Posts for September 2011

2011-09-02: C TAP Harness 1.8

The primary change in this release is to add checked memory allocation wrapper functions to the basic C TAP library. The functions bmalloc, bcalloc, brealloc, and bstrdup are now available. Each calls the underlying C library version (without the "b" prefix), checks to see if it fails, and calls sysbail to abort the test case if it did fail.

This release also fixes an edge case in the runtests wrapper where, if SOURCE and BUILD were not compiled in, the -b option would be ignored unless the -s option was also given. Now, one can set the build directory without setting the source directory, although one would normally still want to do both.

You can get the latest version from the C TAP Harness distribution page.

2011-09-02: rra-c-util 3.8

There are a huge number of changes in this release, partly due to Julian √ČLIE's work in reconciling the rra-c-util code with the portability and utility layer in INN and partly due to the opportunity to spend a couple of work days on switching pam-krb5 over to rra-c-util. The results from the latter will be coming hopefully soon.

The network connect utility functions now take an optional timeout. fdflag_nonblocking is now implemented for Windows (required for the non-blocking connect to implement timeouts). There's now also a function to free the results of network_bind_all.

The generic PAM option parser now supports time configuration options, which are a krb5_deltat if Kerberos is available. pam_get_item and pam_set_item are now supported in the fake PAM library used for testing.

In the Kerberos and GSS-API Autoconf macros, use of krb5-config is now avoided if the specific --with-*-lib or --with-*-include options are given, since that normally means krb5-config will be wrong. The environment variable to find krb5-config is now PATH_KRB5_CONFIG instead of KRB5_CONFIG, since the latter is used for another purpose by the Kerberos libraries. The C preprocessor symbol HAVE_KERBEROS is now always defined by the Kerberos macros, not just the optional version, since it makes it easier to reuse code.

Substantial new Kerberos portability and replacement functions are now available, incorporating the portability code that was in pam-krb5.

The remctl Autoconf macros now support optionally building with remctl and setting HAVE_REMCTL if remctl libraries are available.

The is_function_output TAP add-on supports taking an opaque data pointer that's passed to the called function. There's a new run_setup TAP add-on function that runs an external command and calls bail if it fails, suitable for doing test setup in an external command.

There are a few other, more minor changes, including an update to the latest C TAP Harness.

You can get the latest version from the rra-c-util distribution page.

2011-09-02: WebAuth 4.0.0

This is the culmination of most of my work over the past three months, as well as quite a bit of work by other people here at Stanford. This is the first version of WebAuth to support multifactor authentication, and also contains a significant reworking of the WebLogin code to use more modern programming techniques.

This should be considered a beta-quality release. There will be at least one more release before we deploy this version in production for the WebKDC and WebLogin server at Stanford. The changes to add multifactor involved significant changes throughout the code base, and my recommendation would be to wait a while as we shake out any bugs and deploy the next release or the release after that.

The primary change, as mentioned, is addition of support for multifactor authentication, including conveying initial login and session authentication factors to the WebAuth Application Servers and from there into the environment for use by applications. WebAuth-protected sites can require particular authentication factors, or can require a (site-defined) level of assurance. This code depends on a user information service component that is specified in the documentation that comes with WebAuth, but for which we do not yet have a public implementation. We hope to add a simple version of this application as a separate software release in the near future.

The WebLogin code has been rewritten to use Template Toolkit (instead of HTML::Template) and to use CGI::Application. This will require many new Perl modules be installed on the WebLogin server, and will require rewriting all of one's local templates to use the Template Toolkit syntax, but allows for much more powerful templating.

Both the libwebauth C library and the Perl libraries are halfway through a rewrite in this version and will be changing substantially in the future, particularly in making much better use of APR throughout the C library.

There are some other, more minor changes. See the release notes for all the details.

You can get the latest version from the official WebAuth distribution pages or from my WebAuth distribution page.

2011-09-11: Vacation

Late afternoon

The last vacation that I had was in April, and while that was lovely, it was also a bit more stressful than the average vacation for various reasons. Since then, I've been heads-down on one particular project except for a small bit of traveling time, which is nice but not an adequate substitute. But I have this week completely off, and can finally unwind a little bit.

It's only Sunday and I was traveling more yesterday, so it's only starting to hit, but I'm relaxing already from the lovely feeling of not having anything that I have to do. (As usual, I had tentative plans to do various things during my vacation, but this year they're going to get thrown out even more than normal, since I just don't have the energy.)

One nice discovery from today is that while it's been some time since I took a lot of pictures (since last April, in fact), it's still as engrossing as always, and makes meandering walks lots of fun. So more pictures than have recently appeared are likely for the next bit.

Hope everyone else's day was as lovely as mine was!

2011-09-12: Minecraft

Forest path

Another photograph from near the Nanaimo River. We'll probably venture farther afield later in the week, but it was still a little warm today and we went for a long walk yesterday. Today's picture-taking was more experimental, since it was somewhere I'd previously already taken lots of pictures, so less of it worked, but I got a few neat effects.

The theme of this vacation seems to be Minecraft, a game that I've been avoiding since I really don't have enough time to explore and play it to its full potential. This remains the case even though I bought a copy, but I like supporting neat ideas. It's unfortunately pretty badly buggy on my laptop (and I really dislike the requirement for the Sun JDK, since I'm trying to switch completely to OpenJDK), so I may not play much while on vacation and wait until I'm home to poke at it some more.

But I'm finding that it's more fun currently to watch other people play than to play myself. Since there are two other Minecraft games going on at the moment, that provides lots of interesting things to look at and speculate about. I really like the way the crafting system works in the game and the complexity of it. I'm the sort who is looking things up on-line, but I'm watching other people play who like discovering everything for themselves.

It's really an excellent game if you like the free exploration sort of thing. I'm not as sure on playing it on non-Peaceful mode yet, where there are hostile enemies and one has to keep things well-lit, but I haven't played it much myself so far and may change my mind.

I doubt anyone reading this hasn't already heard of it, but if you haven't and you like exploration and construction games, take a look. (And most people don't seem to be having as much trouble on Linux as I do.)

2011-09-13: More Minecraft

Post improvement

One of the pictures from today's walk along the Nanaimo waterfront. (The pictures recently don't necessarily have much to do with the contents of the post, but are just a picture I felt like posting from what I took that day.)

Alternately, as opposed to what I said last night, I could get past the bugs with Minecraft on my system and start playing it and end up playing until 6am. And then go back and play more today. Good thing it's vacation!

It's kind of amazing how much fun it is to build a giant staircase down into a mine, or play with different ways to fence off a garden.

2011-09-17: End of vacation

Afternoon shadows

This is a picture in late afternoon light of trees over one of the colliery lakes at Colliery Dam Park.

Today's the last day of a really great vacation; tomorrow afternoon, I fly back. We got in lots of walking, several nights of really good food (even if the restaurant that I was hoping to go to again tonight was closed for remodeling, I got to have the souvlaki earlier in the trip), and tons and tons of Minecraft. Which will sadly have to get short shrift for the next month or two, given all the other things I have going on and some restrictions around what systems I can play it on, but I'm looking forward to doing more.

As much as I love the game, I must say that this is exactly why I generally only game on consoles. I could originally run it on my laptop with only a few bugs and problems, but then 1.8 landed with lighting updates and the GL support in my laptop video card was no longer sufficient. I truly hate having to worry about or even think about this stuff. With an Xbox 360, you know that if you have a 360 and you buy a game for the 360, it will work. End of story. I don't like having to mess with computers when I want to play a game; it's a completely different mindset for me. (So here's hoping the Xbox 360 version of Minecraft does materialize.)

But, apart from that, Minecraft really is as good as all that. It's one of the more amazing games I've seen in terms of providing multiple ways to play it. And, something that I don't think is advertised nearly enough, there's a peaceful mode that disables all the combat and means you don't have to deal with the first-person shooter aspect of things, which is how I suspect I will always play the game.

I was planning on doing some things on-line during the vacation, but ended up taking an almost complete break (and a complete break from work apart from sorting mail). That was exactly what I needed.

2011-09-23: rra-c-util 3.9

This release is primarily a collection of various bug fixes, but it also starts the process of rearchitecting and improving some of the TAP add-on modules for testing to make them easier to use.

The replacement for the issetugid function was mistakenly called issetuidgid and was therefore used on all platforms, not just on platforms missing the function it was intended to replace. This has been fixed.

The Kerberos TAP add-on now registers its cleanup as an atexit handler so that the caller doesn't have to explicitly clean up. It also frees all memory for cleaner valgrind output, and the kinit and shell variants avoid overwriting the user's AFS token on Heimdal.

There are also minor fixes to the GSS-API include handling, removal of the non-portable INADDR_LOOPBACK define in the networking code, and use of typedef instead of #define for socklen_t and sig_atomic_t replacement.

You can get the latest version from the rra-c-util distribution page.

2011-09-23: WebAuth 4.0.1

This is the first bug-fix release for the major 4.0.0 release, and is the version that we expect to go into production with at Stanford, although we have not yet done that.

The primary changes are bug fixes, closing some memory leaks and errors in incorrect inititialization that affected login cancel tokens. This release also fixes the logging level from mod_webauth when obtaining additional credentials and logs the return URL of authentications to the WebKDC.

The new feature in this release is that suspicious login information returned by the user information service is now displayed by WebLogin on the confirmation page (and the confirmation page is forced). This will require updates to any site-local confirm page templates.

You can get the latest version from either the official WebAuth pages or from my WebAuth distribution page.

2011-09-24: Let's forget that week

Puddle window

Looking out at the bits of fun within the stone of the work week. That's how I'm feeling this weekend. I had an awful week coming back from vacation, full of minor and larger annoyances, interruptions, frustrations, and all sorts of other problems. Thankfully, it's now the weekend, and I only have to survive another couple of weeks before I can take another long vacation.

There's almost nothing about project scheduling and communication of schedules that I think works properly right now. Everything seems much too aggressive, much too high-pressure, and way too full of arbitrary artificial deadlines. That's adding a lot to my stress at the moment, but thankfully once we get through this push, we should be in a deadline-free zone for a while. (Finally. Hopefully that's actually true this time.)

On the plus side, I got a Kinect for the Xbox 360 and spent a bunch of time last night and today playing with it. It's a much different video game experience (and something for a much different mood, I think), but it's excellent exercise and it's entertaining enough that it's a lot more fun than regular exercise. So that seems promising for increasing my overall activity level. Hopefully jumping up and down on my floor won't bother people below me too much.

Last modified and spun 2017-03-25