Posted by Ceri Davies Tue, 27 Sep 2005 18:41:00 GMT
Turns out that the bug I reported yesterday is in my dumb head and not with lighttpd at all. Doh.
Update: Work agreed to pay for part of my EuroBSDCon trip. That is so cool of them, even more so since I have only been here for three weeks.
Posted by Ceri Davies Sun, 25 Sep 2005 23:59:00 GMT
I finally got rid of my last FreeBSD 4.x machine; this very web server has been upgraded to 6.0-BETA5 today.
The whole process took about 9 hours, including backups; this is a very slow machine and I installed a whole bunch of apps from ports rather than packages (and I was being extra paranoid since this is also my mail server).
The one snag is that I couldn’t install the textproc/docproj port due to breakage in textproc/docbook-xsl, but I’ll survive (or install it from packages).
Found a bug in www/lighttpd’s start-up script along the way; PR filed, but there has to be a nicer way of dealing with this than my “fix”. Still, after 9 hours at this desk I’m not looking for it right now.
Posted by Ceri Davies Tue, 20 Sep 2005 21:00:00 GMT
An old discussion that we had in PR 71147 cropped up again on cvs-src after keramida made a commit to passwd.5 regarding the use of * in master.passwd to “lock” accounts.
I pointed out that Solaris has possibly the best model for this, with it’s use of *NP* and *LK* for various degrees of “locked”:
Solaris uses the string *NP* to indicate that a user has no password - password authentication is therefore disabled for that user, disallowing su, password-based ssh access, etc. Cron jobs, key-based auth, etc. continue to work. It also supports *LK* which indicates that an account is locked: in this case, cron jobs for the user will not be run and ssh access is denied altogether.
The ssh bit works because OpenSSH knows that it should be looking for the string *LK* and denying access if it is there. Search for LOCKED_PASSWD_STRING in src/crypto/openssh/auth.c.
See http://lists.freebsd.org/pipermail/cvs-src/2005-September/thread.html#52572 for the full thread.
I asked again why OpenSSH doesn’t look for *LOCKED* on FreeBSD, and des has kindly offered to look into adding it.
In the spirit of having real locked accounts, I’ve knocked up a patch for cron(8) that checks for the string ”*LOCKED*” in the pw_passwd field of the struct pw returned by getpwnam(3) and am looking for testers. I haven’t done a shred of testing myself due to a lack of machines running anything recent but if you feel brave, please check it out. The latest version will always be at http://people.FreeBSD.org/~ceri/cron.diff.
Posted by Ceri Davies Sun, 15 May 2005 13:32:00 GMT
Colin Percival finally presented his paper on HyperThreading and information leakage via caches, a problem that is clearly hardware related and operating system non-specific. Secunia, among others, instantly misinterpreted (or plain didn’t bother to read) the paper and issued a FreeBSD specific advisory.
Colin must be really annoyed; I know I am.
Posted by Ceri Davies Thu, 28 Apr 2005 19:40:00 GMT
Quick braindump:
Heard about these crazy “pro-life” pharmacists on Radio 4 last night. Arrogant pro-life-the-way-I-say-so idiots.
Tiger is released tomorrow, and since this is a blog I have to list the new features I think might actually be useful:
Xgrid: apparently it’s absurdly easy to cluster Macs now. Xcode’s distributed compilation was neat, but this looks great (proviso the lack of documentation today; we’ll see tomorrow)
Inkwell: I shyed away from tablets because they looked like a pain in ass to use. No longer
Xcode 2.0: Remote debugging looks nice
That’s pretty much all. I’m sure that the other enhancements are great, but I won’t be rushing out to buy it on the strength of this.
Buying a house == PITA (yes, still)
Where is FreeBSD 5.4-RELEASE? Well, there is a networking regression that needs working out. We have a pretty lengthy list of new features too. There’s an upgrade I can recommend.
Update: The aforementioned bug has been fixed, and FreeBSD 5.4-RELEASE should be unleashed on May 9th.
Posted by Ceri Davies Wed, 09 Feb 2005 23:57:00 GMT
While Ken, Jun and I were still working on the text of the announcement for the logo contest, someone found the draft and spilt their guts.
It’s actually shocked me to find this all over the Intarweb within the hour, even to the point where there is a petition against getting rid of the Beastie (which is not planned) which has received over 450 signatures while I’ve been collecting URIs for this post. The current count is 590 signatures.
Obviously, Slashdot have posted an ”article” on the subject, and the denizens thereof are being their usual witty selves with links to a picture of Ceren, etc.. I’ll be voting for adamw’s original, I think:
Posted by Ceri Davies Sat, 15 Jan 2005 22:40:00 GMT
I downloaded the ”Mac OS X for UNIX users Technology Brief” from the UNIX developer section of Apple’s site, as I’ve ordered a Mac mini and wanted to work out how it will fit into the ”infrastructure” here.
I was a bit annoyed to discover that it states on Page 3 that FreeBSD is “developed at the University of California, Berkeley”. Note passed to Apple via the contact link; let’s see what happens.
Update: January 18th, 2005
Apple responded and have “forwarded this information to the appropriate team for their review”.
