2005-06-04: WebAuth 3.2.8
I'm massively behind on announcing new software releases here, so there's
probably going to be a flood of them over the weekend as I catch up. I've
been knee-deep in Debian work, among other things, for the last couple of
months and have been busily fixing all sorts of things rather than
communicating about them.
I see that the last WebAuth release I announced here was 3.2.4. I just
pushed out 3.2.8, including new builds of the Solaris binary packages and
new versions of the Solaris Apache build and stow packages. Since 3.2.4,
there have been a couple of packaging releases with portability fixes to
all the supported Debian platforms and a renaming of the Perl bindings to
match the name of the C library. There are also two minor bug fixes,
namely a change to the priority of the mod_webauthldap messages and better
handling of empty keyring files. Finally, the WebKDC manual has been
significantly improved.
Most of the work ended up being building all the random dependency packages
on Solaris and updating them all in the distribution area. I have been
totally spoiled by the Debian toolset. I remember when my tools for
building Solaris packages felt polished and fast, and now it's a painful
manual process compared to building Debian packages. I'm looking forward
to not having to worry about Solaris any more.
WebAuth is now also in Debian unstable, although alas it missed the sarge
cutoff by only a couple of days. I'll maintain sarge packages on
archives.eyrie.org and as of etch, it should be a first-class Debian
citizen. (If you run WebAuth on Debian and are allowed to do so given
security policies, run popularity-contest! It's great to know how many
users there are out there.)
There are still no official Red Hat packages. People keep building them
and talking about them, but no one ever sends me any details about them,
sends me spec files to include in the tree, or asks to have them put on the
official release pages. Oh well.
You can get the latest version from the WebAuth pages. I haven't yet
created a WebAuth software page in my own web space but will one of these
days, if for no other reason than to avoid going blind trying to read the
microfont used on the official ITSS pages.
2005-06-04: Debian packages
I'd been meaning for quite some time to start contributing Debian packages
to Debian itself, but despite learning how to make packages and doing some
internal packaging, I kept not taking the time to really learn how to do
it. I finally broke through that logjam around the middle of April,
applied to become an official Debian developer, started helping Sam Hartman
maintain the AFS and Kerberos packages, and started uploading my packages
into Debian proper.
Many thanks go to Ben Pfaff for being willing to sponsor my packages; it's
only because of him that I've been able to get some things into Debian
already. The Debian new maintainer process is notoriously slow (something
that has good and bad aspects), so I expect to be needing his help as a
package sponsor for another year or so. It might go a bit faster, but I'm
not counting on it.
I know have a web
page up that lists all the Debian packages that I've made available,
either in Debian proper or through my own personal repository. Some things
will never be suitable for Debian proper for various reasons, and other
things (like bundle or
reminder) I'm not
sure are of sufficiently general interest and are very simple to install as
scripts. I've also now added information to the individual software
packages of my packages if Debian packages are also available.
Now I just need to find the time to write up the details of how I maintain
Debian packages, since I've discovered a lot of interesting tricks in the
process and we have a rather neat local package repository setup here at
Stanford now, thanks in large part to Hua's work.
2005-06-04: jwz
I would just like to mention that jwz
continues
to
rock. He even is doing
rather interesting book
reviews. I'm hoping to
learn to be a more entertaining writer by absorbing other people's
techniques via osmosis.
I completely agree with him on
Singularity Sky too. I'm still
not sure why I actually enjoyed reading
The Da Vinci Code, since it is objectively complete
crap, but I did. Hm. Certainly the thumbing one's nose at
Christianity factor had something to do with it, as did the
amusement at watching people with a marginal grasp on reality
whine about
it. Most of it was probably all the random esoterica about Da Vinci and
the early Christian church that Dan Brown made up or copied, though.
This has been your monthly allowance of hyperlinks.
2005-06-04: svnlog 1.6
I'm starting to switch to Subversion for some things, particularly for
Debian packages but increasingly for other projects as well. Subversion
has a much saner post-commit hook system than CVS does, and commit
notification scripts were one of the early projects. I'd heard rather good
things about the ones that come with Subversion, and figured that I
wouldn't need my own script this time.
Unfortunately, what's there, while not as bad as the stuff that comes with
CVS, is still pretty disappointing.
The Perl stuff does hardly anything, so skip that. mailer.py is the
apparent best of breed, and it does have a lot of features for choosing
what diffs you want to see and configuring it depending on what portion of
the tree you're making commits in. That stuff is pretty nice, if not that
interesting for me.
However, it's still missing what I consider to be basic features. It
doesn't do diffstat summaries. It doesn't put any effort into producing a
nice looking e-mail message, with real names in the From line for instance.
It still generates those hideous, meaningless, 10-line Subject headers.
Configuration could be easier. In general, it's just not what I want.
So, despite the fact that I'm doing it the "wrong" way and parsing command
output rather than using the bindings, and despite the fact that I'm
writing yet another commit reporting script rather than improving one of
the existing ones, I took my
cvslog script, spent
about a day hacking on it (mostly hacking bits off of it, since Subversion
is actually sane and doesn't require all the bizarre command-line parsing
and multiple commit merging nonsense), and produced svnlog. I think I got
the option parsing and configuration file handling right this time; it's a
lot cleaner than cvslog, and at some point I should backport the work. I
also hacked in support for tagging Debian bugs as pending based on mentions
of bugs in debian/changelog commits, just for the hell of it.
I don't know if it anyone will end up using it other than me (and Stanford
repositories I run, of course), but it does what I want and the other stuff
doesn't.
You can get the latest version from the
svnlog distribution
page.
2005-06-05: cvslog 1.51
This is a minor bug fix release, the most important fix being proper
flushing of the mail file handle so that forking diffstat or cvs doesn't
sometimes result in a doubled message. It also cleans up some warnings
when parsing malformed CVS passwd files.
I have some more changes pending (cleaning up wrapping the list of changed
files), but they're currently waiting on me to decide whether I want to
rewrite the option and configuration file parsing along the lines of the
new code in svnlog.
You can get the latest version from the
cvslog distribution
page.
2005-06-05: kftgt 1.8
This package is still mostly frozen, but I had a bug report from a
co-worker about krsh not calling rsh with -f to forward K5 tickets, I
wanted to do some repackaging as part of taking over the Debian package
from Ben, and it looks like x86_64 Linux did something weird to res_search
that broke detection of libresolv. All that means a new bug fix release.
I still have one other pending request (continuing on when forwarding
tickets to multiple hosts, even if one failed) that I'll probably implement
at some point, but I'm not sure when.
You can get the latest version from the
kftgt distribution
page, although if you're not at Stanford you're very unlikely to care.
2005-06-05: kstart 2.7
I've done a ton of work on this since the previously announced release
(2.3), both in response to Debian bugs and Debian packaging needs and to
make it easier to do a bunch of things we've needed to do with our new
Debian servers.
The big news is that I've now incorporated all of the functionality of
runauth into kstart
and improved it in the process. Both the K4 and K5 kstart now know how to
run a specific command, rather than just obtaining tickets and tokens.
When running a command, they stay in the background, refreshing tickets and
tokens as needed until the command exits (only works with commands that
don't background themselves, of course). And when running a command, they
both support putting the command into its own PAG, if the OpenAFS libraries
are available to build against.
Other significant changes are the renaming of kstart to k4start to avoid a
conflict with a KDE program (so now the kstart package provides k4start and
k5start), a tested port of k5start to Heimdal, and a flag to tell k5start
to figure out what principal to authenticate as by reading the keytab,
making it easier to write portable scripts that use k5start. Along with
the big changes, there are also a lot of minor cleanups, improvements in
error handling and reporting, documentation improvements, and build system
fixes.
With this release, runauth should now be considered obsolete. We're going
to phase out our use of it at Stanford in favor of the new kstart programs.
You can get the latest release from the
kstart distribution
page. Alas, it didn't make it into Debian sarge, but it will be in etch.
2005-06-05: remctl 1.9
One thing that working on Debian packaging teaches you is that if a package
has a configuration file that other packages may want to add to, it should
support a directory of configuration fragments. Since we use remctl to
export an interface to all sorts of different things, and since all of our
systems export the Nagios local checks via remctl, remctl really needed a
way for multiple packages to add to its configuration.
Accordingly, I added the ability to include another file or a directory of
files to the remctl configuration syntax. While I was at it, I also fixed
the default configuration file location to be relative to sysconfdir rather
than the current directory, added support for continuation lines, stuffed
all the other nonsense remctl was logging besides the actual command behind
the -v flag, and significantly improved the remctld man page.
I have a lot of additional cleanup pending, switching to message handling
and malloc wrappers taken from INN and cleaning things up to get ready to
make the remctl client into a library for the wallet project. I'll
probably also add some include mechanism for the ACL files as well. If I
end up having time devoted to the wallet project, this will go quickly; if
not, it will come in dribs and drabs.
You can get the latest version from the
remctl distribution
page.
2005-06-06: reminder 1.5
I've made reminder a bit more general by not defaulting to my e-mail
address and making people change the configuration, and I also fixed the
sort order when displaying reminders to properly sort numerically. There
may have been a bug that would cause reminders to get overwritten when
creating more than 10 of them, so I recommend upgrading if anyone other
than me is using this.
You can get the latest version from the
reminder distribution
page.
2005-06-07: volcreate 1.24
It turns out I'd never implemented support for comments and blank lines in
the serverlist.types file. That's rather surprising; I thought my fingers
just automatically typed that code every time I wrote a new routine to read
a file. We discovered this didn't work when we tried to comment out a
server temporarily and volume creation broke. Anyway, now comments and
blank lines behave properly.
You can get the latest version from the
volcreate
distribution page.
2005-06-09: frak 1.32
The -l option to specify the output file for the frak output didn't work if
an AFS volume was given on the command line rather than a path. Noted by a
co-worker and now fixed.
You can get the latest version from the
frak
distribution page.
2005-06-13: Destressing
So, although I'd gone quiet for the past few days (right after having
decided to try to make a journal post a day, too, which is probably why I
never actually post the stupid promises I make to myself so that I don't
have to feel bad about breaking them), I've actually been doing quite a
bit.
After running into yet more frustrating problems building our cluster
environment on 64-bit Red Hat (really, this isn't that hard -- the problem
is that we have basically no Red Hat infrastructure that's up to my
standards and getting all of the patched bits of software we use to build
is sometimes a challenge), I decided Friday night that I needed to stop
thinking about the work that everyone else wanted me to do and just work on
whatever I felt like. So that's what I did all weekend. I came into work
where it was quiet and deserted, put in earphones, and pursued whatever
random project struck my fancy.
As a result, three more Debian packages are now sitting in the NEW queue
(libauthen-krb5-perl, libnews-article-perl, and libpgp-sign-perl), an
upload to adopt libauthen-sasl-cyrus-perl is waiting for my sponsor, an
upload of some random fixes to the openssh-krb5 package is waiting for
sponsoring as well (probably the last one before Sam's 4.1 work starts),
and I built some new Debian packages for internal purposes.
I also spent a lot of time watching the new maintainers pages, since for
whatever reason I'm currently finding it endlessly fascinating to speculate
about what might be going on (or not going on) with the various applicants.
The rest of the weekend, and there was quite a bit of it, was devoted to
INN. I did some more catching up on the mailing lists and work towards a
new stable release, but that wasn't destressing enough, so then I went to
work on pet projects. Almost all of the IPv6 support that was originally
added with a maze of ifdefs has now been cleanly encapsulated in a generic
networking layer and all the ifdefs removed from the mainline code.
There's only one bit left, in the horribly hacky ident support in innd,
which I'm seriously considering fixing via the overkill of writing an ident
channel as practice writing channels.
That only took about six hours, so I also reformatted and reworked the core
channel code of innd completely, breaking a few long functions into
separate functions and generally making it readable again. I then wrote
the beginnings of real internals documentation for innd, since I was
puzzling out how to write channels and then possibly write the long-needed
DNS channel to redo host lookups rather than forcing an incoming.conf
reload. And, finally, I wrote the code to add overview data based on Xref
data for the new overview API, which was the prerequisite for converting
overchan and makehistory to the new API. Test suite is three times the
size of the code.
I'm thinking about changing the overchan data format, actually, by adding a
comma-separated list of group:number pairs as the first data element. I
can hack overchan to not care whether it gets the new format or the old
format, and this will tie in much better with the new way I want to do
overview handling in the rest of the code. But I'm still thinking about
that.
Today was less fun, due to a combination of not quite enough sleep last
night and the return of that annoying work thing (I like most of what I do,
but I have a pile of stuff to do right now that isn't the stuff that I
like). But I sorted out the 64-bit Red Hat stuff that I had to deal with,
and my slides for the AFS
Workshop next week are done early in the week instead of at the last
minute. I was going to do the overchan conversion to the new API tonight,
but I'm way too tired, so it's off to read more of Forever Peace
instead.
Tomorrow, the day gets devoured by meetings, and whatever energy I can drag
out of the other end goes towards trying to write some documentation that's
rather overdue, I think. Wednesday, I really must drag myself down to a
shoe store and acquire new walking shoes before the threatened hole in the
bottom of the soles of my current ones actually materializes. I hate
clothes shopping of any stripe.
There, that's at least three days' worth of entries.
2005-06-14: Red Hat PAM
There is clearly some sort of secret magic that I am missing, since the
evidence that I currently have available to me would indicate that the PAM
subsystem shipped with RHEL4 is an erratically-working, badly implemented
pile of crap that does things like losing stored auth tokens between
calling pam_authenticate and pam_sm_setcred.
Also, authconfig blows.
People wonder why I prefer Debian so strongly to Red Hat. It's because
when I use Debian, SHIT ACTUALLY WORKS.
I am now going to go off and start a new novel and try to forget about
sshd, PAM, Kerberos, and AFS before I hunt someone down in the streets and
mutilate them with a fork.
2005-06-15: Where Debian is today
Ian Murdock posted a great essay on both why Debian is important and what
it needs to work on from here. The bits about where Debian should go
aren't particularly exciting — true and important, but stuff
like "better vendor support" is stuff we've been hearing for years.
What's more interesting for me to read is the summary of where Debian is
right now. This is a good time to take a step back and realize that Debian
is pretty clearly the #2 distribution (or at worst #3), has significant
impact on the direction of Linux, and has put together a damned impressive
set of software entirely as a volunteer community project. There's
no full-time staff and barely a budget, and yet look at the quality product
that Debian has achieved.
Some of the subtler aspects of this aren't as obvious from the outside.
The reason why I'm joining the Debian project are not just the obvious
ones. It's that I, as someone who has been doing the packaging and
infrastructure thing for a decade now, took a long and close look at the
infrastructure and tools that are underneath the Debian project and the
quality blew me away.
Red Hat and SuSE may very well have good internal testing infrastructure,
but at least the public face for contributors is far, far inferior to what
Debian has. Just start at
packages.qa.debian.org and start
following links and think about what's going into each part of that. Click
on the name of a maintainer and look at the maintainer summary. Look at
the integration with the bug system and with the testing migration
infrastructure. Look at the buildd information. Look at the package
history, easily accessible.
Or start from the tools and documentation. There is nothing like Debian
Policy; it's unique. Or look at lintian, possibly the most useful
packaging tool I've ever seen. Or debhelper. These are high-quality
products maintained by people who know what they're doing and optimized for
generating the highest quality packages with the least amount of developer
time.
And this was all done by volunteers, with no strong central organization,
using PGP authentication and donated hardware and individual effort.
Sometimes what people can do is just damn cool. This is what free software
is all about. We don't always need a company to organize the work, we
don't always need a government to manage social interactions, and we don't
always even need any sort of clear economic motive. If we make it
possible, a bunch of people will spontaneously cooperate on making the
world a better place. People from all over the world.
Best antidote for political news ever.
2005-06-16: Music, hopefully
I'm leaving Monday morning for Pittsburgh for the AFS and Kerberos Best
Practices Workshop and have been sort of dreading the flight, and Jon
suggested that perhaps music would be in order. I have a portable CD
player that I've used from time to time to a fair amount of success, but,
well, it's a portable CD player. This is, today, the height of lame; I
think Walkmans are more chic. Also, two hours of battery life and carrying
CDs around is obnoxious.
So that got me started thinking about portable MP3 players. However, being
the sort of person that I am, all of my music is in Ogg Vorbis, not in MP3,
and I really don't want to convert it. That immediately limits the field
of MP3 players by quite a lot.
Today, after dithering about this for rather too long, I decided fine, I
haven't spent that much money this year and I should really try this
portable music thing that everyone else swears about. However, we
completely struck out at Fry's in attempting to find something that would
play Ogg Vorbis, other than a 128MB Flash player. I don't have a huge
amount of music, but I've got more music than that, and know perfectly well
that I'd get sick of only 128MB of music in the course of one plane flight,
let alone two.
So off to Amazon, since they have this overnight shipping thing, right? And
if I'm going to drop $300 on a player, adding $25 for the shipping really
isn't that significant. Of course, Amazon didn't stock what I really
wanted (the 20GB iRiver player), and finding clear compatibility
information on-line for Debian and MP3 players is harder than one would
think. (Finding Ogg Vorbis compatibility information is actually quite
easy, thankfully.) And most of my other choices didn't offer overnight
shipping.
To make a long story short, after lots of searching, hemming and
hawing, and deleting my shopping cart, I just bought a mpio HD300.
The documentation apparently sucks and in theory it requires a
Windows (or Mac) program to generate its indices, but based on
someone else's work, it looks like that's pretty easy to surmount. And
not only is it pretty easy, but the player internally supports .m3u
indices, which means that I can drop Madman-generated playlists on the
thing. And, again if this information pans out, I can do the firmware
upgrades from Linux. Sweet.
Amazon claims that it will not arrive until the 20th, which is too late.
This is quite possibly the case, since the one-day shipping thing often
does not consider Saturday a day. We will see. If it does not arrive, I
will be out $25 and will get it when I get back. Oh well. If it does
arrive, hopefully it will actually work. This will involve getting USB
working on my bizarre system at home, or getting it working on my less
bizarre but also less rebootable system at work, something that I've never
done before because I'm not a portable gadget sort of person. Hopefully I
will be travelling to Pittsburgh with music. Alternatively, I may be
travelling to Pittsburgh with considerably less hair. We'll see.
2005-06-16: Latest haul
This is a Powell's order that I had pending from before Baycon, with the
addition of a few things that were on sale or caught my eye during Baycon.
Mostly the point was to get the rest of Langford's stuff, though.
George Alec Effinger -- George Alec Effinger Live from Planet
Earth (sff)
Edmond Hamilton -- The City at World's End (sff)
Gwyneth Jones -- White Queen (sff)
Guy Gavriel Kay -- The Last Light of the Sun (sff)
David Langford -- The Complete Critical Assembly (sff)
David Langford -- He Do the Time Police in Different Voices
(sff)
David Langford -- The Leaky Establishment (sff)
David Langford -- The Space Eater (sff)
David Langford -- Up Through an Empty House of Stars
(nf)
Simon Singh -- Fermat's Enigma (sff)
Charles Stross -- The Atrocity Archives (sff)
So many books and so little time. I should probably drop books faster when
they're not working for me, but I want to finish them before writing a
review and I really want to write the reviews....
2005-06-17: Almost there....
Lots of mail and writeups sent out today. Various meetings gone to.
Travel arrangements made for the airport. Mostly caught up on the mail I
need to be caught up on.
This weekend, I still have to write my weekly status report, fill out my
time allocation for the week, and do the AFS backend cleanup work that I
promised to have done for the conference, but I'm nearly ready to head to
Pittsburgh and not think about work other than the conference for a week.
I'm really looking forward to this.
I'll feel even more ready once I get the status report and timesheet entry
done, but I'm just too beat tonight.
2005-06-18: afs-backend 1.20
This was the only of the list of AFS-related software that I sent to
openafs-info that anyone indicated interest in, so it won. This is the
software we use for delegated volume administration, specifically creating,
deleting, releasing, and setting the quota on volumes. It's not hugely
featureful at the moment, but it works pretty well.
Unfortunately, there was rather more site configuration than I realized,
since it ties into how we create and remove volumes, how we name volumes
and assign them to volume types, and how we get AFS credentials. There's
therefore a fair bit of stuff to review and possibly change to deploy it at
a new site. Hopefully it will still be useful to someone.
You can get the latest version of afs-backend, along with the
afs-backend-acl script used to generate the remctl ACL file from the
internal ACL file, from the
afs-backend
distribution page.
2005-06-19: New review index
I got curious about something, so I cobbled together a bit of code this
evening. The result is this index of
books that won
multiple SFF awards. It's an interesting list, and probably one that I'll
use to prioritize my reading.
I haven't done a statistical analysis of ratings on those books yet, but
just looking at the ratings column, I'm not seeing a lot of difference in
average rating between books that won two awards and books that won three
awards. Certainly, the two that won four awards (Rendezvous with
Rama and Gateway) are not books that blew me away, but the sample
size is small. However, it looks like winning at least two awards weeds
out a lot of the crap; while most awards seem to eventually produce at
least one book that I rate lower than a 5 (meaning I thought reading it was
a waste of time), there are no ratings below 5 on this list.
The most common pairing is Hugo/Locus, which doesn't surprise me. The most
common triple is Hugo/Locus/Nebula, also not particularly surprising.
There are some political and qualification-based reasons why those awards
are likely to run in parallel, but they also all have been running for
quite a while and Locus hands out two awards a year. (I really should
split Locus SF from Locus Fantasy rather than just blending them together
on both the awards page and here. Project for another night.)
BTW, for those who didn't already realize it, my SFF awards pages aren't
nearly as comprehensive as
Locus's, but they're also updated
much more frequently. If you're interested specifically in award-winning
novels, I try to get the latest award winners recorded within a week or so
of when I hear about them, and I follow enough blogs and similar news
sources that I generally hear about them within a day or two.
2005-06-20: Random travel observations
Airlines (or at least US Air) have stopped serving food gratis and have
started charging for it on the plane. What a crock. Also, I think the
isles have actually gotten even narrower -- either that, or my tolerance is
worse. On the other hand, isle is fairly convenient, and I should get an
isle seat in the future.
Security was stunningly efficient and fast at SFO for once. I think I
waited a total of two minutes.
There is basically nothing close to my hotel (which is in a really stupid
part of Pittsburgh to put a hotel -- I'm sure the land was cheap) that
serves good food and is open at 10pm. Also, I still get too easily nervous
in questionable-but-not-bad neighborhoods. This should be simple to deal
with after tonight, though; this was the only tricky night.
Books are wonderful things. Finished one on the plane and halfway through
another. It's rather tempting to stay up and read, although if I do, I'm
going to be sorry tomorrow, as I have to get up at 4:30am "my" time.
The hotel network is very slow and had broken my connections three times
already. I think I'm going to read a lot in the evenings, which is just
fine by me, actually (although I'll miss some social activity).
2005-06-23: New journal formatting
I haven't written much lately in part because I've been very busy at the
conference in Pittsburgh (giving two talks and doing lots of networking, as
well as a great dinner with some SF/Usenet folks from the area last night),
and in part because the network here hasn't been great. It's particularly
bad in the hotel.
It wasn't too bad during the conference today, though, and there were a few
things I didn't care much about, so I finally got around to redoing the
templates for my journal to make them look a little bit better. I may well
have broken IE or Opera again (let me know if so), but it looks quite a bit
nicer on Firefox. (And honors default font styles, which has been bugging
me for a while.)
This isn't the long-awaited move to WordPress, which I'm still planning on
doing, unless some other free blog software ends up looking like it has a
better maintenance policy and can still deal with comment spam. I should
probably take a long look at Blosxom before picking something.
2005-06-23: New NNTP standard
The new base NNTP standard has been approved by the IESG for publication.
We're actually going to get a new standard!
Hopefully the three extension drafts will be following within a couple of
months, if not less.
2005-06-24: Back in California
The flight back was long but fairly nice, thanks to managing to get an exit
row seat. Middle vs. aisle vs. window really doesn't matter there. I got
a lot of reading done and would have gotten more done if I'd gotten to bed
at a reasonable hour last night and therefore hadn't been too tired to read
for much of the day.
The mechanism to redirect water from the tub to the shower has fallen
apart, but I have a workaround. Tomorrow, I will try to get caught up on
at least some categories of mail (work is going to wait until Monday) and
pick up packages. Now, I am going to sleep, as my body thinks it's 2am and
I'm not sure I want to discourage that belief; waking up early for a while
would be useful.
I have two books finished and ready to review, the first of which will be
coming tomorrow.
2005-06-25: Switching to Postfix
After using qmail for years, I've finally decided that it's time to switch
to something else. I really like qmail's general model and particularly
like how its configuration files are handled, but it's accumulated enough
issues that Postfix looks more attractive.
The main problem is backscatter spam. I've been adding various bogus
addresses to qmail to discard all mail to them, but that hasn't kept up
with the variety of crap that spammers are trying. As a result, I know
I've been accepting a lot of mail and then bouncing it back to the (forged)
envelope sender, and have been feeling rather bad about that. Postfix not
only lets me avoid that for local recipients, it lets me avoid that for
backup MX hosts as well (by keeping a record of which recipients are valid
on the remote system). This is quite nice.
There are other problems with qmail as well, though. The weird licensing
means I have to build it myself and not just use Debian packages, which I
much prefer. Despite promises of qmail 2.0, it looks like qmail
development is near-permanently stalled, and there are some features I'd
like to have. And it's getting to the point where I want to plug in
various spam detection or prevention add-ons, possibly including such
things as greylisting or running SpamAssassin before delivery, and of
course everything supports Postfix and not much supports qmail.
I could have stuck with qmail but switched to a different SMTP listener,
and that would have resolved many of these problems, but it still would
mean building my own qmail rather than using native packages.
I've switched windlord over to Postfix already. It only took me a couple
of hours to write all of the configuration, rename my .qmail files, and
test the oddities. If I find the time, I'll put together a web page
listing the various issues that I ran into. Some things definitely aren't
as nice -- the program interface is significantly inferior, the
configuration syntax is much more complex and annoying, and I had to tweak
several of the scripts I use to process mail.
Postfix isn't unambiguously better. If both packages had the same license
and were both actively developed, I would definitely use qmail over
Postfix, even if qmail had no additional features. The Postfix features
aren't worth the annoying configuration and loss of good program
functionality. But the backscatter problem is just huge now, and the
longer I maintain Unix systems, the more important it is to me to be able
to reuse other people's packaging work rather than constantly rolling my
own.
2005-06-26: woody to sarge upgrade
haven, the one system of mine that I keep on Debian stable since it's a
multi-user system and people other than me rely on it working to get their
mail, has been upgraded from woody to sarge. That also means I'm now using
the new tripwire (quite nice) and aptitude on all of my systems. And yes,
if you use aptitude for everything, the auto-removal feature is extremely
nice.
The upgrade was completely painless. I followed the release notes and it
just worked; the only slow parts were figuring out what local modifications
I'd made and could now remove or do in a cleaner fashion. And now I have
ssh-krb5 everywhere, which means that I could start thinking about turning
off Kerberos rlogin on my personal systems, although it's still the login
method I use automatically.
deborphan's handling of Perl and PAM modules isn't always what I want, but
debfoster and now aptitude are really superior anyway. The only reason why
I even look at deborphan any more is because debfoster for some reason
never wants to remove certain high-priority libraries, even if nothing is
using them.
2005-06-26: Only Forward
Review: Only Forward, by Michael Marshall Smith
Publisher: Bantam
Copyright: 1994
ISBN: 0-553-57970-3
Pages: 341
Only Forward starts out with a fascinatingly quirky setting, a
continent-spanning city where each neighborhood has gone its own way,
catering to different personalities, different wants, different laws. The
viewpoint character and narrator appears to be some sort of freelance
troubleshooter, the sort of person who's handy with weapons and takes on
jobs that need doing. With an irreverant tone and a bizarrely off-beat
world with wonderful gadgets, the story launches into what seems to be a
weird adventure story.
I found Stark's commentary mixed in with the story delightful. Between
recounting his adventures, he occasionally banters with the reader quite
effectively. The world is just nuts; for example, Stark lives in a
neighborhood in which the streets color-coordinate with the passers-by, and
there is a mandatory period of black clothing every evening to allow
everyone's eyes to relax. He's working for the denizens of the
neighborhood of corporate ladder-climbing, where everyone works as hard as
they can to get things done and better themselves and get promoted.
Somehow, though, it hangs together in an odd way. One doesn't exactly
believe in the world so much as have so much fun in it one is willing to
ignore the fact it doesn't make a great deal of sense.
Then, nearly halfway through the book and after meeting several wonderful
supporting characters, the bottom falls out of the story with a noticable
ka-chunk and it suddenly becomes something very different. The tone
changes, going more introspective, more metaphorical, and more serious.
The narrator starts becoming affected by what's going on, and something
bigger starts to surface.
This was very disconcerting when it happened, and not a little
disappointing. I badly missed the strange world of the first section of
the book and was a little annoyed that I had to read through this heavy
psychological stuff that didn't make a great deal of sense in order to get
back to more of that story.
Then there's another ka-chunk, the bottom falls out of the story again, and
suddenly everything is deeper, larger, more complicated. Far more is going
on than it appeared. Then it happens again. And again. And the ending is
absolutely brilliant, tying everything back together and showing how much
more was truly going on from the beginning.
I was annoyed at Smith for taking me away from the initial world; by the
end of the book, I'd forgiven him completely. Despite the bump partway
through, I've rarely seen plot twists and an unreliable narrator (who is
telling you all along that he's unreliable) handled better. By the end, I
was completely hooked on his story. And amidst Stark's struggles with his
own past and demons, there are some beautifully phrased observations:
When you're born a light is switched on, a light which shines up through
your life. As you get older the light still reaches you, sparkling as it
comes up through your memories. And if you're lucky as you travel forward
through time, you'll bring the whole of yourself along with you, gathering
your skirts and leaving nothing behind, nothing to obscure the light. But
if a Bad Thing happens part of you is seared into place, and trapped
forever at that time. The rest of you moves onward, dealing with all the
todays and tomorrows, but something, some part of you, is left behind.
That part blocks the light, colors the rest of your life, but worse than
that, it's alive. Trapped forever at that moment, and alone in the dark,
that part of you is still alive.
It takes until the very end of the book to realize why, but the title is
absolutely perfect.
This is the first truly excellent Philip K. Dick award winner that I've
read. I still want to read a complete novel set in that initial world, but
I wouldn't have wanted this story to be any different. I'll warn that the
whole book isn't light adventure and should be saved until you're in the
mood for something deeper, but highly recommended.
Rating: 9 out of 10
2005-06-27: Music update
My new portable music player did not, alas, arrive in time to use for the
flight, but I did get it as soon as I got back in town and have been
playing with it. I'm planning on writing up a web page giving all the
details of what was required to get it to work, but here are some
preliminary notes, mostly so that I don't forget things.
It uses a VFAT file system. Helpful to have the kernel module for VFAT
built. Note that building the FAT kernel module, while required, is not,
in fact, sufficient, as that module just provides common infrastructure and
doesn't actually implement a file system. As is stated clearly in the
documentation that I clearly didn't read.
When rsync'ing data to a VFAT file system, use --modify-window=1, or rsync
thinks it has to do more update work than it actually does. Another
annoying thing about VFAT is that it doesn't support a full character set
range, which means that album and artist names with certain characters need
to get recoded for VFAT storage.
I now see what people mean about 20GB of music being quite a bit to handle
on a portable player. It's particularly a lot to handle on a player with a
more annoying control than a simple rocker switch for scrolling and with no
page up or page down buttons. I really could have done without the "slide
your finger on this" interface. Anyway, the album/artist/genre menus are
way too long to bother scrolling through -- thankfully, they're just m3u
files (one of the reasons why I bought this player), so I can make them be
anything I want.
The stuff I downloaded off the web to build .m3u files doesn't understand
that, in practice, Ogg Vorbis tags are case-insensitive and is going to
require some re-education. (Although given that I thought grip was doing
all of my tagging, I wonder how I ended up with different case conventions
for different files; maybe retagging my files is a better option.)
I think the way I'm likely to end up using this thing is to build a
randomized list of all songs with three stars or higher from Madman and
then copy that over as All.m3u, lying to the player about what "all" means.
It's still rather nice to have all the music there and I can find it by
file hierarchy browsing if I really need to (although at some point I need
to figure out a way to fix the directory names used for my music collection
without confusing madman).
Wow, I own a lot of crap that I'm never going to listen to.
2005-06-28: NNTP standardization status
The IESG approval of the base document has now been announced, and it's in
the RFC editor's queue.
The other three extension documents (AUTHINFO, STREAMING, and STARTTLS)
have had additional drafts published following their last call and are now
awaiting IESG review, hopefully in the telechat towards the end of July. I
don't anticipate any problems.
Then, it's just a waiting game for the RFC Editor, which may be delayed a
touch since AUTHINFO depends on a DIGEST-MD5 revision as the
mandatory-to-implement SASL mechanism. I'm optimistically hoping to see
everything published as RFCs by the end of the year, completely not knowing
what the average waiting period is.
It will be somewhat funny, although not too surprising, if the drafts get
published as RFCs before I manage to become a Debian developer.
2005-06-30: Pieces of apt everywhere
I see that we're now into the portion of the Debian release cycle where
unstable really means unstable. Signature verification was added to
apt in a way that causes warnings to happen if a particular archive
isn't signed (probably good), but there's no documentation on what
exactly is needed to get this working except in the wiki. And that
documentation isn't really sufficient; is the Release file that I'm
supposed to be signing the one in dists/sid/main/binary-i386, or is there
some higher-level Release file I'm supposed to sign?
If that's the one, I don't really see the point, as it doesn't contain
anything that changes. Clearly other stuff needs to get signed too. Of
course, debarchiver doesn't know what to sign, and sans documentation it's
a bit hard to figure out what changes I should feed back to the debarchiver
maintainer.
Then, of course, my ability to do anything in Debian is severely hampered
by the fact that this change to apt broke pbuilder, since apt inside the
pbuilder chroot doesn't know the archive keys and therefore wants
confirmation to install untrusted packages, but pbuilder doesn't provide
the right options to force the confirmation.
And, on top of that, debootstrap in sid is broken for the buildd varient
(and, as near as I can tell, for the non-buildd varient as well), so I
can't set up new pbuilder chroots.
I don't really mind all of this -- unstable is unstable, after all. I just
hope it gets fixed quickly. In the meantime, I guess I'm working on INN
instead of on Debian stuff.
All posts