2008-07-05: podlators 2.1.1
This release was primarily to address the test suite failure with the
current version of Pod::Simple. It finally fixed a whitespace parsing bug
in S<>, which meant that a podlators test became active and it turned out
I wrote the test incorrectly.
Since I was doing a release anyway, Pod::Man now suppresses the long
accent definition section of the preamble if run with --utf8 and there's a
bit more testing of Pod::Man options.
You can get the latest release from the
podlators
distribution page.
2008-07-05: Tasker 0.3
Tasker is a CGI-based very simple to-do list manager that I wrote some
time back when I realized I needed a more structured way of keeping track
of what I was working on. I outgrew it some time back, and switched to
Roundup with some custom templates to implement a version of Getting
Things Done and mostly forgot about it. However, then a co-worker
discovered a similar need and, as when I started, didn't need anything as
complex as my Roundup environment, so I helped him install Tasker and he's
been quite happy with it.
Of course, that meant a few tweaks. This is the first release in four
years and adds support for adding the completion date to subtasks when
finished and changes the file naming for completed tasks to use an ISO
date format instead of seconds since epoch. This allows one to look at a
directory listing and see when tasks were completed (very useful for
writing status reports).
Since I was doing a new release anyway, I also moved Tasker into Git from
my old CVS repository.
You can get the latest version from the
Tasker distribution
page.
2008-07-08: WebAuth and LDAP
Andreas,
WebAuth really only requires that you use a Kerberos infrastructure for
all of the web servers involved. It doesn't actually require that the
user accounts be in Kerberos. That's the default, and the way
verification is done by the WebKDC module, but the WebLogin front-end can
also choose to do account verification itself and tell the WebKDC to trust
it.
There is currently code in there to do this for the REMOTE_USER case but
nothing specifically to do an LDAP modification. However, it should be a
relatively straightforward modification to login.fcgi, and I'd certainly
take a patch that made it a hook.
WebAuth still may not quite be what you want, but I wanted to throw the
option out there.
Another thing you could look at is Shibboleth, which does the whole web single sign-on thing without
assuming any particular authentication system. (You have to protect a URL
on the IdP with the authentication system of our choice.) The SP is
packaged for Debian but the IdP isn't, and the configuration syntax and
the documentation are fairly horrible, but it works and has a lot of fancy
features.
2008-07-10: pam-krb5 3.11
This release involves quite a bit of code restructuring so that pam-krb5
can finally properly support account expiration the way that it's supposed
to work in the PAM API documentation. pam_authenticate is supposed to
return success, pam_acct_mgmt is supposed to return the error indicating
that the account is expired, and then the application is supposed to call
pam_chauthtok. There are a couple of hard parts to this: with Kerberos,
you find out the account is expired during authentication and have to
stash that error somewhere, and pam_chauthtok has to do a regular Kerberos
authentication after changing the password so that the application can
continue on to pam_setcred without calling pam_authenticate again (which
they don't do). This can't be the default, alas, because of the
applications that don't ever call pam_acct_mgmt or ignore the return
status.
Normally you don't need to use this, since normally the Kerberos libraries
will try to do password change at the time of authentication if it's
expired. But the Solaris Kerberos libraries have this mechanism disabled
and expect the PAM module to implement the fully correct password change
method.
I also added force_pwchange, which is similar but does the password change
at authentication time, simulating the library behavior that may be
disabled. This can be used with broken programs that mishandle the
calling sequence for a PAM authentication.
In other changes, setcred, open_session, and acct_mgmt now return
PAM_IGNORE instead of PAM_SUCCESS for non-Kerberos logins, now that I'm
aware of that option. pam-krb5 now doesn't leak functions into the
application namespace at least on Linux. I implemented both the gcc
attribute to set visibility on all the symbols and a version script to
suppress anything else other than the PAM interfaces. I also removed a
workaround for early versions of MIT Kerberos 1.6 that was causing PKINIT
problems in current versions (the bug has since been fixed) and updated
the Kerberos Autoconf macros.
pam-krb5 is now maintained in Git, and I added the Debian packaging to my
repository alongside the upstream development along the lines I documented
in my Git notes page. Git's
documentation isn't horribly coherent about how to set up remotes and
selectively push things to a repository, but I tried the obvious for
pushing only the packaging branches to Alioth and renaming them in the
process and it actually worked (with a bit of tweaking). I was very
impressed.
You can get the latest version from the pam-krb5 distribution page.
2008-07-10: pam-afs-session 1.7
I was supposed to be done something else, like exercising, but since there
was only one package left in the old svk repository and only one package
for which I was still using bzr....
I made similar changes to pam-afs-session that I just made to
pam-krb5 3.11: return PAM_IGNORE
when AFS isn't available or when the module is configured to do nothing,
improve the symbol visibility and symbol exports to stop leaking symbols
into the application space (more relevant here because of the k_*
functions from our libkafs replacement), and update the Autoconf
machinery.
As with pam-krb5, pam-afs-session is now maintained in Git.
You can get the latest version from the
pam-afs-session distribution
page.
2008-07-13: INN 2.4.5
Julien is maintaining a much better release schedule than I was even when
I was actively working on INN development, which is great to see. This is
the next bug-fix release to the INN 2.4 series, fixing various issues with
nnrpd, several crashes, some Perl filter issues, and a few other problems
that turned up since the previous release. It also contains a much
improved version of pullnews.
You can get the latest version from ftp.isc.org. There is also a link from my
INN page.
2008-07-13: New David R. Palmer novels
I first got mail about this in April and let it sit in my inbox until it
got buried and I didn't do anything about it. (Proper to-do list
management is supposed to deal with this, thus proving that I still don't
have this down yet.) But belatedly....
David R. Palmer is the author of the short-story "Emergence," which is my
favorite SF short story of all time, and the novel expansion
Emergence, which
is one of my favorite books. Both are frequently mentioned in discussions
of forgotten or one-hit authors or "the best SF books you've never heard
of."
After a long silence, Palmer is apparently back to writing and publishing.
Tracking, the sequel to Emergence, is currently being
serialized by Analog (starting with the July/August double issue).
You may still be able to get the beginning of it. It's supposed to run
for three issues, through October, and then roughly a month later, should
come out in book form along with a sequel to Threshold (the first
book of an unfinished series that's Palmer's only other novel) entitled
Spēcial Education and a new novel entitled Schrödinger's
Frisbee.
The novels will hopefully be available via Wormhole Press, which currently
just points to a "domain under construction" page.
2008-07-20: podlators 2.1.2
Nicolas François uncovered another bug in the UTF-8 support. Pod::Simple,
if a flag is set (which Pod::Man sets) to do internal processing of S<>,
changes all spaces to ISO 8859-1 non-breaking spaces. This of course
breaks UTF-8 output. This release now changes the ISO 8859-1 code point
to a UTF-8 code point if UTF-8 output is enabled, which is an ugly hack
but seems to work for now.
In this release, Pod::Man also changes to using .SS instead of its
own internal .Sh macro for subheadings, since everything seems to
support it.
I also wrote a new test to check the spelling on all of the documentation
using Pod::Spell and piping the output through ispell -l. I'm very
happy with the results; it caught a bunch of markup errors and a few real
spelling errors. Unfortunately, in the process I discovered that none of
the other, newer spell-checkers in Debian support -l properly.
aspell doesn't at all,
and hunspell
apparently doesn't support English contractions (see
#491638). So for now ispell is
required.
You can get the latest version from the podlators distribution page.
2008-07-21: Tired now
Last week, Stanford University hosted Cartel, a gathering of several schools that share similarities of
infrastructure and IT problems. I was one of the coordinators, handled
most of the content for the
web site,
helped prepare the agenda, and presented for three of the segments. It's
considerably more work hosting and coordinating one of these than just
attending one, even with the travel.
Jeff Altman and Derrick Brashear, the other two OpenAFS gatekeepers, were
also in town for half of Cartel and stayed through Friday, so we went out
to dinner several times, played a great deal of Fluxx, talked about the
state of the world, and caught up.
This was all great and very informative, but I'm also an introvert, which
means that no matter how much I'm enjoying social interaction, it's also
extremely tiring. I'm still fairly wiped; I'm getting more done (and got
more done last weekend) than I really expected, but I expect I'll be
paying the price all the way through this week. (And then I have more
company from out of town that I've been looking forward to for months, but
which will then take its own toll, which means it's likely I'm going to be
exhausted until well into August.)
So, I'm currently looking at all the things I want to do and trying to
tell myself that not only is it okay that they're not all going to get
done right away, but I need to make a concerted effort to take time to
relax, try to work less than 40 hours this week (after working 56
last week), and spend more time reading.
Of course, writing reviews is one of the other things that I'm currently a
bit behind on....
Debian is freezing for lenny next weekend. If I have a few moments, I may
do final uploads of OpenAFS (to clarify that hppa isn't a supported
platform) and kstart (a long-awaited new upstream release that adds a flag
saying not to get forwardable tickets, needed if one has a krb5.conf
configuration saying to get them and a site policy that says you can't).
gnubg could stand another upload, but I probably won't get to that. The
Shibboleth packages are all in good shape except that they don't all have
complete copyright files for all the Autotools helper stuff, which is very
not important.
Thankfully, the freeze is basically meaningless for Lintian, which will
continue apace (and Adam D. Barratt continues to take much of the load off
by doing a ton of commit work), and means that Debian Policy work should
actually slow. My intention is to make the next normative release of
Policy shortly after the lenny release, which gives us plenty of time to
work on more changes for the next version. I plan on somewhat ignoring
both for a bit while I catch up on other things, since I released Lintian
1.24.2 on the 13th (which I see I never announced here —
whoops).
In other news, I finally started the process of moving services from
systems I own and have to fix to systems where someone else owns the
hardware and has to fix it when it breaks by buying a VM from
Panix. I still need to sort out my DNS
situation and get more direct control over my zone file now that I have
somewhere I can run my own DNS server so that I can start moving services
there, but so far, so good. I'm extremely impressed by their service and
capabilities and already have all of my Git repositories on the system and
gitweb set up once I get DNS updated.
2008-07-22: kstart 3.14
The main point of this release is the new -F and -P command-line options
to k5start, which force non-forwardable or non-proxiable tickets
respectively. We recently enabled forwardable tickets by default
site-wide in our krb5.conf, and immediately ran into problems with k5start
not being able to get tickets for our root instances (we use k5start -H a
lot for this) because root instances aren't allowed to be forwardable.
I'm not totally happy with how I did this, since there's no corresponding
-f or -p option; those options are already used for other things. I
should probably add long-option support at some point.
There are also some test suite improvements, including a test for the
daemon() portability replacement and for exit status propagation. I added
the spelling check for the documentation as well and fixed a few spelling
mistakes it found.
As of this release, kstart is now maintained in Git. You can browse the
Git repository at my shiny new gitweb installation.
You can get the latest release from the kstart distribution page.
2008-07-24: UTF-8 in web tools
A while back (wow, more than a year ago), I changed spin to generate UTF-8
pages by default, but my other web tools (faq2html, cvs2xhtml, and
cl2xhtml) didn't get the update at the same time. Now that I've switched
to a UTF-8 locale and encoding everywhere, that's broken, and the recent
podlators release had a change to the THANKS file that was encoded
incorrectly.
All three programs now have a new release that assumes UTF-8 by default
instead of ISO 8859-1.
You can get the latest versions from my web
tools distribution page.
2008-07-24: Slashdot promotion
Congratulations, Luk, on your new position as
the
Debian project's maintainer! Now you can fix the bugs in all of our
packages!
It's a huge job, which presumably is why Slashdot has given you an extra E
to help out. Or maybe that's just for plausible deniability....
2008-07-24: Orwell haul
I recently finished the first volume of Orwell's collected letters and
essays (review pending; I'm behind on reviews again) and was so impressed
that I ordered lots more of Orwell's writing, including 1984 which
I'd mysteriously failed to buy earlier. And, of course, I had to throw in
some random SF.
Elizabeth Bear — Ink and Steel (sff)
Ernest Bramah — The Wallet of Kai Lung (sff)
George Orwell — 1984 (mainstream)
George Orwell — Homage to Catalonia
(non-fiction)
George Orwell — The Road to Wigan Pier
(non-fiction)
George Orwell — Volume 2: My Country Right or Left
(1940-1943) (non-fiction)
George Orwell — Volume 3: As I Please (1943-1945)
(non-fiction)
George Orwell — Volume 4: In Front of Your Nose
(1945-1950) (non-fiction)
Catherynne M. Valente — In the Cities of Coin and
Spice (sff)
P.G. Wodehouse — My Man Jeeves and Other Early Jeeves
Stories (mainstream)
2008-07-26: New photo gallery
Due to vacations, travelling, and other alignments, I had a free day today
with nothing else pulling at my attention and was able to work for hours
on a single project. I used it to finally finish the work I'd started
last April on setting up a new photo gallery.
I'm still learning how to take good pictures (and haven't had much time
for it in the last couple of months), but I love how I notice so much more
detail when I'm thinking about taking pictures. I want to do more of it,
and having somewhere to post the results always helps with that.
I pre-seeded the gallery with a bunch of pictures so that I could play
with the layout and be sure that my design would scale, but I still have a
bunch of pictures I've not put up yet. The intention from this point
forward is to post a few pictures on a semi-regular basis and link one of
them into a journal entry each time I do. I doubt I'm going to manage a
picture a day, but a picture a week would be nice.
Today's picture:
Taken last fall on the Oregon coast. It came out quite well even though
it was before I knew how to use macro properly. As always, click on the
image for all the metadata and a link to a larger version.
2008-07-28: Another beach photo
I have very close friends visiting from out of town and yesterday and the
rest of this week will be devoted to spending time to them, so don't
expect much in the way of updates, responses to e-mail, or other publicly
visible activity. Here's another picture to give you something to look at
in the meantime.
Hopefully a software release or two will happen this week, and maybe some
more pictures, but you may not see other updates until next weekend.
2008-07-31: kadmin-remctl 2.2
This release flushes out pending changes that I'd committed some time back
but never released. It fixes a bug in checking the error status of
kasetkey (used for AFS kaserver integration) and better handles a missing
REMOTE_USER environment variable.
As of this release, the AFS kaserver integration support is deprecated and
no longer tested, since Stanford no longer runs an AFS kaserver realm.
kadmin-remctl is now maintained in Git and the Git repository is now
publicly accessible and browsable.
You can get the latest version from the
kadmin-remctl distribution page.
All posts