Developers’ Weblog

Sponsored by
HostEurope Logo

Developers’ Weblog

All 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36

Stehen, Warten, Beten

17.12.2009 by tg@
Tags: rant

SWB. Stehen, Warten, Beten.

Am Dienstag Abend waren wir mit Roland in der Bonner Innenstadt. Hiernach wollte ich gerne nach Hause fahren, aber die StadtWerke Bonn machten mir, wie so oft, einen Strich durch die Rechnung.

Das ist eigentlich gar nicht so schlimm, denn wäre ich zu Fuß gegangen hätte ich sicherlich nicht mehr als eine Dreiviertelstunde benötigt. Aber wir haben ja das tolle Informationssystem, das uns allerdings nur anzeigte: „Betriebsstörung. Unregelmäßigkeiten im Fahrplan möglich.“

Bei „möglich“ wäre ich hellhörig geworden, aber das stand schon den ganzen Tag da, und morgens auf dem Weg zur Arbeit war eigentlich nichts los und wurde nichts durchgesagt. Also warte ich auf die nächste Bahn. Eine ganze Viertelstunde lang – anscheinend ist (gestern Abend nach der Arbeit übrigens auch) mal wieder eine Bahn ausgefallen, ohne daß dies angezeigt oder durchgesagt wurde, trotz moderner Technik. (Die Deutsch Bahn schafft dies zumindest auf ihrer Webseite, und Durchsagen gibts auch öfters, Anzeigetafeln sind dort ja etwas unflexibler.)

Dann kam die Bahn, ich frag’ was denn los sei. „Ja, ich fahre auch nur (1 Haltestelle), von da aus müssen Sie zu Fuß (2 Haltestellen) laufen, da fahren wieder Bahnen, wir haben da ein Riesenloch in der Straße.“ (Kurzum ein ganzer Streckenabschnitt abgeschlossen, ohne eine Möglichkeit, dort weitere Verkehrsmittel reinzubringen.)

Ich laufe also, frustriert, und stehe mir an der Zielhaltestelle – wohlgemerkt bei Minusgraden – wieder die Füße in den Bauch. Die gerade gewendet habende Bahn eine knappe Viertelstunde lang gut sichtbar für uns auf dem Stumpfgleis, Lichter an, tätigkeitslos.

Alles in allem habe ich annähernd eineinviertel Stunden nach Hause benötigt, und das ist bei einem monatlichen reduzierten Abonnementpreis von 66.50 € einfach inakzeptabel, zudem die tollen neuen Anzeigetafeln intakt waren. Hätte ich das gewußt wäre ich gelaufen oder hätte mir ein Taxi genommen, aber nein, die StadtWerke Bonn machen ihrem Namen „Stehen, Warten, Beten“ alle Ehre. Wenn ich nicht mein Abonnement eh’ schon bei der Deutschen Bahn hätte würde ich es sofort kündigen.

To add insult to injury, die Anzeigetafeln waren mit einem teils statischen teils durchlaufenden Text so dermaßen „voll“ belegt, daß man es nicht für nötig hielt, die normalerweise dort verfügbare Uhr (man sieht schön, daß alle Bahnen an den Endhaltestellen immer eine Minute zu spät abfahren – aber von einem Ex-1€-Mitarbeiter weiß ich ja, daß die SWB drei(!) unterschiedliche Fahrpläne haben…) anzuzeigen. Dann hätte man ja entscheiden können zu laufen – insbesondere wenn man informiert gewesen wäre. (Oder zumindest dann drei statt zwei Haltestellen laufen und eine Bahn früher nehmen. Oder zwei, je nachdem.)
Ich meine, für den Wasserrohrbruch zwischen Straßen- und U-Bahn können die ja nix, aber informieren können hätte man mich wenigstens, denn am nächsten Tage (gestern) mußte ich sehr früh ’raus.

Yesterday, I posted the following proposal to the mailing list. I am putting it here, too, for future reference.

I have been thinking about how we can improve the pkgtools with some new and useful features. There are two that would be easy to implement and would give us some kind of "poor man's apt":

Replace PKG_PATH, which at the moment is either a single URL or a colon-separated list of local paths, by a simple config file. It could also include a few other directives, like the default pager for MESSAGE files. I am thinking of the following:

Pager=less
Source=1,/usr/ports/Packages
Source=255,https://www.mirbsd.org/MirOS/Packages/i386/

The "source" lines are just local paths or URLs with a priority value, where 0 is the highest one.

For http, we have the problem of getting the file names. I propose to put an index.txt file, with just one filename per line, into each "repository". The indices might be cached so that we know what files are where. For http, we could even automatically update by using an "If-Changed-Since" header, or have something akin to "apt-get update".

It would be very easy to just search the repos in order of priority and take the first match for the pkgspec given. Or we could use findbestmatchingname() to decide which package to take.

These changes can be implemented in a reasonable amount of time, I think. Maybe during the CCC?

I smell an antitrust case coming up

12.12.2009 by tg@
Tags: mksh rant security

Oh the joy…

20:54⎜«smultron» mira: i just upgraded the big server from 10.5 to 10.6... and apparently the upgrade script removed /bin/mksh... now I don't have a shell and quits immediately... any ideas?

My suggestion – ssh -t servername /bin/bash --login – doesn’t seem to help:

20:59⎜«smultron» oh great
20:59⎜«smultron» ssh just keeps asking for the password
20:59⎜«smultron» then gives this:
20:59⎜«smultron» Permission denied (publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive).

Maybe gecko2@ can help… or bsiegert@… who knows.

In other news, no reaction at all on the Android front on my proposal to get mksh either to replace NetBSD® 0.x ash, or, at least, add it for developers.

Bei VIAG Interkom einen Händivertrag (Händi, schwäbisches Fremdwort, von "Jo hän di denn do koa Kabel dran?") kündigt, geht das relativ gut, man bekommt nur zwei Monate später eine Rechnung über 0,00 €. Den T-D1 Mitarbeitervertrag (Azubi...) wird man auch gut wieder los, obschon er über die Laufzeit hinweg funktioniert (wohl ein Abschiedsgeschenk des Ausbildungskonzerns). Bei Debitel hingegen wird der postalische Eingang der schriftlichen Kündigung um ein paar Tage verzögert, und dann hat man den Vertrag noch knapp 15 Monate lang am Hals. Die Frechheit ist aber BASE: die Karte funktioniert, nach meiner Kündigung gegen Anfang des 2. Quartales 2008(!), immer noch. Auf Anfrage teilt man mir mit, daß "leider" in ihrem System keine Kündigung ersichtlich sei, und ich noch bis zum 5. Dezember 2010(!) damit leben müsse.

Hoffen wir, daß Netcologne, falls ich denn den dortigen Mobilfunkteil meines Kombipaketes mal loswerden will, angenehmer ist. Immerhin ist das die einzige Telko, die auch mal Bestandskundenaktionen macht, mit denen ich seit 2001 ununterbrochen extrem zufrieden bin, und die nur ein Mal größere Störungen hatten (November 2001, wohl noch neu) und einem für einen halben Monat öfters gestörten DSLs einen ganzen Monat Telephon- und DSL-Grundpreis erstattet haben; die defekte Splitter und Leihmodems (NTBBA) innert Stunden ohne große Fragen austauschen; die einem alle paar Jahre mal sowohl den Grundpreis reduzieren als auch der DSL Geschwindigkeit erhöhen...

Also, Leute, kauft nicht bei BASE! (ciruZ ist mit blau.de zufrieden, die sind aber Prepaid, das heißt zwar keine Knebelverträge, aber auch keine unlimitierten Telephonate im Ausland, z.B. um gecko2 auf belgischen Autobahnen zu helfen.) Daß es auch anders geht zeigt die Deutsche Bahn in einer anderen Kaufempfehlung (diese hier ist allerdings eher eine leicht frustrierte Verfehlung). Mein Brüderchen fand, ich sollte das hier dokumentieren/ablassen; keine Bange, das hier wird nicht wie bei Fefe eine Produktbashingseite werden (dafür sind einfach alle Sachen in Existenz zu... kaputt, das ist mir meine Zeit nicht wert).

Naja, mal die Kündigungsbestätigung aus den Altunterlagen raussuchen, um deren Zusendung ich letztes Jahr gebeten hatte. Warum wohl?

Happy Benzday!

07.12.2009 by tg@

Since I don't reach you via IRC, phone or Natel™ let me wish you a happy benzday here. ☺☻

I think it's perfectly okay for libobjc to depend on libgcc_s like libstdc++ does. So let's not disable gobjc from base. Rather, make everything except C version-dependent. (Bump base vsn afterwards, the gcc vsn has been already.) I think we'd also best rename the clang executable and make a wrapper using -L, -rpath and -I flags from its CCLD instead of always using these from the system compiler. (I wonder if it's worth the effort to make the C++ header files version dependent as well. Probably.)

We somehow need a way to differentiate ABIs in MirPorts, as there will be several compilers. On MirBSD: base-gcc3.4.6, port-gcc4.4.2, port-llvm-gcc4.2.1, port-pcc, port-nwcc (this list is for i386).

Benny, may I encourage you to hack on pkgtools the next Muttenzday? Especially I'd like to have that file extension retaining/cycling for auto-dependent packages in, it's basically a showstopper for LZMA compressed binary packages. (Will still be LZMA1 for some time, as there is not yet a stable xz release.)

The hardy at MirDebian "WTF" Repository section contains a KDE 3 source and binary package of KWalletCLI 2.00 (built for Debian Lenny and K?buntu Hardy). A KDE 4 package (for Debian squeeze/sid, newer *bunti and ones with KDE4-backport) will be worked upon as soon as I can get into the pkg-kde Alioth group.

I managed to create an avd "Android 2.0-current", with stuff completely built by myself. Now I "just" need to get project/external/mksh.git to be created and writable by me. Or, even better, nuke that NetBSD® ash they're currently using and replace it with a sensible shell, at least mksh-small. Then adb can be built without -DSH_HISTORY (which, with mksh, is required for usability).

I wonder if I could take over Mæmo as well... *grins*

On unrelated side notes, I'm trying to get the "debian" tagged entries aggregated on Plänet Debian, and I'm – again – in the NM process trying to become a DD, with slightly different goals this time. (But I'd also like these porting machines... 'sides, there's still an mksh+dietlibc on hppa bug open...)

I also got HP-UX back at HP PvP (not player versus player though ;) for mksh(1) porting/testing. Sadly, Itanic only, no humppa machines.

In case someone ever needs it, a collection of scripts called BitWeaver → MediaWiki does exactly that and has been released under GNU GPLv2 (only). Cheers!

Still happy with the eKey

25.11.2009 by tg@
Tags: debian

As I wrote, I asked for flute notes. Well, piano notes are ok too, although I don’t have my electric organ any longer, they can easily be transposed, even if I don’t know the software (could do it by hand though). And I might give midiplay(1) a shot (I bet it’ll sound like PC-Speaker emulation…). Vincent kindly provides more input (apparently one more of these Simtec people, but that’s just my guess).

Since ports/security/ekeyd runs happily on herc and most of my patches were not just applied but even appreciated, thanks Daniel, and the results speak for themselves (I even get stats from daily.local mailed to me every night), and we had some fun discussions, I like it. I think these whom I ordered additional ones for are, too. (I wonder if I should invest into a ten-pack bulk ones and re-sell them at conferences, but the next one is so close to the UK they probably will be there by themselves.)

I must admit I also have the context switching problem (but hey, that’s what you get for being a sysadmin, and our coffee (GEPA, ganze Bohne, im Eimer, fair gehandelt), even if not Café Libertad, who, incidentally, are Debian Wine distributors, is good), but since I’m usually not working for customer projects, I’m rarely time bound, and quite some good ideas have come from distraction (or timeouts, such as personal needs or getting coffee/food/…).

Now I still wish I could split myself in half to get more time for all the projects I have…

New MirBSD/i386 snapshots

15.11.2009 by tg@
Tags: news security snapshot

I have compiled a new snapshot (i386 only) and uploaded the following flavours: MirOS bsd4grml, MirOS bsd4me-current (Live OS), MirBSD-current netboot (NetInstall for i386), the Midi-ISO (bi-arch manifold NetInstall), and the checksums.

The /MirOS/current/older/ subdirectory containing partial and incremental upgrades for older MirBSD-current snapshots is gone for now. The 20091115 (i386) snapshot is a security upgrade (contains the OpenSSL panic patch in its second version), bugfix (all errata mentioned in the “wtf ist hallowe’en” announcement are fixed if applicable), and feature upgrade: the installer and first boot recognise a Simtec Entropy Key if plugged in (for the installer, break into a shell and run /usr/libexec/ekeyrng if plugging it in later) for increased entropy generation; after first-time installation and reboot, the user is supposed to install ports/security/ekeyd and use that (for which there are binary packages as well).

The MirOS Project’s servers are or will be upgraded as well; please bear in mind this implies short outages of service. Furthermore, due to the TLS protocol design error, some things may not work any more, since we applied the OpenSSL “panic patch”, which disables all renegotiation, but allows applications to re-enable it, if they knew about that possibility at compile time, by setting a run-time flag before initiating the connection. (None we know of does, though.)

I am, indeed, happy with my eKey. I’ve ported the ekeyd support software (but could not get ekey-ulusbd to work), created a real lot of patches, and discussed with «rjek» in IRC happily.

I now get about 4 KiB/sec on large streams (such as 64 KiB) reads from srandom(4), with 8 KiB/sec initially, in contrast to the less-than-100 Bytes per second (300 Bytes per second initially) without the eKey.

Of course, there’s still room for improvement – I fixed the ioctl(2) calls, removed strcpy(3) and sprintf(3) calls, and added arc4random_buf(3) calls for generating the nonce (which can now be made much larger than the 12 conservative bytes the original code reads from urandom(4)), and made it work at all on our platform (and, possible, OpenBSD). But I get statistics now, even if told that my ekeyrng mksh(1) script is “Cute”.

Make sure you update to at least luasocket-2.0.1-1 for some bugfix (pkg_info(1) has a bug preventing it from seeing that – what worries me even more are some outputs not sent with the mail), and that you have a recent kernel (post the “wtf ist hallowe’en” snapshot!) since lsusb (even when ported) doesn’t output anything, and nobody knows what arguments to ekey-ulusbd are needed to make it find the eKey.

ObInfo: new CA bundles are out too, and more binary packages.

I am happy with my eKey

12.11.2009 by tg@
Tags: debian

Neil, I am happy with my eKey, and I would blog it if I had a blog ☺ (And yours doesn’t allow comments. But then, Daniel’s doesn’t, either.) I’d have liked proper (C flute / piano / voice) notes, though… never got the hang of string instruments.

Of course I still have to make a MirPort for that Lua dæmon, but for now, things work quite well. (I do have a rather large TODO and woke up with headaches and slight cold today.)

got home

08.11.2009 by tg@
Tags: bug event snapshot

The snapshot has another bug I discovered after converting my laptop to a showcase: lynx(1) charset defaults, after disabling auto-detection, to the wrong one (the news item has been updated, again).

I came back from OpenRheinRuhr, and (apparently in contrast to many others) liked it, save for the (a)social event, which some organisers admit hasn't been what was promised to them. My hotel was actually some kind of Vereinshaus and Billard club, so I had to eat supper (after fleeing the Casino, I had wanted to eat with some others deciding to split/fork, but formorer couldn't decide, so I walked the 3km, but didn't find anything appealing on the way, since I walked towards the outside of the city) in a smokey bar. So 2007, that. But I watched some kind of Billard competition during that, the meal was good and much, and the beer good and rather affordable. (I even took a Krug to my room with me to flee smoke.) Breakfast was included, the quality much more than I had expected at that price (I paid almost twice that in Basel, where I didn't even have a private loo adjourning the room, much less a proper bathroom with douche). The city, despite confusing it with other Ruhrpott cities beginning with BO, was nice and quiet (although the visitor count suggests that it was too remote, I rather prefer this to the usual rush and street mob, and it was still lively).

I think you'll find more coverage, photographies (hopefully not of me, as I wore a pullover forbidding it) and opinions on the 'net soonish, even dissing if I may harbour a guess (not without reason, from what I've been told privately), and, as I still have a headache (as usual...) I refrain from writing more. The MirBSD^H^H^HGRML CDs will be distributed at 26C3 by formorer from the Grml team *grins and I wonder if the celebrities equipeed with a MirCD or MirUSB stick, like Werner Koch, will make good use of it ;-)

this snapshot CDs, next snapshot codename

06.11.2009 by tg@
Tags: bug event security snapshot

OpenRheinRuhr will see our latest snapshot on CDs (although we seem to be short of flyers ☹). Complete, with MirOS BSD (i386, sparc; i386 Live) and MirGRML (i386).

The next snapshot’s codename has been decided upon angrily today: “wtf is with all these bugs?”
Expect a fix for the latter sometime soon, it does in fact have more effect than most sites say, to avoid Panikmache (unlike that Schweinegrippe stuff); I’m lucky my online banking stuff keeps SIDs in the URI ipv Cookie, but still… very bad. Switching renegotiation off as a quick würgaround also is evil, for example, my SMTP setup (using X.509v3 SSL certificate auth for relaying) might break. But we are said to expect an amended SSL/TLS protocol soon, hopefully with OpenSSL patch.

ekeyrng is a very rough draft (shell prototype) currently driving, together with a small USB backport, a Simtec EntropyKey in herc into wrandom(4) (for now). Really, the Lua tools should be used, but this is good for the installer, although the TPM, eKey and truerand – cprng(8) – functionality should be combined into one small, efficient, C dæmon doing so (but without the hacks to keep cprng(8) within one memory page to cease swapping). Still, it’s great!

bsiegert@ will be offline for a week.

All 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36

MirOS Logo