Do you blog? Write? Post? Tell me!

If you’re involved in application development or BSD development in any way, and you write about it somewhere on a personal blog or page or publication, please let me know.  (justin@shiningsilence.com)

My goal is to point out as much interesting development as possible, and I find that getting notes right from the people that make them is the best way.  Trade publications and magazines will skip over that stuff and go to the press releases, but that doesn’t work for BSD.  I’ve found better, more interesting writing watching Peter Hansteen’s blog or Trivium.  If you have someplace you write about technology, and especially BSD-related development, please point me at your RSS feed.

Another BSD in town

Seen multiple places, but Tomas Bodzar was the first to tell me: there’s a new BSD in town, called Bitrig.  It’s forked from OpenBSD.  The first release is planned for the end of the month, and it appears to have a more aggressive intended development plan than OpenBSD.

Secure your MySQL setup

This was going to go into a Lazy Reading post, but then I realized it shouldn’t.  Here’s the source: “A Tragically Comedic Security Flaw in MySQL” (via)

The short version: MySQL, compiled a certain way, will allow 1 out of 256 root login attempts to work no matter what.  I was going to link to this for the startlingly large number of MySQL installations found allowing connections from the public Internet, which means breaking into any affected servers would be easy.  Then I thought about it…  I don’t see a my.cnf installed by pkgsrc for at least MySQL 5.1 by default.

To fix this for your own installation, put

[mysqld]
bind-address=127.0.0.1

in /usr/pkg/etc/my.cnf to disallow remote connections.  I don’t know if MySQL on DragonFly from pkgsrc is vulnerable to the issue, but it’s a good idea to not allow remote connections to the database, and ought to be on by default.

Or just use Postgres, if possible.

 

Lazy Reading for 2012/06/10

I got to use the ‘roguelike’ tag again this week, which always makes me happy.  Surprisingly, it’s not about… that roguelike.

Your unrelated link of the week: I happen to work at a salt mining operation, which leads to some unique problems (more).  Mining in the US is regulated by MSHA, which has been cracking down since the Upper Big Branch incident. MSHA issues  ‘fatalgrams‘ every time a miner dies.  MSHA also shows up on site as soon as possible, which means they are there taking pictures within a few minutes, with equipment still running.  It’s essentially crime scene photos, and a little worrying; many of the deaths are of people around my age with similar experience.

GNU utilities, correctly named

There’s a number of packages out there that assume you are using the GNU versions of ls, wc, and so on.  However, you aren’t when using a BSD system.  Pkgsrc has historically dealt with this when GNU tools are needed for a package by prefixing them with a ‘g’.  ‘ls’ becomes ‘gls’, and so on.  Aleksey Cheusov proposed a fix to keep these utilities under their original names, which I think will go into the next quarterly pkgsrc release.

Pkgsrc removal policy set out

Pkgsrc packages that have source files that can’t be redistributed, and go missing for the length of an entire quarterly release, will get removed.  They are effectively broken at that point anyway.

That policy is now formally in place; I don’t think there was a clear prescription before.