I know I already posted that this was on the way, but this time, the quarterly pkgsrc freeze is starting with a detailed announcement. 2 weeks until the next release, if everything goes well.
If you’re using some PHP application that requires the old behavior of PHP 5.2, you will need to specify that version of PHP – pkgsrc is moving to version 5.4 5.3 as default, with version 5.4 available. (thanks, Takahiro Kambe for the update.)
The freeze for pkgsrc-2012Q2 starts on the 16th of June, as recently announced. Freezes are usually 2 weeks, so that means 2012Q2 should be tagged at the end of June.
This was going to go into a Lazy Reading post, but then I realized it shouldn’t. Here’s the source: “A Tragically Comedic Security Flaw in MySQL” (via)
The short version: MySQL, compiled a certain way, will allow 1 out of 256 root login attempts to work no matter what. I was going to link to this for the startlingly large number of MySQL installations found allowing connections from the public Internet, which means breaking into any affected servers would be easy. Then I thought about it… I don’t see a my.cnf installed by pkgsrc for at least MySQL 5.1 by default.
To fix this for your own installation, put
[mysqld]
bind-address=127.0.0.1
in /usr/pkg/etc/my.cnf to disallow remote connections. I don’t know if MySQL on DragonFly from pkgsrc is vulnerable to the issue, but it’s a good idea to not allow remote connections to the database, and ought to be on by default.
Or just use Postgres, if possible.
I got to use the ‘roguelike’ tag again this week, which always makes me happy. Surprisingly, it’s not about… that roguelike.
- RSA encryption explained. (via)
- Someone from Google went to BSDCan 2012 and blogged about it. The takeaways are interesting, especially something I’ve seen elsewhere: “Don’t buy systems that can’t take registered RAM in a bazillion sockets”.
- Occam’s Razor applies here, but still: trust nobody. (via)
- Bash One-liners Explained, part 1.
- They’re switching from ‘cvs import’ to ‘cvs add’ in pkgsrc. Now if they’d just switch the ‘cvs’ part out…
- Not even vaguely computer related: Please won’t someone make these commercially available? Wait, someone did!
- The Mechanics and Meaning of That Ol’ Dial-Up Modem Sound. (via) I feel nostalgic, but on the other hand… nobody missed 14.4 kbaud.
- Advanced Vim Macros. “As is typical in Vim, the rabbit hole of functionality goes much deeper than most users will ever plumb.” (via)
- Also at the same place: Vim Koans.
- Hey, there’s a DragonFly page on the Wine Wiki. It’s short but probably very useful if you want to run Wine.
- Also, an OpenCV fix for DragonFly, pushed upstream by a pkgsrc developer. That’s always nice to see.
- Fish, a new shell with some nice features. (via) Does this compile on DragonFly?
- Found near the same place: a screen saver that auto-plays Angband. OS X only, unfortunately. There must be an easy way to do the same with xscreensaver.
- CLANG, but not the compiler. Watch the movie.
Your unrelated link of the week: I happen to work at a salt mining operation, which leads to some unique problems (more). Mining in the US is regulated by MSHA, which has been cracking down since the Upper Big Branch incident. MSHA issues ‘fatalgrams‘ every time a miner dies. MSHA also shows up on site as soon as possible, which means they are there taking pictures within a few minutes, with equipment still running. It’s essentially crime scene photos, and a little worrying; many of the deaths are of people around my age with similar experience.
Pkgsrc already runs on a large number of different platforms, but that’s not what I’m talking about. In this case, Joyent, which uses pkgsrc internally, has a suggested change that makes binaries usable on both 32 and 64 bit systems. I don’t know if this will go into pkgsrc proper, but it’s interesting to see.
Apparently a lot of modular-xorg packages in pkgsrc received updates. I think I found some of the changes, but probably not all, so I don’t have a good way to sum up the actual effect.
Update: see the end of this cvsweb pkgsrc CHANGES-2012 page for all the changed parts.
There’s a number of packages out there that assume you are using the GNU versions of ls, wc, and so on. However, you aren’t when using a BSD system. Pkgsrc has historically dealt with this when GNU tools are needed for a package by prefixing them with a ‘g’. ‘ls’ becomes ‘gls’, and so on. Aleksey Cheusov proposed a fix to keep these utilities under their original names, which I think will go into the next quarterly pkgsrc release.
Pkgsrc packages that have source files that can’t be redistributed, and go missing for the length of an entire quarterly release, will get removed. They are effectively broken at that point anyway.
That policy is now formally in place; I don’t think there was a clear prescription before.
I think I’ve mentioned building DragonFly with clang before, but not pkgsrc. There’s two variables to set, plus some special handling for libf2c. Thomas Klausner has details. This is not tested on DragonFly.
DragonFly has a page on updating pkgsrc, and so does NetBSD. I don’t think I linked to the latter before, but even if I didn’t, it’s still useful.
If you have a i386 DragonFly machine, emulators/wine-devel should now work.
John Marino proposed cutting several game demos from pkgsrc. I don’t think they are playable at this point, even if you have the missing source files.
John Marino posted a report of pkgsrc-currentbuilding on DragonFly i386. The success rate for package building is so good that the “top” package break was security/libpreludedb, with only 9 dependencies. Everything else was less than that. I have never seen a pkgsrc build report before with only single-digit figures for dependent breakage; this is fantastic.
Takahiro Kambe is bringing PHP 5.4 into pkgsrc, probably as lang/php54. Follow the whole thread for a discussion of version numbering. As a side effect of this, PHP 5.2 will leave pkgsrc by the next quarterly pkgsrc release. If you’re using that older flavor, you’ll want to upgrade.
Apparently Apache 2.4 has a bug that will cause network stalls when sending data that doesn’t line up with segment size. Sepherosa Ziehau has put in a workaround for the issue. Alternately, you can use www/apache22.
Thanks to the efforts of John Marino and others, pkgsrc is having possibly the highest success rate ever of successful package software builds. If only I could get a pkgsrc-2012Q1 build to complete and upload…
Drowning in links this week. Is that so bad? No.
- I pity people that had to make illustrations about abstract concepts like the Internet, especially in the 1990s.
- Slashdot jumps the shark. I’m not really knocking what they are adding – I could use it for work – but Slashdot has gone corporate, in the bland sense of the word. There’s no clear voice behind what they talk about. Even if you don’t like what they are posting, there’s no longer a specific author to disagree with. Younger folks may shrug and say “So what?”, but Slashdot used to be nearly the only decent source for nerdity online.
- A sensible discussion of open source and how it relates to obsolescence and access.
- Jan Schaumann’s NYCBUG presentation in mp3 form: “The Useless Use of *“
- Winning entries in the 2011 International Obfuscated C Code Contest. (via)
- Hyperrogue III (Zeno Rogue). (via) It’s a roguelike, with vi-based directional controls and a non-Euclidian hyperbolic plane world, or at least that’s what the description says. It might compile on DragonFly.
- “Why don’t more developers contribute to open source?“
- Spam-merican Apparel (via) Spambots and T-shirts; that combination seems to be a natural growth of the internet.
- XFCE 4.8 is on the way in pkgsrc. I know this will please some people.
- The smallest (ELF) Hello World possible. (via profmakx onEFNet #dragonflybsd)
- A SSD roundup. I have one in my work laptop right now and it makes a huge difference.
- DuckDuckHack. (via) Quick, someone make a plugin for pkgsrc packages.
Your unrelated links of the week: Turntablism. I was talking about assembled music last week, and this is a whole area to itself. Watch Kid Koala turn a few seconds of trumpet playing into an entire blues progression.
Here’s a post by yours truly, on how to move to pkgsrc-2012Q1 though building from source. This is for anyone sick of waiting for me to finish the binary build of pkgsrc.
There’s a few pkgsrc packages that might be going the way of the dodo, soon. There’s a few more that need love, so speak up if you use them. Maybe you can be the Somebody™ that fixes them?