2009-11-01: Coming back
Looking along the fence line south of the Adobe Resort in Yachats,
Oregon. This was taken yesterday on a grey, overcast day. The plus of
the weather we had in Yachats is that I have tons of great cloud pictures,
but the lighting was a touch challenging before the clouds broke up.
I'm still in Oregon and will be off-line for most of tomorrow, but
otherwise I'm on my way back from vacation. I've been waking up with
ideas about coding or packaging work that I want to do, which is a good
sign. I'm not feeling ready for the social interactions of work yet, but
I have some more time before I have to deal with that. I'll be working
remotely one day before heading back to Stanford.
I've sorted through all of my mail, but not turned it into next actions or
updated my to-do list. That's the next step, which I've been poking at a
bit tonight and will probably start working on in earnest tomorrow night.
I did get my last book review written today, which means that with two
yesterday I'm now completely caught up. That's a great feeling. The
total reading for vacation, with a few more days and hopefully a couple of
books still to add, is nine books read, a tenth finished, and reviews
written of two more books that I read before vacation. It's not as many
as I've read some years, but it will make the total reading for the year a
bit more respectable.
I have a ton of pictures to sort through and annotate, and I still haven't
done that for last year's beach trip. The plan is to do that during the
evenings for the next few nights as a light task that I can do while
working on other things.
2009-11-02: Getting caught up
In Yachats along the 804 trail, there was a bunch of wonderful driftwood
with lovely white bark texture. I have a few more pictures like this that
I'll probably post later on.
I'm still making my slow way home, but we're driving less distance each
day than we normally do, leaving me time in the mornings and evenings to
catch up on e-mail. I've now read everything and started responding to
some of the things I'd marked as needing attention. I have a lot of
tagged stuff yet to get to, but I think I got through about a third of it
today. I'm also annotating all of my pictures, and today did one of my
largest days (117 pictures).
Tomorrow I'll be somewhere where (once I figure out how to make wireless
authentication work without Network Manager) I'll be able to settle in and
do some coding and tackle some larger projects. Hopefully I'll also
finish getting caught up.
2009-11-03: First day of work
Another photograph along the 804 trail in Yachats, Oregon during a cloudy,
overcast day. I love weather like that, better than sunny and clear
weather.
I'm now somewhere where I'm going to stay for a day, since four days in a
row travelling would have been a bit much. We only had a two hour drive
this morning, and then I got network and was able to get back to work.
I've just uploaded new OpenAFS packages to Debian unstable that include a
bunch of fixes that have gone into the stable branch, and will be
backporting them shortly for Stanford and later for backports.org. I'll
finish that off tomorrow.
I still have a fair number of messages marked to act on that I haven't
done something useful with, like figured out next actions, but I wanted to
accomplish something right off and feel better about being back to work.
The tentative plan is to do more organization tomorrow.
2009-11-04: Mail organization
The last few pictures haven't had much color, so here's something that's a
bit brighter. The traces of places where water once was are often
fascinating to my eye.
I did okay on catching up and organizing my mail. All the work messages
except a couple of reports have now been dealt with and disposed of, and I
updated a few scripts that I'd been meaning to update for quite some time.
I still have some personal mail and a bunch of Debian mail that hasn't
gotten the Getting Things Done treatment and turned into real action
items, and I haven't been working from my to-do list at all, but baby
steps. It was harder than I expected to focus and work from Roseville, so
it's good that I'm headed home tomorrow.
Since I worked a full day on Tuesday, tomorrow will be a vacation day.
Mostly it will be travel and reading, and then in the evening it will be
life organization. Friday, I'll probably start working on the Debian
bits. I have Shibboleth packages to update that will take a while; I was
going to start on that today, but ran out of time.
Between other things, I've been finishing the AFS server balancing work I
started before I left, since they were badly out of balance. Doing that,
I can see the need for a bunch more audit scripts, improvements to the
scripts we already have, and merging together some new scripts into
features for scripts I'd previously written. But I'm not allowed to spend
a lot of time on this right now....
Yes, the break tomorrow and quiet reading on the train will be very good
for me.
2009-11-05: Welcome home
I'm finally back home. This was the sight that welcomed me. It hasn't
actually rained here, but it was definitely raining around Davis and it's
supposed to rain north of I80, with snow above 6000 feet.
I was hoping to start on Shibboleth packaging today, but I wasn't feeling
that great for a lot of the trip home and it took a lot out of me. I was
worried for a bit this evening that I was coming down with someting, but
I'm feeling much better now, so it was apparently just one of those
things. But it meant fairly low energy; I haven't even started unpacking.
Oh well, part of my new post-vacation equinamity is not to push myself
beyond reasonable expenditures of energy. Things can wait until
tomorrow.
2009-11-06: Still catching up
Have a texture picture today.
Today was the first day back in the office, although not a full day of
work since I was way ahead on hours today. I caught up on e-mail and
talked to my boss about what happened while I was gone, and then started
going through the remaining e-mail that I had tagged to work on, and then
promptly got distracted by dealing with a pam-krb5 issue. Deciding to
stick with the philosophy I took away from vacation of trying to focus and
do one thing well, that was four hours of the day. pam-krb5 4.0 is now
about ready to go out.
But I did get the laundry done, the car on the charger, and my postal mail
picked up, and I suspect that tomorrow will be mostly devoted to
unpacking, organizing the house, doing shopping, and otherwise catching up
on life stuff.
Lintian needs some attention. Maybe soon. Shibboleth is getting
attention right now; the first of the uploads is now in NEW.
2009-11-07: Voting mutual fund proxies
(This information may be very US-specific. I have no idea how this works
in other countries.)
If you hold money (such as retirement savings) in a mutual fund, you have
probably received, from time to time, mailings asking you to vote on some
issue put before the shareholders. They usually involve elections of
trustees and sometimes other administrative changes to the funds. These
mailings always provide some option to vote the recommendations of the
board without any further effort. If you're like I used to be, you
probably either ignore these or, if made to feel guilty by the pleas to
vote your shares so that they don't have to contact people again, vote the
recommendations.
I'd like to encourage you to stop doing that and instead read and really
vote.
First, voting, including not voting the recommendations, is very easy and
doesn't require filling anything out and mailing it. Every one of these
proxy votes that I've seen recently uses proxyweb.com, which is a simple
and fairly usable web site. You just go to the web site, enter the number
at the top of the proxy card, and click on the Vote button (without
selecting the box to vote all the defaults).
Second, apparently in at least some circumstances all the shares held by a
particular investment company are voted proportionately based on the
people who respond. In other words, the votes that are received are taken
as representative of the people who didn't vote. This means that your
vote can actually have a substantial effect. (Cynically, I suspect this
is the actual reason why they encourage uninterested people to vote to
"save resources"; what they're really hoping is that those uninterested
people will vote the recommendations because it's easier.)
When I read the literature, I usually end up voting against most of the
proposals.
For example, my most recent proxy vote had a proposal to move the fund
from Massachusetts to Delaware, which is a tax and regulation dodge to
move into a very corporate-friendly legal state from one that cares more
about individuals and has more regulation. I voted against.
It also had a bunch of proposals to relax investment requirements "not
required by law" to give the fund more "flexibility." If you're like me,
more "flexibility" in investing around things like borrowing, creating new
senior shares, short-selling, and investing in real estate sounds like a
rather bad idea. So does eliminating all restrictions not required by
law. I voted against.
There was also a set of proposals that, so far as I could tell, basically
allowed the management company of the mutual fund to execute a legal dodge
to treat separate funds as separate corporate entities for the purposes of
investment law in some countries, allowing it to bypass some limits. I
voted against.
Voting for trustees is harder, since the typical invester isn't going to
know anything about most of them, but I apply some similar logic to how I
vote for judges in local elections. When voting for judges, I vote for
all defense attorneys and against all prosecutors, since I think the legal
system in California is too skewed towards prosecution and revenge.
Similarly, when voting for trustees, I withhold my vote for anyone who
holds positions with companies like J.P. Morgan or Citigroup or who works
in businesses like corporate strategy, because I think the management of
such funds is too biased towards insider Wall Street affiliations. It may
not accomplish anything, but I'm fairly sure it's not going to hurt.
Next time you get one of those proxy cards, think twice before tossing it
or returning it with the minimum number of checks. If you don't like the
way that corporate governance in the US seems to be primarily about
dodging taxes and avoiding regulation, you may be able to have more impact
than you realize by taking ten minutes to visit the web site and vote
against a few things.
2009-11-08: Domestic catchup
I suspect I've taken some variation of this picture more times than I'm
aware of, but I don't think I've posted any of them before, and I do love
this picture.
Today was the cleanup and catch-up day. I've now done the grocery
shopping and restocked the house, put away all of the clothes, finished
unpacking, made my monthly charitable donations, and caught up on all of
the paper mail, both the stack from before vacation and the mail that
accumulated during vacation. The mail took most of the day, since it's
one of those tasks that needs to be done weekly for me to stay on top of
it and it had been about five weeks.
But it's all done, the place looks much more clean, and I've been snacking
on good food. Which I should do less of, now that I'm back from vacation,
but I'm getting a lot of exercise, so I'm not worrying too much about it.
No work on-line today other than a bit of AFS server balancing.
The new charity find this month is
Swords to Plowshares, a
local Bay Area charity devoted to helping reduce poverty and homelessness
in veterans in the Bay Area and heal the lingering wounds of war, with an
excellent overhead to service ratio.
I have mixed feelings about supporting military charities. I'm
increasingly of the opinion that while there may be just wars, that
doesn't describe any of the ones we've been fighting, and the US is
abusing its military power in crusades that are at best ineffectual.
However, I also believe that the people who are serving in the military
are, by and large, doing so for the highest and best of motives and truly
believe they're helping the country, and their misuse and abuse by the US
government is largely not their fault. And the effect of war on the
soldiers is truly horrible, way beyond what I think most had any idea they
were signing up for. This organization caught my eye because it's local,
because their web site explicitly talks about how war leaves wounds and
suffering, and because it's not affiliated with traditional military
organizations that support other things that I'm not as comfortable
supporting.
2009-11-08: Slow Sunday
This is the most "doctored" picture I've taken yet, since the day was very
misty and the contrast of the original picture was horrible. Tweaking the
contrast was more successful than I expected, bringing out the picture
that I was seeing. There's also a bit of cropping and sharpening.
I was going to work on on-line things today, but I just didn't have the
energy or motivation. I'm mildly annoyed by that, since I should have
lots of energy coming off of vacation, but I don't want to fight it. I
did do a bit more AFS work and a load of dishes, so it's not like I did
nothing, and the two-hour nap in the afternoon indicates that I might have
needed a bit more sleep.
I'm also happily eating a bit too much and haven't yet walked today, but I
might still fix that before I go to sleep, despite having to get up a bit
early tomorrow for a morning meeting.
2009-11-09: Meeting day
Today was also not a day for getting a lot accomplished, mostly because I
had three and a half hours of meetings and another hour of meeting prep.
One of those meetings was a kick-off meeting for a new monitoring and
metrics project, and much of the rest of the day was spent helping
brainstorm the technical architecture we want to use to separate the data
gathering from the data reporting and put a network protocol in the middle
to make it easier to plug and unplug components later.
Maybe this time we'll follow this project through to completion and
produce something we'll be able to keep using, unlike several of the
previous iterations of this project.
I was going to write a review this evening, but I ran out of steam. I'm
also not yet finding energy to work on Debian things. Hopefully tomorrow,
with fewer meetings and more time for concentration, will go better on
that front. I'm also hoping to get to play some volleyball for the first
time in quite a while. I'm also considering writing the review in the
morning before heading into work, taking advantage of morning energy.
I'm writing up some bits about authentication and directory systems on a
Usenet group, which is reminding me of all the white papers I'd really
like to write about how we do things at Stanford. It takes a lot of time
to do that, but it feels so good to do it. Not this week; too many other
things that are behind. But it's good to be reminded that I should make
time for that.
Preliminary goals for tomorrow: finish getting ticked messages out of my
mail and into my to-do system, and then finish the Heimdal implementation
of password strength checking.
2009-11-12: Lintian 2.2.18
It's been a long time since a release, and we were overdue. And I finally
got some time to catch up from having been on vacation.
There are a bunch of bug fixes in this version, and I tried to clean up
the lowest-hanging fruit from the BTS, but a lot of the changes came from
the discussion around the new rejects from ftp-master if certain Lintian
tags are found. The subsequent discussion in debian-devel, and some other
threads in debian-mentors, turned up a few problems and short-comings,
most of which should now be fixed.
I also went through all of the tags that can result in an automated reject
and made sure that nearly all of them were severity: serious. The ones
that cannot be overridden are certainty: certain; the rest are mostly
certainty: possible, although some of them are reliable enough that
they're still certain. While doing that work, I also filed bugs against
debian-policy for all of the reject tags that aren't documented in Policy
now. These are mostly obvious gaps.
This version removes the flawed check for dh-make boilerplate for the
upstream author (the infamous "Author(s)") and replaces it with much more
reliable checks for template phrases that are only going to be generated
by the helper problems and which don't make sense in the completed
copyright file for a package.
2009-11-13: pam-krb5 4.0
When I introduced use_authtok in pam-krb5 2.0, I misunderstood the
intention of the option. I thought it was intended to say to always use
the stored authentication credentials in the PAM stack for any credential,
either the current or the new one for password changes. So I implemented
it for both the auth group and the password group, and for the latter it
applied to both the current and new password.
use_authtok is actually supposed to only apply to the password group and
there only to the new password. Otherwise, you can't stack the module
with use_authtok with a module like pam_cracklib, since pam_cracklib will
only ever prompt for the new password, not the old one.
This release corrects my mistake and changes the meaning of use_authtok to
only apply to the new password in the password group. I introduced a new
option, force_first_pass, which does what use_authtok used to do for the
old password. It's like use_first_pass but will fail if there's no
password already stored instead of prompt. (This may be what
use_first_pass is supposed to do, and other modules implement it that way,
but I find it nicer to allow use_first_pass to prompt if there's no
password at all; it makes it easier to stack modules without fiddling with
the options.)
Therefore, on upgrade, if you have use_authtok in the auth group, you
should change it to force_first_pass. If you have it in the password
group, you should add one of try_first_pass, use_first_pass, or
force_first_pass as well, depending on what you want.
This release also stops ever returning PAM_IGNORE from pam_setcred, since
this confused older versions of the Linux PAM libraries, such as the one
shipped with RHEL5. In order to do this, I had to significantly refactor
the way setcred was handled, so I also fixed the logging for
pam_open_session and pam_close_session. It also stops using issetugid on
Solaris to determine when to avoid refreshing the ticket cache, since this
breaks screen savers.
Finally, since I was going to a 4.0 release anyway due to the incompatible
change in the meaning of some options, I went ahead and switched to
Automake and Libtool (which is why the size of the distribution doubled).
This brings it closer to my other packages and I think will save
maintenace work down the road. Hopefully this doesn't break the build on
any platforms where it was previously working.
You can get the latest version from the pam-krb5 distribution page.
2009-11-20: pam-krb5 4.1
The 4.0 release, which moved away from using PAM_IGNORE as a return status
for pam_setcred, returned an error instead. I had forgotten that I tried
to do this once before and discovered that it didn't work with PAM
configurations that use jumps, such as the recommended configuration with
pam_afs_session. Whoops. Thanks to Ian Ward Comfort for pointing out the
problem. pam_setcred now just returns PAM_SUCCESS if there's nothing for
it to do.
This version also changes the password change implementation to always
prompt for and store the new password even if pam_krb5 is going to ignore
the user. This is required to allow the module to be stacked with other
modules using use_authtok, which is the default configuration in Debian.
Thanks to Steve Langasek for explaining why this is needed.
Finally, I added a bunch of new logging functions and rationalized and
improved the logging throughout pam-krb5. It now uses pam_syslog where
available, with a fallback for other systems, so that the logging looks
like all the other Linux PAM modules. Successful authentications and
failed authentications are now logged and should look much closer to what
pam_unix does. I also increased the priority of a bunch of errors that
were previously only logged at LOG_DEBUG to LOG_ERR so that the system
administrator can see them. I suspect I'll need to fine-tune the logging
levels a bit more in subsequent releases.
You can get the latest version from the pam-krb5 distribution page.
2009-11-25: pam-krb5 4.2
As feared, there were portability problems in 4.1 on Solaris. A dumb one,
too: I forgot to modify Makefile.am to include additional files used only
on some platforms in the distribution.
4.2 fixes that problem and also adds a new option to treat expired
passwords as equivalent as invalid passwords rather than doing any sort of
password change.
You can get the latest version from the pam-krb5 distribution page.
2009-11-25: rra-c-util 2.1
This release of my C utility library includes the modifications to the
networking portability layer contributed by Jeffrey Altman to remctl
(which will be in the upcoming release). The networking code should now
also work on 64-bit Windows.
It also includes a minor addition to the macros for handling lib32 and
lib64 paths used to set libdir to an appropriate value. This was required
for pam-krb5 (and will also be used for pam-afs-session).
You can get the latest release from the rra-c-util distribution page.
2009-11-29: remctl 2.15
The primary change in this release is improved Windows build and
portability support contributed by Jeffrey Altman. The remctl client
(although not the server yet) should now build properly on both 32-bit and
64-bit Windows.
Also included in this release is a new special keyword for the remctld
configuration file: EMPTY, which matches only the empty subcommand.
Previously, configuration for the empty subcommand was only possible using
ALL. ALL is now also supported when specifying the command.
The command-line client now matches the capabilities of the libraries by
allowing the subcommand to be omitted.
Finally, the build and test system and supporting utility libraries have
been updated to the current versions of rra-c-util and C TAP Harness.
You can get the latest version from the remctl distribution page.
2009-11-30: The GOP fails at spamming
Anyone have any bets on how long the US Republican Party will continue
spamming postmaster@stanford.edu with their political fundraising
attempts, all prefaced with "Dear ,"?
I'm very tempted to write mail back to "Michael Steele" (who is probably
neither the author of any of these messages nor will ever go anywhere near
any of the repsonses) saying that we would be delighted to purchase a
plush elephant from the GOP Store, except that doing so would be illegal.
Perhaps he should consider whether soliciting political contributions from
a role address at a non-profit educational institution betrays a certain
lack of comprehension of the nuances of the federal tax code.
If you are curious why the Democratic Party enjoys a huge on-line
fundraising advantage over the Republican Party, there are at least three
examples of obvious incompetence explaining this in every message that
postmaster@stanford.edu receives from the RNC (and doesn't from the DNC).
2009-11-30: Vacation haul
I've been lax in posting recently due to a combination of trying to dive
back into work after vacation and then having another vacation with
company for the whole week of Thanksgiving. The latter was huge fun and a
great break. Most years, I've tried to work some at the same time as
hosting, but this year I just took the time off and focused on talking and
playing video games together. That was exactly the right decision. I
took an almost complete break from thinking about work and am now feeling
much more focused and refreshed.
In all of that, though, I remembered I'd never posted my haul of books
from vacation in October. So, belatedly, here it is.
Daniel Abraham — A Shadow in Summer (sff)
Daniel Abraham — A Betrayal in Winter (sff)
Eric Ambler — The Siege of the Villa Lipp (thriller)
Anne Bishop — Tangled Webs (sff)
Ben Bova — Titan (sff)
Emma Bull — Territory (sff)
C.J. Cherryh — Exile's Gate (sff)
Peter Crowther (ed.) — Cities (sff)
Dave Duncan — Children of Chaos (sff)
Bonnie Henderson — Strand (non-fiction)
George R.R. Martin (ed.) — Wild Cards, Volume One
(sff)
L.E. Modesitt, Jr. — The Eternity Artifact (sff)
James Morrow — The Last Witchfinder (sff)
Pat Murphy — Wild Angel (sff)
Linda Nagata — The Bohr Maker (sff)
Larry Niven & Steven Barnes — Dream Park (sff)
Larry Niven & Edward M. Learner — Fleet of Worlds
(sff)
Rebecca Ore — Being Alien (sff)
Tim Powers — Expiration Date (sff)
T.A. Pratt — Blood Engines (sff)
Elizabeth Ann Scarborough — Last Refuge (sff)
Michael Marshall Smith — Spares (sff)
Norman Spinrad — The Void Captain's Tale (sff)
Bruce Sterling — The Zenith Angle (sff)
Rory Stewart — The Places in Between (non-fiction)
Jeffrey Toobin — The Nine (non-fiction)
Gene Wolfe — Pirate Freedom (sff)
As you've probably seen, I've already read and reviewed a few of those.
The Places in Between is waiting for me to find time to write a
review, but is one of the best books I've read. Highly recommended.
Right now, I have my typical winter head cold (just a head cold, no flu
symptoms at all), which thankfully waited until after vacation. I started
getting a runny nose Sunday night. So far, I'm actually a bit happy about
it, since it's a good excuse to work from home and really focus on getting
things done instead of going to meetings and talking to people, and today
was wonderfully productive.
All posts