Strange occlusion() results with a glass object   

The attached scene contains a matte floor with a matte object on top of it, and a sphere above them which can be matte or glass. The only light source is an ambient occlusion shader provided in the ZIP file.

Maybe this is not a bug and only me doing something wrong with the parameters, but I didn\'t expect the results of the occlusion() lighted matte object to be different depending on the presence of a glass object somewhere else.

In case the issue is platform-specific, here are the render I get from the RIB: http://instinctive.eu/tmp/rt-bug-glass.png when the sphere has a glass surface shader, and http://instinctive.eu/tmp/rt-bug-matte.png with the matte surface shader. I'm using Pixie 2.2.6 compiled from sources on a FreeBSD 8-STABLE amd64.


          New Job   

I mentioned in my last post that I was learning Perl in the hopes of landing a job. Well, that has now paid off as I will be starting at Summersault next week. I’m pretty excited to get out of working with Microsoft tools. I was worried about getting pigeonholed into that if I took another job with it. While C# is a great language, my moral objections to Microsoft’s business practices far outweigh my love of C#. Now I get to work with a variation of the LAMP stack (FreeBSD, Apache, PostgreSQL, and Perl) as part of a small team. And other people can actually see my work this time. That was sometimes frustrating when writing internal web apps.

This change may effect my open source work with Trac. Summersault does not use it internally (RT seems to be the standard with Perl). Up until now LSR’s use of it was a major motivator for me to get involved. We will see if I am able to sustain interest when I am not using it on a daily basis. If not, I will put out a call for someone to adopt the batch modify plugin. The whiteboard plugin will probably just die. I can’t see anybody else wanting to put the necessary work into it.


          NAS4Free 11.1.0.4.4421   
NAS4Free ist eine kostenlose Linux-Distribution, welche auf FreeBSD basiert. Zu den Features zählen unter anderen Vollständiges Management über ein Webinterface Software-Raid (0,1,5) und optionale Dateiverschlüsselung Dateisysteme: ZFS v5000 (Feature Flag), UFS, Ext2/3, FAT, NTFS Partitionen MBR und GPT Zahlreiche Netzwerkprotokolle wie CIFS/SMB (Samba v4.x), FTP, NFS, TFTP, AFP, RSYNC, Unison, SCP (SSH), iSCSI (Initiator und Target), HAST (Highly...
          R-Studio 8.3 + Лицензионный ключ   
R-Studio + Ключ


R-Studio - программа для восстановления данных. Поддерживаются файловые системы обеспечение для восстановления данных в случае их удаления, удаления или повреждения разделов диска, а также в случаях, когда диск был отформатирован или, например, произошла вирусная атака. Поддерживаются файловые системы FAT12/16/32, NTFS, NTFS5, Ext2FS (Linux), HFS/HFS+ (Macintosh), UFS1/UFS2 (FreeBSD/OpenBSD/NetBSD/Solaris), HFS и HFS+. Восстановить данные с помощью R-Studio можно не только на локальном компьютере, так и на жестких дисках других компьютеров локальной сети.
          FreeBSD setrlimit Stack Clash Proof Of Concept   
FreeBSD setrlimit stack clash proof of concept exploit.
          FreeBSD FGPE Stack Clash Proof Of Concept   
FreeBSD FGPE stack clash proof of concept exploit.
          Comment on Flash Bug Report by Alex   
Hows the development of the native version of flash for freebsd coming along emmy?
          InterBase Data Access Components 5.10   
IBDAC is an enhanced component library for fast direct access to InterBase, Firebird and Yaffil from Delphi, C++Builder and Lazarus, supporting Windows, Mac OS X, iOS, Android, Linux, and FreeBSD for 32-bit and 64-bit platforms.
          Data Access Components for MySQL 8.10   
MyDAC (Data Access Components for MySQL) is an enhanced component library for fast direct access to MySQL from Delphi, C++Builder and Lazarus, supporting Windows, Mac OS X, iOS, Android, Linux, FreeBSD for 32-bit and 64-bit platforms.
          Universal Data Access Components 5.10   
UniDAC (Universal Data Access Components) is a powerful library of non-visual cross-database data access components for Delphi, C++Builder and Lazarus, supporting Windows, Mac OS X, iOS, Android, Linux, FreeBSD for 32-bit and 64-bit platforms.
          Еще про айФон, и заодно про Алксниса   
Джон Грубер https://daringfireball.net/2017/06/perfect_ten :

The Apple I, the Apple II, the Macintosh, the iPod — yes, these were all industry-changing products. The iPhone never would have happened without each of them. But the iPhone wasn’t merely industry-changing. It wasn’t merely multi-industry-changing. It wasn’t merely many-industry-changing.

The iPhone changed the world.

... Ten years in and the full potential of the iPhone still hasn’t been fully tapped. No product in the computing age compares to the iPhone in terms of societal or financial impact. Few products in the history of the world compare. We may never see anything like it again — from Apple or from anyone else.
 
Есть одна забавная история, о которой я часто вспоминаю, когда речь идет об айФоне, хотя она собственно говоря не имеет к смартфонам никакого отношения. Но давайте по порядку.

В мае того же 2007 года широкую известность в России получило знаковое "дело Поносова", никому ранее не известного директора одной из сельских школ Пермской области, которого оштрафовали на 5000 рублей за "нелицензионное программное обеспечение" (Windows и Microsoft Office) в его школе.

Этот нелепый во всех отношениях инцидент привлек всеобщее внимание к ситуации с "нелицензионными" версиями Windows, и в частности, заинтересовал уже, напротив, довольно известного политика ультра-националистического толка Виктора Имантовича Алксниса, на тот момент депутата Государственной Думы РФ (от коммунистов). Так уж получилось, что именно в это время Алкснис активно осваивал интернет и ЖЖ (где он весьма неудачно начал с того, что обратился в прокуратуру с жалобой на известного блогера, который недостаточно почтительно о нем отозвался), и поэтому дальнейшее развитие ситуации можно было наблюдать, так сказать, в прямом эфире.

Виктор Алкснис, будучи убежденным патриотом и государственником, пишет программный пост, доступный и сейчас: http://v-alksnis2.livejournal.com/22850.html , где бросает клич: а давайте напишем нашу, русскую, операционную систему! Утрём нос Микрософту! Неужто наши программисты тупее ихних??? Русская операционная система – наш новый Сталинград! И Буран! Вперёд, друзья!

Идею трудно назвать вполне новой – разного рода фрики, идеалисты и мошенники носились с идеей «русской операционной системы» уже задолго до этого – но широкая и отчасти скандальная известность автора идеи выводит ее на качественно иной уровень общественного интереса. Вскоре вокруг автора скапливается довольно разношерстная тусовка (как в онлайне в его ЖЖ, так и в офлайне), и там закипают обычные в подобном случае споры: Зачем какая-то «русская операционная система», если есть Линукс? Линух – дерьмо, FreeBSD рулит! А вот еще есть ReactOS, ее делают наши люди, давайте им поможем! Давайте все вместе соберемся и сделаем наконец дружелюбный интерфейс для Линукса! Лучше Windows ничего быть не может, ваш Линукс сосёт, и вообще Линус его украл!

Небольшое отступление. Как мне кажется, тот пре-кризисный 2007 год, с ценами на нефть по $120, с растущим как на дрожжах Стабилизационным Фондом, с еще вполне актуальными у многих надеждами от новой тогда еще путинский эпохи, был таким несколько странным временем, когда внезапно какое-то количество россиян почувствовали себя богатыми; не обязательно лично богатыми, но как-бы причастными к богатству страны. Всего за 9 лет до этого, в 1998 году, кредит МВФ в 4 миллиарда долларов казался недостижимой мечтой; в 2007 году суммы в десятки миллиардов долларов начали казаться мелкой разменной монетой. Подобно человеку, который обычно обходил базар стороной, зная, что денег у него все равно нет; а внезапно разбогатев, приходит на тот же рынок с видом хозяина, деловито похлопывая по карману с тугим кошельком и рассуждая «а что бы нам такое прикупить?» Примерно так это звучало: «хороший программист стоит $100,000 в год. Тысяча программистов за 5 лет стоят $500 миллионов. Неужели тысяча лучших отечественных программистов не смогут за 5 лет создать достойную замену Windows? И неужели государству жалко каких-то 500 миллионов, чтобы создать Русский Микрософт?»

Как я уже сказал, ценность этой истории с «русской ОС» под руководство Алксниса в том, что каждый может и сегодня изучать ее развитие во времени по ЖЖ-дневнику главного героя. Не буду пытаться пересказать здесь, как именно это все развивалось и чем кончилось, это довольно предсказуемо и в сущности, наверное, не так уж и интересно.

Скажу о другом моменте, который мне кажется самым поразительным в этой истории, хотя он в сущности вполне банален. Как раз в разгар всех этих горячих обсуждений и споров Apple и позднее Гугл сделали ровно то, к чему стремились эти люди: фактически лишили Микрософт монополии на операционный системы. В 2007 году невозможно было поверить, что всего через 5-6 лет Линукс станет самой распространенной операционной системой в мире, оставив Windows далеко позади; между тем, именно это и произошло, и началась эта замечательная история именно в тот исторический день, 29 июня 2007 года. Это именно один из тех многих industry-changing аспектов, о которых писал Грубер, с цитаты из которого я начал эту заметку.

И знаете что? Никто из участников той тусовки даже этого не заметил. Годы спустя, они продолжали спорить о Windows и Линуксе. Посмотрите многочисленные обсуждения этой темы у Алксниса: вы найдете там от силы несколько эпизодический упоминаний айФона.

Мне кажется, это ярчайшая иллюстрация отличий государственного капитализма от свободного общества.

          Масштабная кибератака на 64 страны, больше всего пострадавших в Украине   

27 июня 2017 года началась крупномасштабное поражение компьютеров новой версией вируса-шифровальщика Petya.A. первые сообщения в каналах, посвященных кибербезопасности были о заблокированных рабочих станциях Роснефти и Башнефти, через час стали появляться сообщения о глобальном отключении компьютеров в банках, общественных организациях, торговых компаниях, государственных учреждениях Украины. Зараженный компьютер после перезагрузки показывал черный экран с требованиями выкупа в сумме $300 на биткоин-кошелек. Следом появились сообщения о заражении вымогателем компьютеров в Великобритании, Индии, Нидерландах, Испании, Италии и Дании. В очередной раз пострадали те, кто пользовался устаревшими версиями Windows, не обновлялись своевременно и не соблюдали давно известные правила информационной гигиены.

 

\"Вирус-вымогатель

 

Самое плохое в данном случае (кроме беспечности пользователей и сисадминов) то, что «шифрование» было в один конец, а требование выкупа лишь имитацией, пользователи теряли свои локальные данные навсегда. Некоторые пострадавшие выплатили $2900 но провайдер почты заблокировал ящик самих вымогателей, так что в любом случае получить код для расшифровки никто не сможет. Кроме этого, эксперты по безопасности (например, Лаборатория Касперского) подтвердили, что расшифровать файлы невозможно.

Атак происходила по нескольким направлениям. Рассылались фишинговые письма, имитирующие корпоративный стиль рассылок с вложениями файлами *.pdf и *.docx и эксплуатирующими уязвимость офисных пакетов. Был взломан сервер разработчика программы документооборота M.E.Doc (использовавших старые компоненты FreeBSD). И автоматическое обновление 27 июня принесло заражение на тысячи компьютеров, использовавших  M.E.Doc для делопроизводства. После поражения компьютеров, вирус начинал распространение по внутренней сети, используя уязвимости Eternalblue в протоколе SMB.

 

\"Страны

 

Так как первый этап состоял в шифрации загрузочного сектора, некоторым удалось спасти данные, сразу же выключив компьютер после странного сообщения. Но большинство наблюдали сообщение о, якобы, проверке диска, во время которого шифровались основные данные. Среди пострадавших компаний Maersk, Роснефть, Mondelez, DLA Piper, Башнефть, «Укрпочта», «Ощадбанк», «Нова пошта», телеканал «Интер», «Кредобанк», газета «Корреспондент», сеть магазинов «Эпицентр» и заправки «Кло». Под атакой были также сайты «Укртелекома», «Укрзализныци» и «Киевэнерго».

Следует отметить, что эта масштабная и многовекторная атака была тщательно спланирована и организована, реализована злоумышленниками высокой технической квалификации, но сопровождалась бездарной организацией получения выкупа, что намекает на то. Что основная цель была — просто нанести вред.


          AsiaBSDCon 2015   

AsiaBSDCon 2015 was held in Tokyo on 12-15 March. It was my first time attending, and with a big NetBSD community in Japan I was very interested to go. Links to most of the talks and slides mentioned below are on the main NetBSD presentations site.

On Friday we had both a closed NetBSD developer session in the morning and an open NetBSD birds of a feather session in the evening. We had developers from Europe, the US and Canada as well as Japan. The BoF session, with around 25 attendees, had a talk by Kazuya Goda, who is not yet a developer but will apply soon, on Development of vxlan(4) using rumpkernel. Vxlan tunnels ethernet frames over UDP and is often used in datacentre multi-tenant applications and for VPN applications. Using the rump kernel made porting from the FreeBSD code extremely easy, with the code being tested in userspace with a tunnel to a FreeBSD box to test interoperability and no changes needed to make it run in kernel.

Taylor Campbell (riastradh@) talked about the staus of DRM/KMS, the direct rendering framework for graphics that is in NetBSD current and will be in 7.0. He had fixed several bugs in the days before the talk, so now is a good time to try out the code on your hardware before 7.0 is out. Porting to non x86 platforms that have compatible cards (radeon) would also be useful at this point.

Makoto Fujiwara (mef@) and Ryo Onodera (ryoon@) talked about pkgsrc, including how to package up software in github, which is now really easy. With the closure of Google Code an whole lot more projects are moving to Github, so it is useful that packaging is so easy.

Jun Ebihara (jun@) gave an overview of the Japan NetBSD users group, which travels all around Japan to a large number of events with a large collection of mainly very small machines which run NetBSD current. These include new machines like the Raspberry Pi and Cubieboard as well as old favourites such as the Zaurus, Jornada and Dreamcast. These were also on display at the conference, and got rather more attention than the very noisy blade server running FreeBSD opposite.

The conference proper, on Friday and Saturday had many NetBSD related talks. A highlight was Dennis Ferguson's (dennis@) keynote on modernising the BSD network stack, based on his experience building commercial BSD based routers; he was a founding engineer at Juniper. We got some history, as well as some detailed recommendations about structuring the network stack structures to match modern protocol hierarchies.

Still on networking, Ryota Ozaki (ozaki@) talked about the work that IIJ, conference sponsors and home to many of the Japanese developers, were doing on supporting MSI interrupts and multi-queue devices, improving performance on multicore systems. Martin Husemann (martin@) talked about running big endian ARM on new hardware, a platform that is not used much and found some bugs.

On Sunday, Taylor talked about doing cross compilation in pkgsrc properly. FreeBSD has taken the aproach of using qemu userspace emulation, but there are problems with this that have to be fudged around, while almost everything can be cross compiled properly with dedication. Perl and Python are an issue, and need volunteers. I (justin@) gave a talk about the rump kernel, and how to make driver development and debugging easier.

There was also lots of excellent food, interesting talks about the rest of the BSD family, and a lot of conversations about many aspects of NetBSD. I highly recommend coming along next year. The call for papers will be earlier, so start planning now.

          NetBSD@FOSDEM 2011   
On the first weekend of february, FOSDEM, the biggest european open source developers gathering, was again held in Brussels, Belgium. With several thousand attendees from all over the world, though most from europe, FOSDEM is one of the highlights of the year.

NetBSD was very well represented with a booth, together with the FreeBSD folks, and a talk covering the recent addition of the Lua programming language to the base system.

Guillaume Lasmayous (gls@), Vera Hardmeier, and myself were almost constantly at the booth selling T-Shirts, CD-ROMs, and other merchandise and using the occasion for marketing NetBSD a bit and having technical discussions with NetBSD users (and prospective users, I hope).

During the BSD devroom I gave a talk "Lua in NetBSD", outlining language details, techniques to incorporate Lua into existing software, and also why Lua in NetBSD makes a lot of sense for certain applications. That talk was very well received and attracted a lot of people.

FOSDEM 2011 was a big success, again!


          NetBSD developer summit in Cambridge/UK   

On Friday, the 18th of September, a group of NetBSD developers from all over the world met during a developer summit at the Fitzwilliam College in Cambridge/UK. It provided a great opportunity for developers to meet each other in person, to share ideas and to talk about ongoing and future projects.
The summit was organised by Stephen Borrill and sponsored by Precedence Technologies, a Cambridge based company selling NetBSD based products.

Based on a presentation by Alistair Crooks the roadmap for NetBSD 6.0 was discussed. Here are some of the highlights that are planned for NetBSD 6.0:

  • System:
    • kernel modules
    • POSIX shared memory
    • processor & cache aware scheduler
  • Networking:
    • Mobile IPv6
    • SCTP
    • netboot from HTTP
  • Storage:
    • LVM
    • ZFS
    • iSCSI initiator
    • devfs
  • Virtualisation:
    • Xen domU migration, suspend & resume
    • Xen ballon driver
    • Gaols via kauth (similar to FreeBSD jails)
    • iSCSI booting
  • Security:
    • RBAC kernel
    • netpgp
    The current plan is to branch NetBSD 6.0 in March 2010 and release it in summer 2010.


          Announcing EuroBSDcon 2009   

EuroBSDcon 2009
Friday 18th - Sunday 20th September,
University of Cambridge, UK

A day of tutorials followed by 2 days of conference talks covering a wide variety of BSD related topics. This is the European BSD Community's annual event to meet, share and interact across the projects and between friends.

This year's line up features...

  • ISC and *BSD
  • OpenBSD malloc
  • How FreeBSD finds oil
  • NetBSD's LVM
  • faster packets in OpenBSD
  • Wireless Mesh networks
  • Kirk McKusick's FreeBSD Guide
... and more. The full talk list and schedule: http://2009.euroBSDcon.org

Discounted Early Bird registration runs until 2nd September. Book your place now at http://2009.euroBSDcon.org

Final programme may be subject to alteration. EuroBSDcon is a not for profit event open to everyone so please help spread the word online and offline.

If you're interested to read this far, you can sign up for future announcements about EuroBSDcons by sending an email to eurobsdcon-announce-subscribe@lists.ukuug.org . Your address will only be used to contact you about European BSD events.

EuroBSDcon 2009 : September 18-20th, Cambridge, England.
http://www.ukuug.org/events/eurobsdcon2009/


             
Automatically download VMware images:  Thoughtpolice.co.uk offers VMware images ready-to-use for Fedora, Ubuntu, and FreeBSD.  When they issue a new one, they place a torrent link in a file you can download via rsync to torrent the image, all automatically.  Subscribing to virtual appliances is an idea that's been much talked about, and there may finally be a sufficient audience for it.

          LINUX, BSD SYSTEMS FACE STACK CLASH VULNERABILITY; ROOT ENABLED   
(pc-Google Images)
Linux, BSD, Solaris and other open source frameworks are defenceless against a nearby benefit acceleration vulnerability known as Stack Clash that enables an attacker to execute code at the root. Significant Linux and open source merchants have made patches accessible today, and frameworks running Linux, OpenBSD, NetBSD, FreeBSD or Solaris on i386 or amd64 equipment ought to be refreshed soon.

The hazard introduced by this defect, CVE-2017-1000364, winds up noticeably particularly if attackers are as of now show on a powerless framework. They would now have the capacity to chain this weakness with other basic issues, including the as of late tended to Sudo vulnerability, and afterwards run subjective code with the most noteworthy benefits, said specialists at Qualys who found the vulnerability. The vulnerability was found in the stack, a memory administration locale on these frameworks. The attack sidesteps the stack protect page moderation presented in Linux in 2010 after attacks in 2005 and 2010 focused on the stack.

Qualys prescribes in its consultative expanding the span of the stack monitor page to 1MB at the very least as a transient arrangement until the point when an update can be linked. It additionally prescribes recompiling all userland code with the –fstack-check choice which would keep the stack pointer from moving into other memory locales. Qualys surrenders, notwithstanding, this is a costly arrangement, however one that can't be crushed unless there is an obscure vulnerability in the –fstack-check alternative.

          FreeBSD 'FGPU' Stack Clash Proof of Concept   
Topic: FreeBSD 'FGPU' Stack Clash Proof of Concept Risk: Medium Text:/* * FreeBSD_CVE-2017-FGPU.c for CVE-2017-1084 (please compile with -O0) * Copyright (C) 2017 Qualys, Inc. * * This pro... - Source: cxsecurity.com
          FreeBSD 'setrlimit' Stack Clash Proof of Concept   
Topic: FreeBSD 'setrlimit' Stack Clash Proof of Concept Risk: Medium Text:/* * FreeBSD_CVE-2017-1085.c * Copyright (C) 2017 Qualys, Inc. * * This program is free software: you can redistribute ... - Source: cxsecurity.com
          FreeBSD 'FGPE' Stack Clash Proof of Concept   
Topic: FreeBSD 'FGPE' Stack Clash Proof of Concept Risk: Medium Text:/* * FreeBSD_CVE-2017-FGPE.c for CVE-2017-1084 (please compile with -O0) * Copyright (C) 2017 Qualys, Inc. * * This pro... - Source: cxsecurity.com
          First reproducible builds conference in Athens   
Last week I met with about 40 other developers from various projects (mostly Debian, but also Arch Linux, FreeBSD, Guix, Homebrew, MacPorts, Tor and some others) in Athens for a three day conference about reproducible builds, i.e. the task of getting the same binaries from the same source on a particular platform.

The advantages are better verifyability that the source code matches the binaries, thus addressing one of the many steps one has to check before trusting the software one runs.

We discussed various topics during the conference in small groups:

  • technical aspects (how to achieve this, how to cooperate over distributions, ...)
  • social aspects (how to argue for it with programmers, managers, lay people) financial aspects (how to get funding for such work)
  • lots of other stuff :)
For NetBSD, there are two parts:

Making the base system reproducible: a big part of the work for this has already been done, but there a number of open issues, visible e.g. in Debian's regularly scheduled test builds, up to the fact that this is not the default yet.

Making pkgsrc reproducible: This will be a huge task, since pkgsrc targets so many and diverse platforms. On the other hand, we have a very good framework below that that should help.

For giggles, I've compared the binary packages for png built on 7.99.22 and 7.99.23 (in my chrooted pbulk only though) and found that most differences were indeed only timestamps. So there's probably a lot of low-hanging fruit in this area as well.

If you want to help, here are some ideas:

  • fix the MKREPRO bugs (like PRs 48355, 48637, 48638, 50119, 50120, 50122)
  • check https://reproducible.debian.net/netbsd/netbsd.html for more issues, or do your own tests
  • discuss turning on MKREPRO by default
  • starting working on reproducibility in pkgsrc:
    • remove gzip time stamps from binary packages
    • use a fixed time stamp for files inside binary packages (perhaps depending on newest file in sources, or latest change in pkgsrc files for the pkg)
    • identify more of the issues, like how to get symbols ordered reproducible in binaries (look at shells/bash)
Thanks to the NetBSD developers who already worked on this before, and to TNF for funding the travel and the Linux Foundation for funding the accomodation for my participation in the conference, and Holger Levsen for inviting me.
          posix_spawn syscall added   

Charles Zhang implemented the posix_spawn syscall during Google Summer of Code 2011. After a lot of polishing and rework based on feedback during public discussion of the code, this has now been committed to NetBSD-current.

This caused some fallout and ended in a tight race with the imminent branch date for NetBSD 6. Now that the dust has settled, it is time for a look back at the mistakes made and lessons learned.

What is posix_spawn?

Traditionally BSD systems used the vfork(2) hack to improve speed of process creation. However, this does (in general) not play well with multi-threaded applications. The posix_spawn call is a thread-safe way to create new processes and manipulate a tiny bit of state (like dup/close/open file descriptors) upfront.

Work continued after GSoC

The results Charles had at the end of his GSoC term were a working in-kernel implementation of posix_spawn and a few free-form test cases, one of which failed. The kernel code duplicated a lot of other code, which clearly was not acceptable for commit to the NetBSD source tree. The reason Charles solved it this way was the short time frame available - and that the best solution we could think of during the summer was very intrusive.

In preparation for a potential merge into the NetBSD code base, I reworked the code to avoid copying helper functions (like file descriptor manipulations for other processes), cleaned up and debugged a bit using a LOCKDEBUG kernel, which pointed out a few more issues. After solving those as well as intensively testing all error paths, I posted a patch for review.

At this point the integration was already prepared completely - a new syscall, new libc functions, new manual pages need a lot of set lists updates and test building a "release" at least once (preferably on an architecture providing 32bit compat libraries), furthermore the posix_spawn code needed (simple) machine-dependent code to be added to all architectures, which at least requires test-building a representative set of kernels.

Another complete rework

In response to the posted, very intrusive, patch, YAMAMOTO Takashi suggested a pretty elegant way to solve the problem without a lot of the intrusive changes. The idea was simple, and it actually worked after a few adjustments. This led to another public patch for review.

This version already included an atf version of the test programs, which all passed (both on amd64 and sparc64). I felt pretty confident with this state and expected a smooth integration.

Unexpected fallout

More for completeness I did a full test run (not only the posix_spawn related tests) - and found some unexpected test failures, all in rump based tests. I retried and got different failures. Suspicious - I did not touch rump, besides regenerating the syscall definitions. I rebooted a standard kernel (without posix_spawn), did a full test run and only got failures in the posix_spawn tests (of course). So something in the change must have broken something else.

Analysis was a painful process, so only a short summary of the results: the modified kernel exec path used a pointer to a kernel stack variable, which was later copied to a saved data structure - but the pointer was not adjusted accordingly. Later the pointer was referenced, and only a single bit checked. Depending on what was in memory at the stale old stack location at that time, a branch was taken or not. This caused the ELF auxiliary data vector to sometimes contain a different effective UID, and ld.elf_so switching into secure mode - in which case it ignores environment variables like LD_PRELOAD. This causes big failure in many test programs using rump (at least).

While I was debugging this, discussions continued. We were not sure if we should add complex code like this to the kernel, where a pure userland implementation clearly is possible (FreeBSD uses this, for example). I did a few benchmark runs, but was unable to show any clear performance benefit for either implementation - the differences were in the sub-promille ranges, with noise in the 2-3 percent range, clearly no usable result from a statistical point of view. Another topic under discussion was the near planned branch for NetBSD 6. According to our rules, we do not want to add a syscall post-branch to a release branch.

Go ahead, finally!

The discussions ended with the core team voting for a kernel version, and the release engineering team voting for a pre-netbsd-6-branch integration. So I updated my posix_spawn source tree, did another test build, ran tests (again on amd64 and sparc64), updated again - and committed in a few steps.

Big fallout

Checking mails early next morning (a Sunday, before walking the dog) I found a PR already: running the m4 configure script crashed i386 and amd64 kernels. Tsutsui kindly had provided a backtrace in the report, and it looked suspiciously familiar to me. While walking the dog I thought about it and when I got home I checked: indeed I had seen and fixed this before, when testing error paths in the first instance of the change. However, when dropping all the intrusive modifications I had in my tree and redoing the version without them, I must have accidentally dropped the fix for this (it was in sys/uvm instead of sys/kern). No big deal, I had fixed it once already, so I could fix it again. Committed, asked for verification - and did get a NAK. However, with a different back trace this time. Tried on my amd64 notebook - worked for me. Duh?

Looking at the code and fixing the second fallout now was straight forward, and also provided the hint why I did not see it before: I was not running a GENERIC kernel on my notebook, and had (some time way back in the past) removed options DIAGNOSTIC from this configuration. Stupid me!

I received more feedback (YAMAMOTO-san pointed out some race conditions) and had a discussion about the place where the test programs should live in the source. To not risk delaying the netbsd-6 branch, I applied a minimal fix for the races, moved the test programs - and added a few more test cases covering the initial m4 configure problems (the rework earlier had made it pretty simple now to test all error paths from atf test cases).

This caused the automatic test setup to crash on every run ("Tests did not complete"). At this point I am still not sure why I did not catch this before commit - but there is no point in arguing, human failure - my fault (most likely explanation: after the last changes to the test cases, I did not test again on amd64 but only sparc64 - the test cases triggered a KASSERT in the x86 pmap, but not in the sparc64 one).

I fixed this, and also another PR, interestingly about m4 configure again. Simple argument validation bug, not covered by the test cases yet - so I added another test.

Are we there yet?

Luckily fallout seems to have stopped now, but we are not completely there yet. The new process created by posix_spawn keeps the parent lwp blocked until it is done with all file descriptor modifications and setup, and the new process is ready to go to userland first time. This provides a proper error return value from the parent (the posix_spawn syscall itself), but it stops the new child from (for example) already running on another CPU early. This will be simple to change, but after all the fallout we have seen, I will only touch it after very extensive testing again.

Lessons learned

When bringing in a new syscall with several supporting libc functions, fallout is always to be expected. It can be minimized by including test programs early - but in the end, real life will teach you what tests you have missed when writing the test programs. It is also important do full test suite runs early, and test on different architectures. Even better if you test on kernels with (at least) DIAGNOSTIC enabled. But in the end, mistakes will happen nevertheless.


          Comentario en FreeBSD 10.1: Qué hacer después de instalar!!! por petercheco   
Muy interesante. La pregunta es... ¿Te puedes fiar de un script?
          Comentario en FreeBSD 10.1: Qué hacer después de instalar!!! por petercheco   
Pues sí, los servidores los tengo con FreeBSD y en mi desktop y portátil anda RHEL 7. Resultado: Estoy muy satisfecho :).
          Comentario en FreeBSD 10.1: Qué hacer después de instalar!!! por petercheco   
Hola Matias, BSD funciona bien en todo lo que preguntas menos el apartado de bluetooth y WIFI. En este aspecto se nota que ha sido diseñado para servidores, por lo cual te recomiendo usar Linux. Saludos Petercheco
          Comentario en FreeBSD 10.1: Qué hacer después de instalar!!! por manuelne   
pkg install desktop-installer. Y lo ejecutas, instalando el entorno que mas te guste.
          恢复软件导购:R-Studio   
R-Studio虽非一款专一的数据恢复软件,但它在数据恢复方面确有其独到之处。该程序除了支持常见的FAT12/16/32、NTFS、NTFS5文件 系统 之外,还支持Ext2FS(Linux或其它 系统 )文件 系统 及UFS1和UFS2 (FreeBSD、OpenBSD、NetBSD等 系统 ),其跨平台恢复能力很强。而且
          20.02.2014 13:48:54 kingpin   
Вот, реализовано на одном из моих любимых языков, да ещё и на любимой ОС крутится. К слову, они деньги в фонд FreeBSD жертвовали в 2013 году.
          Gli script periodici di OS X   
Gli script periodici di OS X
Essendo Mac OS X basato su Unix e, specificatamente, su FreeBSD, come tutti i sistemi Unix è programmato per eseguire degli script di manutenzione giornalieri, settimanali e mensili tra le 03:15 e le 05:30 di ogni notte. Se però il Mac è spento oppure in sleep, questi script non vengono eseguiti. La soluzione è quella […]
          Comentario en 10 sistemas operativos libres que quizá no conozcas por pillabichos   
Los 4 primeros los he usado o sus antecesores, muy curiosos y algunos alucinantes como Haiku/BeOS o AtheOS, o incluso el mismo FreeDOS, que más que un clon es la evolución que hubiera tenido MS-DOS de haberse seguido desarrollando. FreeBSD me pareció muy enrevesado para al fin y al cabo, obtener lo mismo que tengo con mis GNU/Linux. ReactOS se me cuelga siempre a los 5 minutos de arrancarlo y nunca conseguí instalarle nada, y ya lleva mucho tiempo para tener algo usable. También he probado alguna vez esos sistemas basados en código máquina, pero son una curiosidad y poco más.
          = SysAdmin - Linux / FreeBSD =   
Buenos Aires - En Netlabs buscamos jovenes que gusten de aprender todos los días y trabajar en equipo, con ganas de crecer profesional e intelectualmente. Buscamos incorporar personal para el área de soporte nivel 2 y 3 para un NOC que monitorea y gestiona más de 500 servidores. Es necesari...
          FreeBSD 11.1 RC1 / 11.0 Stable   
FreeBSD е свободна компютърна операционна система с отворен код, базирана на AT&T версията на UNIX, BSD (Berkeley Software Distribution), 386BSD и 4.4BSD. Произлиза от BSD UNIX разработен в Университета на Калифорния, Бъркли.

FreeBSD се разработва като цялостна операционна система. Това означава, че ядрото и базовите потребителски инструменти се разработват от една общност. Това е една от основните разлики с GNU/Linux системите, където ядрото и всеки един инструмент се разработват отделно и накрая се пакетират заедно, а крайният продукт се нарича дистрибуция.


          第105回 FreeBSD 12で登場が予定される新機能は? ── BSD界隈四方山話   
まだリリーススケジュールは発表されていませんが,FreeBSD 12は来年の6月か7月あたりが見込まれています。今回は12の新機能を予想してみます。
          In Other BSDs for 2017/07/01   
I am entertained by how Github seems to randomly burp up historical software artifacts on a semi-regular basis.  (see link below) Historical: My first OpenBSD Hackathon.  (via) Using Let’s Encrypt within FreeBSD.org – lessons learned and advice.  (via) Which is the most laptop friendly BSD to learn with? Nextcloud via httpd on OpenBSD.  (via) Isotop …
          In Other BSDs for 2017/07/01   
I am entertained by how Github seems to randomly burp up historical software artifacts on a semi-regular basis.  (see link below) Historical: My first OpenBSD Hackathon.  (via) Using Let’s Encrypt within FreeBSD.org – lessons learned and advice.  (via) Which is the most laptop friendly BSD to learn with? Nextcloud via httpd on OpenBSD.  (via) Isotop …
          misc/freebsd-release-manifests - 20170701   
Add 11.1-RC1 checksums. Prune 11.1-BETA1 checksums. Approved by: bdrewery (maintainer, implicit, re@ blanket) Sponsored by: The FreeBSD Foundation
          textproc/py-texttable - 0.9.1   
textproc/py-texttable: Update to 0.9.1 - Add support for combining characters (#19) Approved by: garga (mentor) Differential Revision: https://reviews.freebsd.org/D11418
          net/bsdrcmds - 20170627   
Add net/bsdrcmds. This ports contains FreeBSD's "rmds" which were originally part of the base system. Reviewed by: jbeich@, matthew@ Approved by: jbeich@, matthew@ Differential Revision: https://reviews.freebsd.org/D11345
          Хранение сессий PHP в memcached   
memcached-logo

Memcache является универсальной системой распределения кэшированных элементов. Если в кэше ничего нет, то делается запрос к базе и результаты записываются в Memcache # cd /usr/ports/databases/memcached # make install clean # ee /etc/rc.conf Добавляем строку в /etc/rc.conf: memcached_enable="YES" memcached_flags="-l 127.0.0.1 -m 64" /usr/local/etc/rc.d/memcached start Ставим расширение для php: # cd /usr/ports/databases/pecl-memcache # make install clean По […]

Запись Хранение сессий PHP в memcached впервые появилась Alex Blog!.