< 2013 Changes | Russ Allbery > Recent Changes | 2011 Changes > |
This page lists all changes to my web site in 2012, except for new journal entries, along with a brief description. For more recent changes and the current RSS feed, see the current changes page. For older changes, see the changes for 2011, 2010, 2009, and 2008.
Review of City of Diamond by Jane Emerson.
Fix a test to run properly when Test::Warn is not installed. Add POD documentation to the example script. Improve README.
Review of Wasted Heart by Lynn Galli.
Add support for 256-color escape sequences. Replace test files in the distribution with a new example script that prints out test files. Add support for color aliases from both the environment and a new coloralias() function. Update coding style and add tons of new tests.
Review of Countdown by Mira Grant.
Review of Blackout by Mira Grant.
Review of Dragonhaven by Robin McKinley.
Review of Perl Best Practices by Damian Conway.
Remove a few defunct author blogs and fix alphabetization. Remove Brendan Nyhan's blog. Add Ta-Nehisi Coates, Paul Krugman, and Matt Taibi. Add TrueAchievements to the Gaming section.
After a comprehensive review of what charities I want to support, revised my charity links to drop quite a few organizations and add quite a few new ones.
Review of Science Fiction: The 101 Best Novels: 1985–2010 by Damien Broderick & Paul Di Filippo.
Drop the DaVinci Code rating to a 6, which is a more accurate summation of my impression of it.
Add an update and drop the rating one point based on my experience with re-reading the book.
Review of Code Name Verity by Elizabeth Wein.
New environment variable, GIT_PBUILDER_OUTPUT_DIR, that overrides the default output directory of .. (the parent directory). Change the script to require bash and use an array to handle the pbuilder options so that shell metacharacters are correctly handled.
Add a page listing all of the nominees and winners for the World Fantasy Award for best novel, and add it to the awards index page.
Review of A Paradise Built in Hell by Rebecca Solnit.
Review of Cry Wolf by Patricia Briggs.
Review of Alpha and Omega by Patricia Briggs.
Review of Regenesis by C.J. Cherryh.
Add authorization identity support in all components of WebAuth. New WebKdcLoginTimeLimit directive controlling the time allowed for a multi-stage login process and whether a login counts towards session factors. WebAuthForceLogin doesn't require authentication for logins within WebKdcLoginTimeLimit. Optional support for replay detection and rate limiting. WebLogin sets single sign-on cookies if available even on errors. The WebLogin @REMUSER_REALMS directive has been split for more granular configuration. Multiple fixes for encoding of Kerberos credentials. Mapping of WebKDC error codes to names has been fixed in WebLogin. WebAuthRequireSSL has been documented. Lots of changes to the public API, including removing lots of old interfaces that were too low-level and adding interfaces for token encryption and for encoding and decoding keyrings.
Add portability wrapper around sys/statvfs.h. Improve APR portability to APR 0.9. Fix the probe for Heimdal's libroken library. Check Kerberos headers using file existence in some cases to avoid picking up the wrong one of multiple header options. Make the POD test scripts more generic and add a new set of generic Perl tests. Add a valgrind suppression file for packages that do valgrind testing and use Kerberos.
Update the lits of authors to read to remove some authors who I've now reviewed, plus one duplicate entry.
Review of Liars and Outliers by Bruce Schneier.
Review of Peacekeeper by Laura E. Reeve.
Another periodic cleanup of broken links and removing of permanent redirects.
Review of The Borrowers by Mary Norton.
Review of American Gods by Neil Gaiman.
Review of Emissaries from the Dead by Adam-Troy Castro.
Review of Dune by Frank Herbert.
Review of Inversions by Iain M. Banks.
Another periodic cleanup of broken links and removing of permanent redirects.
Review of A Hero's Tale by Catherine M. Wilson.
Review of Cerebus by Dave Sim.
Fix a memory initialization error affecting random multifactor in the WebKDC. Fix a memory allocation error causing memory corruption the WebAuth Perl module and hence in WebLogin.
Add winner of the 2012 World Fantasy award for best novel: Osama, by Lavie Tidhar.
Review of Set This House in Order by Matt Ruff.
Add the 2012 winner of the Robert Holdstock award for best fantasy novel (Among Others, by Jo Walton). Mention the split between the August Derleth and Robert Holdstock awards.
Another periodic cleanup of broken links and removing of permanent redirects.
This site appears to be defunct and now just returns an empty page.
Review of Devil Take the Hindmost by Edward Chancellor.
Review of Fables: Legends in Exile by Bill Willingham, et al..
Review of Passion Play by Sean Stewart.
Review of White Queen by Gwyneth Jones.
Review of AADA Road Atlas: The East Coast by John Nowak.
Fix a serious memory pool management bug in mod_webauth from WebAuth 4.3.0 and later, which could result in an invalid Kerberos authenticator when mod_webauth tries to get a service token from the WebKDC.
Fix file descriptor and memory leaks in various remctl components. Don't create the remctld PID file until the network connection setup is complete. Remove prototypes from the Perl remctl() function. Fix build dependencies and compiler flags for the language bindings.
Add Mac OS X port. Update the LDAP check to do something more reasonable. Fix the HTTP check to actually check the server return status. Fix a memory overwrite if there are more than 512 unique users logged in. Fix portability to older versions of Solaris. Drop support for NeXTSTEP, ULTRIX, and SunOS.
Fix a segfault when built with MIT Kerberos on addprinc -randkey or other key randomizations by ignoring those cases. Install the plugin in the kadm5_hook subdirectory expected by MIT Kerberos. Ignore "Operation not permitted" error messages from krb5_set_password in krb5-sync-backend when running in silent mode. Various fixes to the build system and portability layer.
Drop concat and concatpath. concatpath wasn't used, and xasprintf should be used instead of concat. xasprintf, xvasprintf, basprintf, and bvasprintf are now void functions and will never fail for any reason. Fix a compilation failure in kafs for Solaris 11. Add RRA_INCLUDES_APACHE macro for testing for Apache functions. Strip -g and -On flags from APACHE_CPPFLAGS as returned by apxs. Add POD documentation for xmalloc, xcalloc, and xrealloc functions.
Add a mention of the Mac OS X install_name_tool utility, which can change the rpath encoded in binaries, similar to patchelf or chrpath. Thanks to Derrick Brashear for the information.
Review of The Devil's Eye by Jack McDevitt.
Add a link to the Stanford RPM repositories as a source of remctl RPMs for Red Hat Enterprise Linux.
Add the slides for my 2010 Debconf presentation on using Debian in an enterprise.
Add the slides for my 2011 AFS and Kerberos Best Practices Workshop presentation on the murky tangle of web authentication, primarily about multifactor and proactive user account abuse detection.
Add the winner of the 2012 Mythopoeic award for best adult novel: The Uncertain Places, by Lisa Goldstein.
Review of A Journey of the Heart by Catherine M. Wilson.
Review of Ashes of Candesce by Karl Schroeder.
Add the winner of the 2012 Hugo for best novel: Among Others, by Jo Walton.
Review of Embassytown by China Miéville.
Review of Getting Started with Dwarf Fortress by Peter Tyson.
Review of Design Patterns by Erich Gamma, et al.
Allow WebAuthDoLogout in .htaccess files. Fix invalid free in webauth_webkdc_login when realm restrictions are given. Add replacement for missing krb5_cc_get_full_name. Fix incorrect Perl module includes in pwchange.fcgi. Add overloaded cmp operator to WebAuth::Exception. Improve WebAuthLdapKeytab documentation.
Set HttpOnly on all cookies by default, and add a WebAuthHttpOnly Apache directive to disable this if desired. Add a way of passing a rejection message from the user information service through to WebLogin and the error page to reject logins. Fix wa_keyring compilation with older versions of WebAuth headers on the APR header path. Rewrite the Kerberos library API to use APR and to do proper error reporting. Merge and remove Kerberos library functions that are no longer needed. Rewrite the Perl API for the Kerberos functions. Fix decoding of Kerberos credentials with a second ticket and avoid unnecessary escaping of Kerberos realm names.
Fix WebKDC::WebRequest bug that prevented WebLogin from working. Fix a Kerberos context cleanup bug when storing delegated credentials in a file cache.
Fix reading keyrings from files on 64-bit systems, fix compilation on Apache 2.0, and fix an uninitialized memory bug in the test suite.
Add documentation of supported wallet object types and ACL schemes, including brief summaries and pointers to the implementing class.
Add all of the Nebula shortlists for best novel similar to the separate page for all the Hugo nominees, with extra information where I've read or reviewed them. Add the Nebula shortlists to the statistics table in the awards page. Add information about Nebula eligibility rules to the two Nebula award pages.
Add the count of total books to the award statistics. Add statistics and another table of links for the awards where I've recorded the entire shortlist.
Review of Asimov's Science Fiction, March 2011.
Apache 2.4 support. Deprecate AuthType StanfordAuth. Add support for Kerberos keyring caches for delegated credentials. Fix some mod_webkdc configuration merging cases. Major changes to the libwebauth and Perl APIs.
Review of A Local Habitation by Seanan McGuire.
Review of Saints Astray by Jacqueline Carey.
Review of Asimov's Science Fiction, February 2011.
Review of Deadline by Mira Grant.
Another periodic cleanup of broken links and removing of permanent redirects.
Review of Fantasy & Science Fiction, January/February 2011.
Add the winners of the John W. Campbell Memorial Award (Christopher Priest's The Islanders and Joan Slonczewski's The Highest Frontier), the Locus Award for best fantasy novel (George R.R. Martin's A Dance with Dragons), and the Locus Award for best SF novel (China Miéville's Embassytown).
Review of Eclipse Phase by Posthuman Studios.
Review of Cauldron by Jack McDevitt.
Review of Leviathan Wakes by James S.A. Corey.
Review of Quiet by Susan Cain.
Add summary and help remctld configuration options and new remctld behavior with the help command to run summary and help commands for available commands, implementing a form of service discovery and remote help. Fix a segfault when remctld has no commands defined. Always close client connections in remctld on low-level errors. Fix error handling on Solaris. Better deal with GSS-API header probes with non-default GSS-API libraries. Fix multiple portability issues in the test suite.
Add 2012 winners of the Nebula (Jo Walton's Among Others) and Clarke (Jane Rogers's The Testament of Jessie Lamb).
New anon_fast option to use anonymous authentication to get tickets for FAST armor. New user_realm option to set just the realm of unqualified principals and no other realm details. New no_prompt option to suppress PAM prompting and defer to the library. New silent option to force PAM_SILENT behavior. New trace option to enable Kerberos library trace logging. Fix doubled colon and space with password prompts on Heimdal. Fix realm handling in alt_auth_map and allow a realm to be specified in the map. Avoid a segfault if krb5_init_context fails. Fix initialization of time values on platforms where krb5_deltat is not a long. Fix memory leaks in search_k5login and alt_auth_map. Fix bogus error messages from the realm option. Improve the retry logic in try_first_pass. Provide xz-compressed tarballs as well as gzip.
Remove a test for POD source without =encoding and ISO 8859-1 characters since Pod::Simple now diagnoses this as an error.
Define KRB5_WELLKNOWN_NAME and KRB5_ANON_NAME to use to construct the anonymous Kerberos identity. Add a replacement for krb5_free_string for use with krb5_cc_get_full_name. Handle a NULL pam_args struct better in the PAM utility library. Do less automatic setup of the PAM user in the PAM testing library to make it easier to test more invocation scenarios.
Handle AE ligatures properly. Clean up groff warnings and fix roffitall generation of the complete documentation. Fix spurious duplication of the URL given in L<> in Pod::Man. Fix exit status and remove empty output files in pod2text and pod2man. Fix PerlIO layer detection for changes to the PerlIO code in later versions of Perl. Set the output file handle in parse_file. Fix the test suite so that it runs in parallel.
WebKDC::Token has been removed from the upcoming WebAuth release, so remove the documentation from the site.
Clarify in the documentation that regular expressions are Perl regular expressions.
Add support for parsing the rsyslogd FileFormat and SyslogProtocol23Format default templates, and tighten the regexes matching the traditional format to not misparse other formats as the traditional format.
Increase minimum password length to 8 and check for usernames followed by digits and duplicated dictionary words. Support linking with the system CrackLib instead of the embedded copy. Fix variable sizes in the embedded CrackLib on 64-bit platforms, fixing interoperability issues with databases created on platforms with a different native integer size. Update the build system, portability layer, and test infrastructure.
Suppress the PAM error if the error code is PAM_SUCCESS. Add regular expression matching of output and prompts to the PAM test library and remove the %* wildcard. Separate the priority from the output and return PAM output in a structured format for testing. Don't copy the test password to PAM_AUTHTOK; provide separate interfaces to set it and PAM_OLDAUTHTOK. Add PAM_AUTHINFO_UNAVAIL to the recognized PAM error codes, report output and prompt lines starting from 1 instead of 0, and report an error message rather than segfaulting if necessary parameters for a testing script are not provided. Pass --deps to krb5-config for RRA_LIB_GSSAPI and RRA_LIB_KRB5, and don't use the default krb5-config results for GSS-API. Fix portability and cleanup issues in the Kerberos and remctl TAP add-ons. Suppress compiler warnings for __attribute__. Fix portability bugs in the network test suite.
Fix some remaining uses of local in libtap.sh that were missed in the previous release. Avoid __attribute__warnings on more compilers. Add the UNUSED macro. Fix some minor output nits in the C TAP library if bail is called after plan_lazy but before running any tests.
Review of Mockingjay by Suzanne Collins.
Review of Larque on the Wing by Nancy Springer.
Review of Catching Fire by Suzanne Collins.
Initial notes about Stanford's private Debian repository setup, including layout, configuration, and some details of our wrapper script around reprepro.
Review of Odyssey by Jack McDevitt.
Review of The Hunger Games by Suzanne Collins.
Review of The Affluent Society by John Kenneth Galbraith.
Remove the bool arguments to buffer_sprintf and buffer_vsprintf and introduce new buffer_append_sprintf and buffer_append_vsprintf functions instead. Overhaul the GSS-API checks to avoid picking up the wrong header files and to do some common probes all the time, and introduce a new RRA_INCLUDES_GSSAPI macro. Set rra_use_remctl properly in RRA_LIB_REMCTL_OPTIONAL. Add parameter expansion support in the PAM options section for PAM test scripts.
Reorganize the source package to match the organization of packages into which the files are copied. This restricts users of the package to putting the tap library under a tests directory. Avoid feature-test macros if not building with gcc in strict mode. Avoid local in the shell TAP library due to portability issues on Solaris and instead use global variables with a prefix. New macros.h header with some common definitions used by multiple headers. Move is_double to a separate set of source files so that test suites that don't need it can avoid having to link with -lm.
Review of The Warrior's Path by Catherine M. Wilson.
Fix bugs in parsing and displaying the timestamp information from user login history. Suppress the timestamp on the confirm page if it isn't set. Fix suppression of optional sections of the confirm page when the data is not present. Ensure all data goes through an HTML filter. Regenerate the mod_webkdc manual and update the build system.
Review of Asimov's Science Fiction, January 2011.
Review of Grass by Sheri S. Tepper.
Review of Fantasy & Science Fiction, November/December 2010.
Review of A Woman of the Iron People by Eleanor Arnason.
Review of Ringworld by Larry Niven.
Review of Asimov's Science Fiction, December 2010.
Review of Black Wine by Candas Jane Dorsey.
Add brief descriptions of the LNH20 and HCC imprints and contact information for LNH20.
Add the winners of the 2012 Philip K. Dick award (Simon Morden's Samuil Petrovich trilogy) and British SF award (Christopher Priest's The Islanders). Add the 2012 Hugo nominees to the complete Hugo nominee and winner page.
Another periodic cleanup of broken links and removing of permanent redirects.
Remove the IETF link for draft-roessler-usefor-trace, since for some reason it doesn't appear in the IETF Internet-Draft archive.
Review of Agile Project Management with Scrum by Ken Schwaber.
Review of Fantasy & Science Fiction, September/October 2010.
Add the software documentation and download sidebar to the tai64nfrac distribution page and add a warning that the software is no longer maintained. Convert the repository to Git and add a link.
Add the software documentation and download sidebar to the multilog-watch distribution page and add a warning that the software is no longer maintained.
GTimer 2.0 has been released and incorporates all the important parts of the Debian patch set, so my copies of the patches are now obsolete. Remove them all from my patches page.
Add the software documentation and download sidebar to the Majordomo with qmail distribution page and add a warning that the software is obsolete.
Move the patch to make Majordomo 1.x use -owner addresses instead of owner- addresses to my patches page rather than only having it on archives.eyrie.org.
Add a prefatory paragraph to the Majordomo with qmail FAQ saying that it's no longer maintained. Not that anyone has asked me anything about it in quite some time, but it's still linked in a lot of places.
Add the software documentation and download sidebar to the S/Ident distribution page and add a warning that the software is obsolete. Update the requirements and description slightly.
Add the software documentation and download sidebar to the runauth distribution page and add a warning that the software is obsolete. Update the requirements and description slightly.
Add the software documentation and download sidebar to the kftgt distribution page and add a warning that the software is obsolete.
Move kftgt, runauth, sident, mjqmail, multilog-watch, and tai64nfrac to a separate page of obsolete software. Move the links to the scripts and patches pages to a collection of other links along with the link to the obsolete software page.
Add the RFC that standardized the message header field registry (used by email, HTTP, and netnews) to the USEFOR RFCs page. Mention that in the discussion of the USEFOR drafts about header registration.
Add more Internet-Drafts related to the Usenet article format or similar topics, thanks to Julien ÉLIE's research. This fills in two missing drafts in the history of the Usenet Article Format draft, adds an older mail and netnews header registry draft and an early proposal for internationalization in newsgroup names and elsewhere, drafts for a proposed new OpenPGP header for key information, a draft offering some minimal implementation advice on threading that's now only of historical interest, and a never-implemented protocol for collaborative reviewing and filtering.
Add two more NNTP-related Internet-Drafts, one for a competing multicast NNTP protocol and another for a DNS-based protocol for distributing newsgroup hierarchy information. Both are only historical curiosities at this point. Thanks to Julien ÉLIE for the research.
Fix clobbering of $@ when setting up constant subs, and check $@ when generating a sub for errors. Fix ignoring of unknown constants, instead of reporting errors, when colors are disabled. Add support for italic.
Add mod_webkdc directives WebKdcUserInfoTimeout and WebKdcUserInfoIgnoreFail to configure a timeout for user information queries and to allow logins to continue with password authentication when the user information service is unavailable. Fix more compilation issues without remctl and use remctl_set_ccache where available to avoid a small memory leak on user information service queries. Fix some missing input error handling bugs in WebLogin. Drop WebAuth library code that wasn't being used. Document a problematic Apache/Tomcat security interaction in the mod_webauth manual.
Review of Landing by Emma Donoghue.
Add the winner of the 2011 James Tiptree Award (awarded in 2012): Redwood and Wildfire, by Andrea Hairston.
Add tags. The list command can be restricted to a particular tag, tags are part of the new reminder template, and a new tags command will show all tags currently in use.
New remctl_set_timeout function and corresponding changes to the language bindings to set a timeout for all subsequent network operations. New remctld configuration option to specify the user as which to run a particular command. remctld's timeout is now based on activity instead of elapsed time. PHP's remctl_output no longer warns on failure. Python's _remctl.remctl_output returns an empty tuple on error instead of a bool.
Add network_read and network_write functions to read and write to network sockets with an optional timeout. Significant improvements to the Kerberos and remctl TAP add-ons, including a better method for returning configuration, automatically calling skip_all for missing required configuration, easier API for starting remctld, support for running remctld under fakeroot, and cleaner handling of the native Kerberos and kinit Kerberos setup alternatives. Fix a bug in the portable strndup replacement and some issues with the xstrndup utility function.
Add the bstrndup function, a checked version of strndup that calls sysbail on failure, to the C TAP library.
Review of Neuromancer by William Gibson.
Review of I Capture the Castle by Dodie Smith.
Review of Asimov's Science Fiction, October/November 2010.
Clarify in the documentation that /regex/.../regex/ patterns match the regex against the entire line.
Review of The Big Short by Michael Lewis.
Fix broken link for the Mercury programming language.
Old versions of git-buildpackage can't automatically create the upstream branch, so add a recipe for how to create an initial, empty branch.
Remove December 2011 from the current changes page. That information is on the 2011 changes page.
Review of Effective Java, Second Edition by Joshua Bloch.
Review of Baba Yaga Laid an Egg by Dubravka Ugrešić.
Review of Bright of the Sky by Kay Kenyon.
Review of Fantasy & Science Fiction, July/August 2010.
Add recognition of backports distributions and add the backports mirror when creating new build chroots. Fix loading of the user's .pbuilderrc when invoking the builder with an action.
Add support for the plugin interface built into MIT Kerberos 1.9 and later, which now no longer require a patch. Ignore -randkey password changes in MIT Kerberos. Support accepting the password on standard input in krb5-sync-backend. krb5-sync diagnoses and reports an error with incomplete configuration rather than segfaulting. Other build system and portability fixes.
Another periodic cleanup of broken links and removing of permanent redirects.
Fix k5start -H and krenew -H with non-renewable tickets. Fix k5start -H with a ticket cache different than the requested principal. When k5start or krenew fail when running as a daemon, retry every minute until the error is resolved. Add -s option to krenew to signal a command with SIGHUP if krenew exits. Clean up PID files on exit via SIGHUP or SIGTERM.
Review of Cyteen by C.J. Cherryh.
Add information on how I handle the Debian source package format for Git-maintained packages, including a couple of sample patch headers.
Add an overview of my 2011 reading, main book recommendations, and reading statistics.
Move all web site changes for 2011 to a separate page and remove all entries older than December of 2011 from the current changes page.
< 2013 Changes | Russ Allbery > Recent Changes | 2011 Changes > |