There’s a new bash vulnerability that could be a problem for a network-facing machine that happens to use bash. (See here for test.) As a BSD user, you can feel somewhat smugly superior since the default shell is tcsh and therefore it may not affect you – unless you’ve installed it from dports.
John Marino has already updated dports. A new binary is forthcoming, though you can always rebuild by hand if you don’t want to wait.
If you are on DragonFly, using pf, using altq, and using fairq to control usage, there’s a latency bug that Matthew Dillon recently fixed. He’s posted an announcement and committed fixes to master and 3.8, so it’s only an upgrade away.
It seems pkg 1.3.6 was slightly scrambled. If you happen to have built and installed it, John Marino has special instructions on how to update to 1.3.7. If you are on DragonFly 3.8, you can follow those instructions now, and if you are on 3.9, that repo should be ready for an update in the next few days.
Several people (including me) have been getting bit by a problem: when performing an installworld with a changed kernel, the vn kernel module is loaded, but it was built by the previous kernel and may cause problems when it doesn’t match up.
To fix that, vn is now built in, instead of being a separate module. The rescue initrd (which is what is being mounted when it has this problem) is now installed via a ‘make rescue‘ command that can wait until a successful installworld and reboot.
The mfi(4) driver has had some data corruption problems on “Thunderbird” series RAID controllers. There’s a newer driver, mrsas(4), that replaces mfi(4) for these controllers and does not have these issues, but switching may mean new drive locations and therefore some work to get booting correctly again. Sascha Wildner has an extensive writeup about what this entails, and how to switch now if you have that hardware (recommended).
If you are upgrading a DragonFly 3.6 system to 3.8, make sure you have the absolute latest version of 3.6 first. A few people have had a crash during install of the new initrd, which leaves the system in an unbootable state.
(Why, yes, that is why shiningsilence.com was down for some hours today… With Matthew Dillon and Sascha Wildner’s help, I was able to copy bits of /boot and /usr from a live CD back on disk and get online again.)
NYCBUG is having a meeting tomorrow night with the theme “Cloud and Colocation“. However! Suspenders, the usual restaurant location, has closed. (Aw, I liked it) This meeting is happening at the About.com offices, which means you can’t just show up – send email if you plan to attend.
I’ve branched DragonFly 3.8, and tagged a release candidate. Please try the release candidate if you can. I have links in my post to users@/kernel@. Don’t forget the remaining issues! Planned release date is June 4th.
pkg 1.2 is coming out. This brings a number of new features, but as John Marino posted, you may want to delete your old pkg.conf to keep the new version from complaining about an old config file. This upgrade is a step on the way to signed packages, which is a Good Idea.
It’s been 2 years since the pkgsrc packages for DragonFly 2.12/2.13 were getting updated, so I am going to remove them. If you’re running DragonFly 2.12, you’ll want to either build from source or upgrade DragonFly.
If you are on DragonFly 3.3, and you are running a kernel built after January 1st, there’s a bug in the way FP context is handled when the kernel supports AVX. (January 1st is when AVX support was committed.) Matthew Dillon has committed a fix and issued a note to update for everyone.
If you’re running DragonFly 3.3, make sure you perform a full buildworld and buildkernel when you next upgrade. Sascha Wildner is mentioning this as a cautionary note after experiencing issues when using quickkernel, after removing a number of syscalls. Once past that point, it should be safe to go back to quickworld/quickkernel.
On the 10th of November, I’m going to remove the binary pkgsrc packages from mirror-master.dragonflybsd.org for DragonFly 2.8 through 2.11. They are closing in on 2 years old at this point, and are from a pkgsrc branch that hasn’t been updated for that long.
If you are actually using version of DragonFly that old, you can continue building from pkgsrc normally; these are just prebuilt packages.
The summary result: If you’re running Postgres, you probably want to do it on DragonFly. The numbers are the best results for any BSD, even better to some extent than Linux, which has had its own issues with schedulers and Postgres. DragonFly 3.2 will include these improvements.
As I typed elsewhere, my general plan is to branch DragonFly 3.2 on the 8th, and release on the 22nd. That should give the recent scheduler and gcc work a chance to settle, and perhaps get a new version of USB support in too. It will probably be using pkgsrc-2012Q3, also, though we may not have binary i386 packages. 3.2 is shaping up to be a much more significant release than I expected.
According to Aleksej Saushev, pkgsrc is going to start defaulting to Postgres 9.1 instead of Postgres 8.4 by default, in just a few weeks. That means an upgrade in the next quarterly release, so keep that in mind.
The short version: MySQL, compiled a certain way, will allow 1 out of 256 root login attempts to work no matter what. I was going to link to this for the startlingly large number of MySQL installations found allowing connections from the public Internet, which means breaking into any affected servers would be easy. Then I thought about it… I don’t see a my.cnf installed by pkgsrc for at least MySQL 5.1 by default.
To fix this for your own installation, put
in /usr/pkg/etc/my.cnf to disallow remote connections. I don’t know if MySQL on DragonFly from pkgsrc is vulnerable to the issue, but it’s a good idea to not allow remote connections to the database, and ought to be on by default.
If you are running bleeding-edge DragonFly, libpthread was broken for a short period. If you built anything in the last … 12 hours? You may want to rebuild it. If that doesn’t describe you, it’s a nonevent.
It’s funny that I’m reporting a short-term break in bleeding-edge operating system code as any sort of surprise. It shows something about how stable DragonFly-master is most of the time.
There’s a Day Against DRM sale going on for O’Reilly. 50% off everything, and all the books are DRM-free. I found out about this through Michael Lucas, whose No Starch books are represented there too. It’s a fantastic deal and it’s today only, so strike now while you have the chance.
(I should make a ‘buy buy buy!’ tag for articles.)
Matthias Schmidt found a discussion about DragonFly’s password encryption. The result, if I am reading it correctly, is that brute-forcing the password from available hashes is quicker than it should be. Matthias also found a contributed fix. Samuel Greear updated to match the reference SHA implementation also in Linux, with this very pertinent warning.
The answer is “not very”. As I wrote in a post to kernel@, DragonFly 3.0 will be tagged soon, and released when there’s pkgsrc-2011Q4 packages to go with it. Probably a week if everything goes to plan.
The presence of /usr/include/crypt.h in DragonFly (starting in December 2010) meant that some programs compiled during that time will expect that file to always be there. It was recently removed, so any programs compiled in that timeframe will also need to be recompiled. Right now, this affects you only if you are running DragonFly 2.13 , since that’s the only place crypt.h was removed. This may be an issue for the release, but we’ll worry about that when we get there… I’m kicking off new 2.13 bulk builds now.
There’s a rare crash in DragonFly 2.10, where applications would segfault. The system would run find. This is apparently more likely to happen in 2.12, though reports on this vary. It’s real, though.
Matthew Dillon went looking for this bug, and happened to roll back vm_token, the last lock in DragonFly that presented a serious impediment to multiprocessing. It’s a big patch. It fixes the problem, which is great! It also happens to make DragonFly buildworlds almost twice as fast depending on the number of cores in the system.
Holy crap we want to get that out… but it makes some significant changes to the system and needs to be tested. So, the next release probably won’t be for a few weeks.
If you want to help, build master and do something with it – move data, run server programs, whatever. Report crashes. This performance improvement is worth working for.
Some ISA devices have been removed from DragonFly. That probably affects approximately 0% of everyone, cause they’re old devices, but a few of them are were in the GENERIC kernel configs, so you’ll get an error for an unrecognized option when you next rebuild your kernel using a GENERIC-based config, based on an older version of GENERIC. The description of which drivers went is quite sensibly placed in UPDATING.
If you’re running 64-bit DragonFly, and you’re on version 2.11, you will want to rebuild with the latest sources. Peter Avalos found a bug with file descriptor passing, and Venkatesh Srinivas fixed it. It will require a quickworld/kernel build – maybe a full buildworld and kernel? I’m not sure. Some pkgsrc packages might need recompilation, too if they also passed file descriptors around.
17 different ISA device drivers have been removed by Sascha Wildner. The commit message has device descriptions. This may mean you need to change your kernel configuration file on the next buildkernel, since some of them were in the GENERIC kernel. If you need any of them, speak up. (I don’t think I’ve ever used any of them. Oh darn.)
Venkatesh Srinivas is making vmobj_token and vm_token much more fine-grained. That’s great, but watch out over the next few weeks as this work goes into 2.11. (i.e. don’t upgrade your DragonFly 2.11 unless you are ready for surprises.) Venkatesh has already foundsome.
It’s out! See the 2.10 release page for the startlingly extensive list of updates in this version. Download images from the mirrors, or follow these steps (using a 2.10 version number) to build from source.
Sascha Wildner has updated the default version of binutils in DragonFly from 2.17 to 2.21. You’ll want to do a full buildworld on your next upgrade, if you’re running DragonFly 2.9.
Also, Matthew Dillon has made version 6 the default version of Hammer in DragonFly 2.9. Version 6 has improved handling of directory names in some circumstances. Just don’t ask me which, cause I lost track. It’s been a hard day!
The mentor signup page for Google Summer of Code 2011 as of this writing still says “We have temporarily disabled the creation of new requests and invites in preparation of the launch of the new UI for Melange later this week.”, as it has said since the 20th.
So, if you’re wanting to mentor, keep an eye on it. I’ll send mentor requests to any of the names on my list of people that have already expressed interest, if I get to a working version of the page before you do…
This shouldn’t be a surprise considering recent events: AsiaBSDCon 2011 has had some event cancellations; specifically the tutorials and meetings. The paper presentations starting on the 19th, and the banquet, are still on, however. (via)
avalon.dragonflybsd.org, also known as mirror-master.dragonflybsd.org, is back up at a new location, with new disks and new connectivity. pkg_radd should work by default again, as should git.dragonflybsd.org.
Avalon, the machine that works as the master mirror site for DragonFly, and also as git.dragonflybsd.org, is being moved. Binary package downloads and source updates won’t work in the meantime. If you can’t wait for the system to come back, change the settings for pkg_radd or in /usr/Makefile to point at a different host.
The index page of the DragonFly site has been updated by Matt Dillon with some notes regarding the status of the 2.8 release. Among these, it is mentioned that the GUI image will be making a return for 2.8! There will be no DVD image this time, only an image suitable for writing to a disk, such as a usb stick.
Matt Dillon and Venkatesh Srinivas conspired to fix another nmalloc issue, which should resolve any remaining problems people were having with Firefox, and possibly other applications as well. Due to an oversight of sorts, all locking operations on nmalloc’s depot were ineffective, as if there were no locking at all. Curiously, it worked remarkably well considering such a large race condition was present.
Our mirror of the never-quite-official git repository for pkgsrc is being rebuilt, so it will be temporarily inaccessible. Matthew Dillon is working on building a new one directly from pkgsrc CVS, which will have a different link.
System data structures have changed again, so make sure your next rebuild is a full buildworld/buildkernel if you’re running 2.7. There’s been a lot of changes to pull more and more out from under the Giant Lock.
happened to notice that recent libkinfo changes broke sysutils/estd. It’s fixed by rebuilding the program, though this may affect a few other packages. This only affects people running bleeding-edge DragonFly 2.7.
If you are running DragonFly 2.7, Matthew Dillon has made some kernel changes, so updating your 2.7 machine will require a full buildworld cycle, not quickworld.
The binary packages for 2.6 and 2.7 have been updated to pkgsrc-2010Q2. This means that pkg_radd will automatically pull down newer packages, and you should make sure your /usr/pkgsrc is using the pkgsrc-2010Q2 release if you want to be sure there’s no version mismatches.
Matthew Dillon posted a warning about both Samuel Greear’s kqueue work and Alex Hornung’s LVM2 work. Both are now committed to DragonFly 2.7. These are dramatic (and useful!) changes, so some instability may happen for bleeding-edge users. His post does include some minor detail on what was touched.
Alex Hornung has imported LVM2 from NetBSD, along with cryptsetup and dm. (Not dm(8), but devicemapper) LVM(8) stands for Logical Volume Management, and it makes storage management much easier; you may have encountered it on NetBSD or Linux. Those additional tools make it possible to encrypt volumes. Alex has published details on how to use it.
Matthew Dillon set up a git copy of the pkgsrc repository some time ago. However, it’s had syncing problems, and there’s an ‘official’ pkgsrc git repository now which does not have the problems. You can still pull from the same place, but it’s the ‘master’ branch now. His heads-up message describes how to switch.