Alexander 'pappy' Gabert
Archives for: January 2007
31 January, 2007
FSK30
In der Mitte seines Lebens lernt man es f
27 January, 2007
on my list
thanks to Adamant, along with my new books on VMM this one will make it to the shopping cart also: 
http://www.amazon.de/Software-Security-Assessment-Identifying-Vulnerabilities/dp/0321444426
The Art of Software Security Assessment. Identifying and Avoiding Software Vulnerabilities (Broschiert)
# Broschiert: 1174 Seiten
# Verlag: Addison-Wesley Longman, Amsterdam; Auflage: 1st (29. Dez. 2006)
# Sprache: Englisch
# ISBN-10: 0321444426
# ISBN-13: 978-0321444424
However, what i find rather "interesting" is the "name" of the guy cited in the synopsis:
Synopsis
"There are a number of secure programming books on the market, but none that go as deep as this one. The depth and detail exceeds all books that I know about by an order of magnitude." - Halvar Flake, CEO and head of research, SABRE Security GmbH.
Since when do they use alias names for identifying people as a reference when their name is visible on their corporate page anyway:
Company
...
The teamHalvar Flake/Thomas Dullien, CEO and Head of Research
I just think this makes no sense to me. Perhaps they wanted to give the impression of being blackhat'ish, which is rather foolish because everybody who has been raised with a television in Germany knows that Halvar Flake cannot be a serious real name.
If Amazon wants to sell this book to a professional audience (which i think it wants), they should try to act professional too.
-Alex
Ich kenn doch da diese FH...
... und da gehts zur Zeit heftigst ab.
Deshalb habe ich mir mal die Frechheit erlaubt, meiner kuenstlerischen Ader als zukuenftiger wohlheissender Theaterregisseur Vorschub zu geben...
Wohl bekomms!
Das Faschingshuhn zu Trier
--------------------------
ein Trauerspiel in zwei Akten
Darsteller: Chrysantheme, Lanzelot, Rampensau
Erster Akt.
(Auftritt Chrysantheme)
Chrysantheme: Oh wie mir bewahre, wo sind meine schwarzen Koffer?
(Rascheln im Papierwald)
(Auftritt Lanzelot, schwer zermuerbt)
Lanzelot: Oh wie mir duenkt, ich muss mich formen, denn jede Rose hat auch
Dornen!
Chrysantheme: Oh sprich, du Held, was sagst du da?
(Rampensau kommt aus dem off gewackelt und streunt ziellos durch die Szene)
Lanzelot (betont abweisend an Chrysantheme vorueberschreitend und dabei
wegschauend): Ich bin der festen Ueberzeugung, dass es heutzutage keiner
Ueberzeugung mehr bedarf, gegen alles zu sein. Der suizidale Nihilismus der
Neunziger ist zur Staendekunst verkommen, das muss sich schleunigst relativieren.
Auf ein Wort, meine Knappen, wir werden Wein trinken und essen Bierschinken.
(Rampensau grunzt vergnuegt und schnueffelt nach Trueffeln)
Chrysantheme (im saloppen Marktweibergeschrei): Nun aber mal halb lang mit die
junge Pferde, so war das doch nicht gemeint!
(Rampensau wetzt erschreckt davon und schlaegt einen Haken)
Chrysantheme (wieder beruhigt und distanziert, jedoch konsterniert eruierend):
Du hast nicht zufaellig meine schwarzen Koffer gesehen, oder?
Lanzelot (lachend): Koffer haben oder Koffer nicht haben, das war doch schon
immer eine gute Frage!
Chrysantheme: Du Narrrrrr (mit langgezogenem "r").
Lanzelot (immer noch lachend): Nein, deine Koffer sind mir nicht aufgefallen,
als ich sie das letzte Mal auf dem Scheiterhaufen der Geschichte brennen sah.
(Rampensau schnarcht grunzend in der Ecke)
Chrysantheme: Oh da bin ich ja beruhigt, dann hat sich dieses Problem also
auch erledigt.
Lanzelot: Wir brauchen einen Schinken.
Chrsyantheme: Soll ich mit einem winken (rueckt ihre kuenstliche Huefte
zurecht)?
Lanzelot: Neee, lass mal, ich hab da eine bessere Idee.
(Lanzelot zieht eine Steinschleuder hervor)
Chrysantheme: Was das denn?
Lanzelot: Das siehste gleich, meine Prinzessin auf der Erbse.
(Lanzelot legt auf die Rampensau an, verfehlt sein Ziel aber absichtlich)
Chrysantheme: Du Kacknoob, lass mich mal.
(Lanzelot reicht ihr bis ueber beide Ohren feixend die Schleuder)
Chrysantheme: Wie funktioniert das?
(Lanzelot seufzt und wartet auf eine Eingebung von ihr)
Chrysantheme: Ich habe noch irgendwo einen Stein im Brett, ich glaube, den
kann ich jetzt ganz gut gebrauchen.
(Chrysantheme legt auf die Rampensau an und schiesst, diese rennt groelend
davon)
Lanzelot: Nun hast du sie verjagt! Du haettest sie erlegen muessen, ein
getroffenes Tier wird doch nur aggressiv und quaelt sich sinnlos!
Chrysantheme: Die kommt schon wieder, hier gibs Trueffel!
Lanzelot: Glaubst du? Wuerdest du wiederkommen, wenn auf dich geschossen
wuerde?
Chrysantheme: Na sicherlich nicht!
Lanzelot (mit Oberlehrercharme): Na siehste.
Chrysantheme: Dann werd doch Vegetarier, du kannst von meinen Haaren essen,
die sind aus Petersilie (wickelt sich dabei gedankenverloren die Haarstraehnen um
den Zeigefinger).
Lanzelot: Nein, danke, da such ich mir lieber einen lukrativen Nebenjob als
Spin Doctor und ernaehre mich von Luft und Liebe.
Chrysantheme: Du spinnst doch.
(Rampensau kommt zurueck und rennt vom Stein getroffen kreuz und quer durch die Szene)
Lanzelot: Weisst du was? Ich glaub, da geht noch was.
Chrysantheme: Mit meinen Haaren?
Lanzelot: Nein, du Dummerchen, mit dem Schwein.
(Lanzelot marschiert betont gutsituiert weiter und reibt sich dabei die Haende)
Chrysantheme: Maenner sind Schweine. Kein Wunder also, dass sie gerne Fleisch essen.
(Chrysantheme wandert, von Bein zu Bein hopsend, den Saum ihres Sommerkleides
haltend und ein Blumenlied summend von der Szene)
Pause.
(Vorhang faellt unter heftigem Beifall von eiligst eingeflogenen Tokio-
Hotel- Fans, Rampensau faellt tot durch den Vorhangsschlitz von der Buehne)
Zweiter Akt
XXX folgt in Kuerze, spaeter oder garnicht XXX
25 January, 2007
Mathematikunterricht und Sexualkunde
Mit der Mathematik, besser gesagt, dem Mathematikunterricht ist es wie mit dem Sexualkundeunterricht.
Wenn es gut gemacht ist, dann kann Man(n) bei beidem mehr als unwesentlich lange zuschauen- aber wenn man es noch nie selbst "gemacht" hat, dann ist der Faktor der Wissensvermittlung doch eher gering.
Bei beidem gilt deshalb: man weiss eigentlich erst, wie es richtig "geht", wenn man es mal selbst gemacht hat- Mathematik und Sex.
Nun ist die Zielsetzung von Mathematik und Sex wohl augenscheinlich eher etwas unterschiedlich.
W
21 January, 2007
smack it up
So i'm giving it another try, this time i will only be playing with statically linked executables for now...
diff -Nru glibc-2.4.ORIG/csu/libc-start.c glibc-2.4/csu/libc-start.c
--- glibc-2.4.ORIG/csu/libc-start.c 2007-01-21 04:29:20.000000000 +0000
+++ glibc-2.4/csu/libc-start.c 2007-01-21 06:22:05.000000000 +0000
@@ -35,15 +35,6 @@
__attribute__ ((weak))
# endif
;
-# ifndef THREAD_SET_STACK_GUARD
-/* Only exported for architectures that don't store the stack guard canary
- in thread local area. */
-uintptr_t __stack_chk_guard attribute_relro;
-# endif
-#endif
-#ifdef ENABLE_OLD_SSP_COMPAT
-uintptr_t __guard_local attribute_relro attribute_hidden __attribute__ ((nocommon,weak));
-weak_alias (__guard_local, __guard);
#endif
#ifdef HAVE_PTR_NTHREADS
@@ -153,19 +144,6 @@
__pthread_initialize_minimal ();
#endif
-# ifndef SHARED
- /* Set up the stack checker's canary. */
- uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard ();
-#ifdef ENABLE_OLD_SSP_COMPAT
- __guard_local = stack_chk_guard;
-#endif
-# ifdef THREAD_SET_STACK_GUARD
- THREAD_SET_STACK_GUARD (stack_chk_guard);
-# else
- __stack_chk_guard = stack_chk_guard;
-# endif
-#endif
-
/* Register the destructor of the dynamic linker if there is any. */
if (__builtin_expect (rtld_fini != NULL, 1))
__cxa_atexit ((void (*) (void *)) rtld_fini, NULL, NULL);
This piece above is basically removing the current SSP setup for statically linked executables.
Instead we moving it to the other function that's also setting up the aux vector data.
diff -Nru glibc-2.4.ORIG/elf/dl-support.c glibc-2.4/elf/dl-support.c
--- glibc-2.4.ORIG/elf/dl-support.c 2005-05-11 17:27:22.000000000 +0000
+++ glibc-2.4/elf/dl-support.c 2007-01-21 06:35:33.000000000 +0000
@@ -32,6 +32,27 @@
#include XXXunsecvars.hXXX
#include XXXhp-timing.hXXX
+#ifndef SHARED
+# include XXXdl-osinfo.hXXX
+/* in a statically linked executable
+ * this is the place for the definition
+ * of the non TLS SSP guard symbols */
+
+# ifndef THREAD_SET_STACK_GUARD
+/* Only exported for architectures that
+ * don't store the stack guard canary
+ * in thread local area. */
+uintptr_t __stack_chk_guard attribute_relro;
+# endif
+
+# ifdef ENABLE_OLD_SSP_COMPAT
+/* support for the old SSP symbols in the Gentoo glibc */
+uintptr_t __guard_local attribute_relro attribute_hidden __attribute__ ((nocommon,weak));
+weak_alias (__guard_local, __guard);
+# endif
+
+#endif
+
extern char *__progname;
char **_dl_argv = &__progname; /* This is checked for some error messages. */
@@ -163,9 +184,20 @@
uid_t uid = 0;
gid_t gid = 0;
+# ifndef SHARED
+ uintptr_t stack_chk_guard = 0;
+# endif
+
for (; av->a_type != AT_NULL; ++av)
switch (av->a_type)
{
+# ifndef SHARED
+ case AT_RANDOM32:
+ /* Initialize the stack checker's canary
+ * with kernel entropy */
+ stack_chk_guard = av->a_un.a_val;
+ break;
+# endif
case AT_PAGESZ:
GLRO(dl_pagesize) = av->a_un.a_val;
break;
@@ -213,6 +245,24 @@
__libc_enable_secure_decided = 1;
break;
}
+
+# ifndef SHARED
+ if (stack_chk_guard == 0)
+ {
+ /* Set up the stack checker's canary
+ * if it wasn't set up by retrieving
+ * kernel entropy via auxiliary vector */
+ stack_chk_guard = _dl_setup_stack_chk_guard ();
+ }
+# ifdef ENABLE_OLD_SSP_COMPAT
+ __guard_local = stack_chk_guard;
+# endif
+# ifdef THREAD_SET_STACK_GUARD
+ THREAD_SET_STACK_GUARD (stack_chk_guard);
+# else
+ __stack_chk_guard = stack_chk_guard;
+# endif
+# endif
if (seen == 0xf)
{
__libc_enable_secure = uid != 0 || gid != 0;
And last but not least we still need the right numeric constants in place:
diff -Nru glibc-2.4.ORIG/elf/elf.h glibc-2.4/elf/elf.h
--- glibc-2.4.ORIG/elf/elf.h 2007-01-21 04:29:21.000000000 +0000
+++ glibc-2.4/elf/elf.h 2007-01-21 06:28:53.000000000 +0000
@@ -981,6 +981,8 @@
#define AT_SECURE 23 /* Boolean, was exec setuid-like? */
+#define AT_RANDOM32 24 /* 32 bit kernel entropy */
+
/* Pointer to the global system page used for system calls and other
nice things. */
#define AT_SYSINFO 32
If you try to be a clever kid and nick the patch from this site, remember to reseat the greater and less signs that are currently represented by XXX.
Cya,
Alex
20 January, 2007
In the mood for something big
All of our chroots on the dev machines have the "problem" that starting a service will yield the init scripts to try rebooting the whole machine because of missing status information.
Today vapier gave me the missing link information and i decided to work the changes into the next devel-chroots release so that everyone can benefit from being able to deliberately start stop restart zap services when in chroots on dev machines- well to a reasonable limited amount of responsibility for network connectivity: /etc/init.d/net.eth0 should be better left untouched...
The best weapon against stupidity is good will.
So here is the news.
This one will sync the state of the chroot to a sane default, in the future the chroot setup script will do this transparently:
rsync -avpx /var/lib/init.d/. /space/devel-chroots-apocalypse/pappy/chroot001/var/lib/init.d/.
These two commands should serve as an insurance. I don't know if they are good or bad or hurt more than they help. But i made the experience that basesystem can become real ugly about a missing fstab or not knowing if the root fs is mounted...
CHROOT # echo > /etc/mtab
CHROOT # echo "/dev/root / auto noatime 0 0" > /etc/fstab
Anyway, time for me to catch up on some REM and NREM, whatever the back of my brain prefers now.
Lots of things happening, on tuesday i have the math course where i will be able to ask some questions for the last time before the final exam monday in a week.
So far so good- enjoy and have fun.
Alex
AT_RANDOM32 SSP entropy patch for glibc
So it's 6am and i spent the last hours working on that patch.
Due to some deficiencies i wasn't able to get it going smooth.
Miranda is running with the kernel providing AT_RANDOM32 with the number 24, i still need to poke dsd or gregkh about filing that number upstream to avoid clashes and later talk the glibc folks into accepting the number too...
It looks like there is no need for THREAD_GET_STACK_GUARD in the glibc hence this macro does not exist by now.
Which means i cannot check for the already set up guard in the respective functions in either csu/libc-start.c or elf/rtld.c when TLS is used...
Looks like the glibc hacking is taking more of my precious time- the kernel patch will need some loving too, at the moment i'm using the pretty simplistic test value 0xdeadbeef. Hooray for boobies.
Alex
19 January, 2007
auxiliary vector entropy mockup for SSP guard setup in glibc-2.4
preliminary patch
look and evaluate, do not use or apply to live sources!
this blog serves mainly as a brain helper for my weak memory... it is not meant to be final quality gentoo stuff, but it reasonably sure shows the way we going...
Most of the patch try to defuse the original guard setup and use the aux vector AT_SSP_ENTROPY provided by kernel...
TODO: reentrant code that checks for already set up guard, hierarchy of setup:
ld.so: AT_SSP_ENTROPY
ld.so: _dl_setup_stack_chk...
ld.so: static canary if the _dl_setup failed (?)
TODO2: how do static executables get the AT_ aux vector from kernel if not via ld.so?
Alex
diff -Nru glibc-2.4.ORIG/csu/libc-start.c glibc-2.4/csu/libc-start.c
--- glibc-2.4.ORIG/csu/libc-start.c 2005-12-14 10:29:25.000000000 +0100
+++ glibc-2.4/csu/libc-start.c 2007-01-19 05:02:49.000000000 +0100
@@ -151,7 +151,8 @@
# ifndef SHARED
/* Set up the stack checker's canary. */
- uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard ();
+ // XXX uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard ();
+ uintptr_t stack_chk_guard = 0xfeedfeed;
# ifdef THREAD_SET_STACK_GUARD
THREAD_SET_STACK_GUARD (stack_chk_guard);
# else
diff -Nru glibc-2.4.ORIG/elf/dl-support.c glibc-2.4/elf/dl-support.c
--- glibc-2.4.ORIG/elf/dl-support.c 2005-05-11 19:27:22.000000000 +0200
+++ glibc-2.4/elf/dl-support.c 2007-01-19 05:10:50.000000000 +0100
@@ -151,6 +151,11 @@
At this time it is not anymore a problem to modify the tables. */
__rtld_lock_define_initialized_recursive (, _dl_load_lock)
+#ifndef THREAD_SET_STACK_GUARD
+/* Only exported for architectures that don't store the stack guard canary
+ * in thread local area. */
+uintptr_t __stack_chk_guard attribute_relro;
+#endif
#ifdef HAVE_AUX_VECTOR
int _dl_clktck;
@@ -166,6 +171,14 @@
for (; av->a_type != AT_NULL; ++av)
switch (av->a_type)
{
+ case AT_SSP_ENTROPY:
+ uintptr_t stack_chk_guard = av->a_un.a_val;
+#ifdef THREAD_SET_STACK_GUARD
+ THREAD_SET_STACK_GUARD (stack_chk_guard);
+#else
+ __stack_chk_guard = stack_chk_guard;
+#endif
+ break;
case AT_PAGESZ:
GLRO(dl_pagesize) = av->a_un.a_val;
break;
@@ -212,6 +225,7 @@
__libc_enable_secure = av->a_un.a_val;
__libc_enable_secure_decided = 1;
break;
+
}
if (seen == 0xf)
{
diff -Nru glibc-2.4.ORIG/elf/rtld.c glibc-2.4/elf/rtld.c
--- glibc-2.4.ORIG/elf/rtld.c 2005-12-30 08:22:27.000000000 +0100
+++ glibc-2.4/elf/rtld.c 2007-01-19 05:09:10.000000000 +0100
@@ -87,7 +87,7 @@
#ifndef THREAD_SET_STACK_GUARD
/* Only exported for architectures that don't store the stack guard canary
in thread local area. */
-uintptr_t __stack_chk_guard attribute_relro;
+// XXX uintptr_t __stack_chk_guard attribute_relro;
#endif
/* Only exported for architectures that don't store the pointer guard
@@ -1834,10 +1834,11 @@
/* Set up the stack checker's canary. */
uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard ();
+
#ifdef THREAD_SET_STACK_GUARD
- THREAD_SET_STACK_GUARD (stack_chk_guard);
+ // XXX THREAD_SET_STACK_GUARD (stack_chk_guard);
#else
- __stack_chk_guard = stack_chk_guard;
+ // XXX __stack_chk_guard = stack_chk_guard;
#endif
/* Set up the pointer guard as well, if necessary. */
PS: i think we should not use _dl_aux_init (ElfW(auxv_t) *av) but this function:
./elf/dl-sysdep.c
83 ElfW(Addr)
84 _dl_sysdep_start (void **start_argptr,
85 void (*dl_main) (const ElfW(Phdr) *phdr, ElfW(Word) phnum,
86 ElfW(Addr) *user_entry))
87 {
111 __libc_stack_end = DL_STACK_END (start_argptr);
112 DL_FIND_ARG_COMPONENTS (start_argptr, _dl_argc, INTUSE(_dl_argv), _environ,
113 _dl_auxv);
114
115 user_entry = (ElfW(Addr)) ENTRY_POINT;
116 GLRO(dl_platform) = NULL; /* Default to nothing known about the platform. */
117
118 for (av = _dl_auxv; av->a_type != AT_NULL; set_seen (av++))
119 switch (av->a_type)
120 {
121 case AT_PHDR:
122 phdr = (void *) av->a_un.a_val;
123 break;
124 case AT_PHNUM:
125 phnum = av->a_un.a_val;
126 break;
127 case AT_PAGESZ:
128 GLRO(dl_pagesize) = av->a_un.a_val;
129 break;
...
PPS: from what i hear from vapier, the dl-support.c parser is the way to go:
05:34 |@pappy-| i need dsd_ to clear me up on the size calculation of the AT_ vector
05:34 |@vapier| dl-sysdep.c is a rtld only file
05:35 |@pappy-| i have no idea how and what the value is composed of
05:35 |@vapier| you can tell by looking at elf/Makefile
05:35 |@vapier| if you modify the AT parser in dl-support.c, that'll be in both ldso and libc.a
05:35 |@pappy-| well dl-sysdep.c and dl-support.c seem to be the only AT_ switch statements that work
on the data
05:35 |@vapier| you can also cheat and do `ar t /usr/lib/libc.a`
05:35 |@pappy-| vapier: oh thanks
05:35 -!- yvasilev [n=yvasilev@189.140.153.243] has quit ["Leaving."]
05:35 |@pappy-| vapier: i will mock up dl-support.c then
05:35 |@pappy-| this is what i wanted to hear
05:36 |@pappy-| the parser in dl-support.c is in the function _dl_aux_init
auxiliary vector table support for SSP
Long time ago our friend pipacs brought us up to the idea that ld.so should receive the randomized values needed for setting up the guard symbol.
Tonight (and after reading up on AT_ stuff last night) i have did the first tests for my 2.6.18-hardened-r1 kernel here:
"include/asm/auxvec.h"
4 /*
5 * Architecture-neutral AT_ values in 0-18, leave some room
6 * for more of them, start the x86-specific ones at 32.
7 */
"include/linux/auxvec.h"
24 #define AT_HWCAP 16 /* arch dependent hints at CPU capabilities */
25 #define AT_CLKTCK 17 /* frequency at which times() increments */
26
27 #define AT_SSP_ENTROPY 18 /* kernel entropy for ld.so setting up Stack Smashing Protection */
28
29 #define AT_SECURE 23 /* secure mode boolean */
30
31 #define AT_VECTOR_SIZE 44 /* Size of auxiliary table. */
I hope the AT_VECTOR_SIZE is indeed the mere number of entries in the table, not the physical byte size of the data represented BY the table
The main piece is in "fs/binfmt_elf.c"
146 static int
147 create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
148 int interp_aout, unsigned long load_addr,
149 unsigned long interp_load_addr)
...
202 NEW_AUX_ENT(AT_HWCAP, ELF_HWCAP);
203 NEW_AUX_ENT(AT_PAGESZ, ELF_EXEC_PAGESIZE);
204 NEW_AUX_ENT(AT_CLKTCK, CLOCKS_PER_SEC);
205 NEW_AUX_ENT(AT_PHDR, load_addr + exec->e_phoff);
206 NEW_AUX_ENT(AT_PHENT, sizeof(struct elf_phdr));
207 NEW_AUX_ENT(AT_PHNUM, exec->e_phnum);
208 NEW_AUX_ENT(AT_BASE, interp_load_addr);
209 NEW_AUX_ENT(AT_FLAGS, 0);
210 NEW_AUX_ENT(AT_ENTRY, exec->e_entry);
211 NEW_AUX_ENT(AT_UID, tsk->uid);
212 NEW_AUX_ENT(AT_EUID, tsk->euid);
213 NEW_AUX_ENT(AT_GID, tsk->gid);
214 NEW_AUX_ENT(AT_EGID, tsk->egid);
215
216 /* SSP entropy */
217 /*
218 * for testing purposes we are using a debugging canary
219 */
220 #ifndef AT_SSP_ENTROPY_DEBUG_BEACON
221 #define AT_SSP_ENTROPY_DEBUG_BEACON 0xdeadbeef
222 #endif
223
224 /*
225 * this definition is used for assigning a function
226 * that retrieves kernel entropy
227 *
228 * hwoever, for testing and developing the ld.so changes
229 * it is enough to use a fixed value debug item
230 */
231 #ifndef AT_SSP_ENTROPY_FUNCTION
232 #define AT_SSP_ENTROPY_FUNCTION AT_SSP_ENTROPY_DEBUG_BEACON
233 #endif
234
235 /*
236 * emit the AT_ data/value pair to the freshly created ELF process
237 * definitions in "include/linux/auxvec.h" and "include/asm/auxvec.h"
238 */
239 #ifdef AT_SSP_ENTROPY_FUNCTION
240 NEW_AUX_ENT(AT_SSP_ENTROPY, AT_SSP_ENTROPY_FUNCTION);
241 #endif
242
243 NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm));
As far as i know that's it... we'll see when i mock up the ld.so on apocalypse to try reading the AT_SSP_ENTROPY.
When things go up, they must come down 
Cheers, Alex
18 January, 2007
TLB you sexy thing
Did you ever ask yourself what keeps your machine together in the inner workings?
Well here is one of those things: the translation lookaside buffer!
This one http://www.informit.com/articles/printerfriendly.asp?p=336868&rl=1 is a nice introduction to page tables ... so i gonna buy the book! apparently web2.0 works and i'm baited by the fascination for the example chapter!
What we have here is yet another page tablearism, this time from the ia64 point of view- where the grass is always greener on the itanium side .
Not to forget the good old mips, mips the killer architecture that's driving your car, shooting your rockets, playing your dvd and making your fridge do what fridges do, a good mips docu, read up on the chapter about virtual memory management and TLB miss handling, which is funnily also linked on the Gentoo/mips project the world is so small .
And not to forget the invalueable Morgan Kaufman book by Hennessy and Patterson: Computer Architecture - A quantitive approach.
You will find it in your local computer departments library and i recommend you'd stick your nose in it until it starts bleeding, the nose not the book, and you will all the sudden feel the power of mips assembly, spatial and temporal locality and extensive superscalar pipeline data hazards and register renaming.
And this is my birthday present, thanks to Kumba for advising it:
See MIPS Run, Second Edition
Readership: Embedded systems designers and programmers
ISBN: 978-0-12-088421-6
ISBN10: 0-12-088421-6
Plus i might go for this one if the wallet is fat enough:
Understanding the Linux Virtual Memory Manager
By Mel Gorman.
Published by Prentice Hall
ISBN-10: 0-13-145348-3;
ISBN-13: 978-0-13-145348-7;
And while at it, how about giving our hardened team members some stuff to spend a night reading with:
http://people.redhat.com/drepper/dsohowto.pdf
http://people.redhat.com/drepper/tls.pdf
Cuz it never hurts to know how stuff works...
cheers and enjoy yourself!
Alex (happy like a little puppy dog)
11 January, 2007
Hardened Sources 2.4.33.4 is stable
As you can see from the topic, i am slowly getting used to my job as the hardened sources 2.4.x developer.
With the help of phreak and solar, i'm becoming more and more comfortable with quilt and the trunks of our patch sets...
This kernel is running since late november on my good old T20 Thinkpad, first it was a file and web server using samba and apache, then it became the nfs root server for my diskless workstations and during the holidays it spent 2 weeks serving as an X desktop (with the S3 video card) with listening to web radio, watching videos, doing email and web browsing with flash, etc.
Short spoken: it works for me
-Alex
PS: still todo is the iomem and kmem sysctl patch (i haven't forgot it!)
Stack Smashing XOR Protection - the next big leap forward ...
It has been a long time since 2003 when i joined the Hardened project.
Matt Rickard (frogger) was introducing the SSP solution by Hiroaki Etoh of IBM Labs Japan to our toolchain, while projects like Debian and the already very commercial and upstream oriented Redhat hesitated to officially include this precious piece of security defense measures for the systems of our users. Today it's 2007 and you can see it in upstream.
Which means for us: time for Gentoo to take the lead again and bring something new: SSXP.
SSP is very mature, but it has it's deficiencies. It can stop linear stack attacks. But nothing more.
However, with a PaX randomizing the return address, the new SSXP will transparently encode the randomized return address in the stack frame on entering the function and change it back on returning from the function.
Got interested in it now? Here is the full story: The SSXP design and reference guide.
The whole idea came to me on a train ride from Saarbrucken to Trier, heading home from Munich.
It took me from 2005 to 2006 to think it over and i really have to say a big big thank you to Andrew Pinski and the Pax Team for the outstanding support during the technical implementation as gcc Register Transfer Language code. Also i would like to thank solar and GNi for the big test boxes i can use for free and my college, the Fachhochschule Trier for making this project possible!
Enjoy reading and make sure you leave a comment with feedback what i can improve and whether you would like to see this in Gentoo Hardened or not!
Thanks and cheers,
Alex
See you at the Fosdem 2007 in Brussels, Belgium!
This year's Fosdem will be special. People are all so excited and really looking forward to it.
I will hold a talk about my baby, the hardened toolchain and how it fits into the security perimeters available for the Gentoo distribution and the Gentoo Hardened project.
If you want to take a sneak preview at the (still preliminary) slides, visit the following url:
Gentoo Hardened presentation by pappy for Fosdem 2007.
In the meantime i am learning pretty much math for my final exam for my Bachelors degree and work on my projects for school, work and Gentoo.
Alive and kicking,
have fun and enjoy!
-Alex
Hurra!
There i am with my blog
Cheers to beandog and dsd_ for setting me up!
-Alex
Alexander 'pappy' Gabert
Alexander is no longer a Gentoo developer. The content remains here for archival purposes.
| Mon | Tue | Wed | Thu | Fri | Sat | Sun |
|---|---|---|---|---|---|---|
| Current | > >> | |||||
| 1 | 2 | 3 | 4 | 5 | 6 | 7 |
| 8 | 9 | 10 | 11 | 12 | 13 | 14 |
| 15 | 16 | 17 | 18 | 19 | 20 | 21 |
| 22 | 23 | 24 | 25 | 26 | 27 | 28 |
| 29 | 30 | 31 | ||||
Search
Archives
- May 2008 (3)
- April 2008 (1)
- October 2007 (1)
- September 2007 (3)
- July 2007 (1)
- June 2007 (5)
- April 2007 (2)
- March 2007 (1)
- February 2007 (4)
- January 2007 (14)
- More...
Linkblog
Gentoo
- More sites
Its been crazy the last few days with Gentoo's infra. I helped setup this planet site for dsd over the weekend and will be released in a few days. So far it seems to be working great! The next site I've been helping bring to life is the scripts repository site. This site will help bring together any scripts that people have created for Gentoo. Ian Leitch has been great to work with to get this site up and running. Now he'll finally be able to test it in a better format :)
Another project I worked on lately was helping setup a box for Brian Harring for the xdelta project he's working on. He'll have a server all to himself to torture and see how things go.
- Recent migrations galore
Its been crazy lately with all the service migrations for Gentoo infrastructure. I'm just glad that most of gone smoothly! I'll be glad when we get all the services off of eagle so we can finally move that server to its new rack. Finally got around to getting Planet Gentoo setup for dsd and it looks sweet! I can't wait for us to nail any issues with that and and have our users start using it. It'll be a great addition to Gentoo for sure.
Gentoo
- /dev/urandom thoughts.
On Saturday I visited the folks at Salford uni to attend the Gentoo UK 2005 Conference. There is a fine write-up on it in this weeks GWN so I won't elaborate on this too much, but I would like to extend my thanks to all of those participating in the event this year. It was a pleasure to meet those dev's I've never met before in person. Shouts out to Tim, Tom, Dan, Stuart, Rob, Stephen, and although I never recognized you on the day Marcus! If there is anyone I have forgotten, my apologies and shouts to you too!
Gareth Bult of Flash Linux fame spoke about the technical limitations of USB keys, which I found most interesting, and also (indirectly) raised a few points which I would like to rant about. Documentation! Everyone knows our documentation team do a great job and our handbooks are nothing short of superb, however there are so many other documents which we look after which are terribly outdated or have not been made aware of. Hopefully the planet is a good push towards the aggregation of information, although I for one will be making more of an effort to keep documentation well organized and up to date. Daniel Drake (dsd) spoke about his views of the kernel, mostly the 2.6 branch and its organization and touched on a few nice subjects. Monolithic vs. Modular for example. I felt a little embarrassed that I attended and didn't put in any talks of my own so I must apologize for that, however I thoroughly enjoyed Dan's talk and he would have shown me up anyway ;) Something I would like to add however is that in the coming few months I am going to make a more conscious effort to keep the project page updated and our TLP roadmap accessible. With 2005.0 still being up-in-the-air I am going to hold off however. Unfortunately I missed most other peoples talks in full as Stuart and I ran off to the side-room together! But from what I hear Rob only swore once, so way to go! All in all, thoroughly enjoyable.
On a different note I went to Alton Towers on Friday and even the weather held out! It was a lovely day, and it was an awesome amount of fun. Anyone who's going, I recommend staying the night in "The Bulls Head Inn" its just down the road, and the breakfast is fantastic. I think I went on every ride coming close to 4 times or so. Hex was the biggest dissapointment but numerous goes on Oblivion and Nemesis made up for it :)
Gentoo wise, there are several things coming up in the next few weeks with Kernel. There is of course the 2005.0 release which has been prepped for and requires further work once released to clean up old packages in the tree and so on. There has been some excellent progress made in migrating all the older sources to kernel-2 and older kernel module ebuilds to linux-info/mod eclasses. I will also be auditing our version detection mechanisms in the eclasses to ensure the recent move to a more refined upstream release scheme will be sanely catered for, and also addressing any issues which may have popped up from my recent unipatch change. Which reminds me, I am actually going to finish that re-write soon so devs can expect a much more powerful unipatch syntax and speed-ups. I would also like to welcome Carlos Silva (r3pek) on board! It's going to be a pleasure working with you.
So there is my first ever blog post! And I would just like to take this opportunity to thank Dan and all else involved for their dedication and initiative which made Planet Gentoo. It truly is an excellent tool!
- Asus Pundit-R's, Asterisk and Kids on Bikes
So its been a little while since I last posted so let me update you all.
My Girlfriend (Claire) and I are looking around for a house, making the big move in together. I never realised how stressful just looking is! We have seen a fair few that we like, and have arranged several viewings but time will tell. I've also got quite addicted to "Ladette to Lady" on TV. I didnt realise watching stupid pompous old grannies and crazy young girls would be so entertaining.
Oh, and then there is my car. The accident magnet. As some of you probably know some stupid woman crashed into it, which I had to claim for an so on, and I have just now (after months of waiting) recieved the estimates. Well, I sat down for my dinner the other day and the door-bell rang so I went to see who it was. Some kid (good on him for not running off mind) appologised for riding down the road, losing control and crashing into the side of my car. It left a rather tidy scratch all down the rear passenger-side panel, and also a nice dint. Less than impressed :(
Also, no idea how many people have seen this but its pretty awesome. Basically, 18 real life taxi cabs fitted with GPS and split into teams of three. You pick a "team" as your online monopoly piece and when a cab is near/on your property after the round is up, you get paid rent. equally you pay rent in the same way. Very cool!
Anyways, on a more technical note I've been playing with the Asus PUNDIT-R's as a solution to running Asterisk with some difficulty. The digium card (TE110P) is based on a well documented, open card with open specs. Problem being there is just enough variation in it to make it a pig. Once you enable the spans on the card, the card will begin to send interrupts (in a frequency similar to the timer) and also enables DMA access. now, the IDE bus on this machine has a faulty DMA as it is, and also it appears a faulty (IO/L)APIC implementation.
Im still in the process of trying to diagnose as to why the box will hardlock under minimal load exactly, but it is almost certainly to do with the way it handles DMA, and more than likely it just clobbers userspace memory regions which will then be over-written by userspace, which then currupts kernel-space and hangs.
However, if anyone has any experience with these boxes, this hardware, and asterisk please give me a shout and let me know how you got on. I have even tried forcing interrupt allocation to the BIOS in a check to ensure sensible sharing. - death to modconf
for those faithful following my heartbreaking drama story of a car and its owner, there is still no progress been made. The weather is getting wetter, and my poor baby is trying to hold the fort against the elements to prevent itself from rusting, and although I fret I have began to come to terms. Still no news about claiming for its repair yet, and still no news about making a statement but I suppose thats just slack police :)
A few things happening in gentoo land.
modconf has been removed, excellent. Its been in the tree (same ebuild, only trivial changes) for 2 years. It had come to the decision of keeping it, and bumping it to working or dropping it. After brief discussion, the latter prevailed.bugs #85410 and #84856 are closed. Anyone having problems with unipatch working on something other than base10, and madwifi not building if you use KBUILD_OUTPUT things are looking up! :)
bug #77190 has been closed. Anyone who was setting a LANG/LC_ALL variable which screwed up unipatch should now be working fine without needed to mess with anything.
And, plenty more to come. All in all, I don't have a great deal to add really. Only thing worth noting is I'm not feeling well and if things get much worse my availablity might become a little awkward.
- Ex-employers can really suck!
So, all in all this has been a fun weekend. The weather has held out which is good, I have a new car (new Hyundai coupe UK US: works under epiphany!) which I've been driving around a lot all week.
I've been on the phone every day to Manx Telecom (my ex-employers) recently trying to arrange for my internet access to be reconnected. One of the perks of working there was free ADSL, however for some anomaly it was never added to my line. Therefore, it was ceased and I have had no internet access for almost a week. Apologies to those waiting on me for stuff with Gentoo, but the above explains my lack of activity this past week :)
I've also been dabbling a lot recently in the new multisync cvs builds, uclinux updates and a couple of other goodies. Hope to push some of it to the blog/tree soon. On top of this I'm going to commit nicer support within detect_version for the newer kernel scheme, something I've wanted to do but with 2005.0 and my lack of net access its had to wait.
- Kernel Sources
For all of those awaiting a more permenant fix to bug #85559, this has now been done. Hopefully you vanilla-sources users (specifically) will benefit from a big bandwidth saving.
Also on a similar note, there has been a lot of confusion recently about 2.4/2.6 kernel versions and headers. Let me clear this up.
Many moons ago portage didnt have support for cascading profiles, although the 2.5 kernel had just been made 2.6 and progress was being made on stabalising support for it in Gentoo. The issues we had meant that we had to rename the 2.6 versions into a new package. For example: linux-headers contained 2.4, and linux26-headers contained 2.6.
This meant that managing the dependancies within ebuilds was awkward and amongst other things, far from ideal.
It was also an illogical seperation of what is fundementally the same thing. You dont for example see vim5 vim6 etc, you just have vim.Now then, what we did recently, with the help of cascading profiles was amalgamate these packages into their relevant counter-parts. Therefore, we now have vanilla-sources-2.{0,2,4,6}* and linux-headers-2.{4,6}* and it is up to the profiles you run to manage which versions should be unmasked for you.
As part of this move we also moved to 2.6 by default for many architectures. As a result, and in true gentoo philosophy, you will find underneath your profile either a 2.6 or most likely a 2.4 subdirectory. If you link your profile to that directory instead then you will no longer be forced to update to 2.6, however I do encourage you to upgrade if you have no valid technical reason to stay.So with this concludes:
emerge yourfavourite-sourceswill emerge 2.4, OR 2.6 depending on your profile. Most likely 2.6
emerge linux-headerswill merge the appropriate headers.IF you are upgrading from 2.4 to the newer 2.6 as part of this move, PLEASE PLEASE ensure your new kernel is installed and running along side your new 2.6 headers, since there are several reports of random segfaults occuring with 2.6 headers on a 2.4 kernel.
If you find that its installing a version you dont want, then just relink your /etc/make.profile to ${PORTDIR}/profiles/default-linux/x86/2005.0/XX where XX is 2.4 (or 2.6 on different archs in some cases).
Hopefully this has now brought some clarity to the situation :)
- Stupid French Cars!!
So shortly following the purchase of my new car, I was driving home at a very reasonable speed, when all of a sudden a newly passed driver in a citroen ax came around the blind corner too fast hitting the car in front of me. So, I swerved to not get hit by the spinning AX, and bits of the cars were flying all over my bonet.
I rang 999, done the normal stuff - luckily everyone was completely fine. Anyways, checking the damage to my car and it was nothing worth crying over I left and went home. While at home I saw that it had ripped big chunks out of my paintwork all over my bonet, door panels and bumpers.
After spending a good half an hour on the phone to a police officer dealing with the accident, I think he finally believed me and so I took it to the local station so that they could check it. Now all I need to wait for is something to happen to pay for the damage to be repaired before it starts to rust!And to add to the annoyance, the only reason I drove away from home in the first place was to pick something up from a shop which rang me to say something I wanted was in, only to find by the time I got there they were mistaken!
So, anyways, Gentoo stuffs.
kernel-2 changes have gone in to better accomodate KV_EXTRA and family.
linux-mod changes have gone into the tree to take over the pcmcia work from pcmcia.eclass, and pcmcia-cs changes will be made soon.instead of it now working out and patching a load of odd pcmcia sources, it just tarballs up the pcmcia-cs sources at build time, and uses that for the future. Please please please dont delete /usr/src/pcmcia/pcmcia-cs-build-env.tbz2 once these changes go in or you might experience problems :)
Aside from that, nothing new to report.
- tasting that fresh mono goodness.
So its been a while since I last blogged, and I've decided to give in on that whole "I promise to blog more often" routine which just doesn't work, but after having a few things happen recently which someone might actually like to read about, I decided to write a new installment of my crazed thoughts to entertain those religeous few :)
I've been looking for a simplistic, yet powerful Podcast client for quite some time now, without any of the ones i've found (iPodder/Juice, Rhythmbox etc) being simple and specific enough. I fairly recently came across monopod which I wrote an ebuild for (0.3) and after finding a bug open for it on bugzilla, submitted it to portage.
At the same time, I decided to clean up v0.4 and got right into mono development. So far I've fixed up the deprecated code, fixed and partially re-worked the iPod support, cleaned up a lot of smaller UI niggles and started writing a plugin system fairly similar to Banshee's to support automatic sync to iPod, daap, etc etc.
I've been in touch as well with Edd Dumbill and hope to start putting more time into turning monopod into a very convenient lightweight, but extensible podcast client. Of course, the fact that Banshee (which is awesome by the way, thanks Aaron) is actually getting a lot of attention from people writing podcast plugins for it means that monopod might end up being fairly short-lived. But obviously it has its purpose and I would never encourage playback support in it by standard anyways.
Anyways, on a totally different note Tim (Plasmaroo) lisa (lisa - funnily enough) and I met up in York for a bit of a gentoo get-together with a few other people on Saturday. It's nice to catch up with people face to face, and Tim's ability to shout russian in Pizza Hut impressed me! We met a rather interesting poet in the bookstore and ended up chatting about the ups and downs of (iirc) Jasper, XML, XSLT, Why not to use JavaScript, and then participating in some amateur filmography at the top of the stairs! :)
It was fun, hope to do it again sometime. The opportunity will come sooner than expected too with an unofficial meet in manchester shortly and a Gentoo UK gathering planned sometime near late May/June in London. Of course, everyone will be welcome and all interested parties should express their interest by badgering George (cokehabit) on #gentoo-uk ;) - I'm curious about rough numbers as I'm sure George is as well.
So, I could go on for a while with all the things I've been working on recently, but instead I'll give it a break and leave some beef for the next few days :)
Also to note, David Nielsen (Lovechild, some of you may remember him from his gentoo days) has been sexually abusing a lot of the UK developers recently. Word of warning for those tempted to visit us in London ;)
Gentoo
- Dual Core G5s (970MP)
Looks like dual core G5s aren't that far off, if you take the update to MONster to be any indication. If you all remember last year the 970FX definition showed up all of 3 months before the machines hit the shelves. Apple has a tendency to only do major product releases three times a year, Mac World Expo in San Francisco, WWDC and Mac World Expo Paris. If the past is any indication of future results it looks like they are trying to push for production machines by WWDC in June. With the recent updates to the ppc64 kernel, and new fun stuff like AGP and iMac-G5 patches coming down the pike it looks like ppc64 is going to grow fast from here on out. Now if I could only get multilib working...
- Hardened coming to ppc64
Just a heads up, I'm working to bring the Gentoo hardened profile to a ppc64 near you. A big thanks to solar for putting in the time to help me with this. I now return you to your regularly scheduled programing.
Some preliminary PaXtest data (no toolchain or noexec/pageexec yet):Mode: blackhat
Linux Strife64 2.6.11-hardened-r1 #4 SMP Wed Mar 16 21:08:23 EST 2005 ppc64 PPC970, altivec supported PowerMac7,2 GNU/LinuxExecutable anonymous mapping : Killed
Executable bss : Killed
Executable data : Killed
Executable heap : Killed
Executable stack : Killed
Executable anonymous mapping (mprotect) : Killed
Executable bss (mprotect) : Killed
Executable data (mprotect) : Killed
Executable heap (mprotect) : Killed
Executable stack (mprotect) : Killed
Executable shared library bss (mprotect) : Killed
Executable shared library data (mprotect): Killed
Writable text segments : Vulnerable
Anonymous mapping randomisation test : 24 bits (guessed)
Heap randomisation test (ET_EXEC) : 14 bits (guessed)
Heap randomisation test (ET_DYN) : 32 bits (guessed)
Main executable randomisation (ET_EXEC) : 20 bits (guessed)
Main executable randomisation (ET_DYN) : No randomisation
Shared library randomisation test : 24 bits (guessed)
Stack randomisation test (SEGMEXEC) : 32 bits (guessed)
Stack randomisation test (PAGEEXEC) : 32 bits (guessed)
Return to function (strcpy) : paxtest: bad luck, try different compiler options.
Return to function (memcpy) : Killed
Return to function (strcpy, RANDEXEC) : paxtest: bad luck, try different compiler options.
Return to function (memcpy, RANDEXEC) : Killed
Executable shared library bss : Killed
Executable shared library data : Killed - Nerd Score
Yeah, even though I'm on vacation I just had to jump on the band wagon. Damn peer preasure........
- PowerPC to the People
10 PRINT Hello_World
20 BEEP
30 GOTO 10
Ah gotta love Apple Basic.A little story for introduction:
At the edge of the Architecture map the intrepid programmer found the words "Here there be PowerPCs". Having no fear of these mysterious processors he set his sails to catch the wind and found that indeed the world was not flat. What he found over the horizon was a land where code was no longer bound by the tyranny of x86, a veritable paradise. The programmer set up shop and hung a sign outside his door; "PowerPC to the People" it read. As people slowly realized there was another way they broke free from their shackles and came to the new land. Welcome the programmer said, stay a while.
- The 'What we did in 2005' bandwagon
Ok, so jumping on the trend started by Simon and Diego here is the 'What did ppc and ppc64 do in 2005?' status update.
- The first thing to mention is 2 very successful releases each adding futher support for the machines using the powerpc processor. 2005.0 and 2005.1 were both successful. Additionally 2005.1-r1 fixed some minor issues on PPC64. Thanks got to Pylon, wolf31o2, jforman and the entire PPC, PPC64, RelEng and Infra teams.
- Along with 2005.1 we merged the ppc and ppc64 profiles into one common parent to better match the efforts of sparc and mips which both support similar structures. The merge was mostly stylistic but a further blending will be coming with 2006.0
- Support for the PPC970 processor found in the G5 transitioned over to the ppc64 team. Needing an easy way to transition users we created pure 32-bit, pure 64-bit and multilib userland profiles (the latter thanks in large part to the AMD64 team whos work made it possible). Gentoo is the only distro out there that fully supports all three types of installs. That is huge.
- 2005 saw the first support for Gnome in a pure 64-bit environment on PPC64 as we finally got mozilla to compile. Mozilla and Firefox still don't work but efforts are continuing to make these browsers ppc64 64-bit friendly.
- Hardened support has improved on ppc and ppc64 saw the first hardened profile. Neither one is really ready for prime time, but thanks to the great work of our Hardened team things are getting there.
- We started using ATs on the ppc team, they have been a great help, thanks all of you and thanks to the AMD64 team for coming up with the idea.
- Due to all these improvements, and the continued improvement of the PPC Faq and the Handbook we were able to close just shy of 950 bugs between the two groups.
- Because we have made such a name for ourselves as a strong reliable distro for both ppc and ppc64 we saw huge hardware sponsorship from Genesi and IBM. This relationship I'm sure will continue to grow. Thanks go out to both companies for their continued support.
- While not technically a Gentoo accomplishment work continues on the bcm43xx driver for the AirportExtreme (among others). I would personally like to thank JoseJX and Kugelfang for their contributions in bringing this project to where it is today. There is still work to be done for sure, but hell, I have wireless on my iBook now so I can't complain. I'd also like to thank all those who work on the driver that are not directly part of the Gentoo community, good job guys!
- I'd also like to thank all those that work on the ppc32 and ppc64 kernels as 2005 saw support for quite a bit of new hardware and without them it would not be possible.
- Finally I'll leave off quoting Simon, as it truely is the most important aspect of all: "We had lots of fun".
All told I'd say that's one hell of a year, here is to another great year for Gentoo, the PPC architecture and OpenSource as a whole.
Gentoo
- Filtering TOFU
This morning I discovered
net-mail/t-prot. It's specifically designed for mutt users, but it should work with other MUAs, providing they're not one of these new fangled bloated graphical things.Anyway, here's a URL: URL
The idea behind it was originally just to filter out classic TOFU, that is, "text oben, full-quote unten". This is a mish-mash of German and English meaning "text above -- full quote below", or just top posting to the rest of us.
However, t-prot filters out more than just TOFU. It gets rid of Outlook garbage and it can trim commercial and mailing list footers (or whatever footer you like). It can truncate RFC uncomformant signatures that are over four lines long. It does a bunch of other things too: trimming whitespace, repeated punctuation, blank lines, etc.
The best bit is that because it's just used as a
display_filterin mutt, the original mail is unchanged. This means there're no strings attached, so try it out.Just for the hell of it, here's a screenshot before (left) and after (right). Click on the images for full-size, if you're bored.
Interestingly, the person having their mail snipped by t-prot for having a huge RFC unconformant signature is also part of the ASCII ribbon campaign. It takes all sorts, I suppose.
- Gentoo UK Conference 2005
Just got back home after my flight back from Manchester. I'm very tired, but I'll do my best to scribble down a few things. I apologise for not having any photographs, but there is a video/DVD in the pipeline.
Rob Holland (tigger^) gave a great talk on code auditing, in particular with doxygen and his work with that. The slides were a bit rough and ready (hehe), but it was excellently presented nonetheless. He didn't even swear once.
Stephen Bennett (spb) showed me and a few other people Gentoo/FreeBSD with the Gentoo init script system. Really quite impressive.
Daniel Drake (dsd) presented the kernel and user-relations projects. I think the talk will help a lot of users to report better bugs in the future, and maybe even George will sort out his DMA access now.
My talk was really rather scary for me and I was quite nervous (and unprepared!); I think it went fairly well though. The Zsh demo at the end seemed to get a few oohs and aahs.
Harry Moyes, a guest speaker from manchesterwireless.net, gave a talk on the process of setting up a charity in the UK, and the details thereof.
Also thanks to Gareth Bult for his talk on Flash Linux. It was really informative, and it looks like a very useful and interesting Gentoo-based distribution.
Thanks to the organisers, Stuart Herbert (Stuart) and Reuben Finch (grumpydog), for putting so much time and effort into the event. I'm looking forward to next year very much :).
you can find my talk in both LaTeX and PDF on my devspace. Compilation to any format other than PDF probably won't work (you'll need app-text/tetex or similar and dev-tex/latex-beamer at least, and also I would recommend dev-tex/rubber)
- Haven't posted in a while, but...
I recently brought two new developers on board: Joe Sapp, A.K.A. nixphoeni (gdesklets) and Jory Pratt A.K.A. anarchy (qmail/vpopmail). Both seem to be settling in well.
I've bumped
mail-mta/msmtpto 1.4.0. I think I'm the luckiest maintainer in the world with the package's upstream, a chap called Martin Lambers, who:- Autotools his packages properly
- Announces releases on sourceforge and freshmeat in particular so I can track them easily
- Uses Gentoo
- Is active on the bugzilla
- Is a nice guy and easily approachable over email
- Writes good software (features, portability, good code, etc.)
It makes things very easy for me, and takes a lot of the nasty bits out of maintaing packages. I've gotten Markus Rothe (corsair), who is a PPC64 developer, to keyword 1.4.0 ~ppc64 too. In the next release, I'm going to try and push the current version to stable on all architectures so I can purge all the horrible old ebuilds without mailwrapper support.
I've convinced Simon Stelling (blubb) to add
gtk-enginestoemul-linux-x86-gtklibs. This means that anyone using the multilibbed GTK+ applications (the latestacroread,firefox-binetc.) will not have to endure warnings about missing GTK+ theme engine modules on the command line, so long as they are using a GTK+ theme that uses an engine shipped with GNOME. Also, these programs will look a hell of a lot better.Other than what I've mentioned, I haven't really done much. I've been enjoying winding down from school this Easter holiday. Back on Monday though.
- In response to Donnie's post
In this post, Donnie mentioned the use of various spam filters and IMAP proxies.
I don't know about other people, but most of the spam I receive is in character sets that I can't even read. So, it only takes one simple procmail rule to filter them all out:
:0 * Content-Type:.*(big5|gb2312|euc-kr|ks_c_5601-1987).* /dev/null
It makes sense to put this sort of thing before your spam filters, as it will use nowhere near the resources.
- My nomination for the Gentoo Council
Elfyn McBratney, beu, (by the way, good work on the marriage!) very kindly nominated me for the Gentoo council. I'm happy to accept this nomination.
Well, usual rubbish as far as reasoning goes: I feel I'd be able to communicate well between projects and developers, and I think that... well, I'd enjoy the job. There's not much more to it than that.
Good luck to the other candidates.
- Re: Flashy Desktop
Spider, I would recommend media-sound/synaesthesia for audio visualisation -- presuming you're using x86. It's not at all portable.
As for the desktop side of things, one man's flashy desktop isn't necessarily anothers. I'd say stick with stock gnome as far as possible. XComposite drop shadows always look good with it.
Misc
XML Feeds
What is RSS?
Who's Online?
- Guest Users: 55
powered by
