Posts for March 2007

2007-03-01: One of those days

I have been busy with all sorts of things, some stressful, some less so, and haven't been writing here much. But it's a new month, which is a good starting over time. (I need to do that with planning and status reports too; too much random stuff has happened this week and I'm way behind.)

Today was a day of not getting done anything I expected to get done and instead fight fires. Sometimes interesting fires, mind, but still fires. I think they're now all out, so that's a successful day, but there were rather a lot of them.

All of the DST patching I personally have to do, including the old, strange system that scares me and required Oracle patches, is now done. That's a relief; now I can focus on other, more interesting work. I've also gotten my ear washed out, which is a notable improvement in my hearing but means that I can now hear the rustling and crackling in that same ear from apparently having some fluid in my middle ear. A two steps forward, one step back sort of thing, but I'm trying not to let it bother me. I expect it will go away by itself.

Last month was a bad month for reviews. I have one more that I finished and need to post, but that's it. I have finished reading several things since, though, so I'm a touch behind on reviews. That I will hopefully fix this weekend. Taxes were done last weekend; now I just need to mail them.

On the software front, all has been too quiet for a while because I've been finishing internal coding. Now, I should be able to polish up several things and put multiple new software releases out (as well as set up testing for switching over our Kerberos password infrastructure).

On the book front, my copy of Ink has shipped, although I'm not sure when I'm going to get a chance to read it. I placed a fairly substantial order for a bunch of stuff early this week, which is now making its way to me in several different shipments.

Tomorrow, two meetings, status report catchup, planning a presentation, and hopefully some documentation writing and code cleanup. Not sure if I'm going to work late and work Saturday (and thus take next Wednesday off) or not.

2007-03-02: afsdb-load 1.19

After upgrading our AFS reporting database to OpenAFS 1.4, the nightly load of vos listvol -long output failed because of the two new time fields added in the vos examine format in 1.4. This minor revision of the load script ignores those two fields if present to get the loads working again.

Ideally, it should probably store the times in the database, but that would require a database schema change and I didn't feel inspired to work on that. Maybe when we migrate everything to MySQL.

You can get the latest version from the AFS reporting database distribution page.

2007-03-03: kstart 3.8

We have a bunch of cron jobs on our Debian archive server that copy local archives out of AFS (where it's easy for us to update them) onto local disk so that they can be served by FTP. These jobs require AFS authentication. Unfortunately, since they all run at about the same time, we get occasional rejection of authentication as a replay attack when obtaining AFS service tickets.

This release adds the ability to use the -H flag (which just checks an existing ticket cache to see if it's fresh and does nothing if it is) while specifying a command. Previously, if -H was specified, k5start (and k4start) would always exit immediately if the ticket cache was fresh. Now, they'll still continue on to run the command.

While I was at it, I got the refactoring and reorganization bug and redid the source layout and build system to match what I've been doing with remctl. There's now a portable subdirectory that holds various code snippets used when the local platform is missing something, I'm now using Automake, and I've pulled various repetitive portability bits into separate header files.

You can get the latest version from the kstart distribution page.

2007-03-04: kstart 3.9

The last change mostly worked, but unless it obtained new tickets k5start wouldn't run aklog. That meant that commands didn't get tokens properly. I missed that in my testing because I didn't try with -t. This release fixes that problem and seems to be working fine on our Debian archive system.

You can get the latest release from the kstart distribution page.

2007-03-06: cvslog 1.58

Turns out that CVS pserver, at least in the current version, sets CVS_USER, not CVSUSER. Huh. I wonder if it was always that way and my code was just always wrong. I've never used CVS pserver myself, so I never tested it personally.

Anyway, I now allow either one, just in case some older version did actually set CVSUSER instead.

You can get the latest version of cvslog from the cvslog distribution page.

2007-03-06: kftgt 1.13

In talking to one of my co-workers about the annoying transition for the klogin script (we're starting to drop K4, which means that people often don't have a K4 ticket cache, but we use klogin to log on to machines all the time and it expects kftgt to work), I realized that I could just make klogin and krsh continue with rlogin if kftgt failed due to a missing ticket cache or authorization failure.

I've now done that, and this should take care of the klogin transition issues until we're ready to retire kftgt entirely.

You can get the latest version from the kftgt distribution page, although I doubt anyone outside of Stanford cares.

2007-03-08: Should work less

I need to figure out how to react to getting behind and having too many distractions in some way other than increasing the number of hours I work. Even if it does feel good to power through projects.

Today I finally finished fixing the build system for all the new bits of code I've written over the past couple of weeks so that I can build real Debian packages. That meant that I could finish installing my test environment, which meant that I could start testing. I've now caught all sorts of stupid minor bugs, the sorts of stuff that crops up when you write code without having ever run it. The kadmin remctl interface is now fairly well-tested, as is the program that creates and deletes keys in the AFS kaserver. The only thing left is the consultant password changing interface, and that's almost done.

Maybe I'll go home after my meetings on Friday and take a long weekend. I've already worked way more than enough hours this week, and next week is going to be very hectic.

2007-03-09: Used bookstore haul

This was some time ago, but I hadn't gotten around to typing it up. I finally dropped off the two large bags of duplicates, books that I really will never look at again, and similar extras at the used bookstore and came away with quite an impressive pile of credit plus some more books. And then have gotten a couple others since from other sources.

Hal Duncan -- Ink (sff)
Alexander C. Irvine -- A Scattering of Jades (sff)
Gabriel King -- The Golden Cat (sff)
James Morrow -- Only Begotten Daughter (sff)
Rebecca Ore -- Human to Human (sff)
Paul Park -- A Princess of Roumania (sff)
Anne Tyler -- Morgan's Passing (mainstream)
Jack Vance -- The Green Pearl (sff)
Stanley G. Weinbaum -- The Black Flame (sff)

The Tyler I got from my mother, and Ink is the harbinger of a much larger Powell's order that's still making its way to me.

All of these, except Ink, are fairly low on the reading list at the moment. Human to Human is a further step in getting a complete trilogy before starting it (and I have other Ore that I want to read first). Vance, likewise, is working towards having all of a trilogy on hand. The Irvine is in large part because I have yet to review a book by an author who's last name starts with I, although I do have one other candidate for that.

2007-03-11: Latest haul

The Powell's order that I waited to the end of February has now all come in except for one book. Now I should probably wait until the end of April or May, when some other new books will be out, to place another order.

David Allen -- Ready for Anything (non-fiction)
John Berendt -- Midnight in the Garden of Good and Evil (non-fiction)
Stanislaw Lem -- Microworlds (non-fiction)
Holly Phillips -- In the Palace of Repose (sff)
Rebecca Ore -- Time's Child (sff)
Adrienne Rich -- Diving into the Wreck (poetry)
Karl Schroeder -- Sun of Suns (sff)
Robert C. Solomon & Fernando Flores -- Building Trust (non-fiction)
Peter Watts -- Blindsight (sff)

I already had an ARC of Sun of Suns, but I like to support the authors I like.

Building Trust came coated with various price stickers and used stickers, covering half the back of the book and part of the spine, all of which had horrible glue and all of which ripped off and left the glue behind. I spent an hour and a half trying to clean the book. It makes me absolutely furious when people do that to books. I suppose that serves me right for saving a buck and buying a used copy.

2007-03-21: Slow day

I just could not get myself going today. Very frustrating, particularly since the rest of my week contains tons of meetings, and today was my big chance to get a bunch of work done. (That, of course, is probably exactly why I couldn't get myself going. After lots and lots of interaction last week and being in meetings essentially all day Monday and Tuesday, I was overdue for a crash, even with all the sleep I got last weekend.)

I did manage to pry out of the day completion of the packaging for our kadmin remctl backend and installation of the new packages in our test environment, so now I've cleared all the dependencies for more intensive testing (other than one bug in the AFS synchronization code I need to find).

Other than that, I got nothing. Hopefully that means I'm now nicely rested and ready to go for the rest of the week. Only a week and a half now and then I'm off for a week on vacation.

2007-03-22: krb5-sync 0.5

In testing our new Kerberos administrative software, I discovered that account creation through kadmind is treated as an account creation and then a password change, at least with the plugin interface that we have right now. That means that I have to queue Active Directory password changes if the account doesn't exist yet (and handle queuing if there's already a pending queued change).

The new version also does better logging in the command-line program so that one knows what queued files are processed, and obtains new AFS tokens for each change so that they don't expire after some time.

You can get the latest toolkit from the krb5-sync distribution page.

2007-03-23: krb5-strength 0.3

This is the first public release of this toolkit for password strength checking in MIT Kerberos at the time passwords are changed. Similar to krb5-sync, it is currently implemented as a patch to MIT Kerberos 1.4.4 that adds a plugin interface for password strength checking and a loadable module that implements that strength checking. Eventually, a variation on this plugin interface will be integrated into MIT Kerberos and this package will just provide a module that uses it.

You can get the current version from the krb5-strength distribution page.

2007-03-24: pam-afs-session 1.2

I was going to release a new remctl first, but I got started on this this morning (and almost didn't get to the post office in time to pick up mail, although as it turned out I hadn't overflowed my box) and ended up building good momentum with it. It was trickier than I expected it to be, but pam-afs-session now supports calling libkafs functions to obtain tokens directly rather than forking a helper process.

It took me a bit to figure out how to write the code cleanly, particularly with the Kerberos error reporting mess, but I'm happy with the results. The documentation isn't quite as good as the code, but it's not bad.

There are a variety of other accumulated fixes as well. You can get the latest version from the pam-afs-session distribution page.

2007-03-25: remctl 2.7

Finally got this out. It was like pulling teeth in part because I decided to finally write some test cases for the ACL and config file parsing, which I'd been putting off. I'd been putting it off because it's an annoying bit of code. But I finally pushed through.

This version also cleans up the select loop around commands and decides the command is finished when it exits rather than waiting for standard output and standard error to be closed. This should help considerably when using remctl to start or restart long-running daemons. There are various other minor bug fixes included as well.

You can get the latest version from the remctl distribution page.

2007-03-29: krb5-strength 0.4

One of the drawbacks of using Automake is that it's a bit trickier to make sure that everything that should be included in the distribution actually is. So 0.3 went out without the kadmind patches that let it actually work.

This version is the same as 0.3, but includes all the right patches and hopefully everything else that should be included.

You can get the latest version from the krb5-strength distribution page.

Last modified and spun 2017-03-25