Older blog entries for rwatson (starting at number 2)

Well, continued hecticness seems to be the way of things...

Continued work on Capabilities for FreeBSD, fixing an elusive bug that resulted in a panic when init tried to shut the system down. Init now picks up the extra capabilities it requires at boot time (capability to signal processes owned by other uid's, and capability to invoke reboot()). Having this code in a more workable condition puts be in a good position to push a large pile of trusted OS extensions to FreeBSD out the door, in a continuingly RSN kind of way. Received email from others involved in trusted FreeBSD extensions including a new version of the Mandatory Access Control (MAC) support.

Sadly, the Microsoft trial has resulted in the dropping of the one charge I felt really convincing: that computer vendors were leveraged into only providing Windows as the operating system of choice. Most of the other charges, while no doubt important, are relatively subjective, and may involve tangling of legal definitions and software authorship in ways that may not make sense. Query: if Microsoft is broken up, which bits get which intellectual property? Microsoft Research has been extremely busy, these last couple of years...

Picked up some great bread from the local Bread and Circus store, which is part of the Whole Foods Market chain (may be known in some areas as Fresh Fields, etc), and had a good sandwich for lunch.

Continued work on my current pool of projects (work, moonlighting, hobby) while being taken in by a variety of April Fools jokes on the web. Had dinner at a great little vegetarian restaurant, Bellas, in Northampton, MA. Went to a 1900->2000 time capsule opening at Mt Holyoke College, where it was discovered in front of a large audience that the box was soldered shut, requiring a somewhat extended wait while appropriate tools were identified to open the box without damaging the contents. Turned out that the Mt Holyoke class of 1900 had quite a sense of humor...

FreeBSD capabilities are progressing--wrote about 10 pages worth of man pages, and cleaned up supporting libraries. Should be ready to put a version online RSN.

Haven't made much progress on extended attributes, as I'm hoping for some feedback before pushing it out the door, as it's likely to be a little more on the controversial side: the often lauded but infrequently used method of choice for file system extension in FreeBSD is layering, and I am not using it for this :-). While stacked file systems offer a number of architectural advantages, there are serious problems with the supporting infrastructure currently, although efforts are underway to correct this. However, until it's fixed, I still have work to do, so extended attributes are part of my base version of FFS. I also suspect that until FFS itself is broken into layers (namespace vs. filestore) services such as extended attributes cannot reasonably be implemented as layers, due to the issues associated with hard links, garbage collection, etc.

Work continues as usual: quite hectic with many impending deadlines, both for NAI/TIS stuff, and contract work/writing. Given the choice of falling behind or canceling commitments, I always seem to choose falling behind. Not clear that this is a healthy habit.

Currently preparing FreeBSD FFS named extended attribute support for public review and possibly committing. Extended attributes are required for my work related to adding ACLs and Capabilities to FreeBSD, as they allow the arbitrary tagging of security labels to file system objects (files, directories). I hope to get the code up in a public place for more general review this weekend, once I get a few spot reviews done. I've been running this code on some of my machines for three or four months now, and it seems fairly stable--perhaps the time is right :-).

Also preparing FreeBSD capabilities code for committing--right now the framework is finished, and some kernel access control checks have been expanded to include capability checks. However, in order for capabilities to be really useful, extended attributes are required. This is probably a few weeks away, depending on the code review process.

Have outstanding review requests on a number of people's projects, including IFS, mbuf resource starvation work, fixes to the default login.conf/dot files for users and root, and a few other things. Again, hopefully all stuff to look at this weekend.

Forecast for this weekend:
Busy, with a chance of showers. Will probably fly back to Washington, DC for NAI-related foo.

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!