Posts for July 2008

2008-07-05: podlators 2.1.1

This release was primarily to address the test suite failure with the current version of Pod::Simple. It finally fixed a whitespace parsing bug in S<>, which meant that a podlators test became active and it turned out I wrote the test incorrectly.

Since I was doing a release anyway, Pod::Man now suppresses the long accent definition section of the preamble if run with --utf8 and there's a bit more testing of Pod::Man options.

You can get the latest release from the podlators distribution page.

2008-07-05: Tasker 0.3

Tasker is a CGI-based very simple to-do list manager that I wrote some time back when I realized I needed a more structured way of keeping track of what I was working on. I outgrew it some time back, and switched to Roundup with some custom templates to implement a version of Getting Things Done and mostly forgot about it. However, then a co-worker discovered a similar need and, as when I started, didn't need anything as complex as my Roundup environment, so I helped him install Tasker and he's been quite happy with it.

Of course, that meant a few tweaks. This is the first release in four years and adds support for adding the completion date to subtasks when finished and changes the file naming for completed tasks to use an ISO date format instead of seconds since epoch. This allows one to look at a directory listing and see when tasks were completed (very useful for writing status reports).

Since I was doing a new release anyway, I also moved Tasker into Git from my old CVS repository.

You can get the latest version from the Tasker distribution page.

2008-07-08: WebAuth and LDAP


WebAuth really only requires that you use a Kerberos infrastructure for all of the web servers involved. It doesn't actually require that the user accounts be in Kerberos. That's the default, and the way verification is done by the WebKDC module, but the WebLogin front-end can also choose to do account verification itself and tell the WebKDC to trust it.

There is currently code in there to do this for the REMOTE_USER case but nothing specifically to do an LDAP modification. However, it should be a relatively straightforward modification to login.fcgi, and I'd certainly take a patch that made it a hook.

WebAuth still may not quite be what you want, but I wanted to throw the option out there.

Another thing you could look at is Shibboleth, which does the whole web single sign-on thing without assuming any particular authentication system. (You have to protect a URL on the IdP with the authentication system of our choice.) The SP is packaged for Debian but the IdP isn't, and the configuration syntax and the documentation are fairly horrible, but it works and has a lot of fancy features.

2008-07-10: pam-krb5 3.11

This release involves quite a bit of code restructuring so that pam-krb5 can finally properly support account expiration the way that it's supposed to work in the PAM API documentation. pam_authenticate is supposed to return success, pam_acct_mgmt is supposed to return the error indicating that the account is expired, and then the application is supposed to call pam_chauthtok. There are a couple of hard parts to this: with Kerberos, you find out the account is expired during authentication and have to stash that error somewhere, and pam_chauthtok has to do a regular Kerberos authentication after changing the password so that the application can continue on to pam_setcred without calling pam_authenticate again (which they don't do). This can't be the default, alas, because of the applications that don't ever call pam_acct_mgmt or ignore the return status.

Normally you don't need to use this, since normally the Kerberos libraries will try to do password change at the time of authentication if it's expired. But the Solaris Kerberos libraries have this mechanism disabled and expect the PAM module to implement the fully correct password change method.

I also added force_pwchange, which is similar but does the password change at authentication time, simulating the library behavior that may be disabled. This can be used with broken programs that mishandle the calling sequence for a PAM authentication.

In other changes, setcred, open_session, and acct_mgmt now return PAM_IGNORE instead of PAM_SUCCESS for non-Kerberos logins, now that I'm aware of that option. pam-krb5 now doesn't leak functions into the application namespace at least on Linux. I implemented both the gcc attribute to set visibility on all the symbols and a version script to suppress anything else other than the PAM interfaces. I also removed a workaround for early versions of MIT Kerberos 1.6 that was causing PKINIT problems in current versions (the bug has since been fixed) and updated the Kerberos Autoconf macros.

pam-krb5 is now maintained in Git, and I added the Debian packaging to my repository alongside the upstream development along the lines I documented in my Git notes page. Git's documentation isn't horribly coherent about how to set up remotes and selectively push things to a repository, but I tried the obvious for pushing only the packaging branches to Alioth and renaming them in the process and it actually worked (with a bit of tweaking). I was very impressed.

You can get the latest version from the pam-krb5 distribution page.

2008-07-10: pam-afs-session 1.7

I was supposed to be done something else, like exercising, but since there was only one package left in the old svk repository and only one package for which I was still using bzr....

I made similar changes to pam-afs-session that I just made to pam-krb5 3.11: return PAM_IGNORE when AFS isn't available or when the module is configured to do nothing, improve the symbol visibility and symbol exports to stop leaking symbols into the application space (more relevant here because of the k_* functions from our libkafs replacement), and update the Autoconf machinery.

As with pam-krb5, pam-afs-session is now maintained in Git.

You can get the latest version from the pam-afs-session distribution page.

2008-07-13: INN 2.4.5

Julien is maintaining a much better release schedule than I was even when I was actively working on INN development, which is great to see. This is the next bug-fix release to the INN 2.4 series, fixing various issues with nnrpd, several crashes, some Perl filter issues, and a few other problems that turned up since the previous release. It also contains a much improved version of pullnews.

You can get the latest version from There is also a link from my INN page.

2008-07-13: New David R. Palmer novels

I first got mail about this in April and let it sit in my inbox until it got buried and I didn't do anything about it. (Proper to-do list management is supposed to deal with this, thus proving that I still don't have this down yet.) But belatedly....

David R. Palmer is the author of the short-story "Emergence," which is my favorite SF short story of all time, and the novel expansion Emergence, which is one of my favorite books. Both are frequently mentioned in discussions of forgotten or one-hit authors or "the best SF books you've never heard of."

After a long silence, Palmer is apparently back to writing and publishing. Tracking, the sequel to Emergence, is currently being serialized by Analog (starting with the July/August double issue). You may still be able to get the beginning of it. It's supposed to run for three issues, through October, and then roughly a month later, should come out in book form along with a sequel to Threshold (the first book of an unfinished series that's Palmer's only other novel) entitled Spēcial Education and a new novel entitled Schrödinger's Frisbee.

The novels will hopefully be available via Wormhole Press, which currently just points to a "domain under construction" page.

2008-07-20: podlators 2.1.2

Nicolas François uncovered another bug in the UTF-8 support. Pod::Simple, if a flag is set (which Pod::Man sets) to do internal processing of S<>, changes all spaces to ISO 8859-1 non-breaking spaces. This of course breaks UTF-8 output. This release now changes the ISO 8859-1 code point to a UTF-8 code point if UTF-8 output is enabled, which is an ugly hack but seems to work for now.

In this release, Pod::Man also changes to using .SS instead of its own internal .Sh macro for subheadings, since everything seems to support it.

I also wrote a new test to check the spelling on all of the documentation using Pod::Spell and piping the output through ispell -l. I'm very happy with the results; it caught a bunch of markup errors and a few real spelling errors. Unfortunately, in the process I discovered that none of the other, newer spell-checkers in Debian support -l properly. aspell doesn't at all, and hunspell apparently doesn't support English contractions (see #491638). So for now ispell is required.

You can get the latest version from the podlators distribution page.

2008-07-21: Tired now

Last week, Stanford University hosted Cartel, a gathering of several schools that share similarities of infrastructure and IT problems. I was one of the coordinators, handled most of the content for the web site, helped prepare the agenda, and presented for three of the segments. It's considerably more work hosting and coordinating one of these than just attending one, even with the travel.

Jeff Altman and Derrick Brashear, the other two OpenAFS gatekeepers, were also in town for half of Cartel and stayed through Friday, so we went out to dinner several times, played a great deal of Fluxx, talked about the state of the world, and caught up.

This was all great and very informative, but I'm also an introvert, which means that no matter how much I'm enjoying social interaction, it's also extremely tiring. I'm still fairly wiped; I'm getting more done (and got more done last weekend) than I really expected, but I expect I'll be paying the price all the way through this week. (And then I have more company from out of town that I've been looking forward to for months, but which will then take its own toll, which means it's likely I'm going to be exhausted until well into August.)

So, I'm currently looking at all the things I want to do and trying to tell myself that not only is it okay that they're not all going to get done right away, but I need to make a concerted effort to take time to relax, try to work less than 40 hours this week (after working 56 last week), and spend more time reading.

Of course, writing reviews is one of the other things that I'm currently a bit behind on....

Debian is freezing for lenny next weekend. If I have a few moments, I may do final uploads of OpenAFS (to clarify that hppa isn't a supported platform) and kstart (a long-awaited new upstream release that adds a flag saying not to get forwardable tickets, needed if one has a krb5.conf configuration saying to get them and a site policy that says you can't). gnubg could stand another upload, but I probably won't get to that. The Shibboleth packages are all in good shape except that they don't all have complete copyright files for all the Autotools helper stuff, which is very not important.

Thankfully, the freeze is basically meaningless for Lintian, which will continue apace (and Adam D. Barratt continues to take much of the load off by doing a ton of commit work), and means that Debian Policy work should actually slow. My intention is to make the next normative release of Policy shortly after the lenny release, which gives us plenty of time to work on more changes for the next version. I plan on somewhat ignoring both for a bit while I catch up on other things, since I released Lintian 1.24.2 on the 13th (which I see I never announced here — whoops).

In other news, I finally started the process of moving services from systems I own and have to fix to systems where someone else owns the hardware and has to fix it when it breaks by buying a VM from Panix. I still need to sort out my DNS situation and get more direct control over my zone file now that I have somewhere I can run my own DNS server so that I can start moving services there, but so far, so good. I'm extremely impressed by their service and capabilities and already have all of my Git repositories on the system and gitweb set up once I get DNS updated.

2008-07-22: kstart 3.14

The main point of this release is the new -F and -P command-line options to k5start, which force non-forwardable or non-proxiable tickets respectively. We recently enabled forwardable tickets by default site-wide in our krb5.conf, and immediately ran into problems with k5start not being able to get tickets for our root instances (we use k5start -H a lot for this) because root instances aren't allowed to be forwardable.

I'm not totally happy with how I did this, since there's no corresponding -f or -p option; those options are already used for other things. I should probably add long-option support at some point.

There are also some test suite improvements, including a test for the daemon() portability replacement and for exit status propagation. I added the spelling check for the documentation as well and fixed a few spelling mistakes it found.

As of this release, kstart is now maintained in Git. You can browse the Git repository at my shiny new gitweb installation.

You can get the latest release from the kstart distribution page.

2008-07-24: UTF-8 in web tools

A while back (wow, more than a year ago), I changed spin to generate UTF-8 pages by default, but my other web tools (faq2html, cvs2xhtml, and cl2xhtml) didn't get the update at the same time. Now that I've switched to a UTF-8 locale and encoding everywhere, that's broken, and the recent podlators release had a change to the THANKS file that was encoded incorrectly.

All three programs now have a new release that assumes UTF-8 by default instead of ISO 8859-1.

You can get the latest versions from my web tools distribution page.

2008-07-24: Slashdot promotion

Congratulations, Luk, on your new position as the Debian project's maintainer! Now you can fix the bugs in all of our packages!

It's a huge job, which presumably is why Slashdot has given you an extra E to help out. Or maybe that's just for plausible deniability....

2008-07-24: Orwell haul

I recently finished the first volume of Orwell's collected letters and essays (review pending; I'm behind on reviews again) and was so impressed that I ordered lots more of Orwell's writing, including 1984 which I'd mysteriously failed to buy earlier. And, of course, I had to throw in some random SF.

Elizabeth Bear — Ink and Steel (sff)
Ernest Bramah — The Wallet of Kai Lung (sff)
George Orwell — 1984 (mainstream)
George Orwell — Homage to Catalonia (non-fiction)
George Orwell — The Road to Wigan Pier (non-fiction)
George Orwell — Volume 2: My Country Right or Left (1940-1943) (non-fiction)
George Orwell — Volume 3: As I Please (1943-1945) (non-fiction)
George Orwell — Volume 4: In Front of Your Nose (1945-1950) (non-fiction)
Catherynne M. Valente — In the Cities of Coin and Spice (sff)
P.G. Wodehouse — My Man Jeeves and Other Early Jeeves Stories (mainstream)

2008-07-26: New photo gallery

Due to vacations, travelling, and other alignments, I had a free day today with nothing else pulling at my attention and was able to work for hours on a single project. I used it to finally finish the work I'd started last April on setting up a new photo gallery.

I'm still learning how to take good pictures (and haven't had much time for it in the last couple of months), but I love how I notice so much more detail when I'm thinking about taking pictures. I want to do more of it, and having somewhere to post the results always helps with that.

I pre-seeded the gallery with a bunch of pictures so that I could play with the layout and be sure that my design would scale, but I still have a bunch of pictures I've not put up yet. The intention from this point forward is to post a few pictures on a semi-regular basis and link one of them into a journal entry each time I do. I doubt I'm going to manage a picture a day, but a picture a week would be nice.

Today's picture:

Shell in sand

Taken last fall on the Oregon coast. It came out quite well even though it was before I knew how to use macro properly. As always, click on the image for all the metadata and a link to a larger version.

2008-07-28: Another beach photo

I have very close friends visiting from out of town and yesterday and the rest of this week will be devoted to spending time to them, so don't expect much in the way of updates, responses to e-mail, or other publicly visible activity. Here's another picture to give you something to look at in the meantime.

Beach foam

Hopefully a software release or two will happen this week, and maybe some more pictures, but you may not see other updates until next weekend.

2008-07-31: kadmin-remctl 2.2

This release flushes out pending changes that I'd committed some time back but never released. It fixes a bug in checking the error status of kasetkey (used for AFS kaserver integration) and better handles a missing REMOTE_USER environment variable.

As of this release, the AFS kaserver integration support is deprecated and no longer tested, since Stanford no longer runs an AFS kaserver realm.

kadmin-remctl is now maintained in Git and the Git repository is now publicly accessible and browsable.

You can get the latest version from the kadmin-remctl distribution page.

Last spun 2024-01-01 from thread modified 2023-05-14