2014 Changes

This page lists all changes to my web site in 2014, except for new journal entries, along with a brief description. For more recent changes and the current RSS feed, see the current changes page. For older changes, see the changes for 2013, 2012, 2011, 2010, 2009, and 2008.

December 2014

2014-12-31 — Review: Three Parts Dead

Review of Three Parts Dead by Max Gladstone.

2014-12-27 — Review: Some Remarks

Review of Some Remarks by Neal Stephenson.

2014-12-25 — pam-krb5 4.7

New no_update_user option to suppress the normal PAM_USER update after username canonicalization. Suppress spurious Heimdal password prompts with PKINIT. Map unknown realm errors to PAM_AUTHINFO_UNAVAIL. Treat more error codes as authentication failures for try_first_pass purposes for better compatibility between MIT client libraries and Heimdal KDCs. Add the version at which each module option was introduce to the documentation.

2014-12-25 — rra-c-util 5.6

Check for integer overflow in vector_join and vector_cjoin. Avoid strlcpy in getnameinfo and setenv replacements. New Perl style/module-version.t for Perl modules. Fix visibility of some util and portability functions. Fix network_addr_match with empty strings on AIX. Ensure all network utility functions accept both "any" and "all" for source addresses. Fix portability of EINVAL error codes on Windows. Add a new portable/socket-unix.h layer for UNIX sockets. Add PIPE_READ and PIPE_WRITE macros to name the elements of the array passed to pipe. Add support for more PAM data elements in the fakepam testing library. Support requiring PKINIT configuration when initializing a Kerberos test.

2014-12-25 — C TAP Harness 3.2

The runtests harness now supports ignoring comments and blank lines in test lists, and ignoring leading whitespace before test names.

2014-12-24 — Review: Bad Pharma

Review of Bad Pharma by Ben Goldacre.

2014-12-22 — Review: Wakulla Springs

Review of Wakulla Springs by Andy Duncan & Ellen Klages.

2014-12-21 — Review: 2014 Hugos: Novelettes

Review of 2014 Hugos: Novelettes by Loncon 3 (ed.).

2014-12-08 — wallet 1.2

Rename the duo object type to duo-pam and add new duo-radius, duo-ldap, and duo-rdp object types. Add support for renaming file objects.

2014-12-01 — Add 2014 World Fantasy award winner

Add the winner of the 2014 World Fantasy award for best novel (A Stranger in Olondria, by Sofia Samatar).

November 2014

2014-11-30 — Add documentation for innwatch

Julien √ČLIE wrote new POD documentation for innwatch. Make it available on the web for INN CURRENT and 2.5.

October 2014

2014-10-18 — Broken link cleanup

Another periodic cleanup of broken links and removing of permanent redirects.

September 2014

2014-09-24 — Review: Turn the Ship Around!

Review of Turn the Ship Around! by L. David Marquet.

2014-09-23 — Review: 2014 Hugos: Short Story Nominees

Review of 2014 Hugos: Short Story Nominees.

2014-09-13 — Broken link cleaup

Another periodic cleanup of broken links and removing of permanent redirects.

2014-09-07 — Add winners of Hugo, Mythopoeic, and British Fantasy

Add the winners of the 2014 Hugo award for best novel (Ancillary Justice by Ann Leckie), the Mythopoeic award for best adult novel (The Golem and the Jinni by Helene Wecker), and the British Fantasy award for best fantasy novel (A Stranger in Olondria by Sofia Samatar).

August 2014

2014-08-28 — git-pbuilder 1.33

Refrain from deleting the *_source.changes file when doing source-only package builds.

2014-08-18 — Revised and relicensed afsdb notes

Put this document in the public domain and rewrote it to be more clearly in the past tense.

2014-08-17 — Convert CVS notes to thread

Rather than converting the old text documentation to HTML, convert all of my old CVS notes to thread. This eliminates the last dependency on files in AFS for generating the web site.

2014-08-10 — Review wording of obsolete software packages

Review wording of the distribution pages of all obsolete software packages and update to not imply that I still work for Stanford.

2014-08-10 — Update pages for orphaned packages

Update all orphaned software packages to the latest page layout with sidebars. Rephrase commentary that implied I work for Stanford. Standardized phrasing for Debian package availability. Remove some notes about future plans, which are now irrelevant since I'm orphaning the packages.

2014-08-09 — Orphan various software packages

Add a new page for orphaned software and orphan afs-admin-tools, afs-backend, afs-balance, afs-monitor, afs-mount, afs-pag, afsdb, filter-syslog, krb5-sync, lbcd, newsyslog, pam-afs-session, pam-webauth-otp, tracker, and WebAuth.

2014-08-08 — Broken link cleaup

Another periodic cleanup of broken links and removing of permanent redirects.

2014-08-03 — Review: Parasite

Review of Parasite by Mira Grant.

July 2014

2014-07-27 — AFS::PAG 1.02

Rename NEWS to Changes. Add repository and bugtracker information to the distribution metadata. Use Lancaster Consensus environment variables to control tests.

2014-07-23 — WebAuth 4.6.1

Fix AuthType StanfordAuth support. Fix build issues when remctl support is disabled. Expiring password warnings are shown in WebLogin after any POST-based authentication. The confirmation page is forced if authorization identity switching is available. The username field is verified before multifactor authentication to avoid subsequent warnings. Newlines, CRs, and tabs are allowed in the XML sent from the WebKDC for user messages. Empty RT and ST parameters are correctly diagnosed. Some documentation improvements. New mod_webkdc configuration directive to configure FAST armor for the initial password authentication. New auth factors mp and v.

2014-07-16 — wallet 1.1

Add new object type, duo, to manage Duo Security integrations. owner and getacl now return the name of the ACL, not the ID. The date passed to expires can be in any date format understood by Date::Parse. Fix wallet-rekey on keytabs containing multiple principals. Fix enctype restrictions for keytabs. Fix documentation of the ldap_map_principal callback. Create principals in Heimdal with a long, random password to avoid problems with strength checking. Remove erroneous foreign key constraints for the history tables and add more useful indices. Use DateTime uniformly when interacting with date fields in the database. Record ACL renames in the ACL history. Fix wallet-backend parsing of the expires argument. Fix ordering of table drops during wallet-admin destroy. Require Perl 5.8. Add new contrib script, wallet-rekey-periodic.

2014-07-12 — Review: Neptune's Brood

Review of Neptune's Brood by Charles Stross.

2014-07-11 — Net::Duo 1.00

New Perl module that provides a Perl API to the Duo Security REST APIs. It attempts to abstract some of the API details and provide an object-oriented view of the returned objects in order to make use of the API in Perl code more natural than dealing with JSON data structures directly. Currently, some parts of the Auth and Admin APIs are implemented alongside with generic methods to call any of the JSON-based APIs.

2014-07-02 — remctl 3.9

New server ACL type, localgroup, that converts the Kerberos principal to a local username and checks for membership in a local group. Use calloc and reallocarray in favor of malloc and reallocwhen calculating sizes. Fix incorrect handling of signal-interrupted network writes in the server. Reset SIGPIPE handling before running a command in the server. Add version and compatibility information to all manual pages.

2014-07-02 — Add 2014 Locus winners

Add the 2014 winners of the Locus award for SF (James S.A. Corey's Abaddon's Gate) and fantasy (Neil Gaiman's The Ocean at the End of the Lane).

2014-07-02 — rra-c-util 5.5

Fix network_read and network_write timeout handling when interrupted by a signal. Provide a reallocarray replacement on systems that don't have it, an xreallocarray wrapper, and use calloc or reallocarray when allocating a calculated amount of memory. portable/system.h now guarantees inclusion of inttypes.h and limits.h. portable/pam.h will now build with a C++ compiler. The Kerberos Autoconf macros provide a Makefile variable for use with gcc that mark Kerberos headers as system headers. The util/messages-krb5 test will be skipped if not built with Kerberos support.

2014-07-02 — Update personal contact information

Update what part of Stanford I work for to catch up with current reorganizations and group renamings. Promote eagle@eyrie.org as my primary personal email address and drop rra@stanford.edu from the contact page.

2014-07-02 — C TAP Harness 3.1

ok, okv, and is_* functions now return true if the test succeeds and false if it fails. diag and sysdiag always return 1. New breallocarray inspired by the OpenBSD reallocarray function. Check for integer overflows on memory allocation. Replace all remaining uses of sprintf.

2014-07-01 — Review: Lockstep

Review of Lockstep by Karl Schroeder.

June 2014

2014-06-30 — Review: Ancillary Justice

Review of Ancillary Justice by Ann Leckie.

2014-06-29 — Review: The Knowledge

Review of The Knowledge by Lewis Dartnell.

2014-06-28 — Review: The Wilding

Review of The Wilding by C.S. Friedman.

2014-06-27 — Review: The Emergency Sasquatch Ordinance

Review of The Emergency Sasquatch Ordinance by Kevin Underhill.

2014-06-26 — Review: Due Diligence

Review of Due Diligence by David Roodman.

2014-06-25 — Review: A People's History of the Supreme Court

Review of A People's History of the Supreme Court by Peter Irons.

2014-06-24 — Review: Face of the Enemy

Review of Face of the Enemy by Sandra Barret.

2014-06-14 — Add 2014 John W. Campbell Memorial winner

Add the winner of the 2014 John W. Campbell Memorial award winner (Strange Bodies by Marcel Theroux).

2014-06-08 — INN 2.5.4

New stable bug-fix release of INN. radius.conf has been renamed to inn-radius.conf to avoid conflicts. The MOTD files are now installed as examples rather than live configuration files. controlchan and pgpverify can now deal with keys with multiple UIDs and UIDs with spaces in them. The attributes hash has been exposed to nnrpd posting filters in addition to authentication and authorization hooks. Lots of other bug fixes for crashes, build issues, log rotation issues, and other problems. Thanks to Julien √ČLIE for making this release.

2014-06-02 — Add new SFF award winners

Add the nominees for the Nebula and the Hugo, the winner of the Nebula for best novel (Anne Leckie's Ancillary Justice), the winner of the Arthur C. Clarke award (same), the joint winners of the BSFA Award for best novel (joint between Ancillary Justice and Gareth L. Powell's Ack Ack Macaque), and the winner of the Philip K. Dick award (Ben H. Winters's Countdown City).

2014-06-01 — Review: Debt

Review of Debt by David Graeber.

May 2014

2014-05-24 — Mention -Wl,-rpath in shared library search path notes

Some compiler and linker combinations don't support -R and require -Wl,-rpath instead. Mention that option and modify some of the instructions accordingly.

April 2014

2014-04-20 — Review: Hyperbole and a Half

Review of Hyperbole and a Half by Allie Brosh.

2014-04-11 — Review: Cryptography Engineering

Review of Cryptography Engineering by Niels Ferguson, et al..

2014-04-11 — Add pointer to remctl Puppet module

Add a pointer to the Puppet module for remctl at Puppet Forge, written by the IN2P3 Computing Centre.

2014-04-07 — Review: With Charity for All

Review of With Charity for All by Ken Stern.

2014-04-06 — Review: Fantasy & Science Fiction, September/October 2011

Review of Fantasy & Science Fiction, September/October 2011.

2014-04-06 — Remove changes from December 2013

Remove the changes from December 2013 from the Recent Changes page. (I'm a little late in doing this rollover; usually I do it in February.)

2014-04-06 — control-archive 1.6.1

Only metadata changes in this release, for chile.*, dictator.*, and grisbi.*.

March 2014

2014-03-31 — Review: Asimov's Science Fiction, September 2011

Review of Asimov's Science Fiction, September 2011.

2014-03-30 — Review: Sundiver

Review of Sundiver by David Brin.

2014-03-26 — krb5-strength 3.0

Add support for SQLite password dictionaries that can reject passwords within edit distance one of a dictionary word. Rename cdbmake-wordlist to krb5-strength-wordlist and add support for generating SQLite databases. Add a password history implementation for Heimdal that can stack with other external password quality check programs. Add a new configuration option, minimum_different, that requires passwords contain at least that many different characters.

2014-03-25 — rra-c-util 5.4

Rename skip_unless_maintainer to skip_unless_author in Test::RRA and add skip_unless_automated. Use these functions for more generic Perl tests that don't uncover functionality issues. Switch from RRA_MAINTAINER_TESTS to AUTHOR_TESTING, AUTOMATED_TESTING, and RELEASE_TESTING for consistency with Perl packages. Add Autoconf macros for SQLite.

2014-03-23 — Term::ANSIColor 4.03

Convert the package to Module::Build and the new Perl module test infrastructure from rra-c-util. Fix various documentation typos and add a SEE ALSO reference. Skip more tests if not doing automated or release testing, and use the Lancaster Consensus environment variables.

2014-03-22 — Add 2014 Tiptree winner

Add the 2014 winner of the Tiptree Award (Rupetta, by N.A. Sulway).

2014-03-21 — Broken link cleaup

Another periodic cleanup of broken links and removing of permanent redirects.

2014-03-18 — WebAuth 4.6.0

New configuration driective, WebAuthCookiePath, that supports adding a path scope to cookies set by mod_webauth. WebAuthOptional now works with Apache 2.4. Don't prematurely delete notes in mod_webauth to avoid multiple redirects to WebLogin. Maintain separate in-memory keyrings for each virtual host for better support of the ITK MPM. Be more thorough about telling browsers not to cache pages. Lock keyrings before writing to them, and preserve ownership and permissions where possible. Use the authenticated identity returned by the WebKDC for multifactor authentication. Add support for a new remctl-based password change protocol to libwebauth and WebLogin. Set the correct template variable when the code field is left blank on the WebLogin multifactor screen. Map unknown realm and invalid principal errors to better WebLogin errors. Fix the workaround for invalid XML from the WebKDC. Log a more detailed error message when password change fails.

2014-03-18 — rra-c-util 5.3

Add support for skipping Perl syntax checks if required modules are not found. Work around two problems with the current Perl::Tidy and its unconditional creation of log files.

2014-03-01 — Note Dreamwidth block in Russia

Dreamwidth is blocked in Russia because they refuse to remove user content that's legal in the United States but not in Russia. Add a parenthetical note to my page about blog comments and mention that there are other blog hosting facilities available as well. Remove the mention of invite codes, since Dreamwidth no longer uses them.

February 2014

2014-02-28 — Review: Air Apparent

Review of Air Apparent by Mark Monmonier.

2014-02-14 — Broken link cleaup

Another periodic cleanup of broken links and removing of permanent redirects.

January 2014

2014-01-28 — remctl 3.8

Convert the remctl server to libevent, which improves handling of process exit without having to poll. Completely fill a MESSAGE_OUTPUT token from the server with as much data as the protocol allows it to hold. Fix minor server and client memory leaks. Write the server PID file atomically.

2014-01-28 — Correct quote attribution on review page

The quote is not original to D'Israeli, so correct the attribution.

2014-01-28 — rra-c-util 5.2

Suppress shell errors in the systemd unit directory probe when pkg-config is not installed. Add Autoconf probes for libevent and a portability layer to support most of the 2.x API on top of 1.4. Add a new message_handlers_reset function to reset all message handlers to their defaults and free any allocated memory. Improve the process TAP add-on to flush output from the process after stopping it, free memory in non-primary processes, fix a memory leak when using fakeroot, and use a cleaner method of waiting for processes to exit. Port the Kerberos TAP add-on to the new test_cleanup_register API. Fix compilation of portable/krb5.h with C++ compilers. Add additional suppressions for Kerberos libraries to the valgrind configuration.

2014-01-28 — C TAP Harness 3.0

Callbacks passed to test_cleanup_register now take a second argument indicating whether they are running in the primary process, and are called on exit from all processes, not just the primary one. The test harness now reopens standard input to /dev/null when running tests from a list and avoids leaking extraneous file descriptors to tests.

2014-01-15 — kadmin-remctl 3.6

Add support for setting a password expiration on newly-created accounts. Map password quality errors from create or reset_passwd to generic errors in the Heimdal backend.

2014-01-08 — Review: Honeyed Words

Review of Honeyed Words by J.A. Pitts.

2014-01-06 — remctl 3.7

Fix a memory leak in the client library when remctl_set_ccache is used. Fix Net::Remctl::Backend argument count verification when one argument comes from standard input. Add startup notification and socket activation support for systemd and install systemd unit files. Add support for upstart's expect stop synchronization method via the -Z flag. Work around a Module::Build bug in RHEL 5. Check that the object argument is not undef in Net::Remctl and related classes.

2014-01-05 — Broken link cleaup

Another periodic cleanup of broken links and removing of permanent redirects.

2014-01-05 — rra-c-util 5.1

Add Autoconf macros for systemd support, both installing unit files and linking with libsystemd-daemon, and a header wrapper that stubs out the calls I've needed so far if systemd is not available. Fix process_start_fakeroot and remctld_start_fakeroot.

2014-01-03 — lbcd 3.5.1

Mark lbcd listening sockets close-on-exec. Document the systemd environment variables. Add an examples section to the lbcd man page. Fix various issues with the systemd service and socket units.

2014-01-01 — 2013 reading in review

Add an overview of my 2013 reading, main book recommendations, and reading statistics.

2014-01-01 — Rotated 2013 changes

Move all web site changes for 2013 to a separate page and remove all entries older than December of 2013 from the current changes page.

Last modified and spun 2017-01-01