Posts for October 2013

2013-10-04: rra-c-util 4.10

This release rolls up various changes made as part of current work on other packages. I have several releases coming up, hopefully soon, but I've had a lot of other things going on, so neither review writing nor software releasing is going quite as fast as I'd like.

In this release is a refactoring of the OpenSSL library probes to change the names of the macros and variables and to add a macro when the libraries are optional. Also added are Autoconf macros to probe for the TinyCDB library.

In the standard Perl tests, Test::RRA now supports module version numbers containing an underscore and reports the required version of a module if a test is skipped. The standard Perl strictness tests now support a configurable ignore list for Perl scripts that shouldn't be tested.

In Kerberos portability, krb5_free_default_realm is now replaced with krb5_xfree instead of free on Heimdal, and portable/kadmin.h handles portability for kadmin error codes.

Finally, the portability library now avoids leaking a dummy symbol when built with GCC and incorporated into a shared object.

You can get the latest version from the rra-c-util distribution page.

2013-10-05: Miscellaneous haul

Despite the fact that I've had very little time to either read or write reviews, I haven't stopped buying a few books here and there. And, of course, Powell's Indiespensable keeps coming.

Matt Bell — In the House Upon the Dirt Between the Lake and the Woods (mainstream)
Steven Brust — Orca (sff)
Steven Brust — Dragon (sff)
John W. Campbell — Collected Editorials from Analog (non-fiction)
Jane Fletcher — The Walls of Westernfort (sff)
Mira Grant — How Green This Land, How Blue This Sea (sff)
Tate Hallaway — Tall, Dark, & Dead (sff)
Diana Wynne Jones — Howl's Moving Castle (sff)
Rebecca Lee — Bobcat and Other Stories (mainstream)
Victor Lombardi — Why We Fail (non-fiction)
George R.R. Martin & Gardner Dozois (ed.) — Songs of Love and Death (sff anthology)
Seanan McGuire — In Sea-Salt Tears (sff)
Seanan McGuire — Late Eclipses (sff)
Justina Robson — Selling Out (sff)
John Scalzi — Muse of Fire (sff)
Mark Slouka — Brewster (mainstream) (ed.) — The Stories (sff anthology)
Carrie Vaughn — Kitty and the Midnight Hour (sff)

This is a wide variety of random stuff, including some stuff that was free (the anthology, which is every piece of short fiction they've published and is about 4000 pages, the Campbell editorials from the Internet Archive) and a lot of stuff that was on sale. As well as another two shipments of Indiespensible.

The Brust books I've already read and are already in the family, but I hooked a friend of mine on the Vlad Taltos series, and those were the only two that I both didn't have and that weren't available on Kindle. So I picked them up while he was visiting so that he could read the whole series.

2013-10-05: podlators 2.5.3

This is a quick bug-fix release of my collection of POD formatters.

When I fixed a problem with the latest Pod::Simple and added some tests, I had assumed that the behavior of Pod::Simple with invalid POD would always be the same. Unfortunately, for the particular invalid POD that triggered the bug, versions of Pod::Simple from Perl 5.16 and earlier didn't produce any errors. That caused the test case to fail everywhere since it didn't find the error section it expected.

This release now skips those specific tests on older versions, while still ensuring that no unexpected exceptions or warnings are thrown. It also fixes a documentation bug I noticed while working on other things.

You can get the latest release from CPAN or from the podlators distribution page.

2013-10-06: AFS::PAG 1.01

This is a small bug-fix release for my AFS::PAG Perl module, which wraps the libkafs or libkopenafs interface. I apparently had only thoroughly tested the build system when the internal libkafs replacement was used, and it didn't build properly if real AFS libraries were available. That should now be fixed, and I also fixed the metadata to note that autodie is required.

You can get the latest version from the AFS::PAG distribution page.

2013-10-07: krb5-strength 2.0

This is a rather huge release of my password strength checking package for Heimdal and MIT Kerberos KDCs, incorporating quite a bit of new work as well as some substantial restructuring.

The largest change is that MIT Kerberos is now fully supported, not just with provided patches, thanks to work by Greg Hudson and MIT. The package can now build plugins for either MIT or Heimdal, as well as an external password quality program for Heimdal (the preferred method for that implementation). Alongside that change, the plugin installation path has changed to fit the layout of MIT plugins (as well as I understand it).

This version also now supports password dictionaries other than CrackLib. You can generate a CDB dictionary from a wordlist using a utility included in the package and use it instead of or as a supplement to CrackLib. This dictionary lookup uses a much simpler set of permutations (the password as given plus removing some leading and trailing characters), providing a simpler approach suitable for much larger dictionaries. (CrackLib does a lot of transformations before dictionary lookup that are dubious, such as ignoring case and punctuation.)

Also in this release are new configuration options to control additional checks: minimum password length (independent of whatever length CrackLib requires), requiring at least one non-alphabetic character, and rejecting non-ASCII or non-printable characters. The latter isn't to make the password stronger, but to prevent user frustration since those characters often can't be reliably entered in different situations and can result in an unreproducible password, particularly since Kerberos doesn't define a password normalization.

In support of these changes, and to make testing easier, the plugin can be configured without a dictionary of any kind, or with any combination of CDB and CrackLib dictionaries.

The checks for passwords based on principals are now more comprehensive, checking not only the local part but also each component of the principal with leading or trailing digits. Since many sites put their institution name in the Kerberos realm, this will also check for passwords based on the institution name.

There are also some fixes to the internal CrackLib implementation, in case it is used instead of the system CrackLib, to better handle long passwords by scaling the test for simplistic passwords.

You can get the latest release from the krb5-strength distribution page.

2013-10-09: One more haul

Just a few more recently-released books that I had to pick up.

Sheila Bair — Bull by the Horns (non-fiction)
Elizabeth Bear — Book of Iron (sff)
Steven Brust & Skyler White — The Incrementalists (sff)
J.M. Coetzee — The Childhood of Jesus (mainstream)
Elizabeth Wein — Rose Under Fire (mainstream)
Walter Jon Williams — Knight Moves (sff)

Time to get back into the reading habit. That's the plan for the next couple of weeks.

2013-10-10: krb5-strength 2.1

This is a quick bug-fix release, since of course there was a significant bug in the recent 2.0 release. In this case, it was a problem with the build: if you configured the package without CDB support, it didn't build. Apparently I didn't retest that after doing some refactoring.

I have good test suite techniques for reasonable code coverage, but not for testing various variant configurations at the Autoconf level. This is what a continuous build infrastructure would be good for, I know. We even have one sitting around; someday, I should invest in hooking my projects up to it.

Anyway, also in this release is the start of an Autoconf fix so that --with-tinycdb without an argument works correctly, but I have more Autoconf work to do (also affecting rra-c-util). I also tweaked the error messages returned by the non-CrackLib portions of krb5-strength so that they would hopefully be more comprehensible to users while still being technically accurate.

You can get the latest release from the krb5-strength distribution page.

2013-10-10: kadmin-remctl 3.5

No, I still haven't written the generic Perl bindings for Kerberos that I really want to write (although I have made a bit more forward progress in writing the beginnings of some of the add-ons to Config::AutoConf that I would need in order to do so). This is just another bug-fix release for our remctl backend for doing kadmin actions.

Most of the fixes this time are around password changes. kadmin-remctl does password changes by running kpasswd under Expect, but its timeouts weren't long enough for our production environment under some conditions (particularly when propagating passwords into Active Directory). This release both fixes that and clears up some Perl warnings if we still hit timeouts. It also recognizes the new form of Heimdal kpasswd prompts in the upcoming 1.6 release and stops mapping password quality errors to more generic error messages. (I'm fixing that problem in krb5-strength instead.)

Also in this release, the Heimdal backend has been improved to use get rather than list to check whether a principal exists (not sure why it was ever using list), and to check the existence of a principal before enabling or disabling so that it can produce better error messages.

You can get the latest release from the kadmin-remctl distribution page.

Last modified and spun 2017-03-25