Loar's Lair - Software Releases

Vim 7.2.262

Mon, 05 Oct 2009 22:12:54 GMT

Nothing major, just another build with all the latest patches.

Packages on the Vim page.

remctl 2.14

Tue, 26 May 2009 01:28:37 GMT

I have just uploaded Windows binaries for remctl 2.14.

You can find them on the remctl page.

afsbak 1.2

Fri, 06 Mar 2009 23:42:57 GMT

Recently I had vos dump start sending the contents of a directory before all of its ancestor directories had been sent. I suppose that a sane ordering of the dump was too much to hope for. This release of afsbak changes tarvol to write orphaned entries into a tempfile. Then once the entire dump has been read, the orphan file is processed to see if ancestors have been found. This repeats until the orphans are eliminated or the orphan file stops shrinking.

This release also adds a new utility called aestar. This is my solution to the problem of how to make an encrypted, rsync-friendly backup of the BackupPC pool. Duplicity won't work because it does not support hard links. Rsyncrypto uses a dubious decision function for resetting the IV in CBC. What aestar does is read a tar file and encrypt the data for each file separately. Thus the size of the change when using CBC is limited to the size of the changed file, not the entire tarball. This utility requires the aespipe utility available in Debian for now; in the future I may rewrite it against a crypto library for better performance.

You can find it on the afsbak page.

afsbak 1.1

Sun, 01 Mar 2009 02:15:30 GMT

This release corrects a couple of problems with the first version of afsbak. Firstly it removes the -omitdirs argument to vos dump. I hadn't realized that only looks at the mtime and ctime on the directory, so it will miss updates to existing files. Secondly I now filter what is written to stderr, since BackupPC doesn't like things it doesn't recognize being written to stderr.

You can find it at the afsbak page.

afsbak 1.0

Fri, 13 Feb 2009 06:26:41 GMT

So I recently found myself wanting to share files between my desktop and my laptop. So I did what any sane, rational person would do. I set up an AFS cell.

Of course, I didn't want to put anything important in AFS until I had a way to back it up. At ACM, we had access to the campus Tivoli TSM service, so we ran an AIX machine for the sole purpose of using the old version of the TSM client that had AFS support. However, this wasn't exactly an option for me.

I already used BackupPC for backups, so I wanted to use that to back up AFS as well. But how? Someone pointed out BackupPC4AFS, but this doesn't allow for file-level backups, and the last thing I want to do is maintain a modified BackupPC.

I got the idea to take a vos dump and transform it into tar format and then feed that into BackupPC. I grabbed the restorevol utility from the OpenAFS source tree and with some work produced afsbak. It reads a vos dump on stdin and produces a tar archive, optionally producing shell scripts that when run will restore the ACLs on the containing directory.

Please let me know if you find it useful or find issues.

PuTTY 0.60.8425

Thu, 22 Jan 2009 05:31:48 GMT

Upon further testing of my GSSAPI key exchange support, I discovered that if one's GSSAPI credentials have expired when a rekey occurs, another key exchange method will be chosen, which will result in a verification dialog if the key is unknown. Since the main imputus behind GSSAPI key exchange is to not need to collect host keys a priori, this is a problem.

A closer reading of RFC 4462 revealed that this is the purpose behind the SSH2_MSG_KEXGSS_HOSTKEY message. In particular:

In order to facilitate key re-exchange after the user's GSS-API credentials have expired, client implementations SHOULD store host keys received via SSH_MSG_KEXGSS_HOSTKEY for the duration of the session, even when such keys are not stored for long-term use.

So I have done just that, and pulled in the latest changes from upstream as well. Unfortunately, Simon Wilkinson's patch for the OpenSSH server does not send this message, so this won't help when connecting to OpenSSH servers. I intend to work on that (patch his patch?), but in the meantime I tested against Sun SSH, which does send the HOSTKEY message.

It looks like I also should implement the "Null Host Key Algorithm" support to be fully compliant, but I have not yet done so.

You can find the source and MSI on the PuTTY page.

PuTTY 0.60.8371

Thu, 04 Dec 2008 10:33:40 GMT

So yeah, testing. I had tested my gssapi-keyex support against Sun SSH. Testing against OpenSSH revealed some issues:

Group exchange was totally broken. Sun SSH doesn't appear to support group exchange.
The hash H was improperly computed if the server omitted the optional SSH_MSG_KEXGSS_HOSTKEY message. Sun SSH apparently sends this message.
Also, rekeying was broken.

Now I have tested all three kexes against both Sun SSH and OpenSSH, and tested that rekeying works.

You can find the updated version on the PuTTY page.

PuTTY 0.60.8364

Tue, 02 Dec 2008 12:30:50 GMT

I have finished adding GSSAPI key exchange support to PuTTY. I intend to submit the patch upstream once it has some more testing.

Note that any session configs which were saved in the registry by a previous PuTTY version will not have the new GSS kex methods. You will need to move the GSS methods up to the top under SSH->Kex in the PuTTY Configuration dialog. Also with the move to the upstream GSSAPI support, the registry value name for GSSAPI credential forwarding has changed from GSSAPIFwdTGT to GssapiFwd.

You can find it on the PuTTY page.

PuTTY 0.60.8337

Thu, 27 Nov 2008 11:48:06 GMT

So it turns out that it is pretty darn trivial to build the new upstream GSSAPI support against KfW instead of SSPI. All you have to do is change the Recipe file to build with uxgss instead of wingss, and tweak a couple things to make it compile.

Therefore, I have decided to do this instead of attempting to replace the delay-loading behavior present in the sweb.cz patch. I figure that most sites are going to use either KfW or SSPI, and so making the choice at compile time instead of run time shouldn't be an inconvenience.

No key-exchange support yet, but I am working on it.

You can find it on the PuTTY page.

remctl 2.13

Sat, 15 Nov 2008 22:38:43 GMT

Russ has released remctl 2.13, which now compiles for Windows without modification. I have updated my remctl page to reflect this and posted new binaries.

You can find these binaries on the remctl page.