2005-07-02: INN snapshots
I don't think I ever mentioned it here, but a while back I decided to take
the plunge and moved the INN development tree to Subversion. More details
will be available shortly once I've had a chance to put together a real web
site with links to all the new goodies, but as a side effect, I broke
various things.
Tonight, I finally fixed snapshots. They're available again from either
the ISC FTP site or
from a new web location that's
part of something I'm hopefully going to get a lot more done on this
weekend.
The next INN 2.4 release still isn't out. I have about 35 messages to the
INN mailing lists that I still need to think about and figure out what to
do with, and about 15 in news.software.nntp that I haven't really triaged
yet. And now that the NNTP standards have mostly been approved, I really
want to get back to working on the compliance angle of things.
So many fun projects, so little time.
2005-07-03: More Postfix complaints
The user login system has now been converted over to Postfix. Now I just
have the system that handles mailing lists to go, which will be more
annoying since that's where qmail shines. I don't have any per-list mail
configuration right now, and I think I'm going to need some for Postfix.
We'll see; there might be some special trick for Mailman. I'm planning on
going to Debian Mailman at the same time, so this will be quite a project.
Not this weekend, I think.
I think I have Postfix doing what I want, but it certainly isn't as easy to
configure as qmail was. It can do more, but I kept having to chase things
down. For example, subparts of addresses aren't inherited through alias
maps, so when I have an alias like racc: eagle-racc, mail to racc-request
just goes to eagle-racc, not eagle-racc-request. Okay, fine, that's a
configuration setting I can change. Except then it doesn't work. Oh, I
see, -request is handled specially and I have to turn that off. That
actually makes sense, but for moderation addresses, it's not so useful.
Then I tried to set up relay recipient limits, since that was one of the
points of this whole exercise, only to discover that, once again,
subaddressing is not handled in any useful fashion. If I limit relaying
for windlord to eagle@windlord, eagle-racc@windlord stops working. Bleh.
So I have to use a PCRE map for recipient addresses, so that I can use
regexes to match subaddresses. Wow, the documentation for how to do that
sucks. I finally figured out that I didn't need to run postmap for a PCRE
map (and in fact it does nothing useful, happily and successfully) and the
reason why what I was trying to do wasn't working had nothing to do with
the recipient address map and was due to the relay domains configuration,
since there you have to say eyrie.org to match all subdomains rather than
.eyrie.org. Apparently we're in the middle of some sort of semantics
conversion. Feh.
Don't get me wrong, I'm still going to use Postfix, for a lot of different
reasons. I'm a bit tired of djb's weird licenses, qmail isn't being
actively developed, and we definitely have to run Postfix for work so I
want to start learning it. But after going through the exercise of
conversion, I'm just confirming that I like how qmail works better, and I
particularly think the configuration is vastly superior.
Oh, the final annoyance is that Postfix is now happily trying to deliver
mail to system users with random system directories as home directories,
which means that if I ever get one that happens to own its own home
directory for some reason, Postfix will happily write files into it. And
there isn't any way to tell Postfix to not bother trying to deliver mail to
any user with a UID below 1000 unless there's an alias for them. This is
bullshit. I stopped having to care about this sort of thing when I stopped
using sendmail, and now I have to go make a map of all my legitimate local
users (and remember to update it every time I create an account) just to
convince Postfix that delivering mail to sync is stupid? And worse, until I
do that, that mail is accepted and then bounced, making Postfix a great
backscatter bounce source (although, admittedly, still not as bad as
qmail). Brilliant.
2005-07-04: Leap second
For the first time in quite a while, there
will be a leap
second introduced at the end of December of 2005. We all get an extra
second to enjoy this year. This is the first leap second introduced in six
and a half years (and it says something, probably unflattering, about how
long I've been following time issues that I remember the last one).
I thought there was some serious discussion of dropping the whole leap
second thing entirely, but apparently not (or at least not yet)... oh,
here's a lot
of information about that process.
2005-07-04: INN accomplishments
As promised, in the absence of a good working setup for Debian, the weekend
(what parts of it I could spare from required domestic chores and optional
but fun social activities) was spent working on INN.
I'm down to four messages in inn-workers that I still need to think about
before the next INN release, plus 16 in news.software.nntp. Another
weekend or two should do it, I hope, and if I'm really lucky and get other
things done quickly, it could happen faster.
The big accomplishment for Saturday was getting snapshots working again.
The big accomplishment for yesterday was porting overchan to the new
overview API and writing a test suite for it (which leaves makehistory,
expireover, nnrpd, and innd to port before the old API can be torched).
The big accomplishment for today was making cancels immediately eliminate
overview information for the article at least with tradindexed, which is a
very long-standing problem. I like doing things for Gmane; I think it's a
great service, and I like making larsi happy.
(Although it's possible that he's now using Reticule. I've lost track.)
The next big problem with INN that I'd like to get solved is that right
now, when using tradindexed overview and tradspool (or timehash, or timecaf
too I think) storage, articles in rmgrouped groups are never removed from
the spool. They just sit around consuming inodes and disk space and being
inaccessible, not to mention lurking ready to bite as soon as the same
group rematerializes.
This is kind of bad.
buffindexed does the right thing and has a separate purge cycle of deleted
groups that gets rid of all the articles as well. ovdb also has a separate
purge cycle, but it doesn't appear to delete the articles. Hm. Probably
my fault for setting a bad example. But tradindexed doesn't even have the
purge cycle.
I think I know how to fix this. Hopefully I can do it in a clean and
minimal way that can be easily backported to STABLE, since this is a bug
fix that's really needed. Then I probably also need to provide a tool to
go scan through and remove all the old articles. Fun, although generally
useful anyway, so I'm not complaining too much. It's probably just another
flag for expireover.
I will have to stop thinking about this stuff for a bit, though, as the
week is starting and I have to do real work. On the agenda for this week:
finish building the new KDCs so that I can do the upgrade next weekend,
finish building the Oracle Debian packages, and do some Debian uploads. If
I have additional free time, I'll go back to work on remctl.
2005-07-05: Keeping up
It's an interesting feeling to be running right at capacity in one's
ability to juggle obligations, conversations, and input.
Time management seems to be a recurring theme in my life, particularly now
that I've moved out of the era in which I was constantly bored and now have
as many interesting projects as I can handle wanting my time. It's truly
nice to be able to name a half-dozen things that I am very interested in
doing at any moment, and to know that there's really no reason for me to
ever be bored provided that I've exercised a little forethought.
It's also hard, since it's extremely difficult for me to drop anything and
I don't stop caring about things I've picked up easily, and yet new
opportunities show up and I want to pursue them. It's far too easy to fall
into the trap of doing too many things poorly, or letting things drop that
I really don't want to drop.
Right now, I literally have no more free time. I think I've pared away
every pasttime that I could really drop. I almost never watch TV any more,
I have a large collection of DVDs going unwatched, and I have an even
larger collection of video games, many of which I've never even started.
Reading is not optional, nor is writing, or contact with friends and loved
ones, and nearly every free moment outside of that is devoted either to
work or to innumerable different private projects. Many of which could
easily use twice or more the attention that they're getting (INN,
News::Gateway, and newsgroup creation all come to mind).
It's not really a complaint. It sure beats the hell out of the boredom
that I went through as a teenager. It is, though, a rather sobering
thought, and one that I'm not entirely sure what to do with. It's become
quite clear over the past five years that it's also not a challenge that's
going to go away, or that has any easy answers. It has an extremely strong
emotional component, too; as long as I stay in a particular range of mood,
I can handle a lot of input and a lot of obligations and balance them all
and still accomplish quite a bit. If I have a mood crash, though, then I
have to take days where I do almost nothing, I fall behind, and then I have
to deal with guilt and the sensation of being significantly behind.
No conclusions yet, just a lot of pondering. This has been on my mind
heavily the past couple of days. I've been doing a better job of avoiding
mood crashes for the past while, and maybe I'm learning (slowly) more about
the emotional control to let me keep doing that.
2005-07-09: *yawn*
I am nowhere near as good at going on five and a half hours sleep as I used
to. I also really hate our maintenance windows.
Two of the three KDCs have been moved to Debian and upgraded to something
modern. The third goes tomorrow. Only one minor hitch, which is that our
admin systems firewall is apparently blocking outgoing UDP except to
specified hosts (guess we really don't trust that software at all), so I
have to dual-home a couple of the servers onto the old addresses we're
evacuating until the firewall can be updated. But that's doable.
I was going to work on INN today, but I'm beat. I think I'm going to read
a little and then go to sleep within a half-hour or hour, which is
ridiculously early for me. Maybe that will mean I'll be rested tomorrow,
though, despite another early start.
I may steal some hours this week from work to work on INN, given the work I
had to do this weekend.
2005-07-10: Slow weekend
Wow, getting up early both days this weekend to do KDC upgrades really
wiped me out. I haven't had a low energy weekend in quite a while.
It wasn't as bad as it could have been. I still did get some stuff done
this weekend, including picking up new music, getting all of it ripped for
my personal use, poking at SSL in INN a little bit, and getting about two
hours worth of work done on Debian packaging. I should be able to finish
AFS and Kerberos packages for upload tomorrow, hopefully.
And that is on top of seven hours of work, starting at 5:30am on Saturday
and 6:30am on Sunday, although what really got me was more not managing to
go to bed at a sane hour Friday night and therefore getting only five and a
half hours of sleep. I'm just not as good at that as I used to be. I need
to practice going back to sleep after the work is done. I'll have an
opportunity Thursday morning, when I'm doing another 6am upgrade.
I didn't have the focus to work on INN, alas, so I haven't finished the
work I need to do for a release. More good patches keep showing up to
include, so I need to get it done and get 2.4.3 out there. But I'll get to
it eventually, along with the much-needed catchup on e-mail of all
varieties, where I am currently woefully behind.
2005-07-10: All the Hugo winners
I realized the other day that, after a year and a half of frequently
award-focused SF reading, I've now read all Hugo winners but thirteen.
That's the closest I am to having read every winning novel for any award
(Nebula, Clarke, and Tiptree are all tied at fifteen left), and by far the
closest percentage-wise.
That's almost in sight of a final push to finish them all. If I just read
Hugo winners for a month and a half....
Of the one's left (not counting The Snow Queen, which I've already
read and which is pending review), I expect I'll like The Man in the
High Castle and The Wanderer. I just haven't gotten around to
them. I'm reading The Big Time right now; so far, not my thing, but
then I just started it.
To Your Scattered Bodies Go I have a bad feeling about. Those are
often reliable, even when they're based on very little. But it's short, at
least, unlike Stand on Zanzibar, which can intimidate me from across
the room.
The one Hugo winner I've both not read and don't own is the one you've
probably also never heard of, The Forever Machine by Mark Clifton
and Frank Riley. I hear it's hideous. Hopefully it will also be short.
The really hard ones are going to be Green Mars and Blue
Mars, books two and three of a series that I'm pretty sure I'm going to at
best dislike, and that's on top of being large and apparently fairly dense
books. Those may end up being last.
That leaves the Bujold (The Vor Game and Mirror Dance), which
I've not really gotten into but for which I have some evidence that it will
improve, and the Heinlein (The Moon Is a Harsh Mistress,
Starship Troopers, and The Double Star), which I'll read at
some point when I have a high tolerance for libertarian bullshit. I'm not
going to force myself to re-read Stranger in a Strange Land, at
least right now, despite it being the only book I've ever given up on
reading within fifteen pages from the end.
Not very much at all, particularly given the number of those books that are
refreshingly brief. I bet I'll be down to five or six left to read by the
end of the summer, given how goal-oriented I tend to be as soon as a nice,
achievable goal presents itself.
2005-07-12: On porn
Various other people have written about the stupidity of CNN continuing to
broadcast urgent breaking news coverage of the London bombings long after
anything new had stopped happening and long after all the British media
(you know, the people who are actually from the affected country) had gone
on with their lives. That ground has been well-covered by others. I have
a related observation, though.
Those of you who kept watching CNN beyond the point required to actually
inform yourself about events in the world weren't watching news. You were
watching terrorism porn.
Now, don't get me wrong. There isn't anything wrong with that. I often
enjoy porn. Personally, I go for natural disaster porn and spent a fair
chunk of Sunday watching hurricane porn. The dialog is as bad as sex porn,
and really the outcome is about as predictable, but somehow it's strangely
fascinating. I usually do this thing where I root against the people and
for the hurricane. I mean, it's a lot more interesting when the hurricane
is winning. It's like rooting for whoever is currently behind in a sports
game. You're actually rooting for a good show.
Cold-hearted? Well, I don't claim a strong affinity with the rest of the
human race, but more to the point, I'm aware that the thoughts that go on
inside my head while I'm watching a television program about a hurricane on
the other side of the continent do not actually affect the real
world. So, see, why make myself depressed over people I've never heard of
who are going to have the same things happen to them no matter what I
think? And, more to the point, I understand that what I'm watching is
porn.
There's a real hurricane that's hurting real people, and if I knew any of
them, I'd be anxious to hear how they are and would help them if I could.
But that's not what the TV program is actually about. That's just what
it's supposed to be about, just like what sex porn is supposed to be about
is the idea that you, sitting on your couch, could actually be having sex
with those people. It is, ahem, "the depiction of acts in a sensational
manner so as to arouse a quick intense emotional reaction." You know,
porn. It is quite possible to enjoy porn about some event while still not
being happy about the event. Either that, or anyone who watches the
History Channel ("all Nazis, all the time!") is a sick, sick puppy.
Just for the record, I also don't pray for people in disasters. If God
can't figure out for himself what to do in a natural disaster, we are
so much more screwed than I could possibly do anything about with a
little divine pleading.
Do, by all means, watch your news porn, your terrorism porn, your disaster
porn, your missing person porn (a huge hit in the US, particularly with
white, blonde subjects), your political commentator porn (not my kink, but
hey, it takes all kinds), and particularly your election porn.
That's what television is there for, after all. To entertain. It's just
worth remembering, from time to time, that you are watching porn, and not
that other strange beast called "news." One doesn't get to see much "news"
these days in the US except in bizarre, little-regarded corners of the
television dial like PBS, but you'll recognize it. It's those weird TV
programs full of these strangely thought-provoking objects called "facts"
and interviews that involve oddly-phrased "intelligent questions." You'll
recognize "news" when it presents you information and then stops, when you
don't have to pick IQ points off the floor when you're done, and when you
realize that they've told you what they know and there's no reason to keep
watching.
It's weird. It's nice for a break, but porn is much more engrossing. Next
week, the British Open! Golf porn!
(Thanks to Pat Cadigan's Synners for the idea.)
2005-07-15: Busy, busy
I've not been posting much lately, thankfully because I had a very
productive (if annoying) week. Kerberos security advisories are always
lots of work.
I've finished a revision of the GTimer package for Debian and just need to
do builds and testing. The excuse is to take care of the X transition, but
I also cleaned up all of the patches to submit upstream (hopefully a new
upstream version soon) and took advantage of the opportunity to tweak a few
of them and improve them a bit.
After a discussion on debian-qa, I looked over the orphaned packages for
ones with several bugs in the BTS with patches or clear resolutions, and
may prepare a few packages for upload this weekend. I also want to put in
some more work on INN, since I didn't get much done on that last weekend
and I don't have early-morning work I have to do this time.
And, of course, I have several reviews to write. But that will have to
wait until tomorrow.
2005-07-22: Weekend at last
I could do without more weeks like that one.
To do this weekend: write at least two reviews so that I can stop falling
behind, try to get caught up on usenet-config, and try to triage the
remaining INN messages.
All of that will take a back seat to writing, I think, if I get on a good
roll, and will definitely take a back seat to recovery if I need more of
it. I'm feeling pretty good this evening, but we'll see if my energy
levels are still high over the weekend.
I never want to be a manager.
2005-07-23: Hot
So you know all that stuff that I was going to do? None of it happened
today, although I did get some laundry done. Otherwise, it was just way
too hot, which made me sleepy and low-energy and meant that I just didn't
start anything.
I was going to do an extra session in the gym today as well, but, see, hot.
I really should buy an air conditioner. One of these days, I'll get around
to it. In the meantime, we'll see what I get done tomorrow; some reviews,
at least, should be in order. But I'm not going to worry too much about
it; after the stress of last week, spending the whole weekend doing nothing
is allowed.
It's a very good thing that I have a ton of vacation coming up.
2005-07-25: Tripwire musings
You'll all have to wait another day for another review; I have three things
read but not reviewed yet waiting for me to find the time, but as I was up
until 4:30am last night helping with a rollout, I ran out of time too early
today.
I spent some time this evening cleaning up tripwire reports for all the
systems we upgraded Kerberos software on recently, and thinking once again
about how much of a pain it is and how much we need samhain or something
like it deployed. We've automated our tripwire process a lot, using
Kerberos and some properties of AFS and a wrapper script I wrote a while
back and then improved over time. It's already a lot better than what you
get with tripwire out of the box, but it still works on the level of an
individual machine (with possibly shared configuration).
The big advantage of samhain is that it's a centralized server that
everything reports to, so I don't have to have each system mail the
tripwire reports to a central location and then use scripts to check for
clean and dirty ones and maintain an archive. That also makes it
considerably more secure; it's still possible to fool a central system like
samhain, of course, with a sufficiently dedicated attacker, but it's a lot
harder.
I've only looked at it briefly, enough to think it will work, but here's
the way my ideal system would work (some security considerations ignored
since it's too late to go into those details as well). There's a central
coordination server that collects all of the reports. It sorts them out
into clean and dirty, and also classifies systems into groups according to
who runs them. Each day, it sends out a report of dirty systems to the
relevant contact addresses. Administrators can go to the central web site,
authenticate in some fashion, and then mark off the reports of changes that
they say are fine, and samhain updates the database appropriately on the
central system. They should also have some way of changing configuration
files, but I'd rather that be CVS-controlled and don't really want easy
buttons on the web site to say to ignore particular files, since then
people don't really think about what patterns we should be looking for.
(I actually like the annoyance factor of having to edit configuration files
to exclude files that are changing outside of the areas of the disk devoted
to such files. It pushes people towards using FHS properly.)
Added on to that, I also want something equivalent to tripwire -update,
although I can live without it. This is a way of saying "I know I just
touched the following four files; please recheck them, redigest them, and
just update the database with their current status without asking about it
later and without rechecking the whole system." The reason why I can live
without it is because I must have the simple approval of changes method for
updating the database; once I have that, approving changes is fast and
doesn't require rechecking the system like doing it properly does now, so
it's not as much of a problem to just let the system be dirty the next
night and then approve the changes.
The tricky part of deploying samhain will be getting the binary
distribution down solid and getting the machine groupings and nightly
reports working the way that I want. I think the web pieces and the
approval is already there -- at least, I hope it is -- but I've not really
looked yet.
I really want to find some time to do this, since I think the whole
tripwire process can be made about an order of magnitude faster, which will
then mean that more people in my group will really take the time to do it
regularly. Right now, it's such a hassle that it's very tempting to skip
it, since 99.99% of what tripwire picks up is legitimate changes we don't
care about.
2005-07-30: Debian and a2ps
Well, today ended up being fairly productive.
The Debian New Maintainer process involves a couple of examinations to make
sure that the candidate both understands the policies and procedures of
Debian and has the skills required to perform common tasks. I'm in the
first part of that right now, and rather than just answering a bunch of
essay questions, I'm doing bug triage to show that I can use the bug
system.
Today was spent going through the a2ps package and studying all of the
bugs. I picked out that package as one that I thought I could do something
with, and having finished a day of work on it, I'm pretty happy with my
choice. There weren't many bugs that could just be closed, but there were
a lot that could be merged. I also made a few patches or updated patches
that weren't quite sufficient and got those into the bug system.
I think that if all that work is applied in the next version, it should
close around ten open bugs, maybe more with all the merged ones. It took
more time than answering questions, but I do like getting some useful work
done at the same time as going through this process. Kind of like being an
intern.
2005-07-31: usenet-config caught up
I've been way, way behind on processing changes to the hierarchy lists and
configuration information. I should now finally be caught up, other than
checking and removing some URLs that are no longer good. I've also
manually updated the microsoft.* hierarchy and manually added the perl.*
hierarchy, since I haven't had a chance yet to write the code to pull down
a group list from a remote server. (Plus, some of the perl.* descriptions
are, um, long -- too long to be useful.)
Now I just need to find the time to make all the code that maintains those
lists public so that someone else can pick it up if they want.
All posts