Sachen in Existenz zu... kaputt, das ist mir meine Zeit nicht wert). Naja, mal die Kündigungsbestätigung aus den Altunterlagen raussuchen, um deren Zusendung ich letztes Jahr gebeten hatte. Warum wohl? ## Happy Benzday! 07.12.2009 by tg@ Since I don't reach you via IRC, phone or Natel™ let me wish you a happy benzday here. ☺☻ I think it's perfectly okay for libobjc to depend on libgcc_s like libstdc++ does. So let's not disable gobjc from base. Rather, make everything except C version-dependent. (Bump base vsn afterwards, the gcc vsn has been already.) I think we'd also best rename the clang executable and make a wrapper using -L, -rpath and -I flags from its CCLD instead of always using these from the system compiler. (I wonder if it's worth the effort to make the C++ header files version dependent as well. Probably.) We somehow need a way to differentiate ABIs in MirPorts, as there will be several compilers. On MirBSD: base-gcc3.4.6, port-gcc4.4.2, port-llvm-gcc4.2.1, port-pcc, port-nwcc (this list is for i386). Benny, may I encourage you to hack on pkgtools the next Muttenzday? Especially I'd like to have that file extension retaining/cycling for auto-dependent packages in, it's basically a showstopper for LZMA compressed binary packages. (Will still be LZMA1 for some time, as there is not yet a stable xz release.) The hardy at MirDebian "WTF" Repository section contains a KDE 3 source and binary package of KWalletCLI 2.00 (built for Debian Lenny and K?buntu Hardy). A KDE 4 package (for Debian squeeze/sid, newer *bunti and ones with KDE4-backport) will be worked upon as soon as I can get into the pkg-kde Alioth group. ## more mkshdroid and other OSS project stuff 02.12.2009 by tg@ Tags: android debian mksh I managed to create an avd "Android 2.0-current", with stuff completely built by myself. Now I "just" need to get project/external/mksh.git to be created and writable by me. Or, even better, nuke that NetBSD® ash they're currently using and replace it with a sensible shell, at least mksh-small. Then adb can be built without -DSH_HISTORY (which, with mksh, is required for usability). I wonder if I could take over Mæmo as well... *grins* On unrelated side notes, I'm trying to get the "debian" tagged entries aggregated on Plänet Debian, and I'm – again – in the NM process trying to become a DD, with slightly different goals this time. (But I'd also like these porting machines... 'sides, there's still an mksh+dietlibc on hppa bug open...) I also got HP-UX back at HP PvP (not player versus player though ;) for mksh(1) porting/testing. Sadly, Itanic only, no humppa machines. In case someone ever needs it, a collection of scripts called BitWeaver → MediaWiki does exactly that and has been released under GNU GPLv2 (only). Cheers! ## Still happy with the eKey 25.11.2009 by tg@ Tags: debian As I wrote, I asked for flute notes. Well, piano notes are ok too, although I don’t have my electric organ any longer, they can easily be transposed, even if I don’t know the software (could do it by hand though). And I might give midiplay(1) a shot (I bet it’ll sound like PC-Speaker emulation…). Vincent kindly provides more input (apparently one more of these Simtec people, but that’s just my guess). Since ports/security/ekeyd runs happily on herc and most of my patches were not just applied but even appreciated, thanks Daniel, and the results speak for themselves (I even get stats from daily.local mailed to me every night), and we had some fun discussions, I like it. I think these whom I ordered additional ones for are, too. (I wonder if I should invest into a ten-pack bulk ones and re-sell them at conferences, but the next one is so close to the UK they probably will be there by themselves.) I must admit I also have the context switching problem (but hey, that’s what you get for being a sysadmin, and our coffee (GEPA, ganze Bohne, im Eimer, fair gehandelt), even if not Café Libertad, who, incidentally, are Debian Wine distributors, is good), but since I’m usually not working for customer projects, I’m rarely time bound, and quite some good ideas have come from distraction (or timeouts, such as personal needs or getting coffee/food/…). Now I still wish I could split myself in half to get more time for all the projects I have… ## New MirBSD/i386 snapshots 15.11.2009 by tg@ Tags: news security snapshot I have compiled a new snapshot (i386 only) and uploaded the following flavours: MirOS bsd4grml, MirOS bsd4me-current (Live OS), MirBSD-current netboot (NetInstall for i386), the Midi-ISO (bi-arch manifold NetInstall), and the checksums. The /MirOS/current/older/ subdirectory containing partial and incremental upgrades for older MirBSD-current snapshots is gone for now. The 20091115 (i386) snapshot is a security upgrade (contains the OpenSSL panic patch in its second version), bugfix (all errata mentioned in the “wtf ist hallowe’en” announcement are fixed if applicable), and feature upgrade: the installer and first boot recognise a Simtec Entropy Key if plugged in (for the installer, break into a shell and run /usr/libexec/ekeyrng if plugging it in later) for increased entropy generation; after first-time installation and reboot, the user is supposed to install ports/security/ekeyd and use that (for which there are binary packages as well). The MirOS Project’s servers are or will be upgraded as well; please bear in mind this implies short outages of service. Furthermore, due to the TLS protocol design error, some things may not work any more, since we applied the OpenSSL “panic patch”, which disables all renegotiation, but allows applications to re-enable it, if they knew about that possibility at compile time, by setting a run-time flag before initiating the connection. (None we know of does, though.) ## Yes, I am happy with my eKey ☺ 15.11.2009 by tg@ I am, indeed, happy with my eKey. I’ve ported the ekeyd support software (but could not get ekey-ulusbd to work), created a real lot of patches, and discussed with «rjek» in IRC happily. I now get about 4 KiB/sec on large streams (such as 64 KiB) reads from srandom(4), with 8 KiB/sec initially, in contrast to the less-than-100 Bytes per second (300 Bytes per second initially) without the eKey. Of course, there’s still room for improvement – I fixed the ioctl(2) calls, removed strcpy(3) and sprintf(3) calls, and added arc4random_buf(3) calls for generating the nonce (which can now be made much larger than the 12 conservative bytes the original code reads from urandom(4)), and made it work at all on our platform (and, possible, OpenBSD). But I get statistics now, even if told that my ekeyrng mksh(1) script is “Cute”. Make sure you update to at least luasocket-2.0.1-1 for some bugfix (pkg_info(1) has a bug preventing it from seeing that – what worries me even more are some outputs not sent with the mail), and that you have a recent kernel (post the “wtf ist hallowe’en” snapshot!) since lsusb (even when ported) doesn’t output anything, and nobody knows what arguments to ekey-ulusbd are needed to make it find the eKey. ObInfo: new CA bundles are out too, and more binary packages. ## I am happy with my eKey 12.11.2009 by tg@ Tags: debian Neil, I am happy with my eKey, and I would blog it if I had a blog ☺ (And yours doesn’t allow comments. But then, Daniel’s doesn’t, either.) I’d have liked proper (C flute / piano / voice) notes, though… never got the hang of string instruments. Of course I still have to make a MirPort for that Lua dæmon, but for now, things work quite well. (I do have a rather large TODO and woke up with headaches and slight cold today.) ## got home 08.11.2009 by tg@ Tags: bug event snapshot The snapshot has another bug I discovered after converting my laptop to a showcase: lynx(1) charset defaults, after disabling auto-detection, to the wrong one (the news item has been updated, again). I came back from OpenRheinRuhr, and (apparently in contrast to many others) liked it, save for the (a)social event, which some organisers admit hasn't been what was promised to them. My hotel was actually some kind of Vereinshaus and Billard club, so I had to eat supper (after fleeing the Casino, I had wanted to eat with some others deciding to split/fork, but formorer couldn't decide, so I walked the 3km, but didn't find anything appealing on the way, since I walked towards the outside of the city) in a smokey bar. So 2007, that. But I watched some kind of Billard competition during that, the meal was good and much, and the beer good and rather affordable. (I even took a Krug to my room with me to flee smoke.) Breakfast was included, the quality much more than I had expected at that price (I paid almost twice that in Basel, where I didn't even have a private loo adjourning the room, much less a proper bathroom with douche). The city, despite confusing it with other Ruhrpott cities beginning with BO, was nice and quiet (although the visitor count suggests that it was too remote, I rather prefer this to the usual rush and street mob, and it was still lively). I think you'll find more coverage, photographies (hopefully not of me, as I wore a pullover forbidding it) and opinions on the 'net soonish, even dissing if I may harbour a guess (not without reason, from what I've been told privately), and, as I still have a headache (as usual...) I refrain from writing more. The MirBSD^H^H^HGRML CDs will be distributed at 26C3 by formorer from the Grml team *grins and I wonder if the celebrities equipeed with a MirCD or MirUSB stick, like Werner Koch, will make good use of it ;-) ## this snapshot CDs, next snapshot codename 06.11.2009 by tg@ Tags: bug event security snapshot OpenRheinRuhr will see our latest snapshot on CDs (although we seem to be short of flyers ☹). Complete, with MirOS BSD (i386, sparc; i386 Live) and MirGRML (i386). The next snapshot’s codename has been decided upon angrily today: “wtf is with all these bugs?” Expect a fix for the latter sometime soon, it does in fact have more effect than most sites say, to avoid Panikmache (unlike that Schweinegrippe stuff); I’m lucky my online banking stuff keeps SIDs in the URI ipv Cookie, but still… very bad. Switching renegotiation off as a quick würgaround also is evil, for example, my SMTP setup (using X.509v3 SSL certificate auth for relaying) might break. But we are said to expect an amended SSL/TLS protocol soon, hopefully with OpenSSL patch. ekeyrng is a very rough draft (shell prototype) currently driving, together with a small USB backport, a Simtec EntropyKey in herc into wrandom(4) (for now). Really, the Lua tools should be used, but this is good for the installer, although the TPM, eKey and truerand – cprng(8) – functionality should be combined into one small, efficient, C dæmon doing so (but without the hacks to keep cprng(8) within one memory page to cease swapping). Still, it’s great! bsiegert@ will be offline for a week. ## Subversion 1.6 and other stuff 03.11.2009 by bsiegert@ For compatibility reasons, the current version of Subversion in MirPorts is still 1.5. I tried to remedy the situation a few days ago and committed subversion-1.6.6-0 into a branch a few days ago. It is not yet in the trunk because it has some nasty bugs. For example this gem: % perl -MSVN::Core -e 1 Bus error  This, of course, makes svk unusable, as it is written in Perl using the SVN perl bindings. svk is my way of making Subversion bearable, with easy replication, offline commits, and more. I think I found the reason now: The SVN people managed to screw up the Perl module build so that the modules link against stuff in /usr/lib instead of$PREFIX. Incidentally, Darwin includes svn-1.4.4 in the base system. Sigh.

Wow, it seems that I have not written anything here in the last four months. Between my thesis and Real Life(TM), there is just not enough time for everything.

One more thing though: I have been attending a course on "Scientific Writing" at the Université de Haute Alsace, with excellent hints on article styles, writing readable scientific prose, and more. I can recommend such a course to every scientist, but also to all those who regularly publish things—including articles in CS journals, Free software project posters or announcements. There are also some excellent articles on how not to write. I especially recommend Martin W. Gregory, The infectiousness of pompous prose, Nature 360 11–12 (1992). Unfortunately, you will need a subscription to read it.

## GRUB sucks! • More snapshot fallout.

01.11.2009 by tg@
Tags: bug rant snapshot

The GRUB2 「memtest86+」 bootmenu option in both 「wtf ist hallowe’en」 and Grml “Hello-Wien” does not work as-is (note that Grml uses ISOLINUX, unless you either select GRUB2 from the boot menu or dd(1) it onto a USB stick, CF/SD card, etc. for manifold-boot) because nobody told the Grml team that it must now be booted with 「linux16」 ipv 「linux」 – fix is to type ‘e’ to edit the entry, move right, type the “16” and hit ^X to boot. Just great… I’ve updated the article accordingly.

We are on Sümlink. Both of us. Sweet. Remember that this could’ve been MirOS #11-RELEASE, and should be treated by everyone except us as such ☺

On the bonus side, I’ve tested the netboot.me 17001 boot, as well as the ISO (both file – in qemu – and CD-R on real hardware) on a SPARCstation 20, Setup (i386) on a VIA C7, grml and Live (i386) on an IBM X40 and in qemu… so I’d say it works. Oh, and memtest86+ on X40.

Netboot instructions: boot, e.g. via “qemu -m 256 -fda netbootme.dsk”, do not hit Ctrl-B, but hit the Anykey when it asks, “boot a configuration directly”, type 17001 and hit Enter; wait for the “boot> ” boot(8/i386) prompt, type “b bsd.rd” and hit Return. Voilà! (Or, select MirOS bsd4me, which loads a memdisk-ISO, either via the number 2038 or via “Live OSes” → BSD → “MirOS bsd4me current” and just press Enter on the prompt. The gPXE image can be dd(1)d onto a floppy disc.

Benny finally made ports/print/ttftot42 – thanks!

## Bittorrent trackers, …

31.10.2009 by tg@
Tags: rant

TPB has never been a viable tracker for us… h33t lost my login data… I hope Scarywater still holds up, we’ll be adding Openbittorrent to the mix… oh yikes, Demonoid is down. How great… NOT!

At least I finally managed to release things in time, and during the night, both ISO and CVS tarball, forming the torrent, will be available to the general public. I also already know of some interested parties, from remote areas like Romania and Mauritius.

The explanation is on the front page, of course. This link is for the benefit of RSS or aggregator (like Plänet Sümlink) readers.

The files will take some time until they are up. I do have an ADSL internet connection only and they’re huge.

## My stance on GNU and its Coding Style

28.10.2009 by tg@
Tags: mksh rant

The GNU Project is famous for its coding style – Linus Torvalds even suggests to print them out, but not read them; burning them is a great symbolic gesture. Legibility issues aside (Linus’ own are interestingly similar to style(9) aka KNF, the BSD coding styles), why is that so?

mksh-current (R40+) now supports pathnames in arbitrary lengths on Debian GNU/Hurd (I think; I only could test on gnubber.bddebian.org that it compiles, seeing that all existing installations set sysconf(_PC_PATH_MAX) to 1024 to be consistent with POSIX PATH_MAX) by using some glibc-only functions. This is because Hurd does not have PATH_MAX (some older systems also don’t have it, but there, we just define it to POSIX 1024 and good is). Now, why? Simple: because the GNU coding style says to have “no arbitrary limits” in your code.

I would like to call that ridiculous, but it’s actually dangerous: if you are on a 32-bit machine and have a pathname of 512 MiB, you’re in danger of freezing your system or at least crashing mksh, even if you have the full 4 GiB worth of RAM, due to the amount of copying and carrying around pathnames. This is a security relevant issue, in my eyes.
Now on to the ridicule part: This is Open Source, people! Change the limit (as it’s a – only one – constant in a header file) and recompile everything! Simple as that! The BSDs do it all the time! In GNU, it’s even simpler because you force developers, redistributors and some users to actually give up freedom and require them to put the source code alongside. Now, why doesn’t anybody see this? I can’t be the only one, can I? (I actually think that changeable limits would suffice the horrid GNU coding style, but find myself reluctant to read it again due to its sheer size – similar to their licences…)

On an unrelated note, I hope to have a bi-arch ISO format snapshot on BitTorrent by end of the month. Mika is also trying to put a new Grml release out by then, of course with an up-to-date MirOS bsd4grml

## more mksh (Android and others), new jupp, …

18.10.2009 by tg@
Tags: mksh

mksh’s Build.sh can now generate Makefrag.inc snippets that reflect its environment and can be used like Rebuild.sh or integrated in, for example, the Android.mk files.

mksh(1) also is a great compiler testsuite: it regularily(!) points out bugs in gcc’s -fwhole-program --combine and helped to find (and fix) bugs in huge things like SunStudio, old things made modern like pcc, as well as one-man projects such as nwcc
I wish compiler authors would just use mksh as testsuite regularily.

I released a new version of jupp for Unix® today: joe-3.1jupp12 (including a backported hex editing mode, as a late birthday present for waga (from IRC) who asked for it, a plethora of bug fixes, raw octet support in UTF-8 mode, UTF-8 support in the 8-bit modes, and more changes. If you already use it, update please. If not, give it a try! It’s included in at least FreeWRT already, and I build Debian packages (link on the jupp website) in my “play repository”, as well as packages for Univention Corporate Server at work (from these packages). I’m also using it on Solaris 8, Solaris 10 and AIX 5.3 ☻ (and many more)

There are currently quite a lot more things I would like to do but can’t seem to find the time for. I had originally planned a new MirBSD snapshot, including ISO, for mid→end of September – now, end of October seems more likely (if I can get a few days off work and some RAM for the SPARCstation 5). Several things, like the mksh prompt wlog entry and webpages for a few subprojects (BSD::arc4random; arc4random.c; the RANDEX protocol, plugins, implementations, proxies; kwalletcli; keystash) are lacking too, and the Grml project is also expecting code from me. Sorry. I am, after all, human too…

## mkshdroid, brother of the iShell [updated]

02.10.2009 by tg@
Tags: mksh

As sent to the mailing list I had a chance to compile mksh for Android today, thanks to Waldemar confirming that it works (with OpenADK's eglibc linked in statically) and CeKay's help in mastering the SDK and NDK. The posting contains all relevant information; it is virtually impossible to write an Android.mk file though.

On the other hand, I did submit a patch for Bionic (the libc) to have sys_signame[] like real BSDs, so that we could simply hard-code the appropriate CFLAGS and CPPFLAGS and let the NDK compile the mksh source *.c files (signames.inc would no longer be needed).

Maybe we'll submit mksh for inclusion somewhere, as this would be the first really usable shell. For this reason, I have uploaded a binary (gunzip(1) first) at ports/mksh-39.9.20090929-android15.tgz (MD5 64ee103453d65e947f2beb1aeb6450d2) which you can place in, for instance, /data/mksh then put a (modified, as the ls(1) and id(1) and possibly other utilities are more than reduced) dot.mkshrc from the source (CVSweb) as /data/.mkshrc and run it from adb (which, by the way, is the one responsible for some cursor keys etc. not working, as Android and mksh(1) do both fine in that regard) with # HOME=/data /data/mksh in the shell. I may post an Android specific patch for dot.mkshrc some day.

Update 10.10. – .gz → .tgz and Cygwin binary now too!

## Improved CSS and Font Embedding

25.09.2009 by tg@

I tried to improve the Font Embedding as well as the CSS on this website again. The fonts actually used should be Gentium Regular, Gentium Italic, Gentium Basic Bold, Gentium Basic Bold Italic. If you have only the Book variants installed, they are fallback. Both CSS3 and IE/EOT embedding styles should work. (Bolding seems to be broken in my Opera-Linux 9.27 though…)

• b bold
• strong bold
• i italic
• em italic
• bold italic

Please do report any bugs (possibly with patches) again ☺ Things still look great in Lynx, so I̲ am content in any case…

## Getting closer: new snapshots soon

13.09.2009 by tg@
Tags: snapshot

I'm closer to getting a new bi-arch snapshot ISO done: i386 is in a pretty shape, and the sparc looks good, will be compiling this night, and a few subsequent ones... so both architectures are on the same level. I'll need to do clean installation builds for the snapshots of course. There will probably be a ISO like the Easter 2009 snapshot on BitTorrent again (no TPB, mind you), including the (admittedly slightly dusty) MirGRML.

Since we have over 1 GiB worth of binary packages, mostly compiled by bsiegert@, some of which depend on libgcc_s.so.1.1, while the snapshots will have libgcc_s.so.2.0, fixes10.ngz will contain a binary plug of the older one (built just before the ABI change) for convenience in using the binary packages. Be advised to install it.

mksh(1) is currently being actively developed; the snapshot may come before mksh R40 will be released, but contain a lot of changes from R39 (see the changelog).

I feel like I'm going ill again, bed day for me. This sucks. And I even don't know why.

## 8 Useful and Interesting Bash^Wmksh Prompts

10.09.2009 by tg@
Tags: mksh snippet

smultron, MidnightBSD developer and project member, and graphician / art master for the MidnightBSD Korn Shell (among other things), has pointed me to a blog article: 8 Useful and Interesting Bash Prompts and asked for an mksh(1) translation. These will not be minimalistic (I can do quite some things), but focus on containing no control characters or other things not easily cut-and-past'able. Made more readable, too.

Small note: all mksh examples assume the following "setup code" in front of the PS1=... line. Yes, PS1 is set twice (makes the code more readable and perform better). Most of this is from the mksh(1) manpage or dot.mkshrc and relatively portable, which is why some things seem more complicated than needed. They do, however, use some rather recent mksh features; if there's real interest in making it work with, say, Debian etch mksh R28, eMail me. Note: that → character is a literal Tab (the "[→·]" Tab-Space occurs often).

ca=$(print -n '\001'); ce=$(print -n '\033'); cm=$(print -n '\r') :${HOSTNAME:=$(ulimit -c 0; hostname -s 2>&-)} [[$HOSTNAME = @(localhost|*([→·])) ]] && \
HOSTNAME=$(ulimit -c 0; hostname 2>&-) :${USER:=$(ulimit -c 0; id -un 2>&- || print \?)} if (( USER_ID )); then PS1='$'; else PS1='#'; fi

function twd {
typeset d=${PWD:-?} p=~ [[$p = ?(*/) ]] || d=${d/#$p/~}
print -nr -- "$d" }  If you do not need exactly the effect of "\w" (tilde unexpansion), use$PWD ipv $(twd) below. Note that$USER and $HOSTNAME are usually evaluated only once; escape them if you need it evaluated every time. 1. Show Happy face upon successful execution bash$ PS1="\if [ \$? = 0 ]; then echo $\e[33m$^_^$\e[0m$ else echo $\e[31m$O_O$\e[0m$ fi\[\u@\h:\w]\$ "

mksh$PS1="$ca$cm"'$(if (( $? )); then print "'"$ca$ce[31m$caO_O$ca$ce[0m$ca"'" else print "'"$ca$ce[33m$ca^_^$ca$ce[0m$ca"'" fi)'"[$USER@$HOSTNAME:\$(twd)]$PS1 "  I do think Unicode makes things more fun though: mksh$ PS1="$ca$cm$ca$ce["'$(if (($? )); then
print "'"31m$ca☹"'" else print "'"33m$ca☺"'"
fi)'"$ca$ce[0m$ca[$USER@$HOSTNAME:\$(twd)]$PS1 "  2. Change color on bad command Coming soon... colour changes are okay, but I wonder why anyone would want the history number. I've got to discuss this a little, and think about ways to use such information with mksh, and if I really want to transcribe the prompts 1:1 (it's possible by just incrementing a counter, but, hey, you don't want that). This is actually a csh feature, and who'd really use csh? I'm on my 80486DLC notebook right now, so my debugging methods are a little limited, but I promise a larger article later. I just needed to get started. This article will be updated in-place. ## It's this time of the year again 09.09.2009 by tg@ Tags: bug debian event geocache rant Due to heavy load at work, as well as some minor things, I'm either taking back interest altogether, involvement altogether, time spent on projects, or any of these on aspects/particulars of projects. Sometimes, when you're burnt out, it's best to concentrate on living and on core projects. mksh is one of these for me, as is keeping MirBSD userland and MirPorts infrastructure working well, with small, evolving improvements (no big jumps). Other things, no matter how nice, interesting or useful (to me as well as to others) they are, need to stay back. I poured most of the last seven years of my life into MirBSD. Sometimes, you want to give back, but it's too much effort, or you cannot afford to spend more time on it. I'll close one of my Debian ITP bugs for this reason. (I also rarely send in patches from ports for this reason, but sometimes point upstream to our CVSweb.) Sometimes, people like Ulrich Drepper, Marco d'Itri, Gerrit Pape let you realise that every project has its Theo de Raadt-alikes. I've still not ported jupp's latest release to Debian (but an OpenSuSE Buildservice SRPM exists), nor uploaded the current mksh(1) version even to my own wtf repo. I will do so, when I feel like spending private time with Debian again, at least for the etch and lenny (and hardy – for work) branches, as dash and mksh in sid have... issues I predicted ages ago. (For one, I'm still waiting for Gerrit to contact me. Maybe our eMail systems don't like each other? Waldi or formorer will probably pass on any messages, as will the trusty BTS.) I'll probably not open any ITP bugs again and send in much less of the bugs I notice, simply because I don't like being ignored (or flamed, but sometimes, being ignored is worse – which is why Benny works on MirPorts, btw). Maybe, if I feel the need to, my wtf repo will grow instead; DDs or DMs are free to take from there if they like. Sometimes, one realises that he just doesn't fit in. While Cachewolf is a useful project, working together with Java™ developers that communicate over web fora only and don't even see the need for compatibility with Unix or proper processes most of the time (svn:eol-style comes to mind, and switching the source code to UTF-8 is something I've given up to dream of – I would even have fixed bugs where Ewe wouldn't do UTF-8 right, but I run into a wall of bliss ignorance there) proved impossible for me. I won't budge either: web fora are simply not for me to use. Period. This is my fault (for not fitting in) as well as the fault of some of the rest of the team (for ignoring years of experience, or for simply nicht über den eigenen Tellerrand schauen (however one says this in English, I don't know) and not caring of these who do; for supporting the commercial gc.com site over the three alternatives too). I will continue to use it, maybe the iPAQ H3600 a colleague gave me proves useful, otherwise, MirBSD will do just fine. So, when I leave or pull back a little, no prejudices. Sometimes with reason, but mostly due to lack of available resources on my part. I hope nobody who has been or will be noticing me ceasing to contribute as much as usual thinks ill that's why. ## mksh feature weeks 07.09.2009 by tg@ Tags: mksh It's feature weeks for mksh(1). You almost certainly want to follow the mksh-current changelog. Please test all the new features, as well as make sure that nothing breaks nor I introduced other regressions, such as making resource usage worse (disc, CPU, memory). Please be reminded that many more deep-reaching changes will follow in the next few hacking days. Thanks to David Korn (the Korn in AT&T Korn Shell, ksh88/ksh93) for discussing features and helping with finding syntax and semantic of some of the more complicated language pecularities. On an unrelated note, cvs(1), lynx(1), ncurses(3), some other things, and a lot of ports have also been worked on. The next snapshot is planned for mid to end of September, bi-arch. Stay tuned! ## MirOS bsd4me – Sane OS on netboot.me ☺ 30.08.2009 by tg@ Tags: news snapshot Christian Hofstaedtler «ch:#grml» pointed me to an article about netboot.me, a service providing bootable Live and Install variants of some OSes over the Internet (via gPXE and HTTP transport, mostly). They offer a bootable floppy/disc, USB stick, and El Torito ISO image. One gets a graphical menu if not careful, out of which there is no escape, and which isn’t compatible with most graphics cards, but if ^B is pressed quickly enough, there will be a usable command line. An experimental MirOS bsd4me bootable image is available as well: gPXE> autoboot gPXE> chain http://netboot.me/2032  This will be loaded via plain, unencrypted HTTP from our main webserver. It’s the usual <5 MiB Mini-ISO for the i386 architecture and contains a full installer, as well as e3 and tinyirc known from MirOS bsd4grml. Source code of the GPL’d parts and overall licencing information is also included inside the ISO image. Please remember this is for beta testing only. We do not support MEMDISK boot methods with our second stage boot(8/i386) loader, as these are not reliable. On an unrelated side note: dutch Windows XP Professional is weird. Translations were laughed at by several dutch-speaking people in the mksh IRC channel, but I was able to disable Blåtand on “blau” (the new IBM X40, successor of “bleu”). And it works! A more related side note: when virtualising MirBSD, do not use VirtualBox. If you do have Vanderpool/Pacifica available and enabled, both the OSE and the full edition may be viable, but kvm is the better option. If VT-x/HVM is not used, it does not emulate the i386 architecture properly. Use qemu, kqemu, kvm, bochs, VMware Server 2 (not 1 – timekeeping is broken in there), Microsoft® VirtualPC 2004, Parallels Desktop, VMware Fusion for Macintosh, … instead. Tonight and the last few days have seen several releases of things like MirMake, the package tools, etc. You might want to upgrade your MirPorts Framework checkout. (We now have enough Lua tools to access the Simtec eKey, I just need to order one. We’re currently at 2¾ interested people, not quite enough to make sense.) ## Hot! 20.08.2009 by tg@ Tags: rant snapshot It’s hot! The weather forecast said 35°C, one of the apothecaries’ thermometres says 40°C, and my body says I’m ill. I also nurse quite some headaches again. So I won’t do/write much. It was hard enough to go outside to buy breakfast. On the other hand, the SS5 built a mock-snapshot (QUICK_DIST2, so only base+gcc, no X11/ports/htman/…) just fine (with some fixes). Does anybody have any RAM suitable for a SPARCstation 5 for me? I cannot use that from the SS20s because they use different kinds of RAM. I won’t publish this, but instead use it to build another one for real, possibly combined with another i386 snapshot, with all the /etc/* changes after 20090812, and maybe fixing what we will have learned to be broken in the meantime. And Benny’s ports fixes (he got GNOME except nautilus – which has unsafe code in signal handlers – working, part of (or all?) Xfce too, etc). Luckily, tomorrow is more like 22°C ## First three issues of BSDmagazine – for free! 19.08.2009 by tg@ Tags: news Karolina Lesińska writes: “We have placed the first 3 issue of BSDmagazine on our website as free downloads. The issues are: 1. FreeBSD Ins & Outs 2. OpenBSD in the Limelight 3. Explore NetBSD “The link is: http://bsdmag.org/prt/view/pdf-articles.html My comment: The BSD magazine is a rather interesting piece of print, which already carried a small article about MirBSD. We have, I admit, been offered to write more which would get published, but, I am ashamed, haven’t quite gotten around to doing so. Today, it's only been 29°C, and I died. What will I do tomorrow, where it is supposed to climb up to 35°C over today's 32°C? ## I complain, rant and give up, then it works… 16.08.2009 by tg@ Tags: hardware The subject line says it all… tg@ss5:~$ uname -a
MirBSD ss5.mirbsd.org 10 Kv#10uAA-20090810 GENERIC#146 sparc
tg@ss5:~ $dmesg MirBSD#10uAA (GENERIC) #146: Mon Aug 10 17:57:16 UTC 2009 tg@demo.mirbsd.org:/usr/src/distrib/generic/obj/build/GENERIC real mem = 33165312 avail mem = 24928256 […] sd0 at scsibus0 targ 3 lun 0: <IBM, DORS32160SUN2.1G, WA7A> SCSI2 0/direct fixed sd0: 2063MB, 6703 cyl, 5 head, 126 sec, 512 bytes/sec, 4226725 sec total […] cgsix0 at sbus0 slot 3 offset 0x0: SUNW,501-2325, 1152x900, rev 11 wsdisplay0 at cgsix0: console (std, vt100 emulation), using wskbd0 […] tg@ss5:~$ sysctl hw machdep
hw.machine=sparc
hw.model=SUNW,SPARCstation-5, MB86907 @ 170 MHz, on-chip FPU
[…]
machdep.cputype=2
machdep.v8mul=1
[…]

## KDE 4 – inakzeptabel

02.08.2009 by tg@
Tags: rant

Vor ein paar Tagen im IRC…

Zu Datenbank vs. Datengrab hatten wir ja:

 “mysql is about as much database as ms access” – “MSSQL at least descends
from a database” “it's a rebranded SyBase” “MySQL however was born from a
flatfile and went downhill from there” – “at least jetDB doesn’t claim to
be a database”	-- myself, Tonnerre and psychoschlumpf in #nosec


Kleine Randbemerkung: mediawiki_*.deb dependet auch auf MySQL… obschon das FusionForge-Paket es für PostgreSQL konfiguriert und das so auch ganz gut tut. Echt ’ne Krankheit…

## Deutſcher, kauf nicht bei Apple!

30.07.2009 by tg@
Tags: rant

My play *.deb repository no longer carries binaries for iPhoneOS 2.2, or any other version for that matter. Apple prides themselves in DRM (Digital Restrictions Management) in a way that makes them look totally ridiculous to anyone with only the tiniest amount of technical knowledge or political empathy. Gah. I don't see why I should support that with free software. Besides, it's not a good tool for geocaching, either.

Some years ago, this would not have surprised me, but these days it's rare to find a company doing similar stunts. While the iPhone may help them through the current economical crisis, I dare suggest they build more variants of the iMer instead :þ At least these have hack value.

## jupp – the editor which sucks less

18.07.2009 by tg@
Tags: news

jupp development has been split into two active development lines: jupp for DOS (based on joe 2.8) and jupp for Unix (based on joe 3.x).

There are binaries for both DOS (jupp for DOS) and Win32 (jupp for Unix, via Cygwin) available.

The jupp for DOS development line incorporates only minor patches relative to the original source code (it wasn’t that buggy as the sourceforge development made the code later…) and a jupprc file tuned for it but feature-complete with joe-3.1jupp10’s one.

The jupp for Unix development line incorporates all of the very extensive patches to the binary, and an enriched jupprc with, due to popular demand, syntax highlighting enabled by default – even though I still loathe it personally, and feel with Rob Pike when he questions the use of pretty printers. It will also try to correctly guess CR-LF vs LF-only line endings, indentation, and terminal colour. Furthermore, the language selection of the jupp flavour is now en par with that of the joe flavour, and the Python variants honour the standard coding style of theirs (needed that by the third quarter of last year, remember?). Autoindent is still off, by default, though – with reason.

Now give it a try. Hint: ^J (Ctrl-J) invokes the help.

## new netinstall snapshot for i386 online

17.07.2009 by tg@
Tags: news snapshot

The NetInstall directory contains a new intermediate snapshot of MirOS BSD/i386 built last night. I also brought the fixes for older snapshots a little more up to date. Enjoy!

## mksh R39 coming soon to a /bin near you

16.07.2009 by tg@
Tags: mksh

mksh has just been adjusted to behave as future POSIX will demand, after a lengthy discussion (on the bug-bash and miros-discuss mailing lists as well as the Debian bug tracker), for “set -u” (-o nounset). This, as well as the “stop () {…}” fix, must be tested extensively.

Therefore I urge all of you to

 % CVS_RSH=ssh; export CVS_RSH
% cvs -d :ext:_anoncvs@anoncvs.mirbsd.org:/cvs co -PA mksh
% cd mksh
% (sh Build.sh -r && ./test.sh -v) 2>&1 | tee log


and possibly send me the log. See an earlier post for more information about testing mksh(1) snapshots, as well.

Tests for better standards compliance and bugs, especially in corner cases, are also welcome. Known are: all but the first command of a pipeline are run in subprocesses (made to be an mksh feature, not a bug); the lexer is not recursive (issues with parenthesēs and comments in COMSUBs); some IFS/whitespace issues. Fixes for these bugs, and maybe for the regression tests (they may or may not be correct) are desirable… as well as development related communication.

On an unrelated side note, aptituz told me that Debian etch already had Debhelper v5, and as such, the mksh package has been converted over from Debhelper v4 (yay, RCS IDs in debhelper configuration files! but what about changelog (no-no) and menu? dunno…).

16.07.2009 by tg@
Tags: geocache

Leute, nehmt euer iPhone gerne dazu, auf dem Weg zum Schwimmbad Queen (Masters of the Universe) zu hören, aber bitteschön nicht zum Navigieren. Beim Versuch, das entfernte Ziel zu erreichen, sind wir an lustigen Stellen (Acker und so) gelandet; die mobile Suche war irgendwie von der Adresse leicht verwirrt. Die geocaching.com-Anwendung ist auch bescheiden, die kommt mir vor als wär ich aufm PocketPC und hätte vergessen, static navigation auszuschalten.

## Bremsen nerven!

14.07.2009 by tg@
Tags: geocache

Irgendwie… ist’s warm, ich bin müde, satt, und hab grad keine Lust, an mksh(1), BSD::arc4random, oder gar vnd(4) zu arbeiten ☺

Ist aber denk ich mal erlaubt. Dafür waren wir heute beim Einkaufen wieder geocachen (Statistiken siehe unten, irgendwann einmal „inventarisiere“ ich die aber mal richtig, Duplikate und so, denn das erste Hundert sollte ich vollhaben bald). Nervig ist, wenn man wegen Bremsen (der Viecher, die ich eigentlich so nur vom Bodansee kenne) die Suche abbricht, bevor sie richtig begonnen hat. Immerhin, einige haben wir gefunden, mit Lust auf mehr.

Fahrradmitnahme bei der DB ist auch so ’ne Sache, sicher, es ginge, irgendwie. Aber spontan wars mir dann doch zu aufwendig. Auch wenn ich es jetzt gerne hier hätte ☻

Ich hab nocd bei mir, und eine ganze Pixelreihe (horizontal) ist kaputt. Noch einer. Das nervt, nur nwt bleibt seinem Nutzer seit 1993 treu ☹

gecko2@ hat lustige Musik da, ganz gut, mal was Anderes. Wie die aber alle heißen muß er selber ins wlog schreiben :þ

Hier nun (nicht im RSS) die Statpix (:
(Update: images moved here)
Leider fast keine OCs hier in der Gegend.

## vacation

13.07.2009 by tg@

Ich bin jetzt bei gecko2@ für ’ne Woche, mal entspannen. ObRecovery: für zirka 2 € mehr habe ich durch IC-Nutzung eine Stunde Fahrt eingespart. Vive le Deutsche Bahn :þ

Pläne: viel offline sein. Ansonsten vielleicht ein wenig mksh(1)-Hacking (siehe letztes Posting) oder so.

Gestern mußte ich noch einen Fipptehler bei kwalletcli fixen ☹ dafür sollte™ heute auf Arbeit alles gut gelaufen sein.

## mksh change announcement: support future POSIX standard

09.07.2009 by tg@
Tags: mksh

mksh(1)'s "set -u" handling will change RSN to match what POSIX will mandate in the next version, matching similar changes in GNU bash 4 and AT&T ksh93.

Most of the thread can be seen on the miros-discuss@ mailing list archives (although both MARC and GMane seem to not have all related eMails... weird).

## kwalletcli Public Beta Test

08.07.2009 by tg@

I have developed kwalletcli, a command-line interface to the KDE Wallet and would like public feedback, before releasing an 1.00 version, both on the source code and an experimental Debian package of it.

Nice things it can do:

• get and set password stanzas in the KWallet via CLI
• contains a CLI wrapper around pinentry’s Aegypten protocol
• contains an Aegypten protocol server, pinentry-kwallet, which checks the KWallet before deferring to another pinentry of your choice
• can be used in gajim and pidgin to store Jabber passwords in the KDE Wallet (not included; patches for these will be made separately)
• plugins for other tools do not introduce dependencies due to separation via CLI API
• nice, (hopefully) consistent shell CLI API
• low dependencies: KDE 3 (for kwalletcli itself – KDE 4 might even work, with minor Makefile changes, but that was not tested), another pinentry (x11, qt, gtk-2, curses – all tested) if needed, gpg-agent if needed, mksh to run the scripts, ssh-add(1) to make use of kwalletaskpass
• with appropriate agents, GnuPG 2 and SSH keys can be made available to pure CLI sessions as well, if one has logged in via KDE first (we do this at work on our standard desktops, courtesy by me)
• OSI certified Open Source™ Software under a free, very unrestrictive, licence

Any feedback welcome! Direct it to the miros-discuss mailing list.

Update 09.07. – version 0.90 -> 0.91-1
I also crafted a patch for gajim to use kwalletcli, let's see if it gets in. More to follow.

Update 09.07. – version 0.91-1 -> 0.92-1
People who port this to KDE 4 (create a kwif4.cc file) welcome!

Update 12.07. – version 0.92-1 -> 0.93-1

Update 27.07. – version 0.93-1 -> 0.94-1

## RFH: mksh development

07.07.2009 by tg@
Tags: mksh

mksh development is mostly done by a single person, "the mksh team" (as seen on Debian derivate from Canonical that cannot be named forums, out of all places!), a.k.a. me, myself and I. Sometimes, actual users report bugs or even send in patches. I keep track of oksh's development as well, of course. But there are times I would like to get feedback on issues from other people working on pdksh or its descendants. I mailed, for that specific issue in question, the Debian developer who created the original patch which addressed the scenario except for a corner case (interestingly, as the world is small, discovered in a Debian(!) init script from a package maintained by aforementioned formorer, on a DomU running Lenny - don't underestimate the effect of synergy) but would really like to talk to some of the OpenBSD devs about it; they mostly know what they're doing, even if I worked on ksh for longer than most of them, many eyes do help, and most of the time I do not know what I'm doing XD

[Update] There's also the issue of inter-(POSIX-compatible)-shell discussion. For instance, "set -u" vs "$@", which has come up in Debian #522255 because GNU bash4 decided to switch to the behaviour used by the Bourne shell (from V7 to SVR4.2), all Korn shells, ash and its descendents (like posh) except dash, to not treat it specially. (Funny too how they suggest 「${@:-}」 or 「${@:+}」 instead of 「${1+"$@"}」 (from the GNU(!) autoconf texinfo documentation) as replacements.) Oh well, zsh also behaves like bash2/3 and dash, but then, it's not even a POSIX compatible shell. *sigh* Now I wonder what AT&T ksh93 will do and a confirmation if it's indeed being forcibly changed by POSIX (IMHO, they could at least "agree to disagree", like they usually do, and make it vendor defined, so that scripts could not depend on it - "set -u" is something I don't use anyway). So if you're interested in the further development of MirBSD, The MirOS Project, one of its subprojects, such as The MirPorts Framework, mksh(1), MirMake, even jupp-2.8 or jupp-3.x, please talk to me. [Update] Do the same for POSIX compatible shell discussion, if you are going to take mksh, its goals, needs and history seriously. (Yes, it also has bugs, like a non-recursive parser troubling COMSUBs, but they may be fixed long-term, especially if people contribute. Ideas, at the very least.) Thanks in advance. ## don't procrastinate! 07.07.2009 by tg@ Tags: event Hell yeah. I promised a wlog entry about the Linuxtag 2009 visit. I planned on making it somewhat detailed, enumerating a couple of things I did other than catching a few geocaches with a company's EeePC and MirBSD and CacheWolf on a USB stick, and getting ill. Alas, things often are not as desired, and I had to work last week, while still slightly ill, and I just never came around doing it. I arguably could write up something now, but I forgot most(!) of it already, don't want to publish incomplete things out of fear from (accidental) omissions, sit on nwt (my dear 80486DLC laptop) and... well, procrastinated too much. And I had a long work day and am very much enjoying my AfriCola+SchlösserAlt beer, thank you very much. So, without further ado (why the fuck do Amis tend to have trouble with homophones, by the way?), comrad's pictures: It definitively wasn't as technical an event as FOSDEM, and much less people asked about mksh, but at least now I got my OpenPGP signed by two more Debian Developers who do not intend on switching keys in the next couple of months... *sigh* Anyway, world domination coming, this is required for I am still a DM, but wouldn't say no to DD status either. Why, à propos, do I have <tg@d.o> and only realise that because of spam mails sent there? Anyway, met formorer from grml in real life, quite nice too. We got some donations for the buttons and grml CDs, but the money got distributed among many people. Hah! These CentOS guys! They made me promise to say CentOS rocks if it included mksh; they were going to file a bug at RHEL for its inclusion. I looked today, they didn't. So I won't say it rocks. It rather annoys, truth be told. Especially since it comes without a decent shell, and I had to make an RPM of OpenNTPD myself! Imagine that! ## Carbon 2009, Biarritz, France 07.07.2009 by bsiegert@ I spent the past week in Biarritz for the Carbon 2009 conference. Biarritz is located in the Basque country on the shores of the Atlantic ocean. It used to be a resort for the rich ones (Napoleon, for instance, had a summer residence there), and the town still has that kind of feeling to it. The conference took place in the Casino, right on the beachfront, and in a former Casino transformed to a convention center, with a nice view over the ocean. We had only a few hours of sun here and there; we did take a bath in the ocean but it was quite cold. I did an oral presentation about the "Structure and Reactivity of Carbon Nanotube/Manganese Oxide Nanocomposites", which was well received, I think. There were some interesting questions, and everything went well—except for the fact that the "moderator monitor" in Keynote stopped responding at about the third slide. On the big screen however, everything continued smoothly. Other talks were very interesting, too: Kazu Suenaga from AIST in Japan showed atomic-resolution electron microscopy images and even videos of reactions taking place inside the microscope. Wow. For the people presenting posters, the situation was less rosy though: all the poster sessions were in parallel to a buffet, so you had to choose between eating and looking at the posters. ## hot 03.07.2009 by tg@ About 30°C in the bureau don't make working easy. It was still too hot to work, and apt is a buggy pile of... whatever. Maybe I should search for my own ventilator, so it doesn't get that hot at home. I actually was ill again yesterday due to the heat (and it got worse instead of better over the late morning, when I thought I could sleep it out). NetBSD® makefs(8) overwrote meaningful data with padding if you told it to not pad (fixed), and one of its header files comes with CR-LF (DOS) line endings. Nice, eh? ## krank ‣ ziek ‣ ill 29.06.2009 by tg@ Tags: geocache I got ill during the night from Thundersday to Friday last week, damn Berlin weather (hot, humid, chilly wind especially indoors in the exhibition halls), so you’ve got to wait a little longer for a report about LinuxTag. I will also need to take care of roff2htm better, as some of the pages produce invalid XML (overstrike my arse, we use WTF-8), plus it’s probably better to cease using a chain of sed(1) exprs… Mika is awaiting more bootloader hacking. A 4.1 GiB grml DVD did not work for boot(8/i386) either… shux… I however did get to geocache, especially today, as I discovered one in almost spit distance from my home. Too bad it was listed on the .COMmercial site only, so I hadn’t noticed. Anyway… (Update: images moved here) I still plan on inventarising them… ## Website: “Corporate” Identity II. 22.06.2009 by tg@ We’re now doing Font Embedding (MSIE4+ and CSS3 styles) with the already mentioned Gentium font, using Gentium Basic for the styles it doesn’t support (bold; bold italic). Sadly, if the browser does not yet support it, the bold formatting is lost in its entirety if Gentium is installed locally. I also tried putting “Gentium Basic” first in the font-family list, but it doesn’t fall back to Gentium upon encountering Greek or Cyrillic characters then, but uses some totally random fonts instead (something illegible for Greek), that Opera 9 stuff on MirBSD, that is. bsiegert@ has tested it with Safari 4 from 北京 and says that it works, although his screenshot looks like browser emboldened to me (no idea… but trying to combine Gentium + Gentium Italic + Gentium Basic Bold + Gentium Basic Bold Italic into one font is hard. And the Ⅱ U+2161 ROMAN NUMERAL TWO is missing… ☹ ## Website: now with “Corporate” Identity 21.06.2009 by tg@ Thanks to smultron and quite some bugfixing and hacking of yours truly, the titles of the pages on our website are now pregenerated PNG images, depicting the headline text in Gentium Italic (the font in which our flyers have always been set, as well as the PDF version of the mksh manual page (since a few weeks, once I found out how to use it with groff). Of course, it still looks superb in Lynx, using <img alt="…" /> tags, and is valid XHTML/1.1 still. ## RANDEX plugin for XChat 06.06.2009 by tg@ The already mentioned RANDEX protocol (entropy exchange via IRC) is now supported, by means of a plugin, on XChat as well. Of course, the whole feeding entropy back to the kernel thing can only work on Win32 (thanks to my earlier changes to arc4random.c and MirOS BSD, although I thought our XChat port is stuck at 1.8.11-1 and only now I see we have an XChat2 port (with a bzip2 distfile, yuck). This plugin is therefore tested to compile (by myself), with strict warnings on MirOS BSD/i386, Debian Lenny/i386, Mac OSX/i386, Cygwin32 (for MinGW); it works on Lenny, Win2k (myself) and Mac OSX (gecko2@). A ready made DLL for Win32 is available for direct download from us as is the source code. It is, of course, MirOS licenced. irssi plugin is available from CVSweb or AnonCVS; the MirPorts versions of sirc and tinyirc, as well as tinyirc on bsd4grml and the Live CDs, also support the RANDEX protocol. While it does not feed back entropy to the kernel on e.g. Mac OSX – due to a hypothetical arc4random_pushk(3) function needing root privs – it can still be used to access the pool by typing /RANDOM, or simply participate in the distribution (one can get back some from the pool from call MirBSD), thus gecko2@ offered to push it into Fink. I hope “Biertier” comrad now joins the fun set up by Vutral and me, especially since he operates an SSL-only private IRC server. ## grml.org manifold-boot™ ISOs 06.06.2009 by tg@ Tags: grml The official grml GNU/Linux ISOs will use the manifold-boot™ technology from The MirOS Project – development builds have already done so for a couple of days – starting at 2009.08 (the next scheduled formal release). This basically means you will be able to # dd if=grml-daily.iso of=/dev/sda [bs=…] # dd if=/dev/cdrom of=/dev/sda [bs=…]  to create a bootable USB stick (or a Live HDD, CF/SD/MMC card, etc). MirOS CDs have been using this since approximately October 2007. Support for loading GNU GRUB2 instead of boot(8/i386) was a dozen-line patch adding some ifdefs to our source (upstream; the grml Git repo only contains the generated bootblocks) hacked on a lone evening. (Knowledge how to boot GNU GRUB was there, from boot(8/i386) “machine exec” support, already.) Mikas Blog appears to contain more documentation on GRUB2 than the FSF’s pages… ## mksh R38 released 31.05.2009 by tg@ Tags: bug mksh The MirBSD Korn Shell R38b has been released. It adds portability to QNX 6.4, a built-in base64 decoder and encoder written in mksh itself, and most importantly fixes a regression introduced in R38 causing memory corruption. This – and a lot more bugs – were discovered while porting Git (resp. running its test suite) for Michael Gebetsroither (grml). ## On BSD derivates and ports frameworks 31.05.2009 by tg@ Random musings, devised on the best place ever to think (the one in the house where there will be no computer, at most a telephone; insiders know where it is, afk): I wonder what ÆrieBSD will do regarding ports. Sure, granted as long as they don’t change their uname(1) away from OpenBSD (and retain Perl, gcc and the obsd perl espietools) they can continue using OpenBSD ports. But as soon as… we (bsiegert@ and I) know the pain, the autotools tricks, have an infrastructure in place to deal with it, etc. Of course, there is also pkgsrc®, but they aren’t exactly easy to deal with, and pretty over-engineered in most parts while lacking in others (even though they catch up in a few of these). I wonder… Okay, The MirPorts Framework assumes Perl, most individual ports haven’t been tested with pcc, I have yet to see a constantly working pcc as well, and XFree86® (or Xenocara in /usr/X11R6, should work too) is depended upon for X11. But it should be easier, even if mksh and mirmake are required, than starting from scratch. Heck, even MidnightBSD would probably have jumped on the MirPorts wagon if they had not had such success with mports at that time already. ## mksh user feedback appreciated 30.05.2009 by tg@ Tags: mksh With another mksh release out, and the first feedback (actually a patch with explanation – naaina ported it to the newly released QNX 6.4, 10x) already in, I would like to request user feedback if mksh compiles okay for them, the regression test suite results, and if it does its job – especially on the more obscure platforms. Current plans for R36b are mere portability and bug fixes, and maybe some more of the Syllable, Plan 9 or Haiku issues touched if someone does it. On the other hand, I'm really glad I get feedback, even patches from people I've never heard of beforehand, which even touch documentation as it should be. One had the luck of adding a feature that had been, independently, requested in IRC mere days beforehand. You're welcome ;) Let me plug a link to the fine manual page mksh(1) or its PDF version. Thanks to all users as well, we cracked the 100 in Debian popcon a few days ago (102), even though it's down a tad right now, to 94. Plans are to get promoted to Arch Linux Community from AUR, included into Mac OSX, Minix, pkgsrc® (as bootstrap shell) and QNX by default, and the usual world domination in general. Hey, I'm fixing dietlibc bugs on Launchpad now, so low I've sunk, so gimme some rest. ## GNU GRUB2 and BSD – state of affairs 27.05.2009 by tg@ The “openbsd” option (bsd.mod) is unable to boot 4.4OpenBSD, MirOS #10, bsd4grml 2009.05rc1. It appears that the kernel gets a page fault trying to access its own .bss – but I didn’t really look into it. Any takers? This is bad, I wanted to add this… menuentry "bsd4grml from harddisk (ISO = grml_2009.05-rc1.iso)" { loopback loop (hd0,1)/grml/grml_2009.05-rc1.iso openbsd (loop)/boot/addons/bsd4grml/bsd.rd }  … to the solution using GRUB2 for ISO loopback boot, which Zugschlus brought into practical use. ## grml to use MirOS manifold-boot CD technology 26.05.2009 by tg@ Tags: grml grml GNU/Linux, our recently-partner project from Austria (not Australia), will gain ISO images bootable by dd(1)ing to a USB stick (or CF/SD card, hard disc, ...) via the MirOS manifold-boot technology, in use since 10/2007 and developed for the self-installing boot blocks. With only a couple of ifdefs, the MirOS BSD/i386 bootxx.sh was made into a bootgrub.sh which runs fine on GNU/Linux (with mksh, of course!) and produces a first stage boot sector capable of loading a GNU GRUB2 core.img image the same as boot(8/i386) has been able to for a while. (GNU GRUB-legacy stage2 images cannot be loaded that way because bootxx is limited to 65280 bytes of second stage loader – mostly because the bootloader itself is, too, and this enabled me to squeeze out a few more bytes there.) To say it with Mika Prokop himself: 23:22⎜«mikap:#grml» mirabilos: und dein bootloader ist geil :) 23:29⎜«mikap:#grml» und ich finds saugeil dass ich ein bsd zum booten mit ⎜ grml hab, das muss ich dann gleich mal auf usb-stick installieren <mika:#grml> mirabilos: because: per default i still want to use isolinux (unless grub2 is working better, and: i'm missing the f2, f3,... splashes from isolunux) <mirabilos:#grml> yep, nimm isolinux <mirabilos:#grml> mkisofs -b hat damit gar nix zu tun <mirabilos:#grml> das ISO bootet grub, wenns von USB gebootet wird, isolinux, wenns von CD gebootet wird <mika:#grml> mirabilos: and the *same* ISO boots isolinux by default then but can be 'dd if=grml.iso of=/dev/sdb'-ed?! <mirabilos:#grml> yep <mirabilos:#grml> MirBSD doing that for a couple of years <mika:#grml> mirabilos: awesome, i still don't get it but this sounds awfull rocking <mirabilos:#grml> mika: ours can even be booted on i386 via both methods *and* on a sparc <mika:#grml> mirabilos: WTF? <mirabilos:#grml> yep <mirabilos:#grml> before MirGRML was added, our live CDs were already DuaLive? <mika:#grml> awesome <mirabilos:#grml> i386 boot (from cd, hdd, usb, compactflash, sd) into either live or install mode + sparc boot (voa OpenBOOT) into install mode <mika:#grml> mirabilos: pfuh *verbeuge_again* :)  Ich glaube, Mika mag meinen Bootloader ;) For simplicity, getextent_cd9660(1) will also be added to the grml-live ISO build process, as its output is easier to parse than J�rg's isoinfo. (I definitively should add subdir support there, just haven't gotten around to do it yet...) It uses a UCB and a TNF header file and otherwise available under the MirOS Licence (of course), as are the bootblocks. ## Solución al reto del script 16.05.2009 by tg@ Tags: mksh asarch ha escrito un artículo acerca de cómo se usa la función isatty(3) de para verificar si un script tiene datos en stdin, quizas en "$@", o para imprimir su uso.

Para el soporte oficial del mksh eres bienvenido en su canal (en inglés, ya que no todos hablan el castellano) en #!/bin/mksh (sí, sí es un nombre válido XD) del Freenode PDPC (irc.freenode.net:6667).

Update: asarch ha corregido mi español... ¡gracias!

## WTF *.deb repo now has (emulated) m68k too

27.04.2009 by tg@

As before, I amended my WTF *.deb repository (link to the WTF repository overview page), this time by emulated m68k packages.

The mirmake package definitively needs upstream work, but I don’t even know off-hand what MACHINE and MACHINE_ARCH are correct for the Atari Falcon on m68k… need to peek at the other BSDs for that.

Rant: the Debian sendmail package sucks, I wonder how anyone can use it… I’ll go by scp(1)ing the configuration from MirBSD again…

## MirOS-current Triforce snapshot on BT

26.04.2009 by tg@
Tags: news snapshot

The Ostara 2009 snapshot of MirOS BSD #10-current (DuaLive™ technology and MirGRML 2009.01 making a Triforce™ CD) is available on a couple of BitTorrent trackers, our usual tracker and a few others for diversity (and so that they do have some legal content).

It's also available for NetInstall on both architectures.

## current snapshot delaying poll

23.04.2009 by tg@
Tags: snapshot

As I built a 2009-04-17 snapshot but haven't yet come to publish it, or especially create a DuaLive™ CD again, mostly due to real life jumping in or immense (more than usual) headaches, I wonder if I should build another one with the changes done afterwards in it. Comments?

## perl and quoted-printable

22.04.2009 by tg@
Tags: snippet

While here anyway…

$perl -pe 's/=(\n|[a-fA-F0-9]{2})/$1 eq "\n" ? "" : pack("C",hex($1))/eg'  Needed it once for SyGroup. ## mksh$(…) evaluation bug

22.04.2009 by tg@
Tags: bug mksh

RedHat BZ#496791 is another example of a bug I documented better in the commitids 10049EF448F5F89A278 and 10049EF493039137B14 in mksh(1).

The gist is: $(…) are not parsed recursively but by a lexer hack, namely merely looking at matching parenthesēs; this needs to go away. Until then, this bug cannot be fixed. And while at it, ((foo); bar) subshells need to be fixed so that they are not parsed as ((…)) arithmetic expression with a failure upon encountering a sole closing parenthesis. The mksh plans list this. ## HW RNG, Geocaching und so 22.04.2009 by tg@ Tags: geocache Bei Natureshadow seinem Blog findet man bisweilen lustige Sachen, zum Beispiel den unten eingebetteten T5-Cacher (nicht im RSS). Geocachen im Rheinland ist auch nett, hat öfters Tips und so. Schade ist, daß man die Coins nicht als Nichtmitglied in einem Klub bestellen kann. Bei Bertelsmann bin ich ja auch raus. ## Mehr über kaputte Compiler 22.04.2009 by tg@ Tags: bug rant Als ich über Compiler fluchte hatte ich eigentlich nur im Sinn, festzustellen, daß wir wohl weiterhin mit gcc3 „stuck“ sind. Zugegeben, ich habe den Autor von nwcc als Idioten bezeichnet in einem „rant“, aber die Antwort, die ich per privater eMail erhielt – daher nicht hier wiedergegeben – überraschte mich doch etwas. Ich habe nichtmals alles von ihr gelesen, aber… naja. nwcc baut mksh nicht korrekt, selbst wenn er korrekt tut, weil er zum Beispiel 「void **」 mit 「void *」 verwechselt. Ich schrieb von Warnungen, aber der Autor von nwcc zieht es vor, nicht zwischen gcc-Warnungen beim Bauen von nwcc und nwcc-Warnungen beim Bauen von mksh zu unterscheiden. Weiterhin wagt er es, meinen rant-Idioten als ad-hominem-Attacke zu bezeichnen, selber jedoch erst recht eine derselben zu lancieren. Nunja. Ich denke, ich habe durch das entfernen des ohnehin defekten nwcc-Ports seinem Wunsch genüge getan. Hiermit weise ich darauf hin, daß der erwähnte Idiot keinesfalls wider seine Person gerichtet war, sondern sich auf die Tätigkeit des Hartkodierens falscher bzw. nicht portabler Annahmen bezog. Damit ist das Kapitel für mich geschlossen. Achja: in einem Makefile eine Regel wie ein Verzeichnis nennen tut nicht – das mußte ich lernen (bei install(1) zum Beispiel), und selbst wenn es funktioniert tut sie nicht das, was Nils Weller gerne hätte, nämlich automatisch in das Verzeichnis hinabsteigen und dort weiter make(1)n. Update 18:40 – Wir haben uns geëinigt, daß wir keine gegenseitigen Kriegserklärungen wollen, also halte ich mich jetzt an „shut up and hack“ und vergesse das Ganze. ## perl and HTML entities 22.04.2009 by tg@ Tags: snippet I don’t even know perl(1), I just can RTFM… tg@bleu:~$ echo 'xyzz�€y' | perl -C -pe \
's/([\x{7f}-\x{ffff}])/"&#".unpack("U",$1).";"/eg' xyzz&#65533;&#8364;y tg@bleu:~$ echo 'xyzz�€y' | perl -C -pe \
's/([\x{7f}-\x{ffff}])/sprintf "&#x%X;",unpack("U",$1)/eg' xyzz&#xFFFD;&#x20AC;y  Just hacked it for Natureshadow. ## mksh world domination via Cydia 18.04.2009 by tg@ I amended my WTF *.deb repository (link to the WTF repository overview page), which carried Debian packages I needed, and later packages for their derivates used at$workplace as well, by iPhoneOS 2.2 packages, after gecko2@ nagged me enough.

Let’s see if it makes. Requests for packaging welcome, but also if someone has already attempted to have dget, dpkg-source & al. on the jesusPhone. Oh, and I’d like to have swap over NFS (or something similarily useful), as I refuse to cross-build, other than exclusively for bootstrapping – a lession learned from OpenBSD (and myself).

## Gibts eigentlich keinen tuënden Compiler?

17.04.2009 by tg@
Tags: bug pcc rant

pcc ist mal wieder kaputt – -O ist gebrochen, tat aber mal. nwcc ist auch ein Haufen Scheiße, so kaputte Makefiles, hartkodiertes Fehlverhalten sowie unmögliche Annahmen sieht man selten. Selbst die Linux Kernel-Makefiles (in FreeWRT gesehen) sind mittlerweile besser. *seufz…*

Ich hab mal unseren nwcc-Port updatet, allerdings krieg ich das Ding weil es keinen cpp findet („gcc -E” gibts natürlich nicht, welcher Idiot kodiert sowas bitte hart? – und nwcpp baut er dank kaputtem Makefile net enz) nicht ans Laufen und habs daher als BROKEN markiert.

pcc hab ich nicht updatet, wir haben einen, der tut, aber Upstream – wenn auch nur mit YACC=yacc konfiguriert – baut mit -O2 ne kaputt mksh… -O0 aber funktioniert.

Ich weiß ja gar nicht, ob ich die inner workings vom SUNWcc sehen will… außerdem wollte ich ja mal nen Ausflug nach ARM machen – dann unterstützte SunPRO nicht mehr alle unsere Plattformen.

TenDRA ist mit Ten15 schizophren und tut auch irgendwie nur so halbwegs – auf Debian krieg ich damit immerhin manchmal eine mksh(1) gebaut, aber…

Fabrice Bellards tcc ist ja ein schlechter Witz, der tut net enz auf Debian… was aber wohl an glibc liegt.

Von OpenWatcom, den MIPSpro-Ergüssen und so hört man auch nichts. Aber da ich die Vendor-Compiler wie Digital Mars, Borland C++ Builder, usw. bereits unter Cygwin, Interix, PW32 und UWIN „genießen“ durfte, hege ich kein allzu großes Verlangen danach. MIPSpro ist eh’ seltsam.

gcc4 ist ja erwiesenermaßen absolut selbstdisqualifizierend, LLVM ekliges CFrustFrust, also bleibt wohl nur noch gcc3 übrig… ☹

## life, sparc and everything

16.04.2009 by tg@

Habe „nur“ noch ein paar kleine Bugs fixen müssen, auch im Bootloader auf sparc (oO), aber jetzt tut alles, wie es soll. Damit kann ich also noch nen Snapshot bauen… ich überlege gerade, auch i386 nochenz durchrennen zu lassen, wegen der anderen kleinen Änderungen. Ob ich dann das Easteregg (hm…) wieder einfüge? gecko2@ spielt dieweil Musik. Jetzt ist mal RL angesagt.

Hier dann noch die aktuellen „Statistiken“:
(Update: images moved here)
Paar mehr, schön nach Feierabend oder so.

## Building a snapshot; herc on HGC again

11.04.2009 by tg@
Tags: grml hardware snapshot

Today’s snapshot has been built cleanly again, after quite some time without one. Also, a CVS snapshot was packaged, again, after a very long time. This allowed me, although I didn’t quite plan for it yesternight, to move herc back to the P-233MMX hardware with the Hercules Graphics Card. Its pckbc(4) is still broken, and the ukbd(4) doesn’t attach – but works fine with the BIOS or on bleu. Damn early USB controllers; I know it’s cheap crap.

demo’s building too, maybe I do a combined ISO. I also created a new bsd4grml to go with it.

Now I can basically order another 8-plug SCSI U320 LVD cable (or wait for the one I ordered six weeks ago… NOT) and move everything to tear… ok I’ve been telling that for one year and a half. But it is time. Just hard to buy these cables… on the bright side, it’s much more quiet in here now, even with the SPARCstation 20 running. Sometimes, its serial port even works, so venerable nwt now plays console.

Benny said he’ll probably be going to do a ports bulk build with the new snapshot. Let’s cross fingers and hope for the best.

Note that the FOSDEM ISO problems posting was updated with a new path to fixes10.ngz since a new snapshot got uploaded.

## Not an mksh bug

08.04.2009 by tg@
Tags: bug debian mksh

When R37c was brought out, I fixed a bug on (among others) IA64. The simple memory allocator added a pointer (or two, in Espie's) to the storage, placed before what the user got. Of course, gcc wanted to align the struct not taking this into account, failing evilly. Luckily, another FTBFS was not my fault, but sigsetjmp(3) was merely broken on S/390 with dietlibc; waldi fixed it in the meanwhile, but I uploaded another version of mksh to Debian for now whose mksh-static binary links against glibc instead and added me a TODO bug.

All the testsuite failures are certainly interesting though; the hppa one looks like a bug in ed(1) there; as to the others, either Perl, or binfmt_misc was configured to accept or drop (but not reject) shebangs præfixed with a BOM. Whatever.

Maybe I can now finally go back to working on MirBSD instead? :D
After all, we want a new snapshot (for NetInstall, at least).

## mksh at Apple again

05.04.2009 by tg@
Tags: mksh

laffer1 remembered me of Benny’s Apple bug report about mksh inclusion into their base system. He also did it back then, as requested, and the bug #6735470 would be the result. Unfortunately, one still cannot get a publicly accessible version of them.

By the way, the R37b version is out.

## [rant] FreeBSD® sucks!

29.03.2009 by tg@
Tags: bug mksh snippet

tg@herc:~ $/bin/sh -c 'echo "0=($0) 1=($1) 2=($2) 3=($3)"' -- a "b c" 0=(--) 1=(a) 2=(b c) 3=() tg@herc:~$ nbsh -c 'echo "0=($0) 1=($1) 2=($2) 3=($3)"' -- a "b c"
0=(--) 1=(a) 2=(b c) 3=()


Heck, not just NetBSD® ash, and almost any shell Debian can dig out (bash pdksh ksh93 zsh dash posh) behaves the same as mksh.

MidnightBSD (DragonFly and FreeBSD too):

tg@mnbsd:~ $/bin/sh -c 'echo "0=($0) 1=($1) 2=($2) 3=($3)"' -- a "b c" 0=(a) 1=(b c) 2=() 3=()  And the best thing of all: I am to "fix" this in mksh, as the old FreeBSD® ash is documented to have that weird behaviour. (Well, there's always -DMKSH_BINSHREDUCED...) This is not a fault of MidnightBSD (except they could fix mports to behave more POSIXish; after all, I had to do that to MirBSD and MirPorts often enough), don't get me wrong. It just surprised me, and since I'm glad they switched to mksh as /bin/sh I basically had to debug it. I don't remember any more what NetBSD® 1.5 did that its /bin/sh could not be replaced by mksh, but they fixed it in 1.6 – K?buntu (the LTS version) fscks up similarily... ## Mein erster FTF 29.03.2009 by tg@ Tags: geocache Anläßlich meines ersten FTF (ein OC-Only natürlich, weil, sonst kriegt man die Benachrichtigung ja nie pünktlich von der drecks Kommerzseite) habe ich src/share/misc/acronyms für wtf(1) mal um entsprechenden Jargon erweitert. Hier dann die aktuellen „Statistiken“: (Update: images moved here) Zwei mehr, auch wenn ich für einen was länger brauchte… ## Fixes, current and upcoming 28.03.2009 by tg@ Tags: security Benny has upgraded Mirzilla Firetapir (ports/www/firesomething). Some time ago I already upgraded libpng (base and port). Pending fixes: libc (fts), and probably some subset of the recent OpenSSL things. mksh R37 is scheduled to be released RSN. ## mksh improvements 22.03.2009 by tg@ Tags: mksh Today's commits should fix Debian #518359 (not tried yet, as looking at a 14" Belinea 10 40 40 CRT makes my eyes and head hurt), as well as improve a lot of more things. The mksh(1) echo builtin now behaves more POSIXly in "set -o posix" mode (or when called as "sh", if that feature was set at compile time). The exact feature set is negotiable, if certain parties, say pkgsrc®, are interested. Thanks to the OpenBSD developers for improving their ksh as well. The ;& and ;;& features are delayed for now though, sorry. We're in a feature freeze; people please test mksh-current on your system to make R37 rock! ## Die erste Frühlingsluft (contd.) 22.03.2009 by tg@ Ja, und sie war schön! Jetzt erstmal Kaffee, bißchen Geocachen, dann weiter hacken, und mit Benny zu kommunizieren versuchen ;) ## Die erste Frühlingsluft 21.03.2009 by tg@ Kurz nach Mitternacht (oder genauer, 23:31:56 UTC). Ich stehe am Fenster und atme die frische Frühlingsluft. Gleich in zweierlei Bedeutungen, denn es friert nachts; dies ändert jedoch nichts daran, daß es die letzten und nächsten Tage wunderbares Wetter hat. Diese Nacht hatte ich keine Kerze an wie sonst. Ich las und unterhielt mich ein wenig, primär via IRC. Auch nicht habe ich produktiv gehackt oder dergleichen (für alle, die noch nicht lange hier mitlesen: hacken bedeutet nicht cracken). Ich frage mich, ob dies zum nächsten Fest anders sein wird. Das Leben gut zu verwalten ist definitiv nicht einfach, insbesondere mit einem Achtstundenjob, dem inneren Schweinehund, und einfach zu vielen guten Ideën (zum Beispiel mksh(1) betreffend). Nichtsdestoweniger gilt es, aus den paar guten, paar schlechten, und vielen mittelmäßigen Impressionen das Beste zu machen. Einen Kompromiß zu nehmen, damit man zum Beispiel mit dem Zwischenprodukt bereits arbeiten kann (gutes Fallbeispiel, wann es in die Hose geht, wenn man das nicht macht, ist "FreeWRT 1.1", more like 3.0). Dummerweise habe ich die meisten guten Ideën afk oder doch zumindest im Zug oder dergleichen; außerdem ist es oft diffizil, beim Tippen nicht alles wieder zu vergessen, bedingt durch die langsamere Verarbeitungsgeschwindigkeit sowohl von Worten als auch der physischen Mittel, sowie dadurch, daß das in-Worte-gießen ebenfalls den Geist beansprucht. So manches Mal wünsche ich mir, nur für mich zu hacken und es nicht zu publizieren, neue Versionen zu produzieren "müssen" (selbstauferlegter Druck), so nehmt es mir nicht übel. Keine Angst, weiter geht's immer. Veränderungen sind auch nichts Feines. Im Großen (in was für einer Welt wachsen unsere Kinder eigentlich auf?) wie im Kleinen (die Java™-Fuzzis machen meinen Cachewolf kaputt). *seufz* Vielleicht muß man echt alles selber machen. Aber ein portables GUI-Toolkit für X11 und WinCE, das nicht Qt heißt oder sonstwie was komisches Objektorientiertes (außer TP) braucht? Naja, packen wir an, was wir können, und machen weiter, in der Hoffnung, es werde nicht zu schlimm, und daß auch andere anpacken. (Ist das eigentlich typisch deutsch? Jedenfalls bin ich Eifler genug, um da keinen großen Aufschrei mehr zu machen. Oder einfach von der harten Realität abgestumpft.) Rückblicke sind kraß. Da merkt man echt, wie alt man ist/wird. ## Short LaTeX hint: correct tables for scientific documents 15.03.2009 by bsiegert@ Tags: latex snippet One of the things you should pay attention to when writing a scientific paper is the layout of the tables. Never, I repeat never, use vertical lines or even a “grid” with lines between all cells. Instead, use only horizontal lines—one at the top, one between the column headings, and one at the bottom. The documentation for the booktab package [pdf], which is appropriately written by a Swiss, explains this nicely. Two more things: the table should be in a smaller font than the text (about 10%) and span the whole width of the text. As scientific papers are always typeset in two-column mode, you may have tables one column or two columns wide. The latter is done like this in LaTeX: \begin{table*} \centering\small% \begin{tabular*}{\textwidth}{@{\extracolsep{\fill}}lll} \toprule First column & Temperature (°C) &$D$(nm)\\ \midrule Foo & 210 & 10\\ Bar & 300 & 15\\ \bottomrule \end{tabular*} \caption{\label{tbl:mylabel} This is the table caption, where you should explain what identifiers like$Dabove mean.} \end{table*} Units go into the header, or into a separate header line (which is IIRC recommended by DIN). The amount of l at the end of the third line is equivalent to the number of columns. That means you should exclusively use left-aligned columns. Also, don’t be afraid to make tables wider than high, or with only one line of data. I have seen this in Wiley-VCH journals, and it comes out alright. To make the table only one column wide, replace table* by table and \textwidth by \columnwidth in the example above. Do however leave the asterisk in tabular*. ## GUUG FFG Redux – Geocacheing in Karlsruhe 14.03.2009 by tg@ Tags: bug event geocache hardware Es ging also zum GUUG Frühjahrsfachgespräch nach Karlsruhe. Nun, die Stadt kannte ich ja schon vom LinuxTag (meines Erachtens auch der beste Austragungsort für jene), aber diesmal eine neue Ecke. Hotel, Einzelzimmer, bezahlt vom Arbeitgeber; Event auch. Tutorium okay, lehrreich (auch was man nicht will), die Vorträge wechselnd gut aber in der Regel es auch wert. Aber wie auf jedem Event lernt man viele neue Leute kennen, oder auch Gesichter zu den (Nick)namen. Das fand ich gut. Das „social event“ entsprach dem auch, wir waren im lokalen Brauhaus, und das Buffet… nunja, ich bin kein Freund von Buffets und „kompliziertem“ Essen, aber bin gut sattgeworden, nur die „Mousse“ war eher… interessant im Biolekschen Sinne. Natürlich war ich auch zwischendurch Couscous Merguez essen, frischen Minztee trinken, und beim Geocachen meinen Laptop schrotten. Hmpf. Immerhin laufen die Flüssigkristalle nicht aus. Drückt mir die Daumen, daß der Händler meinen X40 auf Kulanz repariert, da innerhalb der Garantiezeit (1 Jahr; ist knapp unter 6 Monate her, daß ich das Teil brauchte). Immerhin 3 gefunden, einige nicht gefunden (dafür aber ne hiesige Cacherin) oder nicht angegangen (zB da nicht so lebensmüde, auf ein >4m hohes Verkehrsschild zu klettern, oder da die Koords zu weit weg vom Startpunkt waren). Dummerweise werde ich also jetzt eher an nocd (win2k) und nwt (80486er Kiste) hängen und nicht weiter entwickeln. Ich denke, ich sollte mal selber meine Founds durchnumerieren und in eine Liste packen, da die meisten eben nicht in allen Datenbanken gelistet sind. Hier dann die aktuellen „Statistiken“: (Update: images moved here) Drei mehr dabei, aber leider kaum auf OC Unterstützt JamesDoe nicht, boykottiert seine Caches, schreibt die Logeinträge bei ihm ausschließlich auf OC.de hin, sodaß er die Listings dort wieder pflegen möge, oder schreibt ihm, was ihr von seiner Aktion haltet, die Listings auf OC.de zu orphanen! ## getting closer, slowly 02.03.2009 by tg@ Tags: bug geocache We’re slowly getting closer to spring! It was about 12°C even in the late afternoon of the weekend, and I took out my bike on Sunday (helped a friend with cleaning up after moving on Saturday). Sadly, three DNFs (one search aborted due to the law enforcement approaching, one not even attempted due to too many muggles – although I already had logged another cache with almost the same name in exactly the same location –, and the third one not done because a certain institution’s garden has different opening times during winter period and I didn’t quite want to risk using the fire fighters’ entrance, like some other logger. Not even for a coin. Anyway, the tpm driver bugs me a little (it’s possible to hang it from user space), and I can’t make -fwrapv default because -ftrapv wouldn’t disable it then. Unless I look more into gcc’s source again. But I hereby officially announce that code on MirBSD™ can assume wrapping semantics and 8/16/32/64 bit wide integral types, big or little endian. No 9 bit bytes, 36 bit PDP endian integers, saturation arithmetics. Ever. It’s a promise. The IcedTea cross-compile patch and the OpenJDK BSD patchkit are not build system compatible. I probably need to go the route of using compat_openbsd(8) for it. Kurt Miller said if I sigh Sun’s agreement chances are good MirBSD support making it upstream (into the patchkit, for now, but maybe eventually into OpenJDK 7). MirUsers will just have to use a binary package I provide for bootstrap. More… some other time. Still wish humans would hibernate too… ## Compiling for MirBSD™ on Debian 24.02.2009 by tg@ Uhm, Benny… times in the web source are supposed to be in UTC… I just created i386-mirbsd-toolchain and sparc-mirbsd-toolchain Debian packages (for my own use, mostly). Because we can. Maybe I can cross-compile IcedTea with it, to be used to natively compile OpenJDK? Dr. Pfeffer (happy birthday btw) thinks it’s cool. Comrad is also interested. ## Bulk builds revisited 24.02.2009 by bsiegert@ Even though I had added a “mmake bulk-build” target to MirPorts’ top-level Makefile some time ago, one thing has always been broken: if one port in a bulk build fails to build, we do not want to abort the whole thing. Using mmake -k however leads to 0-byte packages and corresponding bulk cookies being created erroneously. This seems to be a consequence of the “indirect” inter-target dependencies used by MirPorts. The fix turned out easier than I thought: there is a REPORT_PROBLEM variable that can be set to a command run when mmake fails. The default is exit 1. For bulk builds (i.e. when BULK is set), we now default to a new failedport script, which records the directory and flavour in{PORTSDIR}/Failed and exits with status 0. Thus, the build continues at the next port, as is should.

The next thing I want to do is a HTML report of a finished bulk build with links to all build reports. I saw this in Rodrigo Osorio's “Porting applications in FreeBSD” talk on FOSDEM 2009, and thought it was quite nice.

## one (lonely) day at work

23.02.2009 by tg@
Tags: bug grml

Today is Rosenmontag, so we were only four people in total today. Anyway, we tried to use Mondo to back up and, subsequently, clone a Gemeinschaft system with CentOS/amd64.

We learned a few lessions:

• a grml CD is handy, even if it’s just a grml-mir
• CentOS sucks, RPM sucks, YUM sucks
• Very few software is available for CentOS
• Upstream software sucks (RPM and DEB versions differ)
• Mondo sucks, it can’t deliver what it promises, has a shitload of bugs and is very hard to use
• You’ll have to install a bootloader yourself after a rescue
• The GNU GRUB-legacy from CentOS cannot access (even read-only!) a filesystem created with mke2fs -j /dev/sda1 on grml-mir. Neither can ports/sysutils/pxegrub from MirBSD.
• Debian Lenny/amd64 comes with a working GRUB1, but not with a pxegrub image… anyway, copy ldbsd.com to pxebsd.0 on the netboot server we already have, enter it into pxelinux.cfg/default and use boot> machine exec grub tftp:/stage2 to chain to it. Then copy all the stuff from /usr/lib/grub/… and the binary /usr/sbin/grub to it, remove /boot/grub/stage* first, copy the Debian stuff over, and install (./grub). Voilá.
• GNU bash sucks. Especially with a foreign keyboard layout where the ‘-’ key produces a ‘ß’, which inserts a multibyte UTF-8 character. Of course, “yum install mksh” worked, thanks to rsc.
• Any kind of vi(1) sucks. Just some, like vim, suck more.

In the end, we got what we wanted, with a combination of the MirGRML ISO, stock Debian packages, a call to rsync after mondorestore, and my cool bootloader. By the way, this means that both using boot(8/i386) as direct boot image and as “pxebsd.0” image chained(!) from PXELINUX are tested now. (Do not chain to “ldbsd.com” as PXELINUX will unload the PXE/UNDI stack before calling it, possibly. It insists that PXE boot images¹ are called *.0…)

① which, according to hpa’s FOSDEM talk, must be smaller than 32 KiB… the hell… but if such a situation should ever arise, PXELINUX is, in fact, smaller. I haven’t yet such a pedantic NIC yet, though.

Too bad that cost me almost the entire afternoon, since I had planned on beginning to cross-compile Java™ 6 to MirBSD™ using Robert’s IcedTea patches, and hack some more on FreeWRT. But at least, we have achieved something (the second server is running just fine now) and learned a lot in the progress.

In unrelated news, mikap has integrated bsd4grml into the new grml-live version. Although a few commits to the bootloader (cd9660), getextent_cd9660(1), kernel, installer, tpmrng(8) are still pending; he will be provided with a new version of bsd4grml then.

## History lesson

21.02.2009 by bsiegert@

Today I read “The unknown hackers”, a piece about Bill and Lynne Jolitz, the creators of the 386BSD operating system.

On exhibitions and conferences, we are often asked by visitors why the hell we forked form OpenBSD. The same argument, namely that we should have been content with submitting patches instead of forking, is sometimes brought forward by OpenBSD devs. But here is the thing: We did this at the beginning but nobody wanted them—not even a reply to the mail in most cases. What is funny is that according to the article, the situation was very similar in the early 1990s, when FreeBSD and later NetBSD forked from 386BSD:

“The Jolitzes [...] seem to have tried to control quality by doing most of the work themselves. This inevitably made their release cycle slow, but it was also an implied snub to would-be collaborators – who took their contributions elsewhere. [...] By the time 1.0 was released, the x86BSD user community had fragmented. Some developers had moved to the more active and open NetBSD and FreeBSD teams. [The Jolitzes] were criticized for their autocratic style. The strength of their convictions did not endear them to people who wanted to do things differently.”

Funny how history repeats itself, isn't it?

## mksh new memory allocator: postponed

21.02.2009 by tg@
Tags: mksh

The MirOS Project News in the upcoming February issue of the BSD magazine contains a mention of mksh R37 with a new memory allocator. This will, however, be postponed, because I could not get it right in time (even though I learned from the first tries – and wish I could write it in i386 assembly) and lost interest for now, as the current one still does work. I may revisit that at a later date.

Fixing the PS1 bug, maybe changing the echo builtin to SUSv3 (and nothing more), maybe porting, are on the list, besides continuing the Coverity Scan fixes.

## still recovering

16.02.2009 by tg@

I admit I hacked a little for leisure tonight, but I’m still recovering from a rather bad case of the “common cold” (grippaler Infekt) so I’ll yet have to do some catch-up on my duties, read and respond to mails and other communiques, etc. So don’t get your hopes up too soon. But I could go to my dayjob again today, which my doctor gave me a permit to not do for the end of last week. Paid about 50 € for remedies and the health insurance *grml…*

Not exactly sure where my priorities lie at the moment. The computer related things will come a little short in the next while; I’ll probably hack some more entropy and bootloader related stuff for fun, do another snapshot, while trying to get tear finally done, but that’s about it. The debs are postponed, no matter how much a decent lynx-secure package (linked against OpenSSL!) is needed; other MirOS work probably too. (Except little things here and there; helping the users which give actual feedback, especially for mksh; maybe, once we have enough Qs, put up a FAQ.)

I guess I have some catching up on sleep, life duties, and non-computer-related activities to do, considering how much the new job and the FOSDEM preparations strained.

## FOSDEM is over

09.02.2009 by tg@
Tags: event

(picture courtesy of Christian “taleon” Ruesch from #pcc)

FOSDEM 2009 is over, we are all sober again (I hope), any spotted bugs are getting fixed. I tended to the disklabel sector size issue, although that has yet to be tested, and we might want to see what upstream does about it. mksh changes will be coded when I get to it, and we’re looking forward towards the next event(s).

Is there anyone interested in making a Virtual Appliance (for qemu, VMware, Parallels, you name it) out of MirOS? I could, of course, do a standard install one, maybe add some packages, like with the live CDs, but I’m not good for desktop style ones. Maybe we want a server and a desktop appliance. Benny could bake a GNOME version, just to show off (note that I still quite dislike it… and expressed it with one of these yellow stickers at the “GNOME HATE” side at FOSDEM ☺).

MirOS/sparc users, show yourselves, if you want snapshots to be built and provided more often. Talk to us, so we see the effort to support a second platform is not in vain.

## FOSDEM Tag 2

08.02.2009 by tg@
Tags: event

Alle englischen Flyer weg, alle CDs heute Vormittag weg. Die (alten) deutschen sowie die französischen Flyer gehen okay, aber die Mengen und Verhältnisse sind echt nicht planbar.

Die Vorträge sind okay, aber leider für mich nichts dabei zum rausziehen. Pläne schmieden geht aber.

mksh hingegen ist mehr als nur ein Erfolg, auch wenn mir gruselt, wenn Leute eine ohne den emacs-Modus haben wollen.

Hm, irgendwie läßt sich das Event nicht gut in Worte fassen. Es hat sich auf jeden Fall für uns alle gelohnt. Das Hotel war spaßig (insbesondere der Versuch, eine Rechnung zu erhalten); gestern Abend gabs Couscous Merguez + Lamm in einer verdammt kleinen aber gemütlichen Bude (mit Couch!), wo wir frischen Minztee getrunken haben (fünf Kannen; ich alleine zwei oder so).

## FOSDEM Tag 1

07.02.2009 by tg@
Tags: event

Das Aufbauen verpaßt, aber wir haben ein „m“ (Bild wird später nachgereicht, sollte smultron freuen), viele Kontakte, und die englischen Flyer sind jetzt schon alle, die CDs runter auf ¼ oder so.

Der Unicode-syscons-Vortrag war für mich leider nicht so ertragreich; dadurch, daß wir vt100 wscons(4) haben, und durch meinen script(1) -lns Hack, haben wir schon mehr Probleme gelöst und Wissen angebaut als er. Ed Schouten ist aber anscheinend ein vielversprechender talentierter Jungentwickler.

Cool, ich habe ein bißchen WLAN! Mal schnell ein bißchen wlog Einträge verfassen, Benny und gecko2 wollen ja nicht.

Jetzt nur noch den NetBSD®-Kollegen neben uns zum Installieren des RANDEX-Plugins verlassen…

Wer setzt uns eigentlich direkt neben OpenBSD? Zum Glück gibts eine große Barriere, daher ist bislang, außer Laserpointerattacken (sogar direkt in Bennys Auge) noch nichts passiert…

## FOSDEM Tag 0

07.02.2009 by tg@
Tags: event

Gestern, Freitag Abend, war der Tag 0 der FOSDEM. Natürlich waren wir – Fabian Köster und der Vortragende Robert Schuster, gecko2@ und ich – beim Beer Event, später auch mit bsiegert@. Das Bier war lecker, allerdings habe ich zwar nicht zu viel aber wohl zu varietätenreich getrunken, sodaß es mir in der Nacht nicht so wirklich gut ging und ich noch Bauchschmerzen habe. Also keinen mit dem Debian Projektleiter trinken.

Benny hat lustige Sympathiën von Leuten aus anderen Projekten bekommen, aber ich darf leider nicht drüber schreiben.

## MirOS heartbeat protocol implementation: abuse as NTP monitoring

04.02.2009 by tg@

I’ve started trying to use the mircvs://contrib/code/heartbeat/ stuff to monitor NTP timedeltas between my boxen and a reference box (some random Stratum 2 pool server I do not use as server in any of the boxen, otherwise I might have used the PTB servers). Add rrdtool and rrdgraph output. Maybe mail when the boxen are down, until we have company monitoring set up?

I wonder if I should do it the “right” way instead of the “little effort” way, then commit it? Including cleaning up the age-old code. Is there any interest?

On a side note, we need a monitoring and management system, either one tool or integrating a few. It should have a command line interface and a WUI, different web pages for admins and (read-only) users who can look there for the general system state before complaining. Also, we need configuration management. A few keywords: nagios, cacti, puppet, cfengine. These were thrown into the room. Does anyone have a complete solution, possibly with VM management (how much does OpenCRM do?), for which we currently use a homegrown Jabber bot (don’t ask…) which does the template cloning (zfs, iSCSI) and other setup. Other suggestions, tools to avoid, success stories, links, documentation welcome.

## Deutsche Bahn verschenkt BahnCard 25

04.02.2009 by tg@

Leute, kauft euer Nahverkehrsfahrkartenabonnement bei der Deutschen Bahn. Nicht nur nerven sie täglich weniger, sind ihre Züge in der Regel pünktlicher, sondern sie überfahren einen auch nicht fast… wie bei gewissen Stadtwerken vorkommt. Und in der Regel halten sie sogar da, wo sie sollen.

Auf jeden Fall habe ich meine innerstädtische Monatskarte bei der DB gekauft und hatte heute einen Gutschein für ein Jahr BahnCard 25 im Briefkasten. Nett…

## k?buntu cheats (remember cheaterinterview.mp3? think Shuttleworth)

04.02.2009 by tg@

kdm starts while (Ctrl-Alt-F8) the system is still booting. I only noticed it because we log in against LDAP (UCS), and since I have two NICs in there now (due to FreeWRT stuff), the Network Manager takes more time in bringing the network up. Gah. I do not even want to log in before /etc/rc.local has run, because it contains calls to rdate and starts an egd (entropy gathering dæmon), among other things… these cheaters are worse than Microsoft®!

Oh, and when I wanted to unlock it to write about it, it hung (as if it didn’t like me). Alt-SysRq to the rescue (we need it in MirBSD too). Crapware.

## MirGRML and FOSDEM DuaLive™ Triforce™ CDs

03.02.2009 by tg@
Tags: bug event grml security snapshot

Uh-oh, 03.02. already. I think, after the switch to GRUB 2 and another couple of bootlooter fixes, that we’re there yet. Funnily I only noticed how BSD cannot access labelled disks when the device’s sector size mismatches the one in the label. There is also an embarassing (for upstream) local DoS exploit possibility, by setting a sector size of 0, the kernel traps division by zero. Thanks for all the blowfish, yeah.

The checksum file for MirGRML 2009.01 (experimental, but probably, by now, complete). You’ll probably figure out the ISO link.

The full MirOS CD should be done soonish as well. Just have to test it, then I can go to bed. Wish me luck.

GNU grub-legacy cannot access ISO 9660 on devices with sector sizes other than 2048 bytes… and, according to mika, has other quirks, with recent mke2fs’ inode defaults making it hiccup. Heh.

## more bugs – bootloader and mksh

01.02.2009 by tg@
Tags: bug event grml mksh snapshot

Again. I almost have a MirGRML+bsd4grml ISO ready (exactly 72 MiB), just for the fun of it, and so that people can toy with it – and test the integration. But nooo, I even hacked a disklabel, yet it wouldn’t access the filesystem. The “machine label” command shows what’s wrong (and hints how to fix it), and I missed a corner case in disc I/O due to adding two not-so-independent-from-each-other scenarios during the El Torito merge.

mksh has funny behaviour with ${foo/@(%)/x} failing – only in Unicode mode though. ## ext2fs damage 01.02.2009 by tg@ Tags: bug Fun: MirBSD #8, #10 and #10-current can’t edit or create symlink(7)s on ext2fs, MirBSD #7quater could. They hang the filesystem, as well as the parent of the mount point, on access, and damage the filesystem. I have no idea… (msdos is damaging long filenames, btw.) 4.4OpenBSD can… oO Benny has done more work on ext2fs, maybe he’ll fix it. ## more bootloaders *grml* 31.01.2009 by tg@ Tags: bug event mksh snapshot unicode To counter the bug in Parallels Desktop, I rewrote all of our Master Boot Record (mbrldr, mbrmgr), Partition Boot Record (bootxx), and BIOS disc detection code in boot(8/i386). I've also changed the magics, API etc. a little between these, rewriting or removing quite some parts of both installboot(8/i386) and bootxx.sh a.k.a. self-installing bootblocks. Oh, and MBR and PBR are smaller, or rather, have more room for informatory texts and data block storage now. Lucas “laffer1” Holt from that cat's BSD helped me testing, qemu and bare metal IBM X40 works, so I suppose it's good. Can't test on VMware Server 2 right now. On the other front, I'm writing this wlog entry on MirGRML, which is finally sort-of finished (which is why it has much less Unicode than a regular posting from my laptop). lynx-cur in sid is broken though, due to it using GnuTLS. Gah! Anyway, I see a sid “wtf” repo coming, and it was workarounded; next time I'll just do things differently. Lukas “smultron” , the graphician of our partner project mnbsd, helped a little with the label (while I'm not versed in that field, if I had gotten the right material to work with I could've managed it all alone this time), and all that's left now is the Live-CD part and baking (and testing! even on sparc...) the ISO 9660 image. There will be 297 MirBSD Triforce™ DuaLive™-CDs (two will go to Kiwi land to swishy, one is already reserved for XTaran) and 50 MidnightBSD Live DVDs at FOSDEM. gecko2@ and bsiegert@ were not too helpful today, although I have to admit that real life often has precedence. I merely read some and went to sleep early yesterday too (and disabled both POTS and cell phone so that I couldn't be waked, haha!) instead of hacking late. Luckily, the deadline is not that dead, and I'll almost certainly make it tomorrow, in time. Thanks again, Daniel Seuffert from AllBSD.de, for all support you and others give to the smaller BSDs. Heh, and laffer1 is not quite done yet with his ISO (or UDF?) either. ## 2009-01-24 snapshot uploaded, pending validation 25.01.2009 by tg@ Tags: grml snapshot Yesternight, I built an i386 snapshot (including a bsd4grml). This is already uploaded on /MirOS/current/i386/ but beware, it is pending validation, and some things (like the serial console or combined i386+sparc ISOs) are missing. Note that there will be, due to time constraints, no new sparc snapshot, we’ll just use the last one I built. If people who actually use MirOS/sparc were to talk to us, this situation might improve. It’s still a couple of days until the Triforce™ ISO and CD label are due, but we’d appreciate independent test results, as usual. Plans for the FOSDEM Edition Triforce™ (MirOS DuaLive™ + MirGRML) CD-ROM are to add a few packages to the usual baseLive image: IceWM, screen, rsync(GPLv2), mc; possibly ent, lzmadec Watch the news for announcements about usability of the 2009-01-24 snapshot. Update: the three serial console floppies and the five ISOs are there and should arrive at the public mirrors tonight. They are in fact bootable and quite probably usable, but bsiegert@ still has to do the validation by doing a full install and some port builds. ## Das Wetter bessert sich 25.01.2009 by tg@ Tags: geocache Heute mal wieder das Vélo aus- und mich gut eingepackt: (Update: images moved here) inc dword ptr ds:[caches] Diesen hatte ich auch schon länger auf’m Kieker, allerdings nie die Muße, dort hinzufahren, bei dem Wetter, und der FTF lockte auch nicht, weil er – mal wieder – auf der Kommerzseite Tage bevor er auf der freien Seite zu finden war geloggt wurde. *grml*… Liebe Plänet Sümlink Leser, weil so viele von euch zu <zensiert /> sind, sich das CAcert.org Root CA Certificate zu installieren, und die Bloatzilla-Leute ihren A^H^H^H^H Hinterteil auch nicht bewegt kriegen, editiert der XTaran das https in ein http. Zu dumm, daß ich auf vielen Seiten nur noch SSL erlaube. Nutzt also den „Mehr...“-Hyperlink, um die Statistikbildchen zu sehen, und hofft, daß die neue CAcert-Root bald live und in die Brauser geht. MirPorts Framework Nutzer habens natürlich einfacher… Gleich geht’s erst mal zu meinem Stammrestaurant, einem Jugoslawen, ääh Kroaten (Primošten oder auch Dalmatien Grill) mit bogus… ## miscellany 24.01.2009 by tg@ My pcc wchar_t patch thread gets attention again. Yay! Good I just installed MirOS on soon-to-be-tear (althouh on odem’s old 2.5″ HDD. I cou^H^Haught an error due to /dev/MAKEDEV using the installer’s user and group databases, which were missing some. And good I compiled a kernel beforehand… bzero(3) is optimised in locore, memset(3) isn’t. Lession learned? Maybe. I bet I’ll do quite some of these “Flüchtigkeitsfehler” again in the future, I always used to do so, even at school. Damn. SCSI is expensive, and SSDs are available only for SATAn. Whew, finally weekend. I slept what appears to be 10 hours and dazed for some more. Now I’m unwilling to do any work, but I’ll do what I’m owing y’all. (Yes, normally I try to write British English.) I estimate we’ll have a new i386 snapshot, and mika his special edition, by tomorrow evening. Too bad I delayed testing the MirGRML due to the dayjob workload and general… unwillingness. Anyway, FOSDEM is coming, we’ll shine. Lucas “laffer1” Holt from our other ally MidnightBSD will also do a special ISO for FOSDEM, which we’ll distribute among people. I wonder if Debian GNU/kFreeBSD does some, maybe an updated GING CD, but I guess that’s up to the Debian people, not for us BSDers. Since I started working, I can’t bring myself to eat anything in the morning, nor really in the evening. I wonder why that is… I still have a package of black bread here I bought when gecko2@ visited me, that would be 31 Dec I guess. I probably have to throw it away by now, but that sucks. I hope I don’t get even more ill… my colleagues and I have not been feeling all that well for days. On building a cross-compiler package: I wish I could bring myself to get it done by FOSDEM, maybe Robert Schuster would help baking the JDK. Anyway, I’d better stop concocting some text here, and instead bring the mock-tear installation into working state and get it to start rsynching, cvs(1) co(1)ing, and compiling… ## Sponsor for FOSDEM 21.01.2009 by tg@ Tags: event Sponsors make it possible for us to attend popular events, paying for travel and accomodation (we do not necessarily require a hotel, though, but it should be a clean place to sleep) cost. We are still looking for more sponsors making it possible to travel to even more events (Linuxtage Chemnitz, Essen, Graz, Luxembourg, for example) – flyers and CDs are already covered by AllBSD.de or ourselves, so it would just be that and, if you have money to spare, food and drink. Come and talk if you’re interested (in return, like here, we will publicly thank you or provide custom MirOS editions, possibly Live DVDs with binary packages, etc). ## Cachers Sättigungsbeilage 21.01.2009 by tg@ Tags: geocache Heute mit einem Kollegen in der Mittagspause aufm Weg zum Chinesen: (Update: images moved here) Incr(Caches); ## We are going to FOSDEM 2009, have been for years! 21.01.2009 by tg@ Tags: event Who’s not? ☺ My boss approached me just this morning… looks as if gecko2@ and I can use the bigger company car from here, expense paid, and take the other two who are going to Bruxelles with us. I’m in the process of organising them a hotel now though – maybe bsiegert@ the francophile can help with that. gecko2@ is going for a youth hostel though, as usual, as he has a membership anyway. Benny and I are already hotel’d. Now if I were on Plänet Debilian… ## SCSI-induzierter Rückschlag 20.01.2009 by tg@ Tags: bug event grml hardware snapshot Heute hat mein Rückschlag, wenn man von den leichten Kopfschmerzen und der arbeitsinduzierten Müdigkeit absieht, einen Namen: SCSI. Ich wollte, damit wir mit dem neuen Snapshot endlich mal weiterkommen, tear aufsetzen (hey, ich schreib ja immer noch im Blocksatz im HTML-Quelltext ohne Mühe oder es zu wollen oder zu schummeln, wow) und dann kompilieren (quasi als Abnahmemessung). Dummerweise habe ich, auch dank gecko2@, nun eine Idee, woher die SCSI-Fehler kommen könnten, denn die Plattenprüfung im BIOS zeigt keine Fehler an. Ich fürchte, daß das LVD-Kabel kaputt ist (i386-Hardware ist eh doof, ein Kabel, ein Terminator und fünf Konverter von SCA auf UW-SCSI sind nötig, wo meine SPARCstation 20 das bereits als Backplane hat). Es läuft vermutlich darauf hinaus, daß ich odems 2.5″ 80G IDE Platte nehme. Bonus: ältere cvs und Distfiles sind schon drauf, sodaß es mit einem schnellen rsync sowie einem erneuten Checkout (da ich / ja eh’ plattmache mit dem letzten Zwischensnapshot) gehen sollte, und ich sogar ein paar Pakete (zumindest IceWM) für den LiveCD-Teil backen könnte. Toll. Ich habe sogar schon ein vorläufiges ISO zum MirGRML testen, bin aber irgendwie platt und auch von Technik mal wieder angenervt. So komme ich nie zu was… ich glaube, ich fang morgen mal so früh wie geht an, und bin dann ausnahmsweise schon wo’s hell ist zu Hause. Also: Am Snapshot wird gearbeitet; mbsd4grml kommt direkt im Anschluß; grml-mir muß noch getuned (Konfigs), aktualisiert (lynx-cur UTF-8 Bug wo ich vorgestern drüber schrieb) und getestet werden; den sparc-Teil nehme ich vom letzten Snapshot; für DuaLive™ haben wir somit alles, Extrazeugs mache ich nur wenig und nur für i386, und für Triforce™ siehts gut aus – eine offizielle Ankündigung kommt auch irgendwann, wenn für beide Seiten alles funktioniert und integriert ist. Die tear-Migration ist – leider – hingegen auf unbestimmte Zeit verschoben. (Damn!) Bißchen malen müßte ich noch, damit die FOSDEM Edition CDs auch sowohl das grml-Logo (habe ein OK von mika), den Shilouetten-Dæmon (altbekannt, mit OK von rcollette und mckusick), und ein Triforce haben. Es paßt mir, ausnahmsweise, auf Arbeit einen KDE-Desktop mit gimp und Inkscape nutzen zu „dürfen“ (peu à peu krieg ich den weniger nervig konfiguriert, und ㈠ kenn ich KDE 1 schon auf ecce!GNU/Linux 1.0 und ㈡ mag ich kmahjongg eh’ und konqueror besser als M*zilla Schrott, also ruhe da!, auch wenn ciruZ mir GNOME verkaufen will). Mal sehen, was ich da so hinbekomme. Wobei, à propos Bildchen: wann lernen die Leute eigentlich, daß man keine Formate wie JPEG ob ihrer verlustbehafteten Kompressionsverfahren herumschickt – zumindest zum Bearbeiten? *seufz*… Zumindest denke ich, daß ich das ganz gut hinkriegen werde, hab da was im Kopf, sogar ohne smultron, lediglich die Schrift könnte knapp werden, kA ob der schwarze Hintergrund in dünne Linien reinläuft. Mal Daniel fragen… Ha! Laufend mehr Leute krieg ich vom RANDEX-Protokoll und den Vorzügen des Entropieaustauschs, Zufall allgemein, usw. überzeugt. Way to go! Nun bin ich gespannt, ob Vutral mal was zu APS findet und was man mit Mumble und randomness so machen kann. ## So much for a weekend 18.01.2009 by tg@ Tags: grml snapshot I seem to have written about it already. Damn. Cost me nearly the entire of this weekend day (yesterday it was more lashing the alliance with mika), and then I still had to fix it – turns out makefs(8) was at fault again. Now who’d have expected this? Owkay. We have a working bootloader (sans the scheduled rewrite of the cd9660 filesystem, see my last wlog entry), a cleaned up system for both creating the baselive (and DuaLive™ and Triforce™) CDs, stuff for making the bsd.rd for grml, a working ports/sysutils/pxegrub, the legal issues cleaned up, the makefs(8) bug fixed, lynx(1) updated as well as bugfixed (UTF-8 was broken), the MBR source code portable to not include <machine/asm.h>, and the worst problem with the OpenLDAP’s port MESSAGE fixed (discovered at work). Now it’s later than intended again, but I’ll regenerate the port index later tonight, head to bed then work, and will set up tear tomorrow, for building the snapshot-to-be-uploaded, while writing a new bootloader man page. That should about be it. I wonder if we should rename MirOS #11 to #12 and issue a release from what we have in -current now (pretty stable it is, plus #10 isn’t really maintained) like I did in the early years, when I start breaking HEAD to merge OpenBSD changes into it. Mh, talk with Benny and replaced. This 40 work hours per week scheme is annoying. But I guess if all had 34 work hours per week, they’d need additional personnell which has high cost overhead. Damn! If I divided my salary by 40/34, I could still make a living (not much worse than now; still can’t afford much). Woohoo. replaced commits, n0-1 (FreeWRT) joins the RANDEX contributors club and joins ##/dev/arandom. Just Benny was on vacation, and, again, I didn’t know of it ☺ ## mumble entropy, moving randomness 17.01.2009 by tg@ I seem to recall that IBM Thinkpads have a movement sensor. We may use it as entropy source – not for normal on-the-desk use cases, but still – every bit counts. This is probably a Vutral-worthy idea. Someone should, really, look into that. Kabelaffe says it has few states, but both level and edge (timing) values. Another thing Mumble and Murmur, which he showed me, could do is to collect entropy too – Mumble (the client) continuously records anyway (to intelligently try to find out when we talk loudly – it works surprisingly well), which hashed can contribute entropy (even with hardware mute it’ll get electric noise or somesuch); it could also hash the current channel conversation a.k.a. input from the network. Now I need to persuade gecko2@ to set up Murmur, the server, on thetis, and get bsiegert@ to port qt4-x11, as well as all the other prerequisites of Mumble, the client, to MirBSD. May as well be he ports both Mumble and Murmur, that latter I could set up on eurynome. At least it has more bandwidth than Kabelaffe’s home ADSL. ## 15.01.2009 by tg@ Tags: grml Whew. A long day at work. FreeWRT, OpenNTPD… and that other NTP dæmon. For sarge (first got to create a working sources.list…) and UCS (Univention). No wonder I’m not doing much any more. Bootloader: cd9660 has no “ls”, ffs and fat (and maybe nfs) do, tftp’s excused. But looking at the code… while adding it would not even add any but just reshuffle it, it’s advertising clause infested and slightly odd so a full rewrite based upon fat and getextent_cd9660(1) will do. Though that not before the next snapshot. This leaves me with the new manpage for boot(8/i386) and the update to lynx(1) and regenerating ports/INDEX (again). I also hacked some more wtf-debs and FreeWRT 1.0-stable packages (ARGH THIS IS JUST SO… EVIL, but WDS doesn’t work in trunk sez wbx@). Mika says I’m going to get my MirGRML. I say he’s going to get his BSD for grml. My colleagues say I’ll probably get some time off for FOSDEM – a few hours of Friday and all of Monday (as a weekend shift is scheduled soonish anyway). Just gecko2@ can’t get off early ☹ Daniel says we could go for DVDs, but I estimate we won’t make it in time this time. ## positive feedback 15.01.2009 by tg@ Tags: mksh iMil of Beastiebox has apparently lauded me for mksh – someone came into our IRC channel #!/bin/mksh by means of it. Thanks, it is not often that people give feedback on things. According to them, code quality is very good. While many things are inherited this shows that the cleanup both OpenBSD and I did did pay off. Tonnerre thanked for a script of mine he put to good production use: svn2cvs, which I already talked about. Glad to be helpful! Sadly, at work we’d probably need cvs2svn. Not going to do. Besides, it won’t work that easily – their CVS doesn’t use commit IDs, and svn has no tools like rcs(1), ci(1), co(1) which are immensely useful. ## NetBSD® _also_ switches to 64 bit time_t; sendmail and SSL/TLS certificates; danGerOOus uGLy web2.0 Email; random musings [updated] 14.01.2009 by tg@ Tags: grml snippet We got reminded that NetBSD® switched to a 64 bit time_t by Hubert Feyrer as well. However, one should mention that MirOS BSD has been using this since past the MirOS #7 release, i.e. for more than four years. Including fixing format string bugs (i386 is not LP64 so a long doesn’t contain a time_t) in a plethora of ports. Some kernel parts however are Y2100 but not (yet) Y2200 safe (such as 4.2FFS aka UFS1). Still nice to see others do follow our lead ;-) *wink* A Debian person wonders about sendmail… but the answer is relatively easy. Snippet from the config: O CACertPath=/etc/ssl/certs O CACertFile=/etc/ssl/deflt-ca.cer  Here, CACertPath is the name of a directory containing files named xxxxxxxx.y where x is the hash of the certificate and y is a number starting at 0 that is used to avoid collision if two CA certificates have the same hash. They are used for peer certificate verification alone. CACertFile, on the other hand, contains the certificates that are sent to the SSL peer, in a single file, but excluding our own one. For instance, it would contain TWO certificates in my case (CAcert.org Root CA Certificate, plus CAcert.org Class 3 Intermediate CA Certificate), once they switch to the new roots; I’m currently still using an older Class 1 one which needs only one there. I hope this clears things up. However, sendmail(8) on Debian is not funny (I succeeded with it only once I disabled all of their scripts, including the sysvinit one, and scp(1)ing sendmail.cf from my MirBSD system…). Looking at someone using Google Mail for all of his traffic, I can only stress again that Google is just plain evil. Especially the company offer. I mean, they can do anything with the stored data. They make deletion hard (BTDT, when I cancelled all of my Google accounts), and you never know if they don’t use anything of yours despite that. (And they owe me US$ ~130.)

Meh. No “Hello Planet Debian, I’m now a DM (not DD)” post for me. But I still work on the “wtf” repository from time to time. I need a package for our rdate(8), compress(1), and the mksh one could need updates.

Our company’s new MXens will run OpenBSD and MirBSD, respectively, with pf(4), spamd(8), sendmail(8), mksh(1), ports/mailnews/bmf, and OpenLDAP interconnection (slave slurping Univention UCS)… hard but nice. No SASL, it sucks (the UCS does that for the MUAs, and smarthosts off to our sendmail(8) plus spamlogd(8) instead). TLS Certificate Authentification is just so much more nice… or IP based, both are Xen DomU on the same box, the two BSDs (one offsite though) via HVM (replace Realtek with e1000).

Sometimes, OpenBSD does nice things: /var/backups/pkglist I will take.

VMware Server 2 is okay (MirBSD works fine) but the WUI is most annoying. And it eats lots of RAM. But hey, YGWYPF. And it’s better than no MirBSD (entropy collection rulez!!!!11!1einself), plus, the host has all the stuff needed (or can apt-get it), including jupp_3.1.10-1, mksh_36.2-1?buntu1 (from my “wtf” repo), satanic-wallpapers_666.4 (oO). The latter only on my workstation though, not the other vmws2 box, and only for the looks.

I switched my 22" (or so, dunno) widescreen reflexive TFT LCD with a 17" nōn-wide one that does 1280x1024 (we have a 15" one, but it has the same native resolution, so I took the one with bigger pixels as I do not run any LCDs in anything scaled instead of the native resolution). Now I at least see everything happening on my display ☺ and got brownie points with our HR lead (who got my old monitor in exchange for her 15" LCD).

Inactive MirOS Developer and FreeWRT Founder wbx@ (Waldemar Brodkorb) has also helped with setting up WDS and procuring some Asus WL-500gP routers, so we will also be using FreeWRT Embedded GNU/Linux.

Nathan Laredo (GNU member and author of tinyirc) and I have reached a consensus (compromise?) which enables me to include it on the special grml edition of our bsd.rd kernel (rescue system mode). That and e3 will make it; the bootloader needs macros (for calling grub), but that’s it probably. And I’ll try to get a MirGRML too. Maybe for FOSDEM.

12.01.2009 by tg@

After a full three days (well, today I worked – rather interesting stuff actually; OpenBSD-based spamfilter, we’ll make most of the setup public, I get to set up the backup on MirBSD, Xen HVM DomU, and got lauded – but the evening and night it did cost) of continuous bug squashing, they are here. The new bootloaders work okay on everything I throw them at.

They’re even smaller ☺ except the new commands, such as “machine label”, “cat”, paginating in “cat” and “ls”, support for FAT12, FAT16, FAT28, etc. cost a little:

• -r--r--r-- 1 tg tg - 41456 Jan 12 21:28 boot.old.disc-only
• -r--r--r-- 1 tg tg - 46736 Jan 12 21:25 boot.new.disc-only
• -r--r--r-- 1 tg tg - 48892 Jan 12 21:28 boot.old.pxe-only
• -r--r--r-- 1 tg tg - 57864 Jan 12 21:29 boot.new.disc+pxe

As already mentioned, you can load it from DOS (limited: DOS=LOW must be in CONFIG.SYS, DOS=HIGH conflicts with the kernel, and chaining breaks) as well as SYSLINUX & Co. and any Multiboot loader (GNU grub-legacy, GRUB 2). You can chain to GNU GRUB (both versions), boot sectors and flat image files like ourselves. It does 4.2FFS, CD9660 (no “ls”) and FAT. It also is usable as PXE loader, doing TFTP (and supposedly NFS) as well as any local filesystem listed earlier – although the boot device seems to be passed to the kernel incorrectly if it’s a local drive.

Now we just need more testing and a manpage polish… and some more (minor though) fixes like the boot drive.

I plan on bringing out a new snapshot any time soon, now that this works and security stuff is in, although Lynx might get updated again first. And I still write HTML source code in Blocksatz… old dasr habit.

## delaying

06.01.2009 by tg@

It's official, I've got a new job (some adminning). However, this means, whereas Benny has been committing like crazy, I've got to step back some. I somehow broke DOS operation of boot(8/i386) during some of the last changes, which means I need to investigate. And probably rewrite all of the asm part of it to get rid of the LINKSEG vs LOADSEG problems, since I confuse them all the time, and OpenBSD only introduced them because they didn't know how to use 32 bit relocations in 16 bit code segments.

This means my mikap project will be delayed a little. Sorry.

## GNU GRUB, the horrors [updated 3 times]

02.01.2009 by tg@

We can use “machine exec grub /boot/grub/stage2” as well as “machine exec grub /boot/grub/core.img” to chain into GNU GRUB-Legacy or GRUB2 now. GRUB2 is in rescue mode, though, but catting files works, as does chaining from GRUB 0.9x (mirports/sysutils/pxegrub) to GRUB2.

Also, “machine exec grub /stage2_eltorito” works, because they are actually the same (it doesn’t care if it’s a CD or not; we might use that in the future too instead of the tori_bootflag hack). However, while GRUB 0.9x can deal with filesystems created by “mkisofs”, “makefs”, “mkisofs -R”, it cannot deal with one created by “makefs -o rockridge”, neither the old makefs(8) we had 3 months ago, nor stock TNF one, nor our new one with my patches. Since GRUB2 just says unknown filesystem, it’s fine… but useless.

Anyway, I now have a way to boot MS-DOS® from a USB stick (bootbsd → grub → memdisk → DOS) in order to install SYSLINUX on the very same stick… gaaaaaaaaaaaah!

Update: Yay! Our bootloader is now multiboot compliant, detects El Torito in a better way without the patch-the-code kludge, and can thusly survive boot ↔ grub cycles.

2. Update: It can also chain to itself, and can still be used from MS-DOS® or as SYSLINUX (et al.) COMBOOT module. It just can’t load SYSLINUX because you usually only have LDLINUX.SYS not LDLINUX.BIN, see my earlier post. And it can’t load an MS-DOS® boot sector, however, chaining to GRUB then from there to DOS works. (So much for my plans to directly load an IO.SYS file.)

3. Update 18.01.2009: Even GRUB2 could operate on the filesystem. As could various OSes and tools (from Schily and others). Just grub-legacy can’t. What was it? Padding was missing…

## SYSLINUX, the horrors

02.01.2009 by tg@

Hmm… where is bsiegert@’s promised entry?

SYSLINUX creates an ldlinux.bin file from source code which is composed of two parts: a bootsector (FAT PBR) and the rest of the code, later written to A:LDLINUX.SYS. However, the later code not only makes assumptions about which bootsector loads it, but also jumps into it at will for unimportant things like loading more sectors (like the configuration file) from the disc. Bah! Impossible to do, as the bootsector is cut off before ldlinux.sys is written. Worse than even Microsoft®, who at least don’t go back to the bootsector once the first 2048 bytes of IO.SYS in DOS 7.10 are loaded.

## Useful GSM tricks

01.01.2009 by tg@

Ich guck’ ja keinen an…

• ##002# (and press the green/dial button afterwards): disable all call redirections (alle)
• ##21#: disable unconditional redirection (immer)
• ##61#: disable redirections if no answer (geht nicht ran)
• ##62#: disable redirections if unreachable (Akku leer, …)
• ##67#: disable redirections if busy (besetzt)

## USB stick boot (mission impossible Ⅱ)

01.01.2009 by tg@
Tags: bug grml hardware

• The IBM X40 can boot, but always uses a geometry of LBA translated into 255 heads, 63 sectors per track, contrary to the “USB ZIP” one which demands 64 heads, 32 sectors per track.
• The ALIX.1c does recognise the stick’s physical or USB ZIP geometry, since they match each other and what the BSD kernel thinks:
sd0: 241MB, 241 cyl, 64 head, 32 sec, 512 bytes/sec, 495607 sec total
However, it still cannot boot MS-DOS® 7.10 from the stick. WTF?
• The VIA C7 can still not boot from the stick. It doesn’t even appear in the boot menu. Interestingly enough, it does try to boot from SCSI even if unlisted (disabling the AHA-2940U2B BIOS helps to disable it, but I don’t even know where that MBR code which it did boot came from…)
• I still hate ATX. I fragged a K6-2 mainboard when trying to power it on due to a flash(?) (German: Überschlagsblitz). Also, I definitively have a lack of hardware with an ISA slot, a floppy drive, and USB.
• The (old) herc hardware might work, but its keyboard controller is damaged, ISTR I wrote about it ages ago. Some day, I’ll either solder in a new one or use a USB keyboard to bring it back working (to hack a hercules framebugger).

So the way out of this misére is a “machine sector <type> <filename>” command for boot(8/i386). It should be able, at least, to load: an MBR/PBR, a GNU GRUB stage2, stage2_eltorito (with boot-info-table emulation), SYSLINUX, ISOLINUX, EXTLINUX, an MS-DOS® 7.x IO.SYS. But at the beginning, I’m content with less. Because it seems to be impossible to boot DOS from a USB stick, due to the varying CHS geometries, MEMDISK might be the way to go for a triple-boot stick. A combined grml+MirBSD thing would not be hindered by it because both SYSLINUX and boot(8/i386) use the LBA access method if available.

Benny beat me, he did the first commit this year. Congrats! Oh, and the second and the third. But I’ll write the first wlog entry, hahaha, and the Developers’ Weblog is not a blog! Oh, and the fourth.

## Best bash tip ever! Use mksh!

31.12.2008 by tg@
Tags: mksh

Best Bash tip ever! is a little… interesting. Of course, mksh(1) can do it as well:

tg@bleu:~ $head -2 /var/run/dmesg.boot MirBSD#10uA4 (GENERIC) #1161: Fri Dec 26 21:05:59 UTC 2008 tg@bleu.mirbsd.org:/usr/src/distrib/generic/obj/build/GENERIC tg@bleu:~$ r 2=3
MirBSD#10uA4 (GENERIC) #1161: Fri Dec 26 21:05:59 UTC 2008
tg@bleu.mirbsd.org:/usr/src/distrib/generic/obj/build/GENERIC
cpu0: Intel(R) Pentium(R) M processor 1.40GHz ("GenuineIntel" 686-class) 598 MHz
tg@bleu:~ $fc -l 1 head -2 /var/run/dmesg.boot 2 head -3 /var/run/dmesg.boot What’s best, the modified commands are written into the history, not the modificator itself. Some of the commentaries are rather clueless too, not$! but $_ is the last word of the last command, in this case: tg@bleu:~$ head -2 /var/run/dmesg.boot
MirBSD#10uA4 (GENERIC) #1161: Fri Dec 26 21:05:59 UTC 2008
tg@bleu.mirbsd.org:/usr/src/distrib/generic/obj/build/GENERIC
tg@bleu:~ $print$_
/var/run/dmesg.boot

Instead of “^-s” you would use “r -- -s=” (the two dashes are needed as the “r” built-in alias parses its arguments).

More on Planet Debian (read via Planet Symlink): how many times do I have to tell you it’s “CAs” not “CA’s” again? Please do the world a favour and read Apostrophen und andere Katastrophen with rules for German and English: never in German except the word ends with s or similar: „Jens’, Max’ und Joes CDs“ and for genitives only in both languages, but with apostrophe in English: “Jens’, Max’ and Joe’s CDs”

ciruZ now has a blog too… with two ruby scripts. I prefer mine in mksh very much, thank you :þ

## IBM X40 – USB stick boot (mission impossible) [updated]

31.12.2008 by tg@
Tags: hardware bug

It’s simply amazing. I wanted to show gecko2@ a USB stick with both grml(-small) and MirBSD on it, using SYSLINUX, but this fscking laptop does not boot from USB stick. So, the ALIX.1c it is, or the VIA C7.

Update: the VIA C7 doesn’t, either. Phoenix/Award BIOS v6.00PG it is, 09/26/2006-ID-PCM7E-6A7L6EIIC-00 apparently (I learned today from gecko2@ that you can indeed use the “Pause” key on the IBM PS/2 keyboard to hold the output during BIOS POST). And I suspect the X40 just has USB Legacy support disabled, but won’t reboot now.

## 25C3 redux

31.12.2008 by tg@
Tags: event

Did you all read my comment on the MD5 CA thing?

25C3 is over, gecko2@ arrived today, and both he and bogus are just too verpeilt – they forgot to distribute the MirOS flyers and CDs at first, then bogus (who had them) got really ill.

We all somehow are, at the moment. Get better, everyone. (replaced couldn’t get to the BSD@Wien pre-christmas party either…)

cnuke@ pointed me to a nice IRC quote:

17:57 < jtsn> Der 25C3 ist lustig. Deutsche Vortragende brechen
sich vor deutschen Zuhörern auf Englisch einen ab. ;-)
18:01 < jtsn> Adolfs Werk war sehr nachhaltig. ;-)
18:01 < jtsn> Das gab's nichtmal in der DDR, das[sic!] Deutsche
mit Deutschen auf Russisch reden. ;-)


This’ll be my ~/.etc/sig for a while… it does hold some truth. *looks at this wlog*

Benny is still alive, yet a little offline, hacking on perl stuff for MirPorts. Good riddance.

By the way: does anyone know of a way to use a web browser or engine, for instance Webkit, from a shell script to produce a rendered version of a HTML source file (preferably to PostScript® or PDF)?

## mksh-current GNU/Cygwin32 binaries (snapshot)

31.12.2008 by tg@
Tags: mksh

An mksh-current cygwin snapshot I just built for smultron, our graphical artist friend from MidnightBSD (which, by the way, also packages mksh(1)). He just did this:

We’ll see what we do with that “m”…

## MD5 attack lead to faking an X.509v3 Intermediate CA [updated]

30.12.2008 by tg@
Tags: security

I’ve updated src/etc/ssl.certs.shar, read about the procedure. Someone might want to update the nss certdata.txt file (to mark them as untrusted); for OpenSSL it’s enough to have them renamed. Luckily, the CAs agree wanting to switch to SHA-1 (yuck, broken as well). Only, do they get a new root certificate (probably not), and where does an OS vendor get such news?

Update: This appears to be not needed, as per this comment. However, how credible is this person? Where is proof? I’d recommend everyone who has not yet read it to look at On Trusting Trust. Anyway, the CA certificates are now trusted again; let’s just hope the backdated demo intermediate CA was the only one generated in the meantime. We really need my SSL known_certs proposal, I think. What’s with these MD2 certs anyway? (end of update)

On other notes, we have a new logo for mksh, thanks smultron. Hand-editing SVG is so much fun ☺ no really, in jupp it works very well.

I also ported the e3 editor to MirBSD, it’s 17 KiB i386 statically linked (stand-alone) binary. GNU GPL, but good for custom-made (hehe…) install/rescue system bsd.rd kernels. I would like to add TinyIRC-MirOS as well, but need to get an exception licence for crunchgen(1) use.

Both tinyirc and mksh(1) now use TIOCGWINSZ more properly and aggressively. The shell, in particular, now always has COLUMNS and LINES set.

## light bulbs

28.12.2008 by tg@

Yesternight, not only my server crashed in the softupdates code again (*sigh* two RAID 1 rebuilds and a lot of fsck(8)), but also one of these energy saving light bulbs (13W). This proves that they do not have a longer lifetime than regular bulbs.

I oppose the planned ban of regular light bulbs, because, although almost(!) all of mine are energy saving ones, some of the propaganda apparently is wrong, plus they are not good in situations where the light switch is used very often, or when the light is only on for very short amounts, such as in the entrance area of an appartement (say 1½ m²).

What did I do? Meh, just some bootloader hacking.

## 27.12.2008 by tg@

Today, we gained arc4random_buf(3), arc4random_uniform(3) in libc and arc4random_atexit(), which is undocumented, but called from _exit(2) and all exec-style functions via execve(2) and exect(2). Since o﻿malloc(3) needs arc4random(3) anyway, it is no real overhead, but a great way to make modelling the pool stuff even more difficult. Thusly, arc4random_pushk(3) retires in favour of arc4random_pushb(3) but stays as cpp(1) define.

Riding on the minor bump, mempcpy(3) stpcpy(3) stpncpy(3) GNU style were added as well.

Next plans are: rewrite src/lib/csu for pcc, make a port of uw-imapd with libc-client.so (maybe LTMIRMAKE?), make the pine and alpine ports use it, make the php-imap extension work with it again, further improve src/kern/ stuff and maybe www/mk/

More deep changes are however still postponed until OpenBSD is merged better.

I also fixed makefs(8) again ☺

25.12.2008 by tg@
Tags: event

Word has reached me that Benny and Przemek are both suffering from illness (nothing bad, just a cold, don't worry) and thusly will not be attending the congress either.

As gecko2@ is currently preparing his machines, we believe he will uphold our representation at the event. Please join the IRC channel or the mailing list if you have any questions.

To these who do: happy celebrating!

## Chaos Communication Congress upcoming

24.12.2008 by tg@
Tags: event

I have just placed a couple of MirOS CDs and flyers (English and French only though ☺) in the hands of a friend while helping him to move to Berlin. Either him or Benny (bsiegert@) or Andreas (gecko2@) will distribute them at 25C3, or we’ll place them somewhere. I (tg@) will not attend, replaced (ahoka@) probably neither. You might be able to track down Benny in between some of the talks if you have any questions regarding MirPorts and MirOS, though.

To these who do, happy celebrating!

## svn2cvs.sh – convert Subversion to RCS/CVS Repositories

17.12.2008 by tg@
Tags: mksh

svn2cvs.sh is an mksh(1) shell script able to convert from Subversion repositories (remote access via URLs, needs installed svn client) to RCS/CVS repositories (local access via pathnames, needs installed rcs(1) ci(1) co(1) GNU RCS, as well as cvs(1) GNU CVS, for rcsfile(5) handling). For more information, see the included help as well as the commit message.

If you have any improvements or requests regarding this script, please contact me or the miros-discuss@ mailing list. There is a discussion thread for it.

In case you didn’t, read cvs(GNU) a.k.a. The Cederqvist! Another source of CVS tricks is courtesy of «ThunderChicken:#cvs» and includes some from myself.

The 13.rcs(PSD) documentation and rcsintro(1) are online as well!

17.12.2008 by tg@

Today I updated a couple of things (Perl, OpenSSL, OpenSSH, libpng, Lynx, Sendmail) in MirOS-current. Should be pretty much all needed, and stuff should still be working.

XFree86® 4.8.0 is out, we’ll update once we have human resources to do it.

The next snapshot may not contain the newer X11 unless stable. If imported and stable before the #11 release (whose criteria include OpenBSD merge), it’ll be used there.

Today I’ve got an interview at a potential new employer. *crosses fingers* Wish me luck. Or employ me. (Donations to be used for travel and accomodation for “events” are still desired for all of us developers.)

## mksh R36b

14.12.2008 by tg@
Tags: mksh

mksh R36b is out, grab it while it’s still hot ☺ There’s an impressive change list for a mere bug-fix version, and this is the first one where ahoka@ has contributed directly. Upgrade is recommended for all users. The new memory allocator has been backed out for stability.

MirOS-current has mksh R36b plus some changes from mksh-current, mostly renaming set -o utf8-hack to set -o utf8-mode denoting said technology is solid after ages of testing. MirOS-stable has R36b.

## wb bleu (X40)

10.12.2008 by tg@
Tags: hardware

Yay, the IBM X40 is back. No explanatory letter, just an invoice over 0 € (funny), but it works. The BIOS clock was off by an hour, I suppose they have booted a Windows® – maybe its “driver” has fixed the graphics chip. So I can go back trying to build a working snapshot again.

And never boot a GNU/Linux, especially not KNOPPIX!

PACKSTATION rules! Even though I yet have to figure out how to use it for sending out a snail mail package.

Maybe I should just go and get stuff for soldering odem back to life, though. Anyone want to buy an otherwise perfectly fine working IBM X40 with docking station and laptop bag? It’s not used much even by the previous owner (french company) and in good state.

We have Mirzilla Firetapir now, but I need to figure out how to get a cleanly separated xorg-reachover port for MidnightBSD done… unless I’ll be porting XFree86® (client part only) over.

I’ll still be using nwt this evening for recreation. And the win2k box nocd has RANDEX in Cygwin, using tinyirc, irssi, and mirsirc. I should definitively create a webpage on the site here for randex. Maybe make a tinyirc port – once it can deal with SIGWINCH…

Some search engine bait: Tom Kohnen, thanks for your old nwt laptop. The MirOS OPTU-8 encoding does UTF-8 (WTF-8?) and CESU-8, while OPTU-16 can do UTF-16 in pcc. Mirzilla Firetapir is the Vutral name for Mozilla Firefox, ports/www/firesomething. Vutral too helped to invent the MirOS RANDEX protocol (entropy exchange over IRC), which has nothing to do with the Win32 worm, just random numbers. My graphician – smultron – needs to expand mksh and I suggested, besides letter spelling (em ka es ha, or for the English, em kay es aytch), or the “polish/klingon variant” (m’ksh), or the official expansion “MirBSD Korn Shell”, he call it “MidnightBSD Korn Shell”. The invalid ones were “make shell” or em kay shell, this is something else. On a side note, we’ll be having a logo for mksh(1) soonish.

04.12.2008 by tg@

If you look carefully, you might notice small changes to the website, both HTML and RSS versions. Enjoy!

## Netcraft confirms: my IBM X40 is dying

27.11.2008 by tg@
Tags: hardware

Well, maybe not Netcraft. But I couldn't resist the joke, having been a regular Slashdot reader for years, seeing its quality sink, until I suddenly could not login any more with lynx(1), best browser ever.

This morning, I tried to power it on from cold state, and could not even see that password (machine + IDE) prompt. After I typed blindly, I was able to use Fn-F7 (seems as if it's not enabled that early in the boot process), but only for less than one second each try, despite unplugging the AC power supply again. Well, I made it through the boot and shut down the box cleanly again, but it confirms that it's not a heat issue. But what else could it have been? At first I thought that maybe the PSU sent too much current or something, but that's also not it. Perhaps Tonnerre is right and it's all Knoppix' fault ;)

Looks like I'm going to do some hacking on nwt today...

## Laptops – IBM X40 vs MiTAC 4023

26.11.2008 by tg@
Tags: hardware bug

Today, I intended to do some hacking too, maybe on that new allocator for mksh again. However, I never came that far.

Michael "tazz" Kristensen decided he'd try MirBSD. He wanted to boot from a USB stick, before he found out his computer couldn't (now what a surprise, if you ask me...). Since he has a GNU/Linux and GNU grub running, I'd thought we could use memdisk (from SYSLINUX) to boot off the ISO as if it were a hard disc. I ended up making him a hard disc image with a small FAT12 partition (just IO.SYS, MSDOS.SYS, COMMAND.COM and BOOT.COM – a.k.a. /usr/mdec/boot) and a small 4.2FFS MirBSD partition (just bsd.rd), which worked. However, I first needed to produce a test hard disc (image) into which I could place GNU grub, memdisk and the fake disc image. For that, I booted Knoppix 4.0.2, and from then on (coïncidentally or not) strange things started to happen...

My shiny new IBM ThinkPad X40 started to blank the screen while I was typing (so it wasn't a screen saver issue). Fn-F7, waiting for half a minute or so, and Fn-F7 again brought back the screen. It did not come from moving, and it's not the inverter (I checked with a flashlight, the TFT is really out). Anyway, it continued to work for quite a while. Sadly, the intervals it would work eventually got as short as a few seconds. I found out that unplugging the AC power supply helped... for a while. The intervals eventually got down there as well. Cleaning the fan I tried, but it does not seem like a heat issue either.

HELP!!!

I cannot simply afford another laptop. I bought this one because it was popular with the OpenBSD people... while the hardware is working nicely, the TFT is a tad small, the keyboard is an absolute shame, and the "mouse" buttons... well, let's just not talk about any IBM laptops, okay? — Nevertheless, I need it for work, development, and other (private or not) things. Fuck.

This wlog entry has been written on a MiTAC 4023 laptop. While it only has a DSTN (or STN?) LCD, 12 MiB RAM, a Cyrix 486DLC CPU with, I believe, 33 MHz, it works (despite the aged custom MirBSD #8-current single-user-only mostly-﻿crunchgen(1)d installation).

Tom "nwt" Kohnen, einer der beiden Luxemburger, von denen ich viel halte, wenn Du wüßtest, wie oft Dein alter Laptop, den Du für wertloser als den Nike-Sticker, mit dem er beklebt ist, gehalten hast, mir schon den Arsch gerettet hat... Leider bist Du nicht mehr im IRC, aber falls Du dies liest, fühl Dir gedankt!

## pcc and Win32

25.11.2008 by tg@
Tags: pcc snippet unicode

I think I’m quite finished with the Unicode stuff. You can now do really weird things like this:

void

}

ISO C99 permits it.

On the other hand, pcc on Win32 appears broken, cannot be compiled either natively (e.g. due to use of “long long” and other bogus things which may be C99 but not MS-C90) nor cross from GNU/Cygwin32 (because the Win32 port seems to be orphaned and, even if I try to fix these things, it doesn’t work for me). So I couldn't get it to build a simple MessageBoxW() hello world programme.

I wonder what the reception of my patch will be. I wish support for wchar_t were a release goal, then I could try to tap into that BSD func *smile* but anyway, I was just bored, and we need wchar_t support in pcc anyway, and better I do it than some ISO-2022-JP fanboy. And that above example… well, three more lines of code, so that you can actually write “int blöd;” ipv “int bl\u00F6d;” ☻☺ I think it’s worth it, even if such can confuse the hell out of people trying to read your code.

This thread contains the patches (three versions, until now… use today’s please), in case you want to help testing.

## pcc and OPTU – and just how much Mirzilla Firetapir sucks

23.11.2008 by tg@
Tags: pcc unicode bug

Today, I was sort of bored, so I enhanced something other than our libc, namely pcc, with support for Unicode/UTF and wide character literals and strings. Kind of fun it was.

Still missing is support for \uXXXX literals in multibyte strings (need ucs2utf function for that, which can be taken from our libc again), and, maybe, automatic UTF-16/CESU-8 conversions, if the target has UCS-2 (MirBSD, Windows) and the host doesn’t, or so.

Every single time Benny works on ports/www/firesomething, it sinks in my esteem. Generating crypto keys during fake install is not how things should be done (use a post-pkg_add script!). And I still think it’s only rumours that it had been rewritten after the Netscape® code was opened – it would be better than before then, not worse. I’d rather shoot myself than publish such filth, if, like Benny says, the code had indeed been rewritten. Well, at least it is aware how insecure it is and kills itself:

14:46⎜«benz» Nov 23 16:40:29 mirbulk firesomething-bin: stack overflow in function virtual nsresult nsCryptoHash::Finish(PRBool, nsACString_internal&)

And if he wouldn’t document this in a wlog entry, I do ☻☺

But then, I don’t believe him totally unaware:

14:09⎜«benz» The name "Minefield" is strangely appropriate

## galloc and OPTU

22.11.2008 by tg@
Tags: unicode mksh

aalloc was a failure and prone to mis-type; I’ve started on galloc, which is supposed to be even more type-safe and flexible, yet still segfaults on me as well.

In the meanwhile, to not stay bored, I enhanced the Unicode (MirOS OPTU-8/OPTU-16) function suite in MirBSD and hacked an implementation of Plan 9’s Rune functions – dubbed p9¾_*.c due to usage of our “internationalisation like Plan 9, just on the next layer, and within the confines of UNIX®” approach to internationalisation. These (as well as some well-known ones like wcsrtombs(3)) should be OPTU safe, and we now have a macro telling us if a wide character is part of the OPTU Raw Octet codepoint range (in the CSUR PUA assignment).

I’ve contacted Bruno Haible again because his libutf8 misses the Unicode Title case (complementing Upper and Lower case)… I’ve got an idea how to implement it but would like to double-check with him to ensure nothing breaks. The Plan 9 functions need it (these two are currently implemented as stubs that just throw ENOCOFFEE).

The number of manual pages also raised…

I built XFree86® with a (slightly beefed up) Reiser CCCP in use as sole C Præprocessor now… and have yet to notice failures in operation. Now we’ll have to find out what else stuff is there depending on the existence of /usr/bin/cpp, possibly switching it, like the <sys.mk> mir﻿make(1) file, to ${CC} -E - (which is not 100% compatible, because cpp can also read from stdin without the dash, whereas, with the dash, neither can read from only a file). X11 etc. can be switched to /usr/libexec/cpp then. ## aalloc and COFF 17.11.2008 by tg@ Tags: mksh I got (E)COFF executables to work, even though I cannot produce them except with a hand-crafted binary yet. Maybe these produced by kencc work now. I didn’t get the time or nerve to continue hacking on aalloc today… the whole pointers thing in C is so useless. If I could use assembly, it were so trivial. Anyway, the TPtr data type will probably have to get lost, and I plan on using more temporary local variables for overview. Besides a beer discussion, IRC channel today featured plans on getting a temporary setup of fast enough machines for crossbuilding OpenJDK; replaced confirmed that someone had success in doing what I planned, although the nōn-free JDK 1.5 only. We’ll see… ## small updates 12.11.2008 by tg@ Tags: security /MirOS/current/i386/fixes10.ngz holds a new libm, with which you can use the three new binary packages (lzma, llvm, llvm-gcc4.2) I’ve just placed in /Pkgs/current/i386/ for your fun. These all have been compiled using mgcc-10uA3, as llvm-gcc4.2 is not up to the task. The new “aalloc” area-based omalloc-employing pool allocator is still unfinished; I need to make cookies work and perhaps add more ifdefs to make it smaller for MKSH_SMALL users (installer, FreeWRT, …). However, feel free to read it and send me comments. I admit it might want to be cleaned up a little, but first it’s got to be finished. Do not use it yet; it’s intended for both mksh and libobjfw though. Also, I’d like to hear of possible optimisations or more security stuff one can throw in; the current scheme is the compromise looking best to me. Remember that it was written with mmap malloc (and omalloc – Otto Moerbeek zĳn malloc) and malloc.conf(5) MALLOC_OPTIONS guard/junk/protection in mind. ## compilers 10.11.2008 by tg@ First off, the X.509v3 certificate for gzsig(1) has been renewed. While, strictly spoken, this is not necessary, it eases validation. MirPorts now not only contain ports for various compilers such as pcc (which does not suck anymore), LLVM+Clang (which does suck, because it’s written in ugly CFrustFrust) and llvm-gcc 4.2, it can also peruse them to compile packages: •$ mmake USE_COMPILER=system # mgcc (C, C++), Default
• $mmake USE_COMPILER=pcc # pcc (C only) •$ mmake USE_COMPILER=llvm # llvm-gcc (C, C++, Fortran 77/9x)

While clang cannot yet be used there really, the Build.sh script of mksh can use its “ccc” compiler driver (which however is experimental) as well as llvm-gcc to build mksh(1)… to native code, or to intermediate bytecode (with link-time intra-module optimisation and final assembly into native code).

The LLVM Interpreter lli also, surprisingly, works. No patch required.

This (LLVM) is for MirOS-current i386 only; Darwin probably just needs to be tested, whereas MidnightBSD and OpenBSD require some more work.

TODO: there is an LGPL’d lzmadec binary, C only even; do something with it, possibly to ease use of .clz binary packages. Recent storage needs have become utterly ridiculous.

## website fun

09.11.2008 by tg@
Tags: security

Now that the website is running on MirOS httpd(8), we can have some fun… SSL and such. The following picture may not be displayed if you use a nōn-rsync’d mirror, but can be worth the fun:

An ASCII connection info version is, of course, available as well, but images can be embedded more easily. For example, if you were to read this wlog entry via SSL (link provided courtesy to readers using Planet Symlink), the information would differ.

And if you still get warnings about an unknown certificate authority, CAcert provides them for downloading into browsers such as M*zilla Firef*x whose idiotic development team opposes against them. For what it’s worth, unchecked SSL is still better than no SSL at all (especially for entropy ☺) unless you think encrypted = authentic identify.

## WTF we have a symlink

01.11.2008 by tg@
Tags: bug snapshot

Much closer to a new DuaLive CD. Reading Ecma 119 (ISO 9660), El Torito, and IEEE P1282 (Rock Ridge). Fixing bugs in makefs(8) as if there were no tomorrow. Even ifdef’d MirBSD deps, so that they™ can take everything back. Finding bugs in the kernel (one harmless, one deadly), and amusing myself over certain students. (Bit 0 == 2⁰ == 0x01 not 0x00…)

What’s left? Actual testing (qemu, real hardware), and I suspect that the RR_MOVED creation code does not split the directory correctly at 2048 byte sector boundaries, like all the others. (How many damn academics did work on this part of the code, anyway? Modularisation sucks, major arse.) Being paranoid and using calloc(3) has saved me from most other illnesses since.

Leider mußte ich den Federroten heute alleine trinken, aber immerhin konnte ich wbx@ überzeugen, sich zur mksh zu bekennen – sie kann UTF-8 und überhaupt Umlaute in der Shell, schön mit nur einmal Rücktaste drücken und so. Und seinen GNU screen hab ich ihm auch noch gefixt. Dafür bin ich den Sharp Zaurus SL-C3200 (und somit auch meine einzige OpenBSD-Testkiste) wieder los… eventuell nutzt er ja MirPorts, denn unser screen weiß, obs in einem Unicode- oder 8-Bit-Terminal rennt, wsconfig/chkuterm sei dank.

Warum sagt mir eigentlich niemand, daß mor…^Wheute die Geschäfte zuhaben? Ich bin ja mal voll für src/usr.bin/calendar/calendars/de_DE/calendar.ladenöffnungszeiten.bundesland (das geht ja sonst mal gar nicht)! I discovered that the CD drive in my docking station – namely a cd0 at scsibus0 targ 0 lun 0: <HL-DT-ST, DVD-ROM GDR8083N, 0K04> SCSI0 5/cdrom removable – neither is removable (the docking station is not exactly hot-pluggable) nor can it write. It can read various kinds of DVDs, CD-ROM, CD-R, CD-RW, but not burn any ☹ And since the lid seems to be custom-fit, I probably cannot simply take odem’s DVD-ROM/CD-RW slim drive either. That said, the sparc still cannot read CD-RW either… must discover some CD-R media… I had a good laugh at J�rg “schily” Schilling learning English: &dp[14] /* Hunreds of a Seconds */ – That he doesn’t grok licencing is already well-known, so no need to bash that again. ## new developer 26.10.2008 by tg@ Adam “replaced” Hoka, who has advertised and bug-spotted (and fixed) in the past, begun a Haiku port of mksh. He has been given CVS commit access for that purpose (possibly extended later), and as such, is now the 8th developer (counting both active and passive ones) to The MirOS Project. Apparently, the Haiku port now compiles but does not run. Possibly another buggy operating system to add to the list. I somehow end up fixing pcc each time I try to build it. But code size on i386 has much improved recently, although still nowhere near gcc ‘-Os’ already much better than its ‘-O2’ counterpart, both gcc3 and gcc4. I’m still waiting for more bug fixes, and more of my fixes integrated into upstream, before updating the pcc mirport though. While I removed the use of __typeof__ from the mksh(1) source, SUNWcc still explodes on it unless we use HAVE_EXPSTMT=0 *sigh* There are new “hosted” subprojects in our CVS repository. These are for each committer to place his/her stuff into, which, in contrast to other stuff in the contrib module, does not necessarily need to have something to do with BSD, Unix, shell, etc. However, existing mismatched code (the .exe files of my keyboard layout and Benny’s polymers code) will not be moved, because that doesn’t make sense with cvs(1). Today, my health has been somewhat better, but I still feel as if I had a cold but hidden, so it does not impact me that much but I cannot lose it either. Headaches started at about 20³⁰, which I consider good, even though I now cannot comply with Jonathan’s wish of having a look at llvm-gcc for spotting a bug in libobjfw. ## Giving up far-away aims to achieve the nearest ones at all 24.10.2008 by tg@ Tags: bug While I could use newfs(8)+vnd(4)+mount(8) or makefs(8) with a fixed block size for a live CD, or a ports version of mkisofs, or create the image on Darwin, I do not think so. The next snapshot will just not be a Live CD at all. Later, guys. Maybe TNF helps fixing it. mksh also did not have the newest nifty features, such as <(cmd), applied, due to my ongoing illness feeling and added headaches all of this evening. However, I did finish the OSF/1 V2.0 (MIPS) port, and tomorrow there will be a proper announcement of R36, including ports, source RPMs, etc. Many thanks to DEChengst from the #!/bin/mksh IRC channel again for giving me access to such machines. I built LLVM+clang on Debian Lenny, just to make it crash *grin* due to an internal assertion… in mksh(1)’s source code. Gah. Anyway, got the problem reported. I wonder if I should remove Objective-C from the base gcc since it’s not just almost but really unusable anyway (same for Ada unless it can be used to build llvm-gnat-4.2). Jonathan gave up on the GNU runtime for good, or so he told me. Today I also tried to get a neighbour’s fax-scan-print-copy combo running. Ends up that both the new phone line he bought for it was faulty (I gave him a replacement from my Attic), the AVM Fritzbox has… issues, and when I finally got my own fax from anno 1985 to work, and his Officejet not, we belive that either the ISDN voltage (it was accidentally plugged next to the NTBA first) or, much more likely, a recent thunderstorm b0rked it. So much for high-tech. My low-tech works. ## All software sucks… 22.10.2008 by tg@ Tags: bug I did not get much further. While I had the brilliant idea to embed a native little-endian BSD disklabel inside the first 512 bytes of the first-stage sparc bootloader (as the code searches for it anywhere in sector #1 inside the partition – or disc, if no MBR partition found – aligned to a long boundary), because an MBR partition would fake about two slices in the Sun disklabel which… could cause issues, the software I wanted to use to create a testcase has… bugs. I ended up creating an install-only ISO and wanted to put the rest of the files into a 4.2FFS filesystem with makefs(8). However, that one did not want as I do, and that for quite a while. Cheers to TNF! grml… The update of Opera to 9.61 also failed for reasons outlined in the commit message. So we’re still stuck with Opera 9.27… I did get libpng updated, but had “fun” with that as well. So long. ## mksh porting 21.10.2008 by tg@ Tags: mksh If you read the comp.os.minix newsgroup, please have a look at Message-Id <Pine.BSM.4.64L.0810202029070.28869@herc.mirbsd.org> and help us porting mksh to Minix 3. (Yes I know I replied to a different thread, but this is just because Pine did not want to let me post using a simple ‘C’ompose in the gabeln.) If you have an idea how I get the OSF/1 V2.0 cc(﻿1) to correctly fail if it cannot resolve functions, or how we can fix Plan 9 or even Syllable Desktop (which is said to have fixed their signal handling in the kernel, however an actual user would have to test it), also feel free to contact me, you can probably help. ## Closer, but no game 21.10.2008 by tg@ Tags: bug On a somewhat unrelated topic, I would like to remind the readers of this wlog that next weekend, winter time will enact, i.e. you’ve got to add only one instead of two hours to the current UTC time to be able to talk to your “nōn-CS” neighbours. I’m adding it here since I know I would forget it otherwise, and I just saw it in a newspaper I read at the imbiss. Well, I got closer. So close that dual-boot CDs are possible with the new system. So close that I got everything in place to make both baselive and dualive CDs. But makefs(8) let me down and threw an assertion on – how gdb(1) helped me to find out – a deep directory, usr/libdata/perl5/i386-mirbsd/5.8.8/auto/B/C, thinking it adds the same directory a second time to its node tree (aborting thusly to not end up in an endless loop later). However, adding the allow-deep-trees mount option did not help. So I’m stuck. There are some alternatives. The one which I like the most would be to further change the Sun disklabel to not only look like an i386 MBR to the BIOS, but also contain a “partition table” with only one partition of type 0x27 (MirBSD), starting at the chain sector (24, in our case) and being two sectors in size. The second one would then contain an i386 disklabel. A 4.2BSD FFS filesystem (created with makefs(8) which should work better there) would just be added after the ISO 9660 filesystem containing the boot stuff (and possibly, the /v10 directory, i.e. nothing less and nothing more than the contents of a normal dual-arch install-only CD, plus the Live kernel, which is just a GENERIC with root set to cd0f… since we’ll be using UFS then, we don’t even need /dev on a ramdisk any more). However, I do not exactly know how this would behave if we mix a filesystem using 2048-byte sectors with a filesystem using 512-byte sectors on the same medium and expect it to work both when burnt on a CD using 2048-byte sectors for the entire medium and when put on a CF card / USB stick / HDD / etc. using 512-byte sectors for all of the two filesystems. The Sun disklabel would also have to be adapted, unless we want to hide the i386-live part from it (or are too lazy to show it… but we’re perfectionists, sometimes). I know from others that they put /usr on an FFS inside a vnd(4) file instead, but this has not only heavy performance issues, I also know our vnd(4) to behave slightly buggy on media with sector sizes other than 512, with OpenBSD having fixed some of that. I would thusly like to avoid it. Just putting FFS on the CD is not an option either. Oh, there are endianness issues as well, so there’s probably no point in having the i386 FFS slice being accessible by sparc, since people in all of the BSD camps still haven’t understood how uncool they are (our rewritten elf2aout(1) being a prime example that it is not only possible but also highly useful to have such tools do internal endianness conversions as needed). Now I either need an OpenBSD guru telling me how to accomplish it, or have to experiment. *sigh* Does anyone succeed in running MirBSD on qemu 0.9.1? No matter if with or without kqemu, it freezes for me after the pciide(4) probe. The sparc issue also has yet to be resolved. ## Getting closer 19.10.2008 by tg@ Tags: bug geocache I’ve built i386 and sparc intermediate snapshots. We’ve been fixing things lately, so that another combined DuaLive CD is not so far off, before the more weird things (such as the 4.4OpenBSD merge) start to happen. On an unrelated side note, my SPARCstation 20 is crunching for BOINC at the moment, at about 75 MIPS only though… Maybe LLVM 2.4 and llvm-gcc 4.2 will hit the MirPorts Framework now, because we need a recent compiler for some things (Objective-C, or to compile Webkit), and it’s better in terms of licencing (BSD + GPLv2), quality and portability than FSF GCC. Maybe someone ports Iced Tea so that comrad will be happy. I don’t know. It’s all our spare time. There are a few things in libpng that need to be taken care of first though, but the other recent security issues (ftpd(8) must die anyway, IPv6 ndp, …) were handled. Maybe others, let’s see. Ah, and of course I need to get the Live CD functionality fixed and switched to use NetBSD® makefs(8) instead of J�rg’s mkisofs first. I still don’t believe in Web 2.0, Communities, etc. For example, on Ohloh (I still need to take care to not write oh lol!) there are quite some projects, but “nobody” (well, almost) uses them. CacheWolf, the geocaching software of choice, starts a conversion from the Ewe VM to the supposedly superiour Eve VM, but I yet fail to see success, still people want to already switch over the svn trunk, and only bugfix in the 1.0 branch… as if anything were usable before next spring, and a full replacement before end of next year or so, guesstimated……… Jonathan complains about the brokenness of software, libobjfw is suffering from GNU libobjc runtime bugs (a layer deeper, that is). I so feel with him, I know the feeling so well… sometimes it would really be better to be a cat. I also quite met with Azraël, Florian’s (my best friend) animal half – with approximately 13 kg much more of a beast than the neighbour’s cat I nicknamed “Mir” (just to name it after a BSD) and behaving much more “cool”, but very nice. ## mksh – please test release candidate 13.10.2008 by tg@ Tags: mksh Hi everyone, mksh’s current development version should be tested on as many platforms as possible before a new release. This mostly means:  CVS_RSH=ssh; export CVS_RSH
$cvs -d :ext:_anoncvs@anoncvs.mirbsd.org:/cvs co -PA mksh$ cd mksh

## code age

20.09.2008 by tg@

Today, I hacked some more on mksh’s command line editing modi. They were probably written independently, so Benny’s request for vi mode cursor keys is unfulfillable reasonablily. I’m not quite done, there are some more patches to create, including one to the mksh(1) manual page, but that will come. It’s a hard job, and on a headache-clouded november day like this (no pun, look at the weather!) getting a hacking mood, as well as anything else done, is difficult. I did manage to catch a few sun rays, but… not much. Besides, sitting in front of a monitor all day makes you wish you had learned something else, even if everthing else goes smoothly – which it usually doesn’t…

I tried to make pax(1) compile without the -DLONG_OFF_T define… turns out that all the quad_t types and defines are not existant on Debian. Autoconfiguration and #ifdefs suck if you can do it without, but this will take some more time.

I had an interesting discussion about light bulbs with the MidnightBSD people yesternight. Mine mostly changed to power saving ones I got for free for switching to online invoices from our local provider. Neat. I do keep traditional bulbs in the places where light is needed only for very short times, like the entrance area, and frequently at that.
We often have interesting topics to discuss, e.g. languages, chocolate, things that suck… not only computing things, mind you ;)

I just use …/wlog.htm as my “blog” URI now if someone asks, even though this is not a blog. Symlinks rock.

17.09.2008 by tg@
Tags: security

The MirBSD website now runs without PHP even for legacy content. All HTML files are statically generated using mksh and MirMake. Pretty much unbreakable, we think.

While here, I’d like to invite you to try out mksh-current from CVS, as several (minor) bugs have been fixed. There are still some new features pending for another release.

## SoftwareFreedomDay aftrap (of niet…)

14.09.2008 by tg@
Tags: event

Zaterdag 13 September, Baarn, Nederland. Iedereen wacht op me. Spijtig dat ik niet kan komen. Ik wilde met een vriend die een auto heeft naar Baarn gaan, maar die komt op 10:30 ipv 09:00 CEST, en dan ben ik ook nog niet klaar met wakker worden, koffie drinken, zaken samenzoeken, voor’t weekend inkopen, enzo. Op 12:00 zitten wij in zijn auto… maar dat zijn nog 2½ uren (of meer) tot dat wij aankomen kunnen, dus wordt besloten, er niet meer te gaan. SFD was vanaf 12:00 tot 17:00… voor 2 or 2½ uren moeten wij 5+ uren in’t auto zitten, en dan is nog niet zeker of wij het Brandpunt vinden. Slechte planing. In het duits is er een expressie voor dat: “Verpeilungsfaktor” – Wij zijn dan in’t zwembad geweest.

Groeten an iedereen die daar was… volgende keer dan. Echt jammer dat het niks wordt. Ik geloof ik had te weinig geslapen verleden week, door mijn nieuwe baan in zwitserland.

Wij zatten dan gisteren nog in mijn favoriet kroaats restaurant, er wordt besloten dat ik de volgende tijd minder aan mirbsd zelfs werk, maar het nieuwe server klaar maak en de VM zo installeer dat ze een takeover van de oude www.mirbsd.org vhost kan maken. Ik doe mss eerst nog een snapshot, maar die komt dan zonder Live CD (die moet ik opnieuw maken doordat wij geen mkisofs met al zijn fouten meer gebruiken). Benny doet in de tussentijd meer met ports, bv. fixes voor ccache en distcc (zodat mijn SPARCstation cluster packages kan bouwen ☺) en enige Qt4 ports. Nadat de twee server’s klaar zijn kunnen wij dan verder met mksh, mirmake en zo doen, wanneer het werk nog arbeidsvermogen overig laat (da’s soms moeilijk). gecko2@ doet goeie werk met het opzetten van VMware voor eurynome, ter gebruik stellen van een IPv4, enzo.

## Aus gegebenem Anlaß^Hss

09.09.2008 by tg@

Wir haben jetzt ein Blumenkohl-Icon fürs iPhone, Dank an die RUBIs.

Google ist definitiv evil. Ich vermeide sie auch so wie es eben geht, aber bei zwei Sachen habe ich keine Alternative, da sie entweder einfach nicht existieren oder saugen: Suchmaschine (ja ich hab sie alle durch) und Karten (bin halt Geocacher).

Während ich die 2⁶ Caches locker voll habe, siehe die diversen… (Update: images moved here) …Statistiken, fängt Benny erst an, immerhin 2³ hat er schon: Kimnotyze macht nicht wirklich weiter… … gecko2 kommt selten zum Cachen, aber hatte letztens sein Vélo mit, sodaß er sich mit Kabelaffe und mir auf Tour begeben konnte: Und der Dr. Pfeffer findet in Bremen nichts mehr… wär er bloß mal nicht umgezogen, jaja… gibt halt nur in Bonn schön viele Dinger:
Aber Benny hat echt fieses Anfängerglück, und ich bin fachblind.

Bruscetta sind superlecker, aber füllen, zusammen mit der warmen Mahlzeit, den Bauch sehr an… und wenn man dann vorher noch einen Mojito hatte, hat man gar keine Lust zu hacken, ist ziemlich platt… erst bsiegert@ dann auch mir aufgefallen. Wir sitzen gerade bei N 47° 31.936′ E 007° 38.043′ im Chaostreff Bāsel… und sind ziemlich platt. Aber irgendwas kommt trotzdem bei rum.

Kommt wer mit nach Baarn und ggf. trifft sich mit uns $sonstwo? ## cairo regressions 05.09.2008 by bsiegert@ Tags: bug It seems that everytime I update cairo, another annoying bug pops up. This one is actually a regression: the exact same bug had been fixed in cairo-0.9.3, and now they reintroduced it. It seems that their code is only ever tested on GNU/Linux with all the latest libraries. Solaris and BSD systems are especially likely to blow up. I have submitted the following text as fd.o bug 17450. Sorry if this wlog is becoming just a dump for upstream bugreports. "I am trying to compile cairo 1.6.4 on MirOS BSD (an OpenBSD variant). The fontconfig included in the base system does not have the FcFini() function. As I gathered from searching the mailing list archives, this function is optional. However, on systems without FcFini(), the freetype backend is completely disabled. "From reading the source code, I do not think that FcFini is really essential, and any calls to it are protected by #ifdef HAVE_FCFINI anyway. Thus, I made a small patch for the configure script to make a missing FcFini non-fatal for the freetype font backend. "What's ironic is that this bug had already existed as bug 3951. It was fixed in 0.9.3." ## Six Years of MirBSD 29.08.2008 by tg@ Tags: release mksh Six years ago, I started collecting patches against OpenBSD, a bunch of 4.4 elitist snobs since the 1980s (or so they say). Said patchkit should eventually become MirOS BSD and the MirPorts Framework, along with a couple of more or less well-known and successful subprojects. Time to celebrate (TGIF)! IOW, I hacked a Debian package of mirmake, depending on latest mksh of course. It needs more upstream work to be useful and pretty, though. Let me plug here an animated GIF found somewhere in the net, which shows my opinion about Netscape/Mozilla/Fire…tapir quite well: And, even more unrelated, MirOS is (of course) continuously improving. We now use Fedora Core 4 libraries for the linuxulator, by suggestion of the MidnightBSD people, which should improve some things (it already has opened the door for Opera-linux plugins such as AcroRead-linux). (The best browser of all is still lynx(1) though.) ## FrOSCon redux 25.08.2008 by tg@ Tags: event geocache grml Hum. This year’s FrOSCon… sucks. At least the catering, which was so much better last year (remembering the Chili con Carne, as well as the Chili non (sin) Carne, fondly… these were produced by wbx@’s family members, which haven’t been included in this year’s planning so some other persons did the catering). And being waked up at 04:00 in the morning due to a call on the mobile phone, for taking care of some drunken booth slave *grml…*, didn’t help either. The evening’s social event also sucked totally. Since it had been raining until shortly before, they decided to have it inside, except the barbecue of course, but didn’t adjust the volume of the music played to the environment, which caused me to leave the MirOS/XF86 booth in favour of the Debian/grml booth, talking to Mika and Joey… who, like me, didn’t quite like being LITERALLY punched into our stomach by the basses. I left relatively early then, especially as the cocktails (Vutral brought me one, since I couldn’t go near the counter due to the volume of the… whatever they call music) tasted pretty bad and had a (too?) high percentage of alcohol. But talking to the various people, not just Mika and Joey, was good, even though just being at the FH (university) during the social event was really unbearable and physically endangering one’s health. Other than that, we had quite a lot of fun at the conference, as usual. I still think it has chances to close up to FOSDEM, but they will have to make sure the catering does not get even worse. While FOSDEM does not have any catering, FrOSCon 2006 and 2007 had good food, and regressions count as malus. Once I found Marc Aurele La France at the train station (which was quite a task), things went well – he even fixed a bug in our xdm configuration at the conference. The bug was inherited from OpenBSD, as usual ☺ Marc also said he enjoyed himself. I hacked an Asus EeePC… MirOS mostly works (no NIC though), and the graphics card runs at 640x480 VESA… with the new 915resolution port of today, it might do the 800x480, but I can’t test now. I took the chance to discover a geocache in St. Augustin yesterday, but, while Benny suggested we (him, me and gecko2) go caching in Bonn today, they seem to prefer hacking on the laptops (considering the weather, this is not the worst idea though), so I got time to write a wlog entry (too). I still have some things on my TODO, like fixing the ports with unfetchable distfiles, but hey. Taking the day before and the day after the conference off is A Good Thing™. Next one will be the Software Freedom Day in Baarn, Nederland – where not even Wim will go ☺ But I need a car… parents don’t help even if you ask them once a year, but maybe Jonathan from (near) Aachen will join me, he has a car. My Thinkpad X40 will probably arrive today or tomorrow. Sadly, I didn’t invest any time in evaluating the products before… I learned that the ‘T’ series has 2.5" HDDs instead of the sucky 1.6" HDDs, and a much more solid lid chassis, at FrOSCon. My decision to buy an X40 was based solely on the observation that it was “in” at most OpenBSD developers some years ago (and thusly would most certainly work well with MirOS). Don’t do that then… Once it’s there, I got to set it up and continue working. It’s bad odem broke so badly, especially as my current contractor (employer, except not quite so) would rather have me working full-time on the project, which is not entirely possible since I still have a life here. But upon setting it up, I might upgrade and/or fix some of the ports, since I’m at it anyway. Plus I get /home encryption. Marc agreed to merging as much of our X11 changes (both these inherited from OpenBSD’s XF4 module and our own patches) into the XFree86® main tree, some ifdef’d, and helping us migrate to the new 4.7 or upcoming 4.8 release (or probably, 4.8.99.01, since I don’t think the merge will be there in time for 4.8 proper). He was a fun guy and well understanding our issues. The most funny part however was Thomas from Sourcemage (SMGL), who also maintains the mksh spell in their grimoire, considering to retain supporting XFree86® (and modular X.org, but not the buggy monolithic X.org) iff it’s still actively developed, which Marc assured me it is. Benny agrees that the “Kaiser’s BIO-Kaffee” is decent, despite its pricing of only 3.99 €/£ (may be my high quality milk too, though). Update: looks like I’ve got a package to fetch from the post station. ## pkg-config woes, FrOSCon 24.08.2008 by bsiegert@ Tags: event In my recent entry, I already talked a bit about pkg-config and its framework support. It turns out that there is another problem. The --libs parameter can be "split" into its parts by using --libs-only-L, --libs-only-l, and --libs-only-other. The LyX configure script, however, did not care about the latter, only the first two. Which brings me to the mail I wrote to the pkg-config mailing list: "Hi, "while compiling LyX/Mac the other day, I came across a problem in the way frameworks are handled. On Mac OS, frameworks are a different way to pack a library together with its headers. Framework-related options are put in --libs-only-other, while the configure script was only checking for --libs-only-l and --libs-only-L. While I agree that this is broken behavior, it brings me to my question: "The way I see it, -Fpath (framework search path) is equivalent to -Lpath for libraries. Thus, -F should maybe be included in the output of "pkg-config --libs-only-L". The same thing goes for the "-framework name" linker option, which is more or less the same thing as "-lname", namely linking against a certain library/framework. Thus, the -framework option (with argument) should be added to the output of --libs-only-l. "Opinions?" In other news, FrOSCon has it second and last day today. I am currently in the train on the way. The party ("social event") yesterday was quite good, even though the weather was not as good as last year—it was cold and humid. ## X11, etc. 16.08.2008 by tg@ Tags: geocache Don’t wonder if I appear online less often these days and commit weird and plain ugly things. I’m young and need the money</asr> Uh, EXPN? Sure. I’m currently working for a company and a customer who both originally were basically the local CCC meet cast into a company. I need to learn a lot of things, and my view of the world has been utterly turned upside down. At least, I was able to spot some geocaches in the more obscure parts… some would call it primitif… of the world. And in the Elsaß. Ah, X11… the input is passed as keycode, not as keysym… it’s not easy, trying to write a thing for entering unicode hex chars (damn US keyboard missing the “<>|” key). IME won’t go. Maybe fake a selection and a paste event. Compose works, but only in xterm, which grows from 8 MiB to 34 MiB size and 1 minute startup time, each, when expanding composure. I don’t think that’s worth it, even if unicode is big. As a new “standard”, we’ll #define all functions we introduce to themselves, like arc4random_pushk(3), to rid autohell. ## Improving MirPorts by porting stuff 08.08.2008 by bsiegert@ I have just finished porting the aqua version of LyX (which I need for @work), which is going to become aqua/lyx-mac. Version 1.5.x needs Qt4, which we do not have on MirOS just yet, and the Mac version installs into an application bundle, so it is a completely separate port. First of all, I discovered TWO bugs in Qt's build system. Not only are the generated .la files wrong, but the .pc files are broken, too. My first bug report contained lots of detail but what finally landed in their bad joke of a bug tracking system is a one-liner. That should teach me not to write bug reports longer than one line ... Seriously, WTF? Next, our pkg-config (both actually, pkgconfig-bsd is not better) does not grok frameworks. In order to get a correct result, I had to port pkg-config-0.23. It is not in the trunk yet because I was told that newer versions "make bad things happen" on MirOS. What I will do is try to build some stuff using this newer version of pkgconfig and try to find out if it works. So, if you are feeling lucky: Install this and try to build some software on MirOS. ## Cats, Rivella, other nice things, and… yuck 08.08.2008 by tg@ Still cats have less sorrows. Now it’s proven that feline specimen can actually spell. Poor “lolcats” who are abused by many. Discovering Rivella and Tonnerre mentioning that swiss chocolate exported into the EU is artificially made more sweet than inland production (yuck, sweet chocolate) are some promising points voting for working in Switzerland. It’s still expensive and a major change though. But the payment is good, too. While mkisofs is finally gone, I had to fix lots of bugs and port a new language, lang/pawn, actually better than others, but the interna still look more than very fragile. Same problem as with Ewe: written for Win32-only at first, made portable later by persons who don’t know how to code for Unix. Ugh, and… I’ve got to learn Python. Either my VPN, gecko2s Server, or the network (at home, Strato, or here) sucks. Hm… maybe it’s the backup Tonnerre makes. I should search for some more geocaces, but now that I have some more time than at the beginning of the week, the weather is worsening, and we still have the duties. *grml* I need tear set up, too… ## HEAD may be broken, but improvements coming, OPTU-8 charset 02.08.2008 by tg@ Tags: unicode I started hacking on the bootloader issue, decided to move out the various libraries into src/kern/ first, and completed that for zlib, began it for the rest. The other places – src/lib/libc/ src/sys/lib/ src/sys/arch/*/stand/lib* – now look much cleaner already, and in fact can do some better. I also merged bootloader and other improvements from OpenBSD before beginning the file move dance, but it still worked for me in qemu for testing, so I didn’t expect much breakage. Furthermore, MirOS now officially has OPTU-8 locale (no more CESU-8), even if masqueraded as “en_US.UTF-8” for better application support. The CSUR had already, as posted about quite a few times, allocated us a PUA range, which mksh was already using, and now the base system and libc are beginning to catch up. Thanks to a pen and paper “game” I have sort of a defined finite machine modelling the conversion states, and found out I can get by with the mbstate_t we already were using. tr(1) already doesn’t wreck ISO-8859-1 accents any more (nor binary files), although that definitively needs some testing. I’d just like to warn people that HEAD (MirOS-current) is a pretty moving target at the moment. ## Get me some beer, Wine sucks 30.07.2008 by tg@ … I still wish I were a cat, sometimes. Just have to stay clear of cat abusers. Tonight, I managed to port Wine 1.0 from pkgsrc®, with thanks to Hubert Feyrer for mentioning, except it seems to stumble about W^X and memory allocation/mapping in general. I guess we need some help from OpenBSD toolchain experts and possibly both FreeBSD® and pkgsrc® porters dealing with this. I can’t, but I tried a lot. My other project for tonight failed, once because it has just too many unported dependencies, second because one of them requires gcc4, namely webkit (non-Qt). Okay, they say webkit-Qt can be built with gcc 3.4.6, but it seems to be not recommended. Thus no midori for us ☹ (yet). The third thing was getting rid of J�rg Schilling… but due to the heat I slept bad and could not get up early. Really! (Yeah yeah…) You all should read Tonnerre’s wonderful blog posting about how he got rid of Subversion, luckily. (I wonder about said “new” developer’s preference as I’d rather use CVS for everything…) ## Katze müßte man sein… 25.07.2008 by tg@ … oder: de vitae felidae Katze müßte man sein, oder Kater halt, je nachdem. Den ganzen Tag sich faul in der Sonne räkeln, unter dem Heck eines Autos liegen und ab und zu den an ihr vorbeiradelnden Zweibeinern zuzwinkern und sie mit dem Kopf verfolgen; wenn man Hunger hat, reicht es, den Dosenöffner auf zwei Beinen mitleiderregend anzuschauen und/oder zu -miauen… manche haben sogar ein eigenes Blog oder gar ein BSD nach einem benannt; wem das nicht reicht hält sich den Nachbar des eigenen Dosenöffners, nämlich homsn, als zusätzlichen Hausmensch (quasi wie wir uns Haustiere, z.B. Hunde, halten)… der krault einen dann, und man muß nichtmals hingehen. I just coined a new term: IMACS. The connotation is: I’ll hack the ukbd(4) driver to allow inmetaaltctrlshifting entropy into the kernel too, soon. Update 26.07.2008: sadly, USB keyboards don’t seem to generate any interrupt requests on modifier key presses or releases. This means you’re stuck to DIN or PS/2 pckbd(4) or Sun (&c.) zskbd(4/sparc) for entropy collection via IMACSing. Can’t be helped… ## Trumping OpenBSD, once again ☺ 23.07.2008 by tg@ With the latest edition of MirOS #10-current’s snapshot (read the announcement for more details), we have trumped OpenBSD once more. While being dual-arch is nothing new (to them), and being runnable as Live-HDD, Live-CF-Card, etc. is nothing new (to us), we haven’t yet had a dual-arch Live-CD/DVD (or HDD or CF/SD/MMC/… Card or USB stick) yet. Well, only one of the two architectures has Live CD capability, but we neither have baselive image capability for sparc yet (though that would be possible, even if somewhat kludgy) nor would it have fit on the ISO 9660 image within the boundaries of a CD-R. And DVDs don’t match well with SPARCstation 20s ☻ Coming to that, I recently recherched if gcc 3.4.6, which we currently use as system compiler, can be used to build gcc 4.3 (with special care on the Ada part). Looks like you can even use gcc 2.95 for that, lucky us. This means I should somehow discover the Ada patch for gdb 6.3, which – again, luckily – we use, and apply it. I had talked with Benny about the compiler issue… originally I wanted to strip down the system compiler to the bare minimum once a more recent gcc (and possibly, LLVM, SUNWcc, pcc, etc.) are in ports and usable, but with the proposals to rewrite gcc in dreaded C++, C++ API issues, licencing issues, Ada bootstrapping, etc. we will probably continue to require GNU make for building the base compiler (the bad part) and be able to announce we’re good for developing (the good part of keeping the full-featured gcc near base). Just the Java™ part will not be re-enabled in near future, as it isn’t used for bootstrapping Iced Tea anyway. (It can be used for simple things though.) With all the friendly fire, OpenBSD bashing, etc. aside, I would like to use this place to thank a few OpenBSD developers for helping me out with a bug in mksh as well as the issue with sshd(8) on sparc (and probably i386 even if it didn’t show up) I had (which even was my own fault). While you guys still don’t have an mksh port in your tree, some of you are really helpful (also hi Miod) sometimes, and I hope we can drink a few beer together at the next FOSDEM etc. and FrOSCon of course. (Which I hope we will also be able to use to discuss the state of our X11 tree.) To Linus: while OpenBSD developers may be masturbating monkeys, at least they’re able to design stable APIs, drink beer, and use sane version control systems with central quality control while being annoyed by humppa. The usual unrelated news: Basel, ich komme! Schon mal GRÜẞE im Voraus an die Schweizer, die dies lesen. mksh side notes: some older versions of SunC 5.9 fail on ({ stuff in acomp, use env HAVE_EXPSTMT=0 to build then. nwcc also has issues. MirBSD side notes: We build for V8 CPUs on sparc, but still only V7 are emulated by tme. And while V9 CPUs in V8+ mode shouldn’t be a problem, there’s no interest from the OpenBSD camp to run the sparc (not sparc64) port on sun4u or even sun4v machines, so no fast build machines yet… *snief* ## MirEwe requiescas in pacem 22.07.2008 by tg@ Since CacheWolf was the only use case, I decided to remove MirEwe from the repository entirely, as CacheWolf will be rewritten to use the Eve VM, inevitably. Not only have I removed a last source tarball (distfile) of Lunix Ewe 1.49mb4, with CompileEwe.zip, JavaEwe.zip, and ewe.jar pregenerated, but the comma-v rcsfile(5)s are also archived in a gzipped sv4crc file, gzsig(1)ned, as usual. Update 06.11.2008: We now have an Icon, thanks to smultron. And, also as usual, one more unrelated thing: config(8) -ef /bsd should not only be able to handle gzip(1)ped kernels, but also personalise them by rewriting the initial_entropy array. TODO. The snapshot, dualive ISO 9660 image, is almost complete and will be uploaded later. Update 26.07.2008: personalising done, snapshot broken. ## mksh – The iShell, Episode Ⅱ 20.07.2008 by tg@ ### mksh – The iShell Thanks to help from people in the various IRC channels, and gecko2@ jailbreaking his iPhone 3G (not G3…), I was able to run (albeit not test – there is no Perl for the iPhone yet) two mksh(1) binaries on it: a normal one and a fat binary (aka universal binary – this one, containing code for 5 (five) architectures, can truly be called an universal binary ☺). I packaged the modified build script, an extra ldid binary (built for OSX86) provided by someone else, and the output of the build process, together with a readme, as a gzsig(1)ned tarball on our server again – note that the cryptographic signature is only for time stamping (and download integrity checking) and does not imply any warranties, especially for the third-party software involved. While here, we would be pleased if the reader supports our proposal and requests Apple to include mksh in the default installations. We would also be pleased if the mksh-iPhone binary were to make it into one of the Cydia repositories, contact us via IRC or mailing lists for assistance. If someone were to package Perl 5.8 or so, that’d be great too. To the readers from ##iphone-hackers on the one and #iphone-dev on the other IRC network: *waves a friendly hello* ## plans for the immediate future 19.07.2008 by tg@ My plans are as follows: after squishing out all remaining bugs, I’ll publish another MirOS-current snapshot (i386 baselive, i386 installer, sparc installer, some selected few binary packages for both arches), announce that on the website, and make a CVS repository tarball. After that, I’ll concentrate on setting up the new servers (tear and euynome) fully, and dispose of rant-featuring-herc. Features I wanted, such as full AES vnd(4) encryption, DJBDNS with no split v4/v6 transport binaries, etc. will have to wait. With the infrastructure in place, we can start hacking again. We had planned on bringing out MirOS #10bis in time for FOSDEM, but it looks more like just another -stable snapshot, and maybe another month for the second release of -stable; Benny will have to work some on the branch prior to its tagging (I’ll concentrate on -current), especially because we want to use X11 (and gcc) from HEAD, since these are not branched. ## mksh – The iShell [updated 2 times] 17.07.2008 by tg@ ### mksh – The iShell Try this: $ cvs -d _anoncvs@anoncvs.mirbsd.org:/cvs co -PA mksh
$cd mksh$ cat >iBuild.sh <<-'EOF'
DEV=/Developer/Platforms/iPhoneOS.platform/Developer
SDK=${DEV}/SDKs/iPhoneOS2.0.sdk CC="${DEV}/usr/bin/gcc-4.0 -arch arm"
CPPFLAGS="-I${SDK}/usr/include" CPPFLAGS="$CPPFLAGS -I${DEV}/usr/lib/gcc/arm-apple-darwin9/4.0.1/include" CPPFLAGS="$CPPFLAGS -F${SDK}/System/library/Frameworks" CPPFLAGS="$CPPFLAGS -F${SDK}/System/library/PrivateFrameworks" CPPFLAGS="$CPPFLAGS -F/System/library/Frameworks"
LDFLAGS="-L${SDK}/usr/lib -L${DEV}/usr/lib/gcc/arm-apple-darwin9/4.0.1/lib"

export CC CPPFLAGS LDFLAGS
exec "$@" EOF$ mksh iBuild.sh mksh Build.sh -r
$file mksh  Mach-O executable arm Of course, you need the iPhone 2.0 SDK on your Mac for this (and, presumably, an installed native mksh… otherwise just change the above instructions a little. We haven't tested it yet, but if gecko2@ can figure out how to run mobileterminal.app inside the emulator, he will… and possibly jailbreak his iPhone G3. Maybe this fact (availability of mksh) strengthens our point. In the meanwhile, gecko2@ has found the geocaches I placed. Update 18.07.2008 12:42 – we have a fat binary with five architectures (amd64 arm i386 powerpc ppc64) now. This is the iShell, indeed. ## mksh on… platforms 16.07.2008 by tg@ Okay, so I installed Windows® 2000 and Interix again. And UWIN. And the Microsoft, Digital Mars, and Borland command-line compilers. And mksh worked, of course. Then I tried DJGPP. Yeah, mksh(1) for MS-DOS®. *sigh* GNU bash, the only shell available, SIGSEGVs on me trying to build anything nōn-trivial, even worse with gcc 4.2.3 than with gcc 3.2.3… but even pdksh could not be made, due to SIGCHLD missing. Too bad, no mksh for you, Mr “I don’t accept bug report mails from your IP, nor in the webinterface” Delorie. The iPhone… will have to wait. We can install the BSD Subsystem and the Terminal application in gecko2’s SDK’s ARM emulator, then build and test for that. I just gave him the link to the BSD package, but he went to bed shortly before, so maybe tomorrow. And then, mksh R35b can go out, we fixed some bugs and tested on more platforms (fixing testsuite shortcomings during that time, even). ## Inclusion of the MirBSD Korn Shell 14.07.2008 by tg@ Tags: geocache As requested, Benny has written to Apple, Inc. about inclusion of mksh. Lucas “laffer1” Holt of MidnightBSD has said to follow, as has Andreas “gecko2” Gockel, the Fink maintainer for mksh. Link to this entry. Lucas actually said he would care more about and use mksh(1) if it were integrated in Mac OSX, as most MidnightBSD developers (like Benny) do most of their work on a Macintosh. He has integrated mksh in his operating system quite some time ago. mksh is also the default shell, including /bin/sh, on FreeWRT Embedded GNU/Linux. Andreas already has run tests for using mksh(1) as /bin/sh on Darwin, although I did not request that personally, and brought up the question of /etc/profile adjustments and ~/.mkshrc integration. (FreeWRT has a changed system-wide profile including a system-wide copy of the mkshrc file; other possible ways would involve setting$ENV or (preferred) placing .mkshrc in the New User’s Skeleton and in root’s home directory, if existent.

Strong points of mksh: free (as in BSD, now even without advertising clause), small, fast, portable, easy to use, can run many ksh93 and bash scripts, is actively developed, and benefits from the BSD development style (central development, security focus).

To everyone with an Apple ID: please suggest to Apple to include mksh(1), write to them how good it is despite lacking popularity, how compatible it is, and just how much you like to use it. Even if you do not use it yourself, if you can follow our reasons, write to them. If you have access to other operating systems, do the same, especially with mere porting frameworks, as the OpenBSD ports tree still does not include our port, which was ready-made for committing by me to reduce workload for them.

Some unrelated side notes… Geocacheing continues: (Update: images moved here) – Dr. Pfeffer especially liked mine^WWaldemar’s Zaurus SL-C3200 with CacheWolf running on Ewe… even if I still think it’s dead slow. Interestingly, porting Ewe to the iPhone G3 would not violate the clause preventing you from creating “instant messaging or real time navigation software”, and CacheWolf itself would not have to be ported. I’d like to have more RAM on the Z though – maybe via the SD Card slot?
SCSI sucks. And mksh gets better… IRIX, and a bug fix. Just still no SunOS 5.5 (missing /usr on the HDD).

## "Requesting inclusion of mksh (shell) into Mac OS X"

12.07.2008 by bsiegert@

This is the title of the bug report I filed with the Apple Bug Report Tool yesterday. The problem ID is 6069931; I think you can only see your own bug reports in the tracker though, so you may not be able to see my report. FWIW, I filed it against Mac OS X 10.5.4 (the current version), with "Feature (new)" as a severity. For reference, the full text of the bug report follows:

11-Jul-2008 11:58 AM Benny Siegert:

I would like to kindly request the inclusion of mksh as an alternative shell into future versions of Mac OS X.

mksh (the MirOS Korn Shell) is a Korn Shell derivative under a BSD-like licence. It includes the features from the OpenBSD ksh as well as additional bash compatibility. Almost all bash scripts run under mksh, however with a speedup of about a factor 2. The code was checked for security problems by Coverity, Inc. UTF-8 support is fully integrated. With all these features, it is still very small, just 240 KiB as an i386 binary. The build process is done by a script called Build.sh, Mac OS is already a fully supported and maintained platform.

This could potentially replace the ksh93 included now as /bin/ksh or be installed side by side as /bin/mksh. In short, it can be regarded a more modern replacement for older ksh releases.

The homepage of mksh is located at http://mirbsd.de/mksh. The current version is available from https://www.mirbsd.org/MirOS/dist/mir/mksh/mksh-R35.cpio.gz.

## continuity

09.07.2008 by tg@

Since quite a while I’ve had anger about BSDstats – their ports reporting stopped including ours (MirPorts Framework, NetBSD® pkgsrc®, OpenBSD ports tree, Debian dpkg), the maintainer was rarely reachable, at most by eMail, and the entire system had issues. Now, the site no longer exists, apparently nobody knows why, and our systems error out. Well, I have disabled BSDstats, this will probably make MirOS appeal more to privacy-conscious geeks again, and save us from getting more errors in our logfiles, especially the Live CD reporting was already totally broken due to weird User-Agent tricks.

I’ll now count on people just using IRC or so to say hi to us if they’re using MirOS, are happy or tell us things we could improve. Or meet us at conferences and pay for our beer ☺ and other beverages (we’re not BeerFSD after all).

## Configuring name-based apache vhosts with SSL and IPv6…

09.07.2008 by tg@

Configuring name-based apache vhosts with SSL and IPv6… is hard. Really. This is probably due to it being “a patchy webserver”. Here is a quick cut and paste solution, well, sort of.

Scenario: I have a web server running name-based vhosts on the SSL port. I get a either wildcard certificate, or – in my case – a certificate with some subjectAltName extensions set; CAcert supports these now. All vhosts I wish to serve must be included, and the primary commonName (as part of the distinguishedName) ought to be the host’s primary FQDN, and it must be duplicated as subjectAltName.

I wish to serve a default page (just the standard index.htm from /var/www/htdocs/) to everyone who does not provide a proper host name (e.g. speaking HTTP/1.0 without Host: header, or just probing my IP addresses), and a couple of vhosts to everyone else. I use one IPv4 and one IPv6 address. The vhost configuration is placed in several files in /var/www/conf/vhosts/ called «vhostname».«port»; if some information is to be shared (e.g. vhost on both port 80 and 443), these are placed in «vhostname».common and included by the port configs.

Important: Do not use wildcard vhosts, they won’t work and give errors. Do not use the _default_ vhost in any form, it silently won’t work.

You might want to place directory information in the vhost configuration file instead of in the main configuration file.

Part of httpd.conf is:

ServerAdmin «mail address for the server itself»
ServerName «main FQDN»

NameVirtualHost 192.0.2.1 443
NameVirtualHost 2001:db8:1234:1::1 443

<IfDefine SSL>

<VirtualHost 192.0.2.1:443>
Include /var/www/conf/vhosts/eurynome.443
</VirtualHost>

<VirtualHost [2001:db8:1234:1::1]:443>
Include /var/www/conf/vhosts/eurynome.443
</VirtualHost>

<VirtualHost 192.0.2.1:443>
Include /var/www/conf/vhosts/call.443
</VirtualHost>

<VirtualHost [2001:db8:1234:1::1]:443>
Include /var/www/conf/vhosts/call.443
</VirtualHost>

<VirtualHost 192.0.2.1:443>
Include /var/www/conf/vhosts/default.443
</VirtualHost>

<VirtualHost [2001:db8:1234:1::1]:443>
Include /var/www/conf/vhosts/default.443
</VirtualHost>

</IfDefine>


Make sure every vhost except the default one sets ServerName (and ServerAdmin if it differs), and DocumentRoot etc. as usual. The default vhost does not need to set ServerName, but the line
ServerAlias *
must be present and it must be the last vhost in the list, as above.

If you still have questions – especially now that even OpenBSD has seen the light and applied the IPv6 patch I not only applied to MirBSD some four years ago but also suggested to them some two or three times – come to IRC or drop us an eMail, and we’ll try to fix things. Apache is definitively historic ballast, but still common enough on todays Unices.

## U+1E9E… and where innovation resides

25.06.2008 by tg@

So the uppercase eszett – ‘ẞ’ (or ‘ẞ’ if your monospace font has it) – is now an ISO 10646 standard. Your favourite BSD has been one of the first to add support for it to libc, a (contributed) keyboard layout, and even Markus Kuhn’s fixed-misc Unicode fonts, after the proposal with a real codepoint assignment came out. Not all Germans, nor typographers, but historicians, might like it, the discussion has been flamewar-like. But we knew this all along.

Ah, by the way. No, we aren’t dead. Websites are irrelevant, but if you end up here, please read about mksh anyway. Real questions are asked on the mailing lists or in IRC. And we don’t have a handbook (yet), because with two developers, nobody has yet had enough spare time to write one, plus you’d need a couple of handbooks – one for people coming from Open/NetBSD (Lite-based), one for people coming from Free/DragonFly/MidnightBSD (386BSD-based), one for people coming from Unix®, one for the Apple followers, one for the GNU/Leenocksers, etc. You see?

And while here: Xcode 3.1 (on gecko2@’s Macbook) comes with llvm-gcc… but not in /usr/bin/ but in /Developer/usr/bin/. It compiles quickly, produces fast and small code… kind of nice. If Apple brings LLVM+clang into a usable shape to replace our gcc 3.4.6 (gcc4 has unsafe optimisations that cannot be turned off, and all other compilers produce bigger code, which breaks the installation media (especially floppies) and SPARC kernels), in a form usable as compact command-line compilers (and not just libraries for Xcode integration), I’ll be happy. (They’d just need to add mksh to Mac OSX then to make me even happier, but I guess I’m sort of late with that request. Even if it’s fully free – in contrast to GNU bash – and, in its most recent incarnations, even advertising clause free.)

## Getting things done… slowly

13.06.2008 by tg@
Tags: hardware

While “the swiss are laggards, and the people from Bern are the slow motion of switzerland”, other things take their time as well. However, vnd(4) updates have started, and other encryption schemes (including a hardware-accelerated AES variant for Columbo0815 from #IceWM) will end up in the code very soon, as promised.

During hacking, I spot other things – bugs in the random(4) code, as well as improvements to the kernel and XFree86® possibly leading to my pcengines.ch ALIX.1c board to be supported (thanks to undeadly.org for keeping me informed). And Benny fixed ports bugs again, as well as put security updates for Freetype2 et al. into the tree. Thanks!

FWIW: Opera 9.50 segfaults on me. It can’t be updated thusly.

## Linuxtag 2008, Berlin, .de

27.05.2008 by tg@
Tags: event

This year's LinuxTag will not go by without the BSD projects exhibiting their fine software. Of course, we will attend – the usual gang (Benny and me, gecko2 and Przemek will help out). New is that we'll also be distributing a couple of MidnightBSD CDs and flyers I had a helping hand in creating, as they are US based and won't be able to make it to Germany for this event. This all would not be possible without the help of allbsd.de, again. Thanks, Daniel!

The MirBSD CDs distributed contain a Live + Install CD, as usual, of an unnamed #10-stable snapshot, plus a couple of packages, including Benny's new firesomething port instead of opera-linux. The MidnightBSD CDs aren't as big and miss the install part, but are a relatively new and especially stable 0.2-CURRENT snapshot (including mksh of course).

We'll attend Tuesday (probably late) till Saturday.

## kqemu

24.05.2008 by tg@

Last time I had tried qemu+kqemu (on GNU/Linux), it made BSD segfault, kinda like VirtualBox nowadays. But things seem to have changed: I ran the Linuxtag 2008 Live CD Edition inside it (on MirBSD) with no problems at all. Nice, and shows that BSDs can have LKMs.

Now missing: vmxnet source code… or evil BLOB? I suppose the latter.

Unrelated side note: Netcologne is cool, but they suck: you can only change the PTR for your static IP, which you pay 4.90 € per month for, if you’re a business customer. No IPv6 anyway (but SixXS has a new PoP, out of all places in Düsseldorf *evil grin*). And Strato gives gecko2@ two IPs, but only allows the MAC of the built-in NIC (so no bridging to domU or VMs). Why can’t they ever do something not totally clueless? (Okay, I could ask the support… Netcologne support even phoned me back after my eMail enquiry apparently went through their entire house until they could figure out what I need (to mail Fefe, who blocks PTRs like foo-www-xxx-yyy-zzz.ISP), but rejected; Strato support is, from my past experience, hopeless.)

## Improving the world, yet again

20.05.2008 by tg@

The MirPorts Framework, which also runs on MidnightBSD, is the first to bring native firesomething support to said operating system, almost effortless thanks to our good portability infrastructure, and because bsiegert@ has already done the dirty work porting it to MirBSD. Thanks, Benny! And thanks Lucas for the chance to prove the superiourity of our infrastructure. And ctriv, don’t take it too hard, just take our patches and put them on your mport.

Hardware sucks. The Z doesn’t power on after it has been shut down for a while. The CF wi(4) is broken. Software sucks. And we all know it. A web forum sucks. They probably will never learn it. Yet people support their… attitude. Americans suck, but that’s not news. Luckily, there are a few not totally clueless ones. Life sucks, and bureaucracy sucks even worse. And there’s no way around that. Too bad. (I had an encounter with bureaucrats again… could you tell? Hah. They want money back, even though it belongs to me.)

Update 21.05.2008: Benny has committed an update to firesomething-2.0.0.13-0, and I bumped the dash ver and made it work as well on MidnightBSD. Sample build:

 $cd /usr/mirports/www/firesomething$ mmake install clean PKG_CONFIG_PATH=$(mmake \ show=PKG_CONFIG_PATH):/usr/local/libdata/pkgconfig You must have installed fontconfig from mports (and, of course, perl, for MirPorts to work at all. This beast now works on MirBSD/i386 and MidnightBSD/i386, should work on OpenBSD/i386, OpenBSD/amd64, OpenBSD/alpha, OpenBSD/powerpc, OpenBSD/sparc, OpenBSD/sparc64, and possibly MidnightBSD/amd64 and MirBSD/sparc (not yet on MidnightBSD/sparc64, but they’ll want to test and fix that). No idea about Darwin and Interix. Benny is going to bump to the latest upstream version now, whereas Jonathan recommended us to go to 3.0b2 for increased speed and decreased resource use. We’ll see. The mports maintainers can now take our patches and get rid of their linuxulated firesomething binary port ☺ ## No, I won’t. 13.05.2008 by tg@ We have lived for 25 years with the seekdir bug, and even if it’s now on slashdot this does not mean we will immediately patch it. Besides, bringing that part of libc in sync with OpenBSD will involve libc and libpthread shlib version major bumps, which is a bit overkill for this diff. It will go anyway with the upcoming merge of more recent OpenBSD base code. There are more pressing issues. But I have looked into it. ## all hardware sucks, all software sucks... 12.05.2008 by tg@ Happy birthday, laffer1! Whew. We have a new qemu port, but it doesn't boot MirBSD/i386 any more. It almost boots MirBSD/sparc now though. Luckily I could backport the new port's ability to use kqemu. Thanks to Fabrice Bellard and the OpenBSD ports guys for this. The Zaurus... SL-C3200... it's a neat device, but after I managed to get the pl2303 LKM cross-built (bah!), along with the usual tools mksh(1) and jupp as well as pax(1)mirabilis for the ability to extract my CacheWolf profile onto a (FAT) filesystem - did I mention just how much busybox sucks? - Ewe doesn't work. Meh. Go to OpenBSD/zaurus, enter a SIGBUS in gtk+1.2 - exactly what I want. The gtk+2 version works, but now, X.org plus GTK+2 plus Ewe (Java™ Ranz!) eat up all of the 64 MiB RAM plus initially 4 to 8, later 20 to 40, MiB swap. Not nice. (Some people are said to use a CF card for swap due to it being faster than the internal HDD, a microdrive. Geez.) If I'm cycling with more than say 5 km/h, the moving map hinders parsing the GPS symbols... NMEA 0183 at 4800 bps. But I managed to find another cache before going totally crazy. After Linux (grml, FrOScon edition) has destroyed my NTFS partition, now the ext2fs driver has managed to impale quite some of my FFS filesystems again. This time, Linux isn't even at fault. (Hm, fsck_ffs(8) and e2fsck seem to have a common ancestor.) The downside however is that my encrypted home is now gone. Totally gone, as in, fsck deleted the dirent, inode, and allocation of blocks. Yeah, I have backups, but only for the most important things, not for everything, and quite old ones. I have had to restructure my storage use anyway, now's a good time for it. Hah! And that after I chose to use ext2fs ipv msdos for a common data xfer partition between BSD and Win2k due to msdosfs eating up long filenames when a directory has a lot of them, even on OpenBSD 4.3/zaurus FWIW. While I was quite reluctant to hack anyway recently, or even to idle in IRC or, worse, Jabber, I guess this'll throw me back even more. MirBSD isn't affected, except in further development becoming delayed. There will most probably be a snapshot of MirBSD-current really soon. But other work (mksh R34, mirmake in Debian, MirEwe, ports, gcc) is postponed; I will try to focus on the more important things (AES vnd(4), improvements for CAcert, merging OpenBSD-current maybe even, but that not before the migration to tear is complete). OTOH, for both MirPorts on !MirBSD and pkgsrc® on MirBSD, I have laid foundation for others to build upon. Maybe they will. Just a side question: why don't things just work every once in a while? And why, oh Murphy, do things go wrong the worst way possible, always? ## MirEwe on MirDarwin? 04.05.2008 by tg@ Tags: geocache On an unrelated note, mksh needs people running the current development version, to prevent mishaps like the one with the fullwidth characters causing wrong text output. To do that, use AnonCVS like this: % env CVS_RSH=ssh cvs -qz3 -d _anoncvs@anoncvs.mirbsd.org:/cvs co -PA mksh Then, as usual, cd mksh && (sh Build.sh && ./test.sh -v) 2>&1 | tee log.txt to build and test it. Then, especially if it fails, send the logs to me. Ewe is an embedded VM for some Java™ 1.1 compatible stuff. I had to fork it to use it on MirBSD and to be able to fix it. So well. It now builds on gecko2@’s Macbook. Using MirMake, of course *g* It’s even usable… which means that he can now use CacheWolf and his laptop to go geocaching. Speaking of geocaching: more stats bragging… although a little different this time: 〔fwrtcommitstats removed due to FreeWRT archival〕 Although only the first two are CacheWolf committers… Ah, damnit. It freezes the usbserial (Prolific) driver when accessing the serial port. Well, Apple… they don’t even use GNU as(1) either. ## be careful what you wish for… 29.04.2008 by tg@ Tags: geocache … as you could get it. This is because gecko2@ asked for some more cvs commit eMail “spam” ☺ While on the spam topic: do not send an eMail to one of the following addresses: junk@mirbsd.org, junk@mirbsd.org, or junk@mirbsd.de, or, again, <junk@mirbsd.org>, <junk@mirbsd.org>, or <junk@mirbsd.de> (greytrapping) Luckily, my internet uplink has been stable for more than 4⅓ days now, after repeated phoning (an 0800 number then) and resetting the NTBBA. Some more statistics: Geocacheing continues: (Update: images moved here) – now I’ve hidden my first two traditional micros (easy series), and one of them even is sort of a “lost+found” directory virtual cache overload. BOINC continues, I’m in 9 projects now: While only 8 projects show up at the moment, this’ll improve once the last project delivers in a result (it were more projects actually, but some don’t even work on hephaistos…) – now the first WCG valid WU returned from MirBSD! (MidnightBSD can’t, because I can’t run brandelf on the signed binaries of the apps… sucks to be FreeBSD derived ☻☺) Ah, and, by the way: XTaran did not like external links, especially not secure links (https) in my wlog entries, so Planet Symlink doesn’t get them now (as it pulls via RSS), but you can look at it on the wlog. ## sometimes, ranting doesn’t help… 22.04.2008 by tg@ … but calling does. The bad part is that the internet support number starts with 0900…, which means it cost me 1.69 €/min (and the call took me about 3‥4 minutes), but on the other hand, they quickly fixed the issue, sent me an SMS that they did it (just, sadly, not what it was), and since then, I haven’t been forcefully disconnected any more. This is good. Now I’ve just got to look if this is stable, then re-measure my bandwidth. And in May, I’ll get even better upload (736 kbps instead of 608 kbps). Verpeilungsfaktor stories: in our weblog source, we use RFC822 style header lines: “Date”, “Author”, and… “Title”. Not “Subject”. And I wondered why the posting headline wasn’t shown… Since we’re on Planet Symlink now, I try hard to find a matching one for each posting, because it looks stupid there with just the date. Another one: we use four dashes on a line by themselves for separating log entries; the mksh regression test uses only three, as you can see. And yes, I fell for it (gave me a nice Perl error message over there, and a nice shell script induced error over here). A last question (rhetorical: no answer needed, just nudging your brain): what do you do with your spare time, if everyone who’d to something together with you either moved away, is working or ill? And: if you were to move away yourself, would the situation improve, worsen or stay the same? ## more creative uses for ttftot42 21.04.2008 by tg@ The ttftot42 utility I asked bsiegert@ to port was actually mentioned in some GNU groff documentation as a possible way to use OpenType fonts in ps/pdf manpages. I always liked the Gentium font (which we use for the MirOS CI/CD), and starting from when I first saw it, I hated anything remotely looking like the Courier font, so I guess this means that the PDF version of mksh’s online manpage will soon have a new look. On an unrelated note: ppp[28555]: tun0: LCP: deflink: RecvTerminateReq(206) state = Opened ppp[28555]: tun0: LCP: deflink: LayerDown ppp[28555]: tun0: LCP: deflink: SendTerminateAck(206) state = Opened ppp[28555]: tun0: LCP: deflink: State change Opened --> Stopping ppp[28555]: tun0: CCP: deflink: State change Stopped --> Closed ppp[28555]: tun0: CCP: deflink: State change Closed --> Initial ppp[28555]: tun0: Phase: deflink: open -> lcp  (not using pppoe(4), to enable debugging) For me, this very much looks like my ISP doesn’t like my nose or something and wants the ADSL (ppp(8)+pppoe(8)) session to terminate. Another unrelated side note: MirOS ports/math/boinc definitively is able to return valid results to some projects (although some of these which work require setting the primary platform to Lunox, but I’m trying to get that bug on their server-side fixed. ## 21.04.2008 by bsiegert@ Just returning from a week in the south, and feeling well. By sheer verpeil0ring, I was away the whole time that tg@ spent in Basel, just a few kilometers from here. But those holidays were necessary, and I enjoyed them very much. @work, there are new stagiaires of which I don't even know the name but it does not look as if anything had moved during my absence ;). I am trying to port ttftot42, a nifty utility for converting TrueType fonts to PostScript Type 42 (which seems to be straightforward) and, more interesting for me, can create AFM files for them. Using those fonts in Teχ is only an afm2tfm away then. The last version is from 1999 and needs freetype 1. The author—very responsive indeed!—says this is not yet fixed but promised to send me a hg snapshot. While here, we now have a mercurial (hg) port ;). ## when ranting helps 21.04.2008 by tg@ Today’s pcc from anoncvs bootstraps successfully and builds mksh just fine, and is amazingly fast (almost en par with Microsoft’s compiler). Wow, they fixed all the things I ranted about in my earlier postings. Congratulations, pcc team. Now tcc and TenDRA/Ten15 (schizo) are next (mainstream compilers failing). And LLVM/clang and ACK deserve testing. I wish ranting would help with my internet connection… gotta fight with the ISP/Telco now. ## more rants 20.04.2008 by tg@ I already ranted about pcc… well, I got a reply to my first mail to the pcc list (where the second one cleared up the five things mentioned in the previous posting), a sort of still friendly one-liner, to which I replied with that he should probably read my other mail, to which I only got an unfriendly comment that “you are wrong”. Hah! (Well, I got my “pcc -E” fixed.) I guess I just cannot recommend to use pcc, and will have to maintain my own set of patches. Trying to get them upstream shipwrecks on a barrier of incompetence, regarding not only autotools but also how a compiler (cc(1) standard interface) must work: at first, on -O (or -O*), pcc did simply an Oflag++; which I mentioned as wrong (adding a fix)… but look for yourself. Oh, and they reply using weird – OpenBSD (latin1) or Windows (cp1252) – encodings on mails properly sent using Unicode (UTF-8), as is the default in sane operating systems like MirOS and Plan 9. Incompetence whereever you look. This matches the interesting UCB hack in mv(1) I recently found… or OpenBSD’s inability to port GNU tools. Also, I suppose my ISP/Telco is going to get some angered tg@ tomorrow. The NTP Pool scores show that I’m suffering from a lot of network hiccups. This LCP fluctuation kind of sucks, as does the current transfer rate. Just the latency is still surplus, 11.2ms to heise.de (suckers as well, but for totally different reasons) and 18.3ms to google.com (also suckers, for a couple of yet another reasons I think I already elaborated). ## pcc sucks 20.04.2008 by tg@ I probably could compile mksh on pcc again… if pcc would compile itself. Hey, this one is about the contrary of OpenBSD or lynx, where development versions are stable… pcc should warn before cvs upping. Every time I try to build mksh with pcc, either it’s totally b0rked or I have to fix it. Today: ragge doesn’t understand autotools. (He added a test to configure.ac which ① gives a syntax error when failing, ② fails when compiling pcc using pcc as the compiler, ③ doesn’t show up if /lib/cpp exists (on GNU/Linux, I suppose), ④ produces a broken cpp(1) executable if it fails, ⑤ doesn’t even test for the thing it is supposed to check.) Oh, and the charsets of the mails are b0rken. (WTF windows-1252 when I send UTF-8?) See all the ugly details here (XXX insert link). ## Back home again 20.04.2008 by tg@ Tags: hardware mksh Back home… there just ain’t such place as [::1]… (that’s localhost for all of you who don’t use BSD). Swinging on the bike and going to the ice dealer, the best of them all. It was kind of nice in Switzerland and it’ll be a hard decision for me whether I’m going to move there or not. But after arriving at home, past the bike tour, I fell into sleep pretty soon. Travelling may be interesting, but it sure is tiring. Too bad I couldn’t find the two geocaches I looked for on the way back. I hacked some mksh on the train, until I had no power left in the batteries… the laptop literally just went off all suddenly… and continued that until now. We have some quite interesting new features in now, only sad point is that we still can’t hexdump NUL. I should definitively get my new server (tear) running now, for which the only dependency left ought to be the updated vnd(4) crypto stuff. This will take a while, as I’ll design a new on-disc format as well for improved security (think of keys, IVs, and so on). After that’s done I’ll give y’all a snapshot of MirOS-current, and update a lot of ports. Maybe I should work on bringing a regular sparc boot floppy into the tree as well – last time, I had to hand-craft one. But it will be lacking. There’s so much interesting stuff to do. Working on the Zaurus, ALIX, my SPARcstations (still no big monitor yet, so I couldn’t test Miod’s patch to make tvtwo(4/sparc) work yet), more FreeWRT devices… but I can’t neglect my dayjobs either. And I ought to learn to read and fix Perl *sigh* This sucks: I have network (internet) outages since last night. Sometimes, ppp(8) + pppoe(8) still work when pppoe(4) doesn’t, but most of these times, both are unusable. The rest of the time, I sometimes have huge lags. My ISP (which unfortunately is a telco, but they aren’t completely clueless either) wanted to upgrade me from a 4 Mbit/s connection to a 6 Mbit/s connection as the old product doesn’t even exist any more (and I’ll save 10 €/month now), and the cable length (230m) isn’t an issue either. Testing today (as per the salesman I should have it May 1st, per the acknowledgement mail April 15th) I’ve got about 6 Mbit/s down, but my upstream speed is even reduced! WTF? Argh! Later on this night, my network connection is so flakey… ## Geocacheing in Basel 17.04.2008 by tg@ Tags: geocache This time I did find a geocache far away from home… … in contrast to when I was in Bruxelles, as Benny and gecko2 didn’t seem to want to have time for that (or walk at all, they coerced me into the tram). This time, I went cacheing with Tonnerre, and he kind of lined it. Time to push opencaching in Switzerland. He said he might even drop some caches (although – jokingly I hope/suppose – his first idea was „Finding Sandro“, where the cache is a person… or his home appartement). Likewise, I’ll push OC (and, a little, TC) whereever I’m going to live or lived. While here, special greetings to the TGIF@BS meeting which I won’t attend, as I’ll take an earlier train back home tomorrow. It was nice here, much more so than in, for instance, Berlin. Perl is evil. But knowing the basics of other programming languages helps. I guess I’ll invest some time into learning perl better, so that I can get rid of it (in MirPorts, for example), and better understand what others try to write in it (so it can be converted to mksh if possible, or at least fixed or optimised). People can be quite annoying at times (mostly in Jabber, but also via eMail or IRC). Hey, if I just don’t reply my current location per eMail, sending another one asking specifically for it again isn’t going to improve my mood. Neither is constantly annoying me with enquiries about whether I’m really gonna move („zügeln“) here or not, after I had already stated I’ll think over it next weekend (or so), since I have a few reasons pro et contra, some of which are orthogonal to what I see here. I concentrate on getting a feel right now. Oh, and texting me one messager after another in Jabber (or, worse, by SMS to my Natel) even if I don’t reply (which, on the other hand, does not imply I’m willing to conversate either!) just gets on my nerves. And: go fucking RTFM, and don’t fucking bother me with „the XXXXU2B controller doesn’t exist, because the vendor website only lists the XXXXU2W“ – if you know any vendor websites you should long know better than to trust them. For what it’s worth: for building MirEwe, you need very current MirMake (at least 20080411), g++, GTK+1.2, GTK+2, libjpeg, zlib, and their development headers. It should work on GNU/Linux and the BSDs for now. No platform other than i386 has been tested yet, but I’ll take on the Zaurus running OpenBSD, I guess, as I finally got the uplcom(4) working. Ah, and to rebuild the class libraries you need ecj and paxmirabilis/MirCpio – I did the ecj part on Debian and the rest on MirBSD. ## my first advisory 14.04.2008 by tg@ XTaran mentioned that there is a Secunia advisory for mksh: SA29803. Wow. This would then be my first one. But people really cannot read: the advisory states it appies to “Secunia Product #18328: MirBSD Korn Shell 3.x” – WTF? I mean, version numbering surely is difficult these days, with Linux and related software often having four or more decimal points(!) in them… but I reported it to them using their web site form. I don’t know why Secunia made this advisory, but I suppose the Fedora person has his hands in there, as he told me yesterday that he needs an advisory for marking the update as security fix in their package system. I told him that this is not a lack of wanting to document, or even lack of communication (skills), but that I merely don’t know how this kind of issues is usually handled “out there”. I haven’t dealt with GNU/Linux any more since I started using OpenBSD back then in 2.9 times, and then, this procedere wasn’t widely used. Ah, speaking of OpenBSD. They are sometimes not even at fault when a bug report is mis-communicated, even if some people don’t believe it. And they don’t do the major/minor game either. They just still have the decimal dot for hysteric raisins. Actual user feedback matters. My fork (MirEwe, just to annoy Jonathan) of the Ewe VM now has a fix, or rather workaround: when opening serial devices, “/dev/” was prepended to the device name. Now if users enter “/dev/ttyUSB0” (leenocks) things don’t work – but this is hard to debug. MirEwe now warns and does the right thing. The warning is in there for portability ☺ Ah, and: I could finally log my first (locationless, though) TerraCaches. That makes me an active user of all known platforms. Even if it cost me an entire night of re-reading a book I knew from a looong time ago. But actual caches will follow, and I’m even already planning to plant some myself. Basel is getting nearer. I’m still not too happy with the option to move away from here. We’ll see – at least I’m going to take a big chance when I see one, and peek into how it is over there. Even if Benny is on Malle. ## current state: annoyed 13.04.2008 by tg@ How can a bug like this be unnoticed for so long, while the two source code lines in question were specifically touched and diffs reviewed by big names such as deraadt? Of course it’s me who has to fix longstanding bugs from 386BSD, VIA C3 AES data corruption bugs in the OpenBSD kernel, LP64 bugs in OpenSSL, etc. ## a few news items 12.04.2008 by tg@ Tags: geocache As you can read, quite a few new versions of our portable software has been released. Well, sort-of-portable, but for nroff I plan on improving, and MirMake 2 will be a lot better too, kinda like mksh. Geocacheing continues: Even Jonathan got hooked now. We found another (his first) two today. As we’re sort of a big family, you’ll occasionally find German-language postings here. Don’t wonder. We have people who especially read that. Ah, and while we’re at stats bragging: These were made on gecko2’s Intel Mac (Darwin), my laptop (MirBSD), and a few even on hephaistos (GNU/Linux). MidnightBSD needs to use brandelf, thus execution of Linux/i386-ELF binaries fails or, after branding, checksum verification (which BOINC does) fails. Sucks to be FreeBSD derived. I’ll be in Switzerland (Cōnfœderatio Helvetica) next week, while Benny happens to be on vacation on Mallorca (hopefully not near the war zone called Ballermann). Development may slow down a little due to that (no more 100+ CVS spa^H^H^Hmails per day, yay!) but will not stall. ## Willkommen, Schweiz! 12.04.2008 by tg@ Da wir ja alle eine große Familie sind, möchte ich hiermit Grüße (Grüsse?) an die Schweizer Leser, die dieses Weblog (nein, ist kein Blog) auf Planet Symlink entdecken, senden. Ad auditorēs qui nōn possunt legere linguam germanicam: Salvete amici Cōnfœderationis Helveticæ! Ich bin übrigens Mitte der Woche in Basel zu Besuch, Benny ist leider zur Zeit auf Mallorca, Urlaub machen. (Hoffentlich fernab vom Kampfgebiet, äh, Ballermann und so.) ## 10.04.2008 by tg@ I haven’t written here for a while, but I just want to get one thing said. I might have done what Sun feared first thing after I got a Java™ VM (even if it’s only single-threaded Ewe for embedded systems) running stably on MirOS… it now has a native method arc4random_pushb(3)… yeah! Entropy is determining a lot of my life these days anyway. For example, accidentally sleeping too few, too much or at weird times, being phoned by random people, talking with Vutral about further possible improvements in our RNGs, being asked by CAcert.org if we are suitable OS for their high-security boxen (almost, but we’ll fix the missing parts, and some they’ve got to do themselves as no off-the-shelf OS does), and reporting in huge masses of entropy to CAcert.at Research Lab – some 128 MiB samples with Firesomething “Bon Echo”, as Opera ISE’d out and Lynx just first ate up all CPU then none at all any more without monitorable activity… Ah, and BOINC is running stable on MirBSD. MidnightBSD has some issues, mainly due to the fucked-up FreeBSD kernel and brandelf. ## On Firefox Updates 02.04.2008 When Mozilla Firefox(TM) aka www/firesomething version 1.5.0.10 came out over a year ago, I tried porting it (of course). However, not only did the build not finish, it filled the entire filesystem before failing. At the time, I was updating from something like 1.5.0.4 so I did not know which version exactly caused the problem. Thus, I made incremental updates up to 1.5.0.8, where I seemingly lost interest. Now, with a faster build machine, I continued the updates, discovering that 1.5.0.10 is really the version that fails. A diff between firefox-1.5.0.9-source.tar.bz2 and firefox-1.5.0.10-source.tar.bz2 is 10 MiB. Most of that is in CVS directories, which are included in their fucking releases, believe it or not. If you leave out those changes, the diff is still 5 MiB and 155000 lines, of which 90% are in security/. Mind you, the whole source tarball, from calling the directory mozilla instead of adding a version number to including CVS directories to using several different build systems, leaving unused configure scripts in the tree, etc., positively REEKS of a flagrant disrespect for those that build from source. All this seems to be meant to encourage you to use official Mozilla builds—which is fine if you happen to be on one of the few supported platforms: Windows, Mac OS X, and Linux i386. We are not. Anyway: in their infinite wisdom, the Firefox developers chose to upgrade the included NSS libraries (Netscape Security) from 3.10.x to 3.11.4 in a minor security update. This version sports extensive internal restructurations—another nice way of saying "fuck you, porters". Thank you, Mozilla project. Of course, the NSS update is not explicitly mentioned in the release notes. This tech note says: "The low-level freebl cryptographic code has been separated from softoken on all platforms. Even on platforms for which there is only one implementation of freebl, there is now a separate freebl shared library. The freebl library implements a private interface internal to NSS." This new library is the core of the problem. After the NSS libraries are built, they are cryptographically signed by a program called shlibsign which, in turn, dumps core, generating a 3 GiB core dump in my case! I had suspected a problem related to our security features, especially W^X. The page about Building on Fedora Core 5 says: "For those with SELinux in enforcing mode, you are likely to run into problems both with the shlibsign during the build process and with the running the final build related to SELinux denying execmod permission ..." However, with some difficulty, I managed to build a debug version of everything for analyis with gdb. During the start of shlibsign, one of the init procedures loads the native freebl (?) module, which promptly loads itself. On and on, until memory exhaustion. This comment in security/nss/lib/freebl/Makefile provided a clue to the solution: # The blapi functions are defined not only in the freebl shared # libraries but also in the shared libraries linked with loader.c # (libsoftokn3.so and libssl3.so). We need to use GNU ld's # -Bsymbolic option or the equivalent option for other linkers # to bind the blapi function references in FREEBLVector vector # (ldvector.c) to the blapi functions defined in the freebl # shared libraries. ifeq (,$(filter-out BSD_OS FreeBSD Linux NetBSD, $(OS_TARGET))) MKSHLIB += -Wl,-Bsymbolic endif Adding MirBSD to the OS list fixes the build. And it works! Now, firefox 1.5 is old and unsupported. So why was this update important? It makes further updates possible. The same bug was holding up my long-finished firesomething-2.0 port. I already have a package for firefox 2.0.0.13 but the port needs just a little more work. I am also confident I will be able to provide a working port for firesomething 3 when released. ## 28.03.2008 by bsiegert@ Wow, my first posting in this new weblog. My laptop, a new MacBook Pro, spent about 10 days over easter in order to really do a MirPorts bulk build. 1503 binary packages for MirOS #10 have been uploaded to the mirrors. This has also been an occasion to review some largely untouched parts of the tree. Most of the problems seen are related to missing distfiles, changed download URLs, etc. Some packages did not build during th bulk build but when run non-recursively, they worked. Some bugs in the resulting packages remain: You must manually install the expat package for most of the stuff to work. gtk+ insists on writing to /var/db, which makes it unsuitable for AS_USER builds. firesomething only when works as firefox. Still, this gives you a wide variety of pre-built packages for the new release. Enjoy! ## 24.03.2008 by tg@ I seem to have a sort of fan club, mostly related to mksh, but also to jupp. Interesting. Benny has built 1503 binary packages, amounting to about 954 MiB of data. Uploading… We just got an email about Metalinker, which looks interesting enough to try, from its primal developer Anthony Bryan. We now have it ☺ ## 22.03.2008 by tg@ This night, my internet connection failed every so few minutes (returning a PAP failure, despite me being in midst of a session). I took the chance to upgrade herc’s software (kernel, userland, a few packages) and spotted that sendmail(8) bug. I also took the chance to rebuild the two RAID 1s (one for /, the other for /MirOS and the CVS repositories), which took me a while and about a dozen attempts, but finally I succeeded. Other than that, I didn’t hack much. I walked about 5‥6 km (single way) to buy myself a Döner though ☺ bad weather doesn’t have to mean stay inside. We should be at way more than 1500 downloads in total by now… 1405 on the Germany 1 mirror, more than 100 on Germany 2, an unknown lot on Japan, more than 60 BT downloads from me and friends… that accumulates quite. ## 21.03.2008 by tg@ Happy Spring Equinōx to everyone! I merged the crypto improvements to HEAD: we now have improved Rĳndael CBC code for UVM swapencrypt, and this code uses the VIA C3/C7 PadLock™ ACE if existing – whose code contained a now-fixed data corruption bug. Next on the TODO list is: make vnd(4)’s encryption use the same code if AES is chosen as cipher algorithm. Allow selection of Blowfish (stay compatible), AES-128, AES-192, AES-256; other algorithms may follow. We will need a new keyfile format and stay backwards-compatible, but this is not a problem. We got a PUA assignment from U+F900‥F97F (tentatively) for our encoding proposal, and should use “one of the various non-characters” for the NUL encoding. But: “Emoticon U+FDD0 is actually Unicode for the eye of the basilisk…” – U+F000‥F7FF are now reserved for Linux’ straight-to-font map (and some subranges are used by Windows® and Mac), and F800‥F89F for Mac (and possibly, Linux). – Although I got scolded again for chosing a 16 bit wide character type, I believe this compromise with all its good and bad sides is the right way to go for us at the moment. As for how to codify this, I still do not have a final answer, but I think using wrappers for SUSv3 functions which cannot fully support the proposal is a good idea. Most use cases should work with the SUSv3 functions, anyway. I still haven’t ported mksh to BSD/OS 3.1, OSF/1 V2.0 and Ultrix V4.5… ## 20.03.2008 by tg@ I’m impressed – 1377 full downloads from the Germany 1 mirror, add to that the partial downloads (wget -c or so-called “download managers”), these from the Germany 2 and Japan mirrors, BitTorrent (which is 36 times from myself, and a couple of dozen times from my friends, and even more from the unknown peers) and you won’t think of us as irrelevant any more. I’ve hacked on the crypto improvements branch again. I decided that getting tear up and running would be my priority target. It turned out to be a great way to hone my programming skillz as well: I got a lession about pointer aliasing. Except the actual VIA C7 part, I now tested it quite well on i386-qemu and sparc, where the latter took about one third the time compiling… the new CPU and RAM pay off. Oh yeah, and hacking on stuff always points out unrelated bugs… such as NO_GZIP=Yes for kernels not working, or <bsd.lkm.mk> being out of date (I had to MFC that, even). And that src/kern/z needs tender care – the transition is still not finished even for zlib. I hope the discussion about our charset/encoding proposal will find a solution… I feel like constructing a bikeshed, as you get about that much feedback there too ☺ Benny said he doesn’t grok the SUSv3 functions, like mbrtowc(3), enough to follow – and I can totally understand that. Maybe a Unicode guru person like Markus Kuhn can help – I asked him. ## 19.03.2008 by tg@ My primary SPARC build box demo now has a HyperSPARC 150 MHz ROSS CPU, instead of a SuperSPARC 75 MHz, and 512 MiB RAM instead of a mere 128 MiB (and with that, twice the RAM of my primary i386 box). But then, I got three SCSI HDDs from the same stone age, and each of them has a different connector. This sucks. ## 19.03.2008 by tg@ gecko2@ just called me. He operates www.mirbsd.org and got a little surprise on his daily traffic report. Summing it up, his server and myself, and a friend of mine, together, adding HTTP and BitTorrent transfers, have had about 500 GiB traffic in the 3½ days the #10 release is now available. Alone the HTTP direct downloads of clients that got the ISO in one piece (not HTTP 206) number sits at 861 at the time of this writing (850 five minutes ago, 825 ¼h ago). As an immediate measure protecting his server against being taken offline for traffic limit trespassing, I redirected to allbsd.org for direct downloads on getting.htm and suggested him to install bandwidth throttling/limiting for apache. Don’t be surprised. Update: half an hour later, it’s at 867, so I think the change of the direct link helped. Sorry for the inconvenience at both gecko2 and our downloaders – but then, to the latter group: You should’ve used BitTorrent anyway. Oops. Changed the wrong link. 923 downloads… 927… ## 19.03.2008 by tg@ Tags: geocache In addition to my primary geocaching site, OpenCaching.de, and the commercial crap site, GeoCaching.com, which has most users, I now also registered at TerraCaching.com, which is a semi-closed site providing “high-quality” caches. Stats bar gallery: Of course, I didn’t find any TCxxxxx caches yet. I need to get fully registered (“sponsored”) at the site first. This isn’t a big issue tho. Update: I’m in. Nearest caches are in Blankenheim, Neuwied and België… ## The Unicode Release 15.03.2008 by tg@ MirOS ξ (MirOS xi) is not only our eleventh release (as I started counting at zero), it is also the Unicode release. While it finally makes sparc a fully supported platform, the real focus is on Unicode, and bsiegert@’s girlfriend seems to have realised that better than I did. However, in fact, that was only a start. We need to change the character set in order to be able to handle binary files transparently with Unicode-enabled applications – col(1) and tr(1) in MirOS #10 – before converting more applications to use Unicode. Please give feedback on the thread linked above, if you can. MirOS #10 does come with everything needed by applications for full Unicode support though, and in contrast to OpenBSD, things really do work. This justifies calling the release like this, even with a Unicode character in its codename. For the first time, the “tag line” comes without a “WTF?”. You may take this as a sign that we are not confused about ourselves, have gotten over the initial cause to make MirOS and now no longer merely are a team that wants to improve OpenBSD. We are a small but powerful operating system project, with goals (already met or new ones) of our own. We still track OpenBSD, but that’s no longer the focus. Benny’s girlfriend also got that right. And her mouse did attract the users, and stayed topic on the other BSDs’ websites. Wow. ## 14.03.2008 by tg@ The MirPorts Framework can now be used on MidnightBSD out of the box, no special patching needed. MirMake, MirCpio, MirCksum and the package tools have been updated appropriately. However, MirLibtool support is still missing. This is trivial, I just don’t have the time to do it right now, as I should be doing the release at the moment. Still, feel free to play with it. Yeah. I did port MirLibtool to mnbsd, and found a bug (in upstream, even) while doing it. Nicey. Both devel/glib1 (autoconf-2.13) and devel/libtool (autoconf-2.61) seem to work (regarding libtool build systems, shared library building/naming, etc.) for now. I’m a little bit unsure about shared library naming conventions, but you can follow FreeBSD’s, even though Todd Vierling and I think they are weird and/or not what one wants. (For insiders like Benny: they do not use current/age/revision, set the third number to 0.) We have a new “p5” port module, which must now be referenced by any users of${P5ARCH} which do not include the “perl” module.

pvalchev@obsd replied to my issues with the UMAC64 hash that I might want to report the bug in libgcc’s umoddi3 implementation upstream. This shall be my TODO, someone please remember me to do it (check how to reproduce on $common_os, with$latest_gcc, etc).

miod@openbsd is helping me with the tvtwo(4) card – unluckily, I’m unable to test diffs because my monitor is too small… Doesn’t anyone happen to want to give away a TFT that can do 1152x900 for free? ☺

## GPLv3

14.03.2008 by tg@

As written in my earlier entry (still to be ok’d by benz) about GPLv3, editors/nano is okay (for now). This means that rsync 3 is probably ok to go in now too (especially since we have no patches). It’s said to be much faster and less RAM-hungry, which is especially nice.

## 13.03.2008 by tg@

Besides from my TODO on MirPorts (and the portable subprojects) and MidnightBSD, and the release engineering process, and my other want-to-do hobbies like hercules(4) wsfb(4) support (and an XF86 module, and emulation support for a HGC in qemu), and a couple of other things, Waldemar has made a point:

MirOS definitively needs to shift away from “we want to make OpenBSD better, and we do X, Y and Z” towards “we want to do X, Y and Z, specialise on W, support V, and while doing all that, we are of course as secure as OpenBSD and track their goodies, and by the way, we have GNOME and Frozen-Bubble”. This would give the MirOS Project an actual face, which could attract users and development capability/potential. (And it would imply a re-design of the Flyers’ and website’s content…) We’ll have to think about it, but he is probably right.

## 12.03.2008 by tg@

The new cksum port sets a variable HAS_CKSUM, which will be used really soon now in the MirPorts infrastructure to replace all the old cruft (_CKSUM_A, _CKSUM_SIZE, _HASHES). From RSN on, you will either have our current cksum(1) from MirOS #10 or MirPorts, or you won’t, in which case it will only use the “cksum” algorithm of the OS’ own cksum programme (which is rather ubiquitous).

We have a new sample file, “portmdoc”, and I’ve converted yet another manpage to be fixed with regards to GNU groff, like I did with mksh(1) after the R33 release. Expect this to continue.

The FSF is now mistaking that lazy moronic finnish student’s excuse for a patch management system for a version control system as well… the config.{guess,sub} files are now in git. Yuck!

## 10.03.2008 by tg@

Our kernel now should handle signals wrt the extended i386/amd64 ABI fine: thanks to the Debian GNU/kFreeBSD developer Aurelien “aurel32” Jarno, the direction flag (DF) is now cleared on traps.