Older blog entries for Fefe (starting at number 26)

I wasted the better half of the day trying to get glibc to compile. It just wouldn't work for me. Nobody else appears to have problems with this.

The problem was that glibc's new ld.so checks whether the ELF run path is set. This is done for shared libraries using -Wl,-rpath, which you might have seen somewhere already. Or you can override it at run time with $LD_LIBRARY_PATH. Or you can specify a default at link time with $LD_RUN_PATH.

This I happen to do to make all those stupid GNOME applications find their libraries on my system, which I do not want clobbering my /usr/local/lib, so I put them somewhere under /opt.

How does ld.so check? With assert(). Apparently nobody ever tested this code, because assert calls __assert_fail, which calls some internal printf clone, which calls some conversion routine for numbers, and that one segfaults before anything is actually printed.

So ld.so segfaults before calling any syscall that could be observed with strace. D'oh!

There is little that makes as happy as seeing people use your software. At a small local LAN party, I saw people casually using npush and npoll (from my ncp package; people whom I never saw before and who didn't even know me. That was amazing.

And it's even more amazing to get bug reports that show people tried to do more with your code than you did yourself! The main problem with free software is that it is not very rewarding. Most emails are gripes about bugs or licensing issues, it's rare to have someone write you just to tell you that he likes your software. So getting a bug report about a detail of a library routine that is not exposed by the surrounding project is a very special gift, because it shows someone not only downloaded the code, he actually read the source code!

Anyway, I finally got an account on an ia64 machine, which allowed me to diagnose the problems the Debian build system reported on that platform. It turned out to be a bug in the start code, so this opportunity forced me to read about ia64 assembly language. I wonder which planet the designers of this architecture came from, and whether it even was in our galaxy.

My friend Öc is currently solving the holy grail of qmail; he patched qmail to add RCPT TO batching, and he is now working on a generic filter infrastructure, which is a big problem for integrating spam or virus scanners currently.

fnord has come around nicely. I just got an email from the GNU project about it, they want to include it in their directory. This also happened to the diet libc a while back and after that it really took off. I take this as a good omen ;) The diet libc has been ported to x86_64 and ia64 now, I think it is time to look at it from a security point of view now and try to get external people to audit the source code. It is getting used on servers more and more.

I haven't had much time for tinyldap lately, regrettably. Too bad as it still does not have ACLs or write capability.

On the other hand, I am thinking about writing an sshd that only supports protocol version 2. I don't have that warm and fuzzy feeling with openssh any more.

I decided to enter the Honeynet challenge. To maximize my own learning experience, I decided to do it the hard way: by not running the binary, not even in strace or a debugger. Just working on the disassembler output. The first part was easier than the last part. I actually thought I could finish this in 24 hours, but then I fell asleep on the keyboard ;-)

I am finished now and I think it was worth it. There is still plenty of time, so if you think you are up to it, go ahead and join the contest!

Time and again, just when I am starting to lose faith in the free software community (usually when I go to Freshmeat and see superfluous crap projects like the hundredth PHP weblog or window manager or trivial 3k hack bloated to multiple megabytes using Java, KDE or GNOME, someone comes along and restores my faith.

Just today, I received a report regarding tinyldap for a cut-and-paste bug in the library that is not visible in any of the actual binaries. So, to find it, you need to read (and understand) the source code. After all the kindergarten behavior and low-quality postings on the mailing lists or Usenet newsgroups for popular software like qmail or Apache, I can really appreciate the difference. Normally most of the messages ask questions straight out of the manual, or worse, the FAQ. So far, the mailing lists for my projects have been great examples of how mailing lists are supposed to be. Very low volume, no fluff. It's good to see that this can actually work.

I am still thinking on how to implement ACLs for tinyldap. This issue has been clouding my mind for over two weeks now. OpenLDAP slows down by a factor of 100 with ten measly ACLs for my test data, so it is very important to get this right.

tinyldap is now actually in a state where it begins to be useful. It has a trivial client that can do EQUALS queries, it has a relatively simple server that is meant to be run from tcpserver (see ucspi-tcp), and it already outperforms openldap by a factor of almost 10 for index generation and simple queries.

Time and again I am amazed at how bad the successful software packages out there are. Apache is easily outperformed by fnord, MySQL isn't even a real database, PHP is so slow that Zend actually made a business model out of selling performance enhancing hacks for it... The only widely used free software projects that actually perform well in their market are GNU grep and the Linux kernel (and the latter is an evil bloat monster).

Sometimes the state of the free software is quite depressing. Well, enough talk. Let's do something about it!

OK, so I did start writing that LDAP server. I call it tinyldap, although it currently does not do much. However, the feedback from frustrated openldap users was overwhelming. No previous project of mine has ever created this kind of collective "Finally!" sigh from people who send me lengthy rants on why openldap is a toy not ready for production use. Well, it will be a long time until tinyldap becomes usable, but I certainly underestimated the demand for it.

On a side node, Mozilla urgently needs to support anti aliased fonts under X. My eyes hurt from these ugly fonts.

18C3 was way more fun than I expected. The two most frequenty asked questions to me were: "are you doing a web log again?" and "any more lectures from you today?". I was not planning on either, but the many questions made me write a web log (I still haven't uploaded it yet) and the second question made me feel bad for refusing to do more than two lectures this time.

Anyway, there were more than enough lectures this year, and good ones at that. I'm happy, this was the best CCC congress for years.

I'm very optimistic about 2002. It will be a great year, I'm sure. And tomorrow I will finally start writing that stupid LDAP server that I have been talking about for weeks. ;-)

Yesterday, I released fnord, a very small and very fast web server. It is quite feature complete and appears to be faster than most if not all other web servers out there.

I started a new project, mininet. I will reimplement certain important network utilities (so far only ping and host) using libowfat and the diet libc. I hope people will contribute (hint, hint) some code (wink, wink, nudge, nudge)!