Posts for June 2005

2005-06-04: WebAuth 3.2.8

I'm massively behind on announcing new software releases here, so there's probably going to be a flood of them over the weekend as I catch up. I've been knee-deep in Debian work, among other things, for the last couple of months and have been busily fixing all sorts of things rather than communicating about them.

I see that the last WebAuth release I announced here was 3.2.4. I just pushed out 3.2.8, including new builds of the Solaris binary packages and new versions of the Solaris Apache build and stow packages. Since 3.2.4, there have been a couple of packaging releases with portability fixes to all the supported Debian platforms and a renaming of the Perl bindings to match the name of the C library. There are also two minor bug fixes, namely a change to the priority of the mod_webauthldap messages and better handling of empty keyring files. Finally, the WebKDC manual has been significantly improved.

Most of the work ended up being building all the random dependency packages on Solaris and updating them all in the distribution area. I have been totally spoiled by the Debian toolset. I remember when my tools for building Solaris packages felt polished and fast, and now it's a painful manual process compared to building Debian packages. I'm looking forward to not having to worry about Solaris any more.

WebAuth is now also in Debian unstable, although alas it missed the sarge cutoff by only a couple of days. I'll maintain sarge packages on and as of etch, it should be a first-class Debian citizen. (If you run WebAuth on Debian and are allowed to do so given security policies, run popularity-contest! It's great to know how many users there are out there.)

There are still no official Red Hat packages. People keep building them and talking about them, but no one ever sends me any details about them, sends me spec files to include in the tree, or asks to have them put on the official release pages. Oh well.

You can get the latest version from the WebAuth pages. I haven't yet created a WebAuth software page in my own web space but will one of these days, if for no other reason than to avoid going blind trying to read the microfont used on the official ITSS pages.

2005-06-04: Debian packages

I'd been meaning for quite some time to start contributing Debian packages to Debian itself, but despite learning how to make packages and doing some internal packaging, I kept not taking the time to really learn how to do it. I finally broke through that logjam around the middle of April, applied to become an official Debian developer, started helping Sam Hartman maintain the AFS and Kerberos packages, and started uploading my packages into Debian proper.

Many thanks go to Ben Pfaff for being willing to sponsor my packages; it's only because of him that I've been able to get some things into Debian already. The Debian new maintainer process is notoriously slow (something that has good and bad aspects), so I expect to be needing his help as a package sponsor for another year or so. It might go a bit faster, but I'm not counting on it.

I know have a web page up that lists all the Debian packages that I've made available, either in Debian proper or through my own personal repository. Some things will never be suitable for Debian proper for various reasons, and other things (like bundle or reminder) I'm not sure are of sufficiently general interest and are very simple to install as scripts. I've also now added information to the individual software packages of my packages if Debian packages are also available.

Now I just need to find the time to write up the details of how I maintain Debian packages, since I've discovered a lot of interesting tricks in the process and we have a rather neat local package repository setup here at Stanford now, thanks in large part to Hua's work.

2005-06-04: jwz

I would just like to mention that jwz continues to rock. He even is doing rather interesting book reviews. I'm hoping to learn to be a more entertaining writer by absorbing other people's techniques via osmosis.

I completely agree with him on Singularity Sky too. I'm still not sure why I actually enjoyed reading The Da Vinci Code, since it is objectively complete crap, but I did. Hm. Certainly the thumbing one's nose at Christianity factor had something to do with it, as did the amusement at watching people with a marginal grasp on reality whine about it. Most of it was probably all the random esoterica about Da Vinci and the early Christian church that Dan Brown made up or copied, though.

This has been your monthly allowance of hyperlinks.

2005-06-04: svnlog 1.6

I'm starting to switch to Subversion for some things, particularly for Debian packages but increasingly for other projects as well. Subversion has a much saner post-commit hook system than CVS does, and commit notification scripts were one of the early projects. I'd heard rather good things about the ones that come with Subversion, and figured that I wouldn't need my own script this time.

Unfortunately, what's there, while not as bad as the stuff that comes with CVS, is still pretty disappointing.

The Perl stuff does hardly anything, so skip that. is the apparent best of breed, and it does have a lot of features for choosing what diffs you want to see and configuring it depending on what portion of the tree you're making commits in. That stuff is pretty nice, if not that interesting for me.

However, it's still missing what I consider to be basic features. It doesn't do diffstat summaries. It doesn't put any effort into producing a nice looking e-mail message, with real names in the From line for instance. It still generates those hideous, meaningless, 10-line Subject headers. Configuration could be easier. In general, it's just not what I want.

So, despite the fact that I'm doing it the "wrong" way and parsing command output rather than using the bindings, and despite the fact that I'm writing yet another commit reporting script rather than improving one of the existing ones, I took my cvslog script, spent about a day hacking on it (mostly hacking bits off of it, since Subversion is actually sane and doesn't require all the bizarre command-line parsing and multiple commit merging nonsense), and produced svnlog. I think I got the option parsing and configuration file handling right this time; it's a lot cleaner than cvslog, and at some point I should backport the work. I also hacked in support for tagging Debian bugs as pending based on mentions of bugs in debian/changelog commits, just for the hell of it.

I don't know if it anyone will end up using it other than me (and Stanford repositories I run, of course), but it does what I want and the other stuff doesn't.

You can get the latest version from the svnlog distribution page.

2005-06-05: cvslog 1.51

This is a minor bug fix release, the most important fix being proper flushing of the mail file handle so that forking diffstat or cvs doesn't sometimes result in a doubled message. It also cleans up some warnings when parsing malformed CVS passwd files.

I have some more changes pending (cleaning up wrapping the list of changed files), but they're currently waiting on me to decide whether I want to rewrite the option and configuration file parsing along the lines of the new code in svnlog.

You can get the latest version from the cvslog distribution page.

2005-06-05: kftgt 1.8

This package is still mostly frozen, but I had a bug report from a co-worker about krsh not calling rsh with -f to forward K5 tickets, I wanted to do some repackaging as part of taking over the Debian package from Ben, and it looks like x86_64 Linux did something weird to res_search that broke detection of libresolv. All that means a new bug fix release.

I still have one other pending request (continuing on when forwarding tickets to multiple hosts, even if one failed) that I'll probably implement at some point, but I'm not sure when.

You can get the latest version from the kftgt distribution page, although if you're not at Stanford you're very unlikely to care.

2005-06-05: kstart 2.7

I've done a ton of work on this since the previously announced release (2.3), both in response to Debian bugs and Debian packaging needs and to make it easier to do a bunch of things we've needed to do with our new Debian servers.

The big news is that I've now incorporated all of the functionality of runauth into kstart and improved it in the process. Both the K4 and K5 kstart now know how to run a specific command, rather than just obtaining tickets and tokens. When running a command, they stay in the background, refreshing tickets and tokens as needed until the command exits (only works with commands that don't background themselves, of course). And when running a command, they both support putting the command into its own PAG, if the OpenAFS libraries are available to build against.

Other significant changes are the renaming of kstart to k4start to avoid a conflict with a KDE program (so now the kstart package provides k4start and k5start), a tested port of k5start to Heimdal, and a flag to tell k5start to figure out what principal to authenticate as by reading the keytab, making it easier to write portable scripts that use k5start. Along with the big changes, there are also a lot of minor cleanups, improvements in error handling and reporting, documentation improvements, and build system fixes.

With this release, runauth should now be considered obsolete. We're going to phase out our use of it at Stanford in favor of the new kstart programs.

You can get the latest release from the kstart distribution page. Alas, it didn't make it into Debian sarge, but it will be in etch.

2005-06-05: remctl 1.9

One thing that working on Debian packaging teaches you is that if a package has a configuration file that other packages may want to add to, it should support a directory of configuration fragments. Since we use remctl to export an interface to all sorts of different things, and since all of our systems export the Nagios local checks via remctl, remctl really needed a way for multiple packages to add to its configuration.

Accordingly, I added the ability to include another file or a directory of files to the remctl configuration syntax. While I was at it, I also fixed the default configuration file location to be relative to sysconfdir rather than the current directory, added support for continuation lines, stuffed all the other nonsense remctl was logging besides the actual command behind the -v flag, and significantly improved the remctld man page.

I have a lot of additional cleanup pending, switching to message handling and malloc wrappers taken from INN and cleaning things up to get ready to make the remctl client into a library for the wallet project. I'll probably also add some include mechanism for the ACL files as well. If I end up having time devoted to the wallet project, this will go quickly; if not, it will come in dribs and drabs.

You can get the latest version from the remctl distribution page.

2005-06-06: reminder 1.5

I've made reminder a bit more general by not defaulting to my e-mail address and making people change the configuration, and I also fixed the sort order when displaying reminders to properly sort numerically. There may have been a bug that would cause reminders to get overwritten when creating more than 10 of them, so I recommend upgrading if anyone other than me is using this.

You can get the latest version from the reminder distribution page.

2005-06-07: volcreate 1.24

It turns out I'd never implemented support for comments and blank lines in the serverlist.types file. That's rather surprising; I thought my fingers just automatically typed that code every time I wrote a new routine to read a file. We discovered this didn't work when we tried to comment out a server temporarily and volume creation broke. Anyway, now comments and blank lines behave properly.

You can get the latest version from the volcreate distribution page.

2005-06-09: frak 1.32

The -l option to specify the output file for the frak output didn't work if an AFS volume was given on the command line rather than a path. Noted by a co-worker and now fixed.

You can get the latest version from the frak distribution page.

2005-06-13: Destressing

So, although I'd gone quiet for the past few days (right after having decided to try to make a journal post a day, too, which is probably why I never actually post the stupid promises I make to myself so that I don't have to feel bad about breaking them), I've actually been doing quite a bit.

After running into yet more frustrating problems building our cluster environment on 64-bit Red Hat (really, this isn't that hard -- the problem is that we have basically no Red Hat infrastructure that's up to my standards and getting all of the patched bits of software we use to build is sometimes a challenge), I decided Friday night that I needed to stop thinking about the work that everyone else wanted me to do and just work on whatever I felt like. So that's what I did all weekend. I came into work where it was quiet and deserted, put in earphones, and pursued whatever random project struck my fancy.

As a result, three more Debian packages are now sitting in the NEW queue (libauthen-krb5-perl, libnews-article-perl, and libpgp-sign-perl), an upload to adopt libauthen-sasl-cyrus-perl is waiting for my sponsor, an upload of some random fixes to the openssh-krb5 package is waiting for sponsoring as well (probably the last one before Sam's 4.1 work starts), and I built some new Debian packages for internal purposes.

I also spent a lot of time watching the new maintainers pages, since for whatever reason I'm currently finding it endlessly fascinating to speculate about what might be going on (or not going on) with the various applicants.

The rest of the weekend, and there was quite a bit of it, was devoted to INN. I did some more catching up on the mailing lists and work towards a new stable release, but that wasn't destressing enough, so then I went to work on pet projects. Almost all of the IPv6 support that was originally added with a maze of ifdefs has now been cleanly encapsulated in a generic networking layer and all the ifdefs removed from the mainline code. There's only one bit left, in the horribly hacky ident support in innd, which I'm seriously considering fixing via the overkill of writing an ident channel as practice writing channels.

That only took about six hours, so I also reformatted and reworked the core channel code of innd completely, breaking a few long functions into separate functions and generally making it readable again. I then wrote the beginnings of real internals documentation for innd, since I was puzzling out how to write channels and then possibly write the long-needed DNS channel to redo host lookups rather than forcing an incoming.conf reload. And, finally, I wrote the code to add overview data based on Xref data for the new overview API, which was the prerequisite for converting overchan and makehistory to the new API. Test suite is three times the size of the code.

I'm thinking about changing the overchan data format, actually, by adding a comma-separated list of group:number pairs as the first data element. I can hack overchan to not care whether it gets the new format or the old format, and this will tie in much better with the new way I want to do overview handling in the rest of the code. But I'm still thinking about that.

Today was less fun, due to a combination of not quite enough sleep last night and the return of that annoying work thing (I like most of what I do, but I have a pile of stuff to do right now that isn't the stuff that I like). But I sorted out the 64-bit Red Hat stuff that I had to deal with, and my slides for the AFS Workshop next week are done early in the week instead of at the last minute. I was going to do the overchan conversion to the new API tonight, but I'm way too tired, so it's off to read more of Forever Peace instead.

Tomorrow, the day gets devoured by meetings, and whatever energy I can drag out of the other end goes towards trying to write some documentation that's rather overdue, I think. Wednesday, I really must drag myself down to a shoe store and acquire new walking shoes before the threatened hole in the bottom of the soles of my current ones actually materializes. I hate clothes shopping of any stripe.

There, that's at least three days' worth of entries.

2005-06-14: Red Hat PAM

There is clearly some sort of secret magic that I am missing, since the evidence that I currently have available to me would indicate that the PAM subsystem shipped with RHEL4 is an erratically-working, badly implemented pile of crap that does things like losing stored auth tokens between calling pam_authenticate and pam_sm_setcred.

Also, authconfig blows.

People wonder why I prefer Debian so strongly to Red Hat. It's because when I use Debian, SHIT ACTUALLY WORKS.

I am now going to go off and start a new novel and try to forget about sshd, PAM, Kerberos, and AFS before I hunt someone down in the streets and mutilate them with a fork.

2005-06-15: Where Debian is today

Ian Murdock posted a great essay on both why Debian is important and what it needs to work on from here. The bits about where Debian should go aren't particularly exciting — true and important, but stuff like "better vendor support" is stuff we've been hearing for years.

What's more interesting for me to read is the summary of where Debian is right now. This is a good time to take a step back and realize that Debian is pretty clearly the #2 distribution (or at worst #3), has significant impact on the direction of Linux, and has put together a damned impressive set of software entirely as a volunteer community project. There's no full-time staff and barely a budget, and yet look at the quality product that Debian has achieved.

Some of the subtler aspects of this aren't as obvious from the outside. The reason why I'm joining the Debian project are not just the obvious ones. It's that I, as someone who has been doing the packaging and infrastructure thing for a decade now, took a long and close look at the infrastructure and tools that are underneath the Debian project and the quality blew me away.

Red Hat and SuSE may very well have good internal testing infrastructure, but at least the public face for contributors is far, far inferior to what Debian has. Just start at and start following links and think about what's going into each part of that. Click on the name of a maintainer and look at the maintainer summary. Look at the integration with the bug system and with the testing migration infrastructure. Look at the buildd information. Look at the package history, easily accessible.

Or start from the tools and documentation. There is nothing like Debian Policy; it's unique. Or look at lintian, possibly the most useful packaging tool I've ever seen. Or debhelper. These are high-quality products maintained by people who know what they're doing and optimized for generating the highest quality packages with the least amount of developer time.

And this was all done by volunteers, with no strong central organization, using PGP authentication and donated hardware and individual effort.

Sometimes what people can do is just damn cool. This is what free software is all about. We don't always need a company to organize the work, we don't always need a government to manage social interactions, and we don't always even need any sort of clear economic motive. If we make it possible, a bunch of people will spontaneously cooperate on making the world a better place. People from all over the world.

Best antidote for political news ever.

2005-06-16: Music, hopefully

I'm leaving Monday morning for Pittsburgh for the AFS and Kerberos Best Practices Workshop and have been sort of dreading the flight, and Jon suggested that perhaps music would be in order. I have a portable CD player that I've used from time to time to a fair amount of success, but, well, it's a portable CD player. This is, today, the height of lame; I think Walkmans are more chic. Also, two hours of battery life and carrying CDs around is obnoxious.

So that got me started thinking about portable MP3 players. However, being the sort of person that I am, all of my music is in Ogg Vorbis, not in MP3, and I really don't want to convert it. That immediately limits the field of MP3 players by quite a lot.

Today, after dithering about this for rather too long, I decided fine, I haven't spent that much money this year and I should really try this portable music thing that everyone else swears about. However, we completely struck out at Fry's in attempting to find something that would play Ogg Vorbis, other than a 128MB Flash player. I don't have a huge amount of music, but I've got more music than that, and know perfectly well that I'd get sick of only 128MB of music in the course of one plane flight, let alone two.

So off to Amazon, since they have this overnight shipping thing, right? And if I'm going to drop $300 on a player, adding $25 for the shipping really isn't that significant. Of course, Amazon didn't stock what I really wanted (the 20GB iRiver player), and finding clear compatibility information on-line for Debian and MP3 players is harder than one would think. (Finding Ogg Vorbis compatibility information is actually quite easy, thankfully.) And most of my other choices didn't offer overnight shipping.

To make a long story short, after lots of searching, hemming and hawing, and deleting my shopping cart, I just bought a mpio HD300. The documentation apparently sucks and in theory it requires a Windows (or Mac) program to generate its indices, but based on someone else's work, it looks like that's pretty easy to surmount. And not only is it pretty easy, but the player internally supports .m3u indices, which means that I can drop Madman-generated playlists on the thing. And, again if this information pans out, I can do the firmware upgrades from Linux. Sweet.

Amazon claims that it will not arrive until the 20th, which is too late. This is quite possibly the case, since the one-day shipping thing often does not consider Saturday a day. We will see. If it does not arrive, I will be out $25 and will get it when I get back. Oh well. If it does arrive, hopefully it will actually work. This will involve getting USB working on my bizarre system at home, or getting it working on my less bizarre but also less rebootable system at work, something that I've never done before because I'm not a portable gadget sort of person. Hopefully I will be travelling to Pittsburgh with music. Alternatively, I may be travelling to Pittsburgh with considerably less hair. We'll see.

2005-06-16: Latest haul

This is a Powell's order that I had pending from before Baycon, with the addition of a few things that were on sale or caught my eye during Baycon. Mostly the point was to get the rest of Langford's stuff, though.

George Alec Effinger -- George Alec Effinger Live from Planet Earth (sff)
Edmond Hamilton -- The City at World's End (sff)
Gwyneth Jones -- White Queen (sff)
Guy Gavriel Kay -- The Last Light of the Sun (sff)
David Langford -- The Complete Critical Assembly (sff)
David Langford -- He Do the Time Police in Different Voices (sff)
David Langford -- The Leaky Establishment (sff)
David Langford -- The Space Eater (sff)
David Langford -- Up Through an Empty House of Stars (nf)
Simon Singh -- Fermat's Enigma (sff)
Charles Stross -- The Atrocity Archives (sff)

So many books and so little time. I should probably drop books faster when they're not working for me, but I want to finish them before writing a review and I really want to write the reviews....

2005-06-17: Almost there....

Lots of mail and writeups sent out today. Various meetings gone to. Travel arrangements made for the airport. Mostly caught up on the mail I need to be caught up on.

This weekend, I still have to write my weekly status report, fill out my time allocation for the week, and do the AFS backend cleanup work that I promised to have done for the conference, but I'm nearly ready to head to Pittsburgh and not think about work other than the conference for a week.

I'm really looking forward to this.

I'll feel even more ready once I get the status report and timesheet entry done, but I'm just too beat tonight.

2005-06-18: afs-backend 1.20

This was the only of the list of AFS-related software that I sent to openafs-info that anyone indicated interest in, so it won. This is the software we use for delegated volume administration, specifically creating, deleting, releasing, and setting the quota on volumes. It's not hugely featureful at the moment, but it works pretty well.

Unfortunately, there was rather more site configuration than I realized, since it ties into how we create and remove volumes, how we name volumes and assign them to volume types, and how we get AFS credentials. There's therefore a fair bit of stuff to review and possibly change to deploy it at a new site. Hopefully it will still be useful to someone.

You can get the latest version of afs-backend, along with the afs-backend-acl script used to generate the remctl ACL file from the internal ACL file, from the afs-backend distribution page.

2005-06-19: New review index

I got curious about something, so I cobbled together a bit of code this evening. The result is this index of books that won multiple SFF awards. It's an interesting list, and probably one that I'll use to prioritize my reading.

I haven't done a statistical analysis of ratings on those books yet, but just looking at the ratings column, I'm not seeing a lot of difference in average rating between books that won two awards and books that won three awards. Certainly, the two that won four awards (Rendezvous with Rama and Gateway) are not books that blew me away, but the sample size is small. However, it looks like winning at least two awards weeds out a lot of the crap; while most awards seem to eventually produce at least one book that I rate lower than a 5 (meaning I thought reading it was a waste of time), there are no ratings below 5 on this list.

The most common pairing is Hugo/Locus, which doesn't surprise me. The most common triple is Hugo/Locus/Nebula, also not particularly surprising. There are some political and qualification-based reasons why those awards are likely to run in parallel, but they also all have been running for quite a while and Locus hands out two awards a year. (I really should split Locus SF from Locus Fantasy rather than just blending them together on both the awards page and here. Project for another night.)

BTW, for those who didn't already realize it, my SFF awards pages aren't nearly as comprehensive as Locus's, but they're also updated much more frequently. If you're interested specifically in award-winning novels, I try to get the latest award winners recorded within a week or so of when I hear about them, and I follow enough blogs and similar news sources that I generally hear about them within a day or two.

2005-06-20: Random travel observations

Airlines (or at least US Air) have stopped serving food gratis and have started charging for it on the plane. What a crock. Also, I think the isles have actually gotten even narrower -- either that, or my tolerance is worse. On the other hand, isle is fairly convenient, and I should get an isle seat in the future.

Security was stunningly efficient and fast at SFO for once. I think I waited a total of two minutes.

There is basically nothing close to my hotel (which is in a really stupid part of Pittsburgh to put a hotel -- I'm sure the land was cheap) that serves good food and is open at 10pm. Also, I still get too easily nervous in questionable-but-not-bad neighborhoods. This should be simple to deal with after tonight, though; this was the only tricky night.

Books are wonderful things. Finished one on the plane and halfway through another. It's rather tempting to stay up and read, although if I do, I'm going to be sorry tomorrow, as I have to get up at 4:30am "my" time.

The hotel network is very slow and had broken my connections three times already. I think I'm going to read a lot in the evenings, which is just fine by me, actually (although I'll miss some social activity).

2005-06-23: New journal formatting

I haven't written much lately in part because I've been very busy at the conference in Pittsburgh (giving two talks and doing lots of networking, as well as a great dinner with some SF/Usenet folks from the area last night), and in part because the network here hasn't been great. It's particularly bad in the hotel.

It wasn't too bad during the conference today, though, and there were a few things I didn't care much about, so I finally got around to redoing the templates for my journal to make them look a little bit better. I may well have broken IE or Opera again (let me know if so), but it looks quite a bit nicer on Firefox. (And honors default font styles, which has been bugging me for a while.)

This isn't the long-awaited move to WordPress, which I'm still planning on doing, unless some other free blog software ends up looking like it has a better maintenance policy and can still deal with comment spam. I should probably take a long look at Blosxom before picking something.

2005-06-23: New NNTP standard

The new base NNTP standard has been approved by the IESG for publication. We're actually going to get a new standard!

Hopefully the three extension drafts will be following within a couple of months, if not less.

2005-06-24: Back in California

The flight back was long but fairly nice, thanks to managing to get an exit row seat. Middle vs. aisle vs. window really doesn't matter there. I got a lot of reading done and would have gotten more done if I'd gotten to bed at a reasonable hour last night and therefore hadn't been too tired to read for much of the day.

The mechanism to redirect water from the tub to the shower has fallen apart, but I have a workaround. Tomorrow, I will try to get caught up on at least some categories of mail (work is going to wait until Monday) and pick up packages. Now, I am going to sleep, as my body thinks it's 2am and I'm not sure I want to discourage that belief; waking up early for a while would be useful.

I have two books finished and ready to review, the first of which will be coming tomorrow.

2005-06-25: Switching to Postfix

After using qmail for years, I've finally decided that it's time to switch to something else. I really like qmail's general model and particularly like how its configuration files are handled, but it's accumulated enough issues that Postfix looks more attractive.

The main problem is backscatter spam. I've been adding various bogus addresses to qmail to discard all mail to them, but that hasn't kept up with the variety of crap that spammers are trying. As a result, I know I've been accepting a lot of mail and then bouncing it back to the (forged) envelope sender, and have been feeling rather bad about that. Postfix not only lets me avoid that for local recipients, it lets me avoid that for backup MX hosts as well (by keeping a record of which recipients are valid on the remote system). This is quite nice.

There are other problems with qmail as well, though. The weird licensing means I have to build it myself and not just use Debian packages, which I much prefer. Despite promises of qmail 2.0, it looks like qmail development is near-permanently stalled, and there are some features I'd like to have. And it's getting to the point where I want to plug in various spam detection or prevention add-ons, possibly including such things as greylisting or running SpamAssassin before delivery, and of course everything supports Postfix and not much supports qmail.

I could have stuck with qmail but switched to a different SMTP listener, and that would have resolved many of these problems, but it still would mean building my own qmail rather than using native packages.

I've switched windlord over to Postfix already. It only took me a couple of hours to write all of the configuration, rename my .qmail files, and test the oddities. If I find the time, I'll put together a web page listing the various issues that I ran into. Some things definitely aren't as nice -- the program interface is significantly inferior, the configuration syntax is much more complex and annoying, and I had to tweak several of the scripts I use to process mail.

Postfix isn't unambiguously better. If both packages had the same license and were both actively developed, I would definitely use qmail over Postfix, even if qmail had no additional features. The Postfix features aren't worth the annoying configuration and loss of good program functionality. But the backscatter problem is just huge now, and the longer I maintain Unix systems, the more important it is to me to be able to reuse other people's packaging work rather than constantly rolling my own.

2005-06-26: woody to sarge upgrade

haven, the one system of mine that I keep on Debian stable since it's a multi-user system and people other than me rely on it working to get their mail, has been upgraded from woody to sarge. That also means I'm now using the new tripwire (quite nice) and aptitude on all of my systems. And yes, if you use aptitude for everything, the auto-removal feature is extremely nice.

The upgrade was completely painless. I followed the release notes and it just worked; the only slow parts were figuring out what local modifications I'd made and could now remove or do in a cleaner fashion. And now I have ssh-krb5 everywhere, which means that I could start thinking about turning off Kerberos rlogin on my personal systems, although it's still the login method I use automatically.

deborphan's handling of Perl and PAM modules isn't always what I want, but debfoster and now aptitude are really superior anyway. The only reason why I even look at deborphan any more is because debfoster for some reason never wants to remove certain high-priority libraries, even if nothing is using them.

2005-06-26: Only Forward

Review: Only Forward, by Michael Marshall Smith

Publisher: Bantam
Copyright: 1994
ISBN: 0-553-57970-3
Pages: 341

Only Forward starts out with a fascinatingly quirky setting, a continent-spanning city where each neighborhood has gone its own way, catering to different personalities, different wants, different laws. The viewpoint character and narrator appears to be some sort of freelance troubleshooter, the sort of person who's handy with weapons and takes on jobs that need doing. With an irreverant tone and a bizarrely off-beat world with wonderful gadgets, the story launches into what seems to be a weird adventure story.

I found Stark's commentary mixed in with the story delightful. Between recounting his adventures, he occasionally banters with the reader quite effectively. The world is just nuts; for example, Stark lives in a neighborhood in which the streets color-coordinate with the passers-by, and there is a mandatory period of black clothing every evening to allow everyone's eyes to relax. He's working for the denizens of the neighborhood of corporate ladder-climbing, where everyone works as hard as they can to get things done and better themselves and get promoted. Somehow, though, it hangs together in an odd way. One doesn't exactly believe in the world so much as have so much fun in it one is willing to ignore the fact it doesn't make a great deal of sense.

Then, nearly halfway through the book and after meeting several wonderful supporting characters, the bottom falls out of the story with a noticable ka-chunk and it suddenly becomes something very different. The tone changes, going more introspective, more metaphorical, and more serious. The narrator starts becoming affected by what's going on, and something bigger starts to surface.

This was very disconcerting when it happened, and not a little disappointing. I badly missed the strange world of the first section of the book and was a little annoyed that I had to read through this heavy psychological stuff that didn't make a great deal of sense in order to get back to more of that story.

Then there's another ka-chunk, the bottom falls out of the story again, and suddenly everything is deeper, larger, more complicated. Far more is going on than it appeared. Then it happens again. And again. And the ending is absolutely brilliant, tying everything back together and showing how much more was truly going on from the beginning.

I was annoyed at Smith for taking me away from the initial world; by the end of the book, I'd forgiven him completely. Despite the bump partway through, I've rarely seen plot twists and an unreliable narrator (who is telling you all along that he's unreliable) handled better. By the end, I was completely hooked on his story. And amidst Stark's struggles with his own past and demons, there are some beautifully phrased observations:

When you're born a light is switched on, a light which shines up through your life. As you get older the light still reaches you, sparkling as it comes up through your memories. And if you're lucky as you travel forward through time, you'll bring the whole of yourself along with you, gathering your skirts and leaving nothing behind, nothing to obscure the light. But if a Bad Thing happens part of you is seared into place, and trapped forever at that time. The rest of you moves onward, dealing with all the todays and tomorrows, but something, some part of you, is left behind. That part blocks the light, colors the rest of your life, but worse than that, it's alive. Trapped forever at that moment, and alone in the dark, that part of you is still alive.

It takes until the very end of the book to realize why, but the title is absolutely perfect.

This is the first truly excellent Philip K. Dick award winner that I've read. I still want to read a complete novel set in that initial world, but I wouldn't have wanted this story to be any different. I'll warn that the whole book isn't light adventure and should be saved until you're in the mood for something deeper, but highly recommended.

Rating: 9 out of 10

2005-06-27: Music update

My new portable music player did not, alas, arrive in time to use for the flight, but I did get it as soon as I got back in town and have been playing with it. I'm planning on writing up a web page giving all the details of what was required to get it to work, but here are some preliminary notes, mostly so that I don't forget things.

It uses a VFAT file system. Helpful to have the kernel module for VFAT built. Note that building the FAT kernel module, while required, is not, in fact, sufficient, as that module just provides common infrastructure and doesn't actually implement a file system. As is stated clearly in the documentation that I clearly didn't read.

When rsync'ing data to a VFAT file system, use --modify-window=1, or rsync thinks it has to do more update work than it actually does. Another annoying thing about VFAT is that it doesn't support a full character set range, which means that album and artist names with certain characters need to get recoded for VFAT storage.

I now see what people mean about 20GB of music being quite a bit to handle on a portable player. It's particularly a lot to handle on a player with a more annoying control than a simple rocker switch for scrolling and with no page up or page down buttons. I really could have done without the "slide your finger on this" interface. Anyway, the album/artist/genre menus are way too long to bother scrolling through -- thankfully, they're just m3u files (one of the reasons why I bought this player), so I can make them be anything I want.

The stuff I downloaded off the web to build .m3u files doesn't understand that, in practice, Ogg Vorbis tags are case-insensitive and is going to require some re-education. (Although given that I thought grip was doing all of my tagging, I wonder how I ended up with different case conventions for different files; maybe retagging my files is a better option.)

I think the way I'm likely to end up using this thing is to build a randomized list of all songs with three stars or higher from Madman and then copy that over as All.m3u, lying to the player about what "all" means. It's still rather nice to have all the music there and I can find it by file hierarchy browsing if I really need to (although at some point I need to figure out a way to fix the directory names used for my music collection without confusing madman).

Wow, I own a lot of crap that I'm never going to listen to.

2005-06-28: NNTP standardization status

The IESG approval of the base document has now been announced, and it's in the RFC editor's queue.

The other three extension documents (AUTHINFO, STREAMING, and STARTTLS) have had additional drafts published following their last call and are now awaiting IESG review, hopefully in the telechat towards the end of July. I don't anticipate any problems.

Then, it's just a waiting game for the RFC Editor, which may be delayed a touch since AUTHINFO depends on a DIGEST-MD5 revision as the mandatory-to-implement SASL mechanism. I'm optimistically hoping to see everything published as RFCs by the end of the year, completely not knowing what the average waiting period is.

It will be somewhat funny, although not too surprising, if the drafts get published as RFCs before I manage to become a Debian developer.

2005-06-30: Pieces of apt everywhere

I see that we're now into the portion of the Debian release cycle where unstable really means unstable. Signature verification was added to apt in a way that causes warnings to happen if a particular archive isn't signed (probably good), but there's no documentation on what exactly is needed to get this working except in the wiki. And that documentation isn't really sufficient; is the Release file that I'm supposed to be signing the one in dists/sid/main/binary-i386, or is there some higher-level Release file I'm supposed to sign?

If that's the one, I don't really see the point, as it doesn't contain anything that changes. Clearly other stuff needs to get signed too. Of course, debarchiver doesn't know what to sign, and sans documentation it's a bit hard to figure out what changes I should feed back to the debarchiver maintainer.

Then, of course, my ability to do anything in Debian is severely hampered by the fact that this change to apt broke pbuilder, since apt inside the pbuilder chroot doesn't know the archive keys and therefore wants confirmation to install untrusted packages, but pbuilder doesn't provide the right options to force the confirmation.

And, on top of that, debootstrap in sid is broken for the buildd varient (and, as near as I can tell, for the non-buildd varient as well), so I can't set up new pbuilder chroots.

I don't really mind all of this -- unstable is unstable, after all. I just hope it gets fixed quickly. In the meantime, I guess I'm working on INN instead of on Debian stuff.

Last modified and spun 2017-03-25