Posts for December 2006

2006-12-02: fsr 1.9

While dealing with a strange AFS problem we're currently having, one of my co-workers noticed that fsr didn't support recursively flushing directories. Added with a one-line change.

You can get the latest version from the fsr distribution page.

2006-12-02: New Netnews protocol draft

Over the past month, I've been working on a revision and counter-proposal to the current Netnews protocol draft in the Usenet Article Format IETF working group. We've mostly finished the basic format and now need to finish the protocol, and I was asked to write a new version of the current draft so that we can compare the results of a different editorial style to the current draft.

I submitted my draft to the draft editor yesterday, and you can also get it off my web site. I haven't had a chance to wrap any nice pages around it yet, or in general update a lot of my IETF-related web pages for the current status of things (such as the publication of all of the NNTP RFCs).

Going through the complete protocol draft gave me a different perspective on several problems and turned up a few nice solutions to things that I previously didn't know how to deal with. I don't agree with Charles's decisions on features and on wording focus, but he has done a great job of precisely describing a lot of technical behavior. We'll see what happens from here.

This has taken around twenty-five hours over the past month, maybe more, so it's a relief to get it done with and out there. I've already warned people that going forward I'm not willing to devote more than two hours a week. I have way too many other things to do. But I do think the exercise was worthwhile, even if we don't adopt my draft as the new WG document, since I managed to explain and find a lot of things about the protocol that needed attention and the draft can now be mined for wording.

2006-12-03: Preorder haul

This will be the last book order of the year, but there were a couple of paperbacks that I wanted right away so I went ahead and preordered them. I was also given a nice selection of books, mostly by the Scribblies and assorted related writers.

Elizabeth Bear -- Carnival (sff)
Pamela Dean -- Tam Lin (sff)
Laurell K. Hamilton -- A Stroke of Midnight (sff)
Janet Kagan -- Hellspark (sff)
Henry Kuttner -- The Best of Henry Kuttner (sff)
Will Shetterly & Emma Bull (ed.) -- Liavek (sff)
Will Shetterly & Emma Bull (ed.) -- Liavek: The Players of Luck (sff)

I still have reviews from vacation that I've not posted yet, plus I'm three books behind writing reviews for books I've read. Maybe I'll be able to do something about that tomorrow, although I really need to get a new lintian release out and then catch up with a few other things.

2006-12-03: mvto 1.15

When moving the read/write of a replicated volume onto a server that already had a replica, mvto tried to remove the replica on the wrong partition twice. It's sufficient to remove it only once. Thanks to Hans-Gunther Borrmann for the patch.

You can get the latest version from the mvto distribution page.

2006-12-04: cl2xhtml 1.7

Dave Elcock sent me patches to cl2xhtml that would optionally add ViewCVS links to the converted HTML output (particularly useful ones if you're using cvs2cl with the --revisions option). I started to integrate them and then realized that the code would be a bit cleaner if I significantly overhauled the ChangeLog parser.

This still isn't implemented properly. It uses a bunch of regexes and guesswork to parse most of the ChangeLog file and generate HTML on the fly, when what it really should do is instantiate a ChangeLog entry object that parses the text representation and then has a method to generate an HTML representation. But since I already spent four hours working on this when I only expected to spend one hour, I'll release this working version and then do that as part of the next overhaul.

As part of the partial overhaul that I did do, though, cl2xhtml can now deal with comma-separated filenames and comma-separated functions and will add the appropriate markup. It also handles timestamps as well as dates in the ChangeLog entry header, since cvs2cl adds those (even though they're not part of the official GNU ChangeLog format).

You can get the new release from my web tools distribution page.

2006-12-06: pam-afs-session 1.0

Time to finally call this production-ready, which will of course flush out the remaining bugs. I incorporated some build fixes for Mac OS X (probably pointless, since I don't think the module will work there, but may as well), fixed libkafs linking on systems without transitive shared library dependencies, added some more documentation of Solaris, and made it easier to point configure at one's AFS headers.

You can get the latest version from the pam-afs-session distribution page.

2006-12-06: remctl 2.3

I've had this release sitting waiting to go out for quite a while and this evening I finally found the time to finish the release process. This is mostly a bug fix and test release, but it also increases the limit on arguments to a remctl command to 4096 from 64. This is just an arbitrary limit to prevent a memory DoS attack on the server, and we had a need here at Stanford for a lot of arguments.

With this release, remctl also builds properly with Automake 1.10 and Autoconf 2.60 (and newer), so the documentation of how to patch Automake can be removed. Thanks to the Automake and Autoconf developers for fixing the problems with non-recursive builds.

You can get the latest version from the remctl distribution page. Normally I would also upload new packages to Debian unstable at the same time, but since we're approaching release freeze, I'm going to hold off until etch is frozen. In the meantime, you can get the packages from my personal Debian repository.

2006-12-15: Life update

I see that I've gone quiet again, so it's about time for a general update on what's going on.

I hit the right mood to do some intensive coding, so I've been taking advantage of that for everything it's worth. I hadn't done much on some major work projects for the past couple of weeks, so the catchup was much needed.

Last Friday, I got password synchronization finally working in our test K5 realm with test AD and AFS kaserver. Monday, I got account status synchronization to AD also working, and then decided to reorganize and substantially rework the code for maintainability and public distribution. I started that Tuesday, worked on it spottily Wednesday, and then mostly finished in a marathon coding session Thursday. I'm just waiting on some administrivia and then I'll release version 0.3 of that toolkit to the public.

Before we go into production, I still have to add support for queuing failed changes, reviewing and processing the queue, and adding password changes to the queue (so that we can handle queuing a password change in Active Directory for a new account and just retrying that change until the account exists). Those will be in 0.4, or in 0.3 if I don't hear back soon enough and end up implementing them first.

Today, I decided to finally merge Douglas Engert's patch to do PKINIT in my Kerberos v5 PAM module and then do the major code refactoring that I wanted to do for a 3.0 release. That took longer than I expected, but I finished all the work just now (so about eleven hours of work on that today). I still need to test before I can release, and testing will probably take two or three hours given how much code I touched and how much I added, but once this release is out, I will have an almost empty TODO file for the module. (And I may do the one remaining bit just for the hell of it.)

In addition to the PKINIT stuff (which may not compile since I don't have access to a Heimdal release candidate with which to test it and I jiggered it around a lot), this release features some bug fixes and a workaround for a bug in MIT Kerberos 1.3, new banner and expose_account options to control the password prompts, a ticket_lifetime option, and a keytab option to specify a different keytab to use to validate user credentials. It also handles some things more cleanly and more strictly correct, such as freeing memory inside the Kerberos prompter properly and honoring PAM_SILENT in all cases.

Most everyone at work is already gone on vacation and various friends that I talk to on-line are also travelling or have other plans, so it's quite quiet right now. I'm planning on taking advantage of that to be able to focus on things for extended periods of time (as with the PAM module today). It's a nice feeling.

2006-12-18: pam-afs-session 1.1

This release fixes an embarassing build-system bug. If a libkafs library was detected, we'd proceed as if we were going to link with it and not build the AFS system call layer, but then not actually link with it.

Also added in this new version is a feature I'd been planning to add since the beginning: optionally linking with Kerberos libraries so that one can put configuration information in krb5.conf. In the process, I added a requested feature to optionally destroy the ticket cache after obtaining a token.

You can get the latest version from the pam-afs-sesssion distribution page.

2006-12-18: pam-krb5 3.0

I finally merged Douglas Engert's patch to do PKINIT with the latest Heimdal release candidates, and then decided to do a major code reorganization and knock off the rest of my to-do list. One item did creep back in (the option parsing code is very repetitive and would be easier to verify if it were rewritten with macros), but my module now supports every interesting option of the Sourceforge PAM module except for the ones related to AFS and Kerberos v4.

Also new in this version are much better password changing prompts (and ones that we can even customize to give nice Stanford-specific prompts), better honoring of PAM_SILENT, and support for expose_account to give better password prompts when desired.

Lots of code has changed in this version, so please test well and be cautious about deploying in production.

You can get the latest version from the pam-krb5 distribution page.

2006-12-28: Story of the day

Taken from the AP wire:

CRAWFORD, Texas (AP) - President Bush worked nearly three hours at his Texas ranch on Thursday to design a new U.S. policy in Iraq, then emerged to say that he and his advisers need more time to craft the plan he'll announce in the new year.

Man, I hate it when I put minutes and minutes of effort into something and it just doesn't pan out before I have to go do other things. Good thing it wasn't anything important.

Last modified and spun 2017-02-20