FreeBSD Update updatesIn the recent FreeBSD 6.2 release announcement, the FreeBSD release engineering team was kind enough to link to my earlier post about using FreeBSD Update to upgrade between FreeBSD releases. At last count based on my server logs, about 350 systems have been upgraded using FreeBSD Update over the course of five days, compared to about 500 upgrades using my earlier FreeBSD 6.0 to FreeBSD 6.1 upgrade script (over about seven months).
The increased testing has uncovered a few points which should be noted:
- While my earlier blog post concerned upgrading to FreeBSD 6.2-RC1, the same sequence of commands can be used to upgrade to FreeBSD 6.2-RELEASE providing that you replace "6.2-RC1" with "6.2-RELEASE". If you simply replace it with "6.2", the script will error out after complaining that it cannot fetch files -- as far as FreeBSD Update is concerned, "FreeBSD 6.2-RELEASE" exists but "FreeBSD 6.2" does not.
- FreeBSD Update never installs anything until after it has finished downloading everything (this applies to fetching security updates as well as the new release upgrading mode). If the fetching fails for some reason, don't worry; just run it again.
- FreeBSD Update normally stores its working files (e.g., downloaded updates/upgrades) in the /var/db/freebsd-update directory; but since this directory does not exist prior to FreeBSD 6.2, in my "walkthrough" of upgrading a system I told FreeBSD Update to put its working files into /usr/upgrade/ (this is controlled by the -d option to FreeBSD Update). Whatever directory you use, make sure you don't create any files or directories in it manually -- you're likely to confuse FreeBSD Update if you do.
Finally, some news from a week ago which I forgot to post: Thanks to a new buildbox, FreeBSD Update is now supported on the AMD64 architecture, at least for systems running the FreeBSD Update client in the FreeBSD 6.2 base system. Considering the statistics on FreeBSD architecture usage from the bittorrent tracker -- of the FreeBSD 6.2 ISOs downloaded, 83% were i386, 13% were amd64, and the other platforms (alpha, ia64, pc98, and sparc64) totalled 4% of the downloads -- I doubt that the Security Team will be building updates for other architectures any time soon; but if there is enough demand and hardware can be found, it's certainly possible.
18th generation taggingApparently I've been blog tagged by FreeBSDGirl, who was tagged by Dru Lavigne, who was tagged by Richard Bejtlich, who was tagged by Martin McKeay, who was tagged by Michael Farnum, who was tagged by Ian Lamont, who was tagged by Richi Jennings, who was tagged by Ann Elisabeth Nordbø, who was tagged by "G-man", who was tagged by "DazzlinDonna", who was tagged by Kim Krause Berg, who was tagged by Lisa Barone, who was tagged by "Greywolf" (whose site looks like it has been defaced recently by a XSS exploit), who was tagged by "Digital Ghost", who was tagged by Scott Boyd, who was tagged by Aaron Shear, who was tagged by Avinash Kaushik, who was tagged by Dave Gale, who doesn't seem to have been tagged by anyone, but says that he got the idea from Jeff Pulver. After Richard Bejtlich, I have no idea who those people are.
This means that I'm supposed to share five things about myself that relatively few people know:
- I did my first serious work in the field of algorithms at age 15, when I found an improved algorithm for computing the Greatest Common Divisors of polynomials over algebraic number fields; I understand that this algorithm is now being used in the Maple computer algebra system. Unfortunately, while my algorithm is (as far as I know) still unsurpassed when handling algebraic number fields formed by multiple low degree extensions, it operates very slowly over algebraic number fields involving a single high degree extension. I decided not to publish this work after proving that any generalization of my algorithm to handling high degree algebraic extensions would provide a polynomial time integer factorization algorithm.
- I discovered a novel subexponential integer factorization algorithm a few years ago; but since its running time was cubic in the cost of GNFS, I decided that it wasn't worth publishing.
- When I was 13, I sang soprano in the Rutter Requiem at a music camp. I have no plans to ever sing again, but I enjoy playing in choral and opera orchestras.
- In the 2001 British Columbia general election, I voted for the Marijuana Party, in protest over the plans of the BC Liberal Party (which, as expected, swept to power with 77 out of 79 seats) to provide targetted funding to double the number of university degrees granted in computer science and computer/electrical engineering. Given that no institution in British Columbia has ever come close to recruiting enough students to meet their "DTO" targets, I think the past five years have proved my opposition to be quite correct.
- I've spent a lot of time recently thinking about becoming a cyborg, but I can't really justify the cost. Maybe someday I'll have enough money that I don't need justification for spending $8k.
And having done that, I'm now supposed to tag five more people:
More about Box BackupIn a pair of earlier posts here, I described my ideal backup system (which does not yet exist) an some of the problems I see with existing systems. Ben Summers, the author of Box Backup contacted me recently to ask that I clarify my earlier comments about Box Backup.
In particular, I wrote that "the 0wner of the system on which the backups are being stored [can] identify ... which files have been modified". As a FreeBSDer, I meant "file" to mean "stream of bytes associated with an inode on disk" -- not the directory entry which points at it. To repeat: Box Backup does not directly allow someone with access to the storage device to directly obtain the names of files.
Nevertheless, my point concerning my personal paranoia remains: If an intelligent attacker sees a file which is 996688 bytes inside a directory containing 26 other files and one subdirectory, he'll be able to guess that he's looking at /lib/libcrypto.so.4.