Posts for March 2012

2012-03-03: reminder 1.16

I'm currently making sure that quarterly patching for all the systems for which I'm primarily responsible is in my reminder system so that I don't forget it, and I was having to review all the reminders to ensure I'd not forgotten anything. Since I phrased them differently each time, this meant a lot of hunting. I started thinking about title prefixes, and then realized I was reinventing tags.

This release of reminder adds tags, which are space-separated and kept in the Tags header (now part of the template for new reminders). Currently, all you can do is limit what reminders are shown by list (with the -t option to specify a tag) or show all the tags in use (with the new tags command). Eventually, I may add a quick command to tag a reminder, and restricting what's displayed for active and next is an obvious next step.

You can get the latest version from the reminder distribution page.

2012-03-15: WebAuth 4.1.0

One of the drawbacks of our rollout of support for multifactor authentication at Stanford was that, due to various features that we wanted to support, every login through the central WebLogin servers required doing a user information query. Those queries are currently all going to a single server that hosts the relevant database, and therefore introduced a single point of failure into our carefully-designed robust system. I have long-term plans to move that database to a PostgreSQL cluster so that it can be distributed across redundant machines, but in the meantime we've had a few production outages when it was overwhelmed.

The first problem that had to be fixed was that the remctl client libraries didn't support timeouts. Release 3.1 of remctl addressed that problem, and this version of WebAuth now has a configuration directive to set a timeout (and defaults to the conservative timeout of thirty seconds).

The problem remains, though, since the default (and intended) behavior of the WebKDC is to fail the login if the user information service cannot be contacted. This is the only safe approch, since the user information service may indicate that the user must use multifactor regardless of the destination site preference, and without that information we may let them incorrectly proceed. However, in the current Stanford deployment, falling back on allowing just password when the user information service is down and the remote site hasn't expressed a preference makes more sense for right now, so there's now an Apache configuration directive to enable that behavior.

Those changes required an ABI break in the shared library, so I also cleaned up a few other things while I was there (although this is not yet the long-awaited refactoring of the library).

Finally, there are a few WebLogin error handling bug fixes, a fix to make use of new libremctl features to not leak small amounts of memory when making user information service queries, and new mod_webauth manual documentation of a bad security interaction between Apache and Tomcat URL parsing that affects all Apache security methods.

You can get the latest release from the official WebAuth site or from my WebAuth release page.

2012-03-18: Term::ANSIColor 3.02

The primary change in this release is some cleanup of the AUTOLOAD sub in the module that generates the constant subs. If a constant for a color that wasn't previously used is encountered, AUTOLOAD uses eval to generate the sub on the fly, but this was eating $@. If you want to use color constants around reporting an exception in Perl, this is unhelpful.

AUTOLOAD now preserves $@, and I also fixed a couple of other bugs I noticed by visual inspection while I was there: Term::ANSIColor was ignoring all unknown functions, not just valid constants, when colors were disabled, and it was not inspecting $@ after eval and hence wasn't catching errors in creating the constant sub. Both of those bugs are also now fixed.

Also in this release I added support for italic and the corresponding ITALIC constant. These weren't previously supported since I didn't know of any terminal emulator that implemented them, but apparently urxvt does.

You can get the latest release from the Term::ANSIColor distribution page.

Last modified and spun 2017-02-20