Posts for July 2005

2005-07-02: INN snapshots

I don't think I ever mentioned it here, but a while back I decided to take the plunge and moved the INN development tree to Subversion. More details will be available shortly once I've had a chance to put together a real web site with links to all the new goodies, but as a side effect, I broke various things.

Tonight, I finally fixed snapshots. They're available again from either the ISC FTP site or from a new web location that's part of something I'm hopefully going to get a lot more done on this weekend.

The next INN 2.4 release still isn't out. I have about 35 messages to the INN mailing lists that I still need to think about and figure out what to do with, and about 15 in that I haven't really triaged yet. And now that the NNTP standards have mostly been approved, I really want to get back to working on the compliance angle of things.

So many fun projects, so little time.

2005-07-03: More Postfix complaints

The user login system has now been converted over to Postfix. Now I just have the system that handles mailing lists to go, which will be more annoying since that's where qmail shines. I don't have any per-list mail configuration right now, and I think I'm going to need some for Postfix. We'll see; there might be some special trick for Mailman. I'm planning on going to Debian Mailman at the same time, so this will be quite a project. Not this weekend, I think.

I think I have Postfix doing what I want, but it certainly isn't as easy to configure as qmail was. It can do more, but I kept having to chase things down. For example, subparts of addresses aren't inherited through alias maps, so when I have an alias like racc: eagle-racc, mail to racc-request just goes to eagle-racc, not eagle-racc-request. Okay, fine, that's a configuration setting I can change. Except then it doesn't work. Oh, I see, -request is handled specially and I have to turn that off. That actually makes sense, but for moderation addresses, it's not so useful.

Then I tried to set up relay recipient limits, since that was one of the points of this whole exercise, only to discover that, once again, subaddressing is not handled in any useful fashion. If I limit relaying for windlord to eagle@windlord, eagle-racc@windlord stops working. Bleh.

So I have to use a PCRE map for recipient addresses, so that I can use regexes to match subaddresses. Wow, the documentation for how to do that sucks. I finally figured out that I didn't need to run postmap for a PCRE map (and in fact it does nothing useful, happily and successfully) and the reason why what I was trying to do wasn't working had nothing to do with the recipient address map and was due to the relay domains configuration, since there you have to say to match all subdomains rather than Apparently we're in the middle of some sort of semantics conversion. Feh.

Don't get me wrong, I'm still going to use Postfix, for a lot of different reasons. I'm a bit tired of djb's weird licenses, qmail isn't being actively developed, and we definitely have to run Postfix for work so I want to start learning it. But after going through the exercise of conversion, I'm just confirming that I like how qmail works better, and I particularly think the configuration is vastly superior.

Oh, the final annoyance is that Postfix is now happily trying to deliver mail to system users with random system directories as home directories, which means that if I ever get one that happens to own its own home directory for some reason, Postfix will happily write files into it. And there isn't any way to tell Postfix to not bother trying to deliver mail to any user with a UID below 1000 unless there's an alias for them. This is bullshit. I stopped having to care about this sort of thing when I stopped using sendmail, and now I have to go make a map of all my legitimate local users (and remember to update it every time I create an account) just to convince Postfix that delivering mail to sync is stupid? And worse, until I do that, that mail is accepted and then bounced, making Postfix a great backscatter bounce source (although, admittedly, still not as bad as qmail). Brilliant.

2005-07-04: Leap second

For the first time in quite a while, there will be a leap second introduced at the end of December of 2005. We all get an extra second to enjoy this year. This is the first leap second introduced in six and a half years (and it says something, probably unflattering, about how long I've been following time issues that I remember the last one).

I thought there was some serious discussion of dropping the whole leap second thing entirely, but apparently not (or at least not yet)... oh, here's a lot of information about that process.

2005-07-04: INN accomplishments

As promised, in the absence of a good working setup for Debian, the weekend (what parts of it I could spare from required domestic chores and optional but fun social activities) was spent working on INN.

I'm down to four messages in inn-workers that I still need to think about before the next INN release, plus 16 in Another weekend or two should do it, I hope, and if I'm really lucky and get other things done quickly, it could happen faster.

The big accomplishment for Saturday was getting snapshots working again. The big accomplishment for yesterday was porting overchan to the new overview API and writing a test suite for it (which leaves makehistory, expireover, nnrpd, and innd to port before the old API can be torched). The big accomplishment for today was making cancels immediately eliminate overview information for the article at least with tradindexed, which is a very long-standing problem. I like doing things for Gmane; I think it's a great service, and I like making larsi happy.

(Although it's possible that he's now using Reticule. I've lost track.)

The next big problem with INN that I'd like to get solved is that right now, when using tradindexed overview and tradspool (or timehash, or timecaf too I think) storage, articles in rmgrouped groups are never removed from the spool. They just sit around consuming inodes and disk space and being inaccessible, not to mention lurking ready to bite as soon as the same group rematerializes.

This is kind of bad.

buffindexed does the right thing and has a separate purge cycle of deleted groups that gets rid of all the articles as well. ovdb also has a separate purge cycle, but it doesn't appear to delete the articles. Hm. Probably my fault for setting a bad example. But tradindexed doesn't even have the purge cycle.

I think I know how to fix this. Hopefully I can do it in a clean and minimal way that can be easily backported to STABLE, since this is a bug fix that's really needed. Then I probably also need to provide a tool to go scan through and remove all the old articles. Fun, although generally useful anyway, so I'm not complaining too much. It's probably just another flag for expireover.

I will have to stop thinking about this stuff for a bit, though, as the week is starting and I have to do real work. On the agenda for this week: finish building the new KDCs so that I can do the upgrade next weekend, finish building the Oracle Debian packages, and do some Debian uploads. If I have additional free time, I'll go back to work on remctl.

2005-07-05: Keeping up

It's an interesting feeling to be running right at capacity in one's ability to juggle obligations, conversations, and input.

Time management seems to be a recurring theme in my life, particularly now that I've moved out of the era in which I was constantly bored and now have as many interesting projects as I can handle wanting my time. It's truly nice to be able to name a half-dozen things that I am very interested in doing at any moment, and to know that there's really no reason for me to ever be bored provided that I've exercised a little forethought.

It's also hard, since it's extremely difficult for me to drop anything and I don't stop caring about things I've picked up easily, and yet new opportunities show up and I want to pursue them. It's far too easy to fall into the trap of doing too many things poorly, or letting things drop that I really don't want to drop.

Right now, I literally have no more free time. I think I've pared away every pasttime that I could really drop. I almost never watch TV any more, I have a large collection of DVDs going unwatched, and I have an even larger collection of video games, many of which I've never even started. Reading is not optional, nor is writing, or contact with friends and loved ones, and nearly every free moment outside of that is devoted either to work or to innumerable different private projects. Many of which could easily use twice or more the attention that they're getting (INN, News::Gateway, and newsgroup creation all come to mind).

It's not really a complaint. It sure beats the hell out of the boredom that I went through as a teenager. It is, though, a rather sobering thought, and one that I'm not entirely sure what to do with. It's become quite clear over the past five years that it's also not a challenge that's going to go away, or that has any easy answers. It has an extremely strong emotional component, too; as long as I stay in a particular range of mood, I can handle a lot of input and a lot of obligations and balance them all and still accomplish quite a bit. If I have a mood crash, though, then I have to take days where I do almost nothing, I fall behind, and then I have to deal with guilt and the sensation of being significantly behind.

No conclusions yet, just a lot of pondering. This has been on my mind heavily the past couple of days. I've been doing a better job of avoiding mood crashes for the past while, and maybe I'm learning (slowly) more about the emotional control to let me keep doing that.

2005-07-09: *yawn*

I am nowhere near as good at going on five and a half hours sleep as I used to. I also really hate our maintenance windows.

Two of the three KDCs have been moved to Debian and upgraded to something modern. The third goes tomorrow. Only one minor hitch, which is that our admin systems firewall is apparently blocking outgoing UDP except to specified hosts (guess we really don't trust that software at all), so I have to dual-home a couple of the servers onto the old addresses we're evacuating until the firewall can be updated. But that's doable.

I was going to work on INN today, but I'm beat. I think I'm going to read a little and then go to sleep within a half-hour or hour, which is ridiculously early for me. Maybe that will mean I'll be rested tomorrow, though, despite another early start.

I may steal some hours this week from work to work on INN, given the work I had to do this weekend.

2005-07-10: Slow weekend

Wow, getting up early both days this weekend to do KDC upgrades really wiped me out. I haven't had a low energy weekend in quite a while.

It wasn't as bad as it could have been. I still did get some stuff done this weekend, including picking up new music, getting all of it ripped for my personal use, poking at SSL in INN a little bit, and getting about two hours worth of work done on Debian packaging. I should be able to finish AFS and Kerberos packages for upload tomorrow, hopefully.

And that is on top of seven hours of work, starting at 5:30am on Saturday and 6:30am on Sunday, although what really got me was more not managing to go to bed at a sane hour Friday night and therefore getting only five and a half hours of sleep. I'm just not as good at that as I used to be. I need to practice going back to sleep after the work is done. I'll have an opportunity Thursday morning, when I'm doing another 6am upgrade.

I didn't have the focus to work on INN, alas, so I haven't finished the work I need to do for a release. More good patches keep showing up to include, so I need to get it done and get 2.4.3 out there. But I'll get to it eventually, along with the much-needed catchup on e-mail of all varieties, where I am currently woefully behind.

2005-07-10: All the Hugo winners

I realized the other day that, after a year and a half of frequently award-focused SF reading, I've now read all Hugo winners but thirteen. That's the closest I am to having read every winning novel for any award (Nebula, Clarke, and Tiptree are all tied at fifteen left), and by far the closest percentage-wise.

That's almost in sight of a final push to finish them all. If I just read Hugo winners for a month and a half....

Of the one's left (not counting The Snow Queen, which I've already read and which is pending review), I expect I'll like The Man in the High Castle and The Wanderer. I just haven't gotten around to them. I'm reading The Big Time right now; so far, not my thing, but then I just started it.

To Your Scattered Bodies Go I have a bad feeling about. Those are often reliable, even when they're based on very little. But it's short, at least, unlike Stand on Zanzibar, which can intimidate me from across the room.

The one Hugo winner I've both not read and don't own is the one you've probably also never heard of, The Forever Machine by Mark Clifton and Frank Riley. I hear it's hideous. Hopefully it will also be short.

The really hard ones are going to be Green Mars and Blue Mars, books two and three of a series that I'm pretty sure I'm going to at best dislike, and that's on top of being large and apparently fairly dense books. Those may end up being last.

That leaves the Bujold (The Vor Game and Mirror Dance), which I've not really gotten into but for which I have some evidence that it will improve, and the Heinlein (The Moon Is a Harsh Mistress, Starship Troopers, and The Double Star), which I'll read at some point when I have a high tolerance for libertarian bullshit. I'm not going to force myself to re-read Stranger in a Strange Land, at least right now, despite it being the only book I've ever given up on reading within fifteen pages from the end.

Not very much at all, particularly given the number of those books that are refreshingly brief. I bet I'll be down to five or six left to read by the end of the summer, given how goal-oriented I tend to be as soon as a nice, achievable goal presents itself.

2005-07-12: On porn

Various other people have written about the stupidity of CNN continuing to broadcast urgent breaking news coverage of the London bombings long after anything new had stopped happening and long after all the British media (you know, the people who are actually from the affected country) had gone on with their lives. That ground has been well-covered by others. I have a related observation, though.

Those of you who kept watching CNN beyond the point required to actually inform yourself about events in the world weren't watching news. You were watching terrorism porn.

Now, don't get me wrong. There isn't anything wrong with that. I often enjoy porn. Personally, I go for natural disaster porn and spent a fair chunk of Sunday watching hurricane porn. The dialog is as bad as sex porn, and really the outcome is about as predictable, but somehow it's strangely fascinating. I usually do this thing where I root against the people and for the hurricane. I mean, it's a lot more interesting when the hurricane is winning. It's like rooting for whoever is currently behind in a sports game. You're actually rooting for a good show.

Cold-hearted? Well, I don't claim a strong affinity with the rest of the human race, but more to the point, I'm aware that the thoughts that go on inside my head while I'm watching a television program about a hurricane on the other side of the continent do not actually affect the real world. So, see, why make myself depressed over people I've never heard of who are going to have the same things happen to them no matter what I think? And, more to the point, I understand that what I'm watching is porn.

There's a real hurricane that's hurting real people, and if I knew any of them, I'd be anxious to hear how they are and would help them if I could. But that's not what the TV program is actually about. That's just what it's supposed to be about, just like what sex porn is supposed to be about is the idea that you, sitting on your couch, could actually be having sex with those people. It is, ahem, "the depiction of acts in a sensational manner so as to arouse a quick intense emotional reaction." You know, porn. It is quite possible to enjoy porn about some event while still not being happy about the event. Either that, or anyone who watches the History Channel ("all Nazis, all the time!") is a sick, sick puppy.

Just for the record, I also don't pray for people in disasters. If God can't figure out for himself what to do in a natural disaster, we are so much more screwed than I could possibly do anything about with a little divine pleading.

Do, by all means, watch your news porn, your terrorism porn, your disaster porn, your missing person porn (a huge hit in the US, particularly with white, blonde subjects), your political commentator porn (not my kink, but hey, it takes all kinds), and particularly your election porn. That's what television is there for, after all. To entertain. It's just worth remembering, from time to time, that you are watching porn, and not that other strange beast called "news." One doesn't get to see much "news" these days in the US except in bizarre, little-regarded corners of the television dial like PBS, but you'll recognize it. It's those weird TV programs full of these strangely thought-provoking objects called "facts" and interviews that involve oddly-phrased "intelligent questions." You'll recognize "news" when it presents you information and then stops, when you don't have to pick IQ points off the floor when you're done, and when you realize that they've told you what they know and there's no reason to keep watching.

It's weird. It's nice for a break, but porn is much more engrossing. Next week, the British Open! Golf porn!

(Thanks to Pat Cadigan's Synners for the idea.)

2005-07-15: Busy, busy

I've not been posting much lately, thankfully because I had a very productive (if annoying) week. Kerberos security advisories are always lots of work.

I've finished a revision of the GTimer package for Debian and just need to do builds and testing. The excuse is to take care of the X transition, but I also cleaned up all of the patches to submit upstream (hopefully a new upstream version soon) and took advantage of the opportunity to tweak a few of them and improve them a bit.

After a discussion on debian-qa, I looked over the orphaned packages for ones with several bugs in the BTS with patches or clear resolutions, and may prepare a few packages for upload this weekend. I also want to put in some more work on INN, since I didn't get much done on that last weekend and I don't have early-morning work I have to do this time.

And, of course, I have several reviews to write. But that will have to wait until tomorrow.

2005-07-22: Weekend at last

I could do without more weeks like that one.

To do this weekend: write at least two reviews so that I can stop falling behind, try to get caught up on usenet-config, and try to triage the remaining INN messages.

All of that will take a back seat to writing, I think, if I get on a good roll, and will definitely take a back seat to recovery if I need more of it. I'm feeling pretty good this evening, but we'll see if my energy levels are still high over the weekend.

I never want to be a manager.

2005-07-23: Hot

So you know all that stuff that I was going to do? None of it happened today, although I did get some laundry done. Otherwise, it was just way too hot, which made me sleepy and low-energy and meant that I just didn't start anything.

I was going to do an extra session in the gym today as well, but, see, hot.

I really should buy an air conditioner. One of these days, I'll get around to it. In the meantime, we'll see what I get done tomorrow; some reviews, at least, should be in order. But I'm not going to worry too much about it; after the stress of last week, spending the whole weekend doing nothing is allowed.

It's a very good thing that I have a ton of vacation coming up.

2005-07-25: Tripwire musings

You'll all have to wait another day for another review; I have three things read but not reviewed yet waiting for me to find the time, but as I was up until 4:30am last night helping with a rollout, I ran out of time too early today.

I spent some time this evening cleaning up tripwire reports for all the systems we upgraded Kerberos software on recently, and thinking once again about how much of a pain it is and how much we need samhain or something like it deployed. We've automated our tripwire process a lot, using Kerberos and some properties of AFS and a wrapper script I wrote a while back and then improved over time. It's already a lot better than what you get with tripwire out of the box, but it still works on the level of an individual machine (with possibly shared configuration).

The big advantage of samhain is that it's a centralized server that everything reports to, so I don't have to have each system mail the tripwire reports to a central location and then use scripts to check for clean and dirty ones and maintain an archive. That also makes it considerably more secure; it's still possible to fool a central system like samhain, of course, with a sufficiently dedicated attacker, but it's a lot harder.

I've only looked at it briefly, enough to think it will work, but here's the way my ideal system would work (some security considerations ignored since it's too late to go into those details as well). There's a central coordination server that collects all of the reports. It sorts them out into clean and dirty, and also classifies systems into groups according to who runs them. Each day, it sends out a report of dirty systems to the relevant contact addresses. Administrators can go to the central web site, authenticate in some fashion, and then mark off the reports of changes that they say are fine, and samhain updates the database appropriately on the central system. They should also have some way of changing configuration files, but I'd rather that be CVS-controlled and don't really want easy buttons on the web site to say to ignore particular files, since then people don't really think about what patterns we should be looking for.

(I actually like the annoyance factor of having to edit configuration files to exclude files that are changing outside of the areas of the disk devoted to such files. It pushes people towards using FHS properly.)

Added on to that, I also want something equivalent to tripwire -update, although I can live without it. This is a way of saying "I know I just touched the following four files; please recheck them, redigest them, and just update the database with their current status without asking about it later and without rechecking the whole system." The reason why I can live without it is because I must have the simple approval of changes method for updating the database; once I have that, approving changes is fast and doesn't require rechecking the system like doing it properly does now, so it's not as much of a problem to just let the system be dirty the next night and then approve the changes.

The tricky part of deploying samhain will be getting the binary distribution down solid and getting the machine groupings and nightly reports working the way that I want. I think the web pieces and the approval is already there -- at least, I hope it is -- but I've not really looked yet.

I really want to find some time to do this, since I think the whole tripwire process can be made about an order of magnitude faster, which will then mean that more people in my group will really take the time to do it regularly. Right now, it's such a hassle that it's very tempting to skip it, since 99.99% of what tripwire picks up is legitimate changes we don't care about.

2005-07-30: Debian and a2ps

Well, today ended up being fairly productive.

The Debian New Maintainer process involves a couple of examinations to make sure that the candidate both understands the policies and procedures of Debian and has the skills required to perform common tasks. I'm in the first part of that right now, and rather than just answering a bunch of essay questions, I'm doing bug triage to show that I can use the bug system.

Today was spent going through the a2ps package and studying all of the bugs. I picked out that package as one that I thought I could do something with, and having finished a day of work on it, I'm pretty happy with my choice. There weren't many bugs that could just be closed, but there were a lot that could be merged. I also made a few patches or updated patches that weren't quite sufficient and got those into the bug system.

I think that if all that work is applied in the next version, it should close around ten open bugs, maybe more with all the merged ones. It took more time than answering questions, but I do like getting some useful work done at the same time as going through this process. Kind of like being an intern.

2005-07-31: usenet-config caught up

I've been way, way behind on processing changes to the hierarchy lists and configuration information. I should now finally be caught up, other than checking and removing some URLs that are no longer good. I've also manually updated the microsoft.* hierarchy and manually added the perl.* hierarchy, since I haven't had a chance yet to write the code to pull down a group list from a remote server. (Plus, some of the perl.* descriptions are, um, long -- too long to be useful.)

Now I just need to find the time to make all the code that maintains those lists public so that someone else can pick it up if they want.

Last spun 2024-01-01 from thread modified 2023-05-14