Some things are ugly.

Waldi’s suggestion fails.

db4.6_upgrade: Program version 4.6 doesn’t match environment version 4.4
db4.6_upgrade: DB_ENV->open: DB_VERSION_MISMATCH: Database environment version mismatch

Can’t start it manually.

debian-sks@dev:~$ /usr/sbin/sks recon
Fatal error: exception Bdb.DBError(“Program version 4.6 doesn’t match environment version 4.4″)

The log only shows:

2010-05-09 16:59:29 Opening log
2010-05-09 16:59:29 sks_db, SKS version 1.1.0
2010-05-09 16:59:29 Copyright Yaron Minsky 2002, 2003, 2004
2010-05-09 16:59:29 Licensed under GPL. See COPYING file for details
2010-05-09 16:59:29 http port: 11371
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Malformed entry
2010-05-09 16:59:29 Opening KeyDB database
2010-05-09 16:59:29 Shutting down database

The solution is ugly as hell, too:

root@dev:/ # su – debian-sks
debian-sks@dev:~$ cd DB
debian-sks@dev:~/DB$ db4.4_checkpoint -1
debian-sks@dev:~/DB$ db4.4_recover
debian-sks@dev:~/DB$ db4.4_archive
log.0000002839
log.0000002840
log.0000002841
log.0000002842
log.0000002843
log.0000002844
log.0000002845
debian-sks@dev:~/DB$ db4.6_archive -d
debian-sks@dev:~/dump$ cd ../PTree/
debian-sks@dev:~/PTree$ db4.4_checkpoint -1
debian-sks@dev:~/PTree$ db4.4_recover
debian-sks@dev:~/PTree$ db4.4_archive
debian-sks@dev:~/PTree$ db4.6_archive -d
debian-sks@dev:~/PTree$ logout
root@dev:/ # /etc/init.d/sks start
Starting sks daemons: sksdb.. sksrecon.. done.

Wow, our internal keyserver works again. Thank you, Debian…

This solution courtesy of Uwe Hermann, although it was for Suckwürstchen.

I finally managed to move my arse and buy a new Socket 7 CPU fan for herc, two new 160 GB IDE HDDs for tear, and plan a number of other migrations. Within the next time, the SSL certificates will be renewed (changed away from CAcert to some as of yet undefined CA for the main (web)server and to ca.mirbsd.org for the secondary services), www will possible move to a dedicated box, cvs from herc to tear for sure though. I’m at gecko2@’s place right now though, so it’ll take a while more (obviously). I’ll take the chance to re-design a number of things during the process and clean up old, no longer used things, as well.

I know I should probably have written something about CLT (it was great, except for the social event, which confused everyone about the who where etc. and I had a headache and the sounds they provided (no music…) didn’t help either, but it was planned and exercised very well and much cleaner than ULB too ☺) and that I managed to do two geocaches in East Germany… and a plethora of other things (I did staff the Debian booth, there were neither a MirBSD nor FreeWRT booth after all; there is interest in makefs(8) but the 31/32-bit limit must go; etc). I’ve had a demanding three weeks at work though, and I’ll probably not write much content for the website anyway any more, but I’ll try to get more hacking done. mksh got more POSIX compliance, and we’re discussing about the things on the Austin Group mailing list. I’ll be writing a bootloaderloader for mika and Grml, with special consideration for a blind user. I need to get screws, RAM, a hard disc and a PSU for my new Cobalt Qube2 and put Debian on it to debug things. I plan to buy the upgrade kit (to 20 MiB RAM) and a new battery for nwt (and use glue to put the broken-off edge back there) just like I started renovating my hardware pool. OpenSSH needs an import, others may need work. So, I’ve got a TODO longer than a lifetime, so I get to pick my things ;-)

There will not be a MirBSD booth at LinuxTag in Berlin. If I’m going (even that’s not sure), I join a shared AllBSD booth, which seems to not happen, or… bsiegert@ will be at some conference for his Chemistry stuff again, and it’s too far for gecko2@ to attend, so I would’ve been alone anyway. At FrOSCon, though, we’ll be sure to happen (I’m even trying to cobble together a FreeWRT booth again, but there are not enough volunteers coming who aren’t expected as another booths’ staff).

gecko2@ upgraded ports/editors/nano and desired documentation, possibly in the form of a tutorial, on how to do it. And I hope bsiegert@ will remember that Google’s “Go” is the second one of that name and use something like ports/lang/google-go (on second thought, a company name in a directory is bad too). And there’s kencc in ports already so I’d like an Inferno port first.

ciruZ said that Syllable is pretty much dead… sad, since mksh now works on Haiku and both Syllable and Plan 9 had similar issues with it, so I was hoping we could get them fixed… (bsiegert@ is our resident Plan 9 expert, so I need to push him into looking at it.) Speaking of MirWorldDomination, /system/bin/sh on Android-x86 is an mksh(1) already ☺

Today was a fine day, which I spent at the excellent Zoo de Mulhouse. Alas, most of the plants there are still in “winter mode”.

Recently, i mentioned in a thread on reddit that Limbo (under Inferno) is “my favorite obscure programming language”. Someone else replied that “it is now called Go”. This led me to take a look at the Go programming language made by Google. Sure enough, there are big names behind it: Rob Pike and Ken Thompson, of Unix (and Plan9) fame, and also Russ Cox, one of the most prolific Plan 9 fans.

When you compile Go, the first thing that is built is a lib9, which contains Plan 9 code, such as the rune routines for UTF-8. The Go compiler is derived from kencc. For the 386 architecture (the one I tested), you get 8g (Go), 8c (C), 8l (linker) and 8a (assembler). For the record, there is also a Go compiler using gcc, which is able to call C code.

Leaving obvious syntax differences aside, Go indeed resembles Limbo quite closely. There is no first-class list data type however, and there exists a curious difference between arrays and slices. Slices are some sort of pointer to (part of) an array. Arrays are passed by-value to functions while slices are passed by reference, it seems. There is also an associative array type that maps one data type of your choice to another, for example a string to an int. Other Limbo niceties, such as easy string manipulations, are also present.

The first thing I tried was porting a scientific program I had written in Limbo before. The math module looks almost like its counterpart in Inferno but is missing the gemm() function (generic matrix multiplication) from BLAS3. Thus, I ported it from the Inferno sources, where gemm() is written in C. (By the way, that code looks like it has been ported from Fortran 77.) Porting from C just involves removing a few parentheses (in if and for clauses) and semicolons (just about everywhere).

I have not explored it much further yet. But it does look very interesting for system programming and similar things. The only thing missing now is a MirPort ...

tl;dr: EvolvisForge 4.8.3+evolvis2 deployed, almost all systems converted; FusionForge 5.0 coming Really Soon Now, faster if YOU help!

I’m happy. I just was able to deploy a new version with many improvements on almost all of our systems (save the two which are not yet on 4.8 but stuck on 4.5 codebase).

For example, Roland has provided code to set the roles’ default permissions in a new forum, tasks or tracker subproject to some (sane) default value, instead of Read — now that they’re suddenly honoured, the bug (of them not being set to e.g. Tech) surprised many people.

I’ve written a CAPTCHA for user self-registration, in the hope of fooling automated login bots to fight spam accounts like we see at evolvis.org quite often these days (maybe spammers have special bot codes for *forge?).

The automated creation of ~user/.forward to enable mail forwarding for «user»@«forge» the same way «user»@users.«forge» is already handled now also works well. Other nifty things include bug fixes and more features in our theme (which should not be considered public) and the mediawiki plugin (allowing better control over importing, editing the Sidebar, logos, etc) and better XHTML/CSS compliance and browser compatibility.

Admins will love this: one can now set the password of any user if one is a Site Admin! (Before, this involved quite some database fiddling after calling md5(1) and encrypt(1) manually.)

The only sad things I see are that we cannot yet upgrade all instances we run to gforge-plugin-mediawiki, so they keep running the old-style separate wikis, which run on the same database though, preventing it from being upgraded from PostgreSQL 8.1 to 8.3 (due to the age of the mediawiki engine being used), and that our internal forge and the public one, evolvis.org, cannot yet be upgraded (especially as I’ll be on vacation RSN).

Still, we hope our cow-orkers enjoy the new release.

On the other track, we’re already running towards a stable 5.0 release, which will rock. One of my colleagues is helping with translating the strings into German upstream, and the branch is created; the code is being stabilised now and short of a release (also, thanks to the speedy help of the Debian FTP masters, with a detailed and correct debian/copyright file and a DFSG free distfile). Some tarent/evolvis extensions have found their way in there already; FusionForge 5.1 will have more, we guess.

Keep up the great work, FusionForge people!

FAQ: When will FusionForge 5.0 be released? ⇒ As soon as it’s ready. Faster if you help.

EvolvisForge will migrate to a 5.0-based code some time after, taking care of possible regressions and merging our changes, some of which will then wander into FusionForge trunk, hopefully ☺

Quite surprisingly, I’ll attend the Chemnitzer Linuxtage 2010 in Eastern Germany. This is a happenstance, I managed to get fast transportation (via my boss) and accomodation (in a hotel). I will try to help staffing the booth of Debian this time (so I cannot be called Traitor any longer). Schedule, due to the spontaneousness of this, no, though. I may not even be there on Sunday, dunno…

No RCBD (or night) though, some real life and a new release (with fix of an FTBFS-on-hurd-i386 bug) though:
RMD160 (/MirOS/dist/mir/makefs/makefs-20100306.tar.gz) = f65bd8ef5cf3306a9112587dd4915b6255e479fe
This version pulls in NetBSD® changes (Acorn Archimedes support, for one), but I’ve also coded support for boot-info-table (J�rg compatible), as well as setting the PVD dates (used by GNU GRUB 2 for “UUID”s).

On MirBSD, cdio(1) can now be used to burn (TAO) and blank (quick) CD-RW media (I backported some OpenBSD changes) too.

My ex-AM now sort-of mentor Zack asked for help of an Autoconf/Libtool guru with an RC bug... well, The MirPorts Framework taught benz and me, under consumption of a bottle of wine, how to deal with that stuff. So I've fixed #559822 (CVE-2009-3736, another of them...) and NMU'd.

Sort of a PITA, considering gettextize runs interactively, and there's a lot of files to remove in debian/rules:clean for a double-build to not add nonsensical files to the .diff.gz; but I did it in the end.

Yes, my rant was more against the things I encountered during keysigning, not keysigning itself. However, I still feel X.509 doesn't have these problems, and nothing I can think of will persuade me to think PGP/MIME better than Inline PGP. (Especially when the recipient's key contains a notation that he wants the latter, but not the former.)

Jonathan does have some good points about the (PGP) Web of Trust.

Again, that wlog entry of mine was a rant; I had let the topic stew over night, trying to get the anger out, but on the next day it just wanted to get out of me, I merely wanted a good old rant. I think I'll not include Planet Debian next time I do rant, though (it's not the place to do so).

The Command-Line Interface for the KDE Wallet, Version 2.02, has been released and dput into Debian unstable. (The lenny-backports version will follow.) It took me quite a while to reproduce, then track down, the bug; having unrelated problems at the same time didn’t help either…

It took us a while, but we’ll be participating at Plänet Forge soon as well. We, that is the Evolvis team at tarent GmbH:

• Thorsten Glaser (that’s me), a sysadmin at tarent and an Evolvis developer
• Sven Frommeyer, an apprentice sysadmin at tarent
• Stefan Walenda, our project manager
• … and potentially others

To clean up the nomenclature…

• Evolvis is the platform consisting of EvolvisForge and others, such as a Continuum or Hudson build server, an Alfresco DMS, a MediaWiki, …
• EvolvisForge shall be the name of the customised installation (not fork) of FusionForge (formerly gforge-*.deb) that is used by Evolvis
• evolvis.org is the public platform where tarent GmbH is presenting their open-sourced projects
• There are other Evolvis installations at *.tarent.de domains, which are private.

EvolvisForge customisations mostly consist of: take a stable FusionForge version plus bugfixes, sometimes backports (such as the FF 5.0 MediaWiki integration), change some defaults, and add Evolvis branding such as our theme. Also, some integration with the other Evolvis components, Univention/LDAP, etc.

This is a welcoming posting, so I better keep it short. We’ve been in Issy-les-Moulineaux (I hope I spelt that correctly) breaking up the French cabal, but they’re all nice people. Let’s try and improve all the forges!

Update: This wlog entry uses aggressive tone because I somehow needed to vent frustration from using some of the tools. I should probably provide some constructive critics, too... but this is a rant. Be warned.

Keysigning is useless. I boot up a suitable live GNU/Linux system, install signing-party, take the trouble that is to set up caff, transfer my secret key from the secure box, sign. I think caff providing the keys in a different order than they're given on the command line sucks and just run caff once per key. I did even start Postwreck. But no, people just don't accept any mail from "EHLO grml" systems, and I still cannot control my reverse DNS despite having a static IPv4 address (and IPv6, which looks to be unused). People also pretend I'm on dial-up. Great!

I will no longer participate in any (mass) PGP keysigning but will continue to do so on a per-person basis. Probably sign but one uid, either apply common sense and upload it to t̲h̲e̲ keyserver, or mail the entire signed key to one address.

By the way, how crazy is it that I need to use the deprecated $CONFIG{'mailer-send'} to pass an envelope-from to the mailer? It also suffers from the same delusion as e.g. nmudiff, namely that my Debian box is a fully set up workstation able to send out eMail and configured correctly. At least, it, unlike a number of others, does not assume I use mud (Mutt). grml…

Oh, and caff does a protocol violation (by always sending out GnuPG/MIME and not offering the standardised Inline OpenPGP), I think people just don't care about such. (There is a notation people can use to signal they want PGP/MIME, Inline PGP — which is called "partitioned" — or both (and which order of priority) but, alas, despite Inline PGP being the only one useful for the MUAs without integratin, and being more widely spread than that PGP/MIME crap, the followers of the latter do some (FSF-style?) kind of vendor lockin by not speaking anything else.

Anyway. I'm all for X.509 except there seems to be no sane CA (Startcom is... trouble, even with Opera; CAcert.org is dying). I'll just buy a certificate (not from Verisign though) for www, and roll my own again (I can do it, I have experience with that actually).

On an unrelated side note, still waiting for an OpenSSL patch for that recent TLS extension...

ObRant: password policies, be they required characters or any kind of length restrictions, suck. People I will eventually end up with less secure passwords on such systems, because even if some of mine may appear to be derived from some kind of dictionary (what language that is I'd be interested in, though...) they aren't, and I have my schemes. You got to have them with a gazillion of passwords used. And I probably will forget them more often (and sending them via eMail is also not a solution).

Unrelated notice: mksh R39c with bug fixes coming RSN.

(Updated 24.02. because I was, rightfully, told the language, and the title, were too strong. I also would like to excuse for going so low as to write an ad-hominem attack, which I've since redacted.

FOSDEM was a great success. Once more, thanks to Daniel Seuffert, Marius Nünnerich and the others from the AllBSD project. We distributed 400 CDs with the latest snapshots, of which about 350 were distributed on Saturday alone. There was a stronger demand for French flyers compared to the last years; I think that more locals (i.e. Belgians) attended the conference. Many of these people were only there on one of the two days.

Kudos also to the people from the Debian booth (especially Axel “XTaran” Beckert) for lending us a screen for the showcase computer. Due to communication problems, the others had not brought a spare screen as usual, and I could not bring one on the plane.

I held my talk about Build Systems with autoconf, automake and libtool on Sunday at noon, with a very interested public who posed some very concrete question. I conclude that there is a real need for this kind of “HOWTO”. I will write a bit more on the subject of autotools, in the meantime the slides are available at SlideShare, where you can view the presentation online (Flash required) or download a PDF.

Oh, and contrary to “popular” belief, the food at the Pakistani (!) restaurant on Saturday was excellent :).

Bauch wieder OK, dafür nen recht wehtuënden Frosch im Hals, Hammerkopfschmerzen, Rückenschmerzen und bißchen Gliederschmerzen. Grml. Ich mach' im Moment erst mal nix.