• SoC: List of accepted projects

    After some days of delay, Google has published the final list of chosen projects for this year's Summer of Code; it consists of 630 funded projects. If you browse through them, you will find lots of interesting things. The good thing is that most of them will be worked on seriously, so there will be great contributions by the end of the summer :-)As I told you, my project is listed under the Boost page alongside other interesting projects. It looks like Boost will get a lot of new work — and contributors — this summer. At least, this is the case for me: I am not very involved with Boost development yet.Also take a look at the NetBSD-SoC page, which lists all projects chosen by NetBSD. At first I was sorry to abandon my slot in favour of the Boost one. But now that I have seen the project that took it, I am happy; it is something really needed. I won't tell you which it is because all of them are equally interesting! ;-) [Continue reading]

  • SoC: Accepted, again!

    I am very proud to annouce that I have been accepted into Google's Summer of Code program — again! During Summer 2005 I developed an efficient, memory-based file system for the NetBSD operating system, baptized tmpfs. I must confess that I enjoyed very much hacking the NetBSD kernel and also learned a lot about file systems.So this year I was eager to repeat the experience by taking part in SoC again. In order to ensure my participation, I thoroughly prepared three applications for three different projects. I had a hard time making the choices because there were tons of interesting projects (which could have taught me very different skills), but at last decided for the following:Application 1: Add complete NetBSD support to GRUB 2. I chose this project because I knew I could do it, but mostly because I wanted to ensure that GRUB 2 had first-class support for BSD operating systems. GRUB currently lacks features to correctly boot these, which is a nuisance. After sending the application, I was quickly contacted by a GRUB developer telling me that there was another student willing to work on this project, and that he did not knew what to do. I offered to leave my spot to the other developer, hoping to capture another potential NetBSD hacker.Application 2: Develop a process management library for Boost. This is something I have had in mind since February 2005, when I first discovered Boost. I was planning to do this as my final computer science degree next Spring, but applied for it now so that I could free myself from this idea. (I have other projects in mind that are currently blocked by the lack of Boost.Process.)Application 3: Improve NetBSD's regression testing framework. After looking at the list of suggested projects for NetBSD and evaluating them, I felt that working on this area could have been very useful for the project, improving its overall quality; I like and enjoy writing software that is able to test itself as much as possible.The decision between the Boost and NetBSD projects was quite hard to make, so I opted to send both in and let luck decide. Strictly speaking, I stated in my applications that I preferred to do the Boost project for several reasons and I guess Google made their choice based on that. But do not get me wrong: I enjoyed very much the time I spent hacking NetBSD, and I hope to continue doing so in the near future.Summarizing: I will be developing the Boost.Process library this summer! See the links above for more some information: the wiki page holds some ideas about its design and the application lists my reasons to want to work on this.I now feel sorry for not "being able" to work on NetBSD's regression testing framework. I do not know if anybody else has been picked to work on it, but if not, this project seems doomed... It was choosen past year but the student abandoned it half-way. This year it was also choosen by NetBSD but Google preferred me to work on Boost. However... while writing the application, my interest in this project raised, which means that I may retake it in the future if nobody else does; maybe as my CS final degree project? :-)Now... stay tuned for further news on Boost.Process! [Continue reading]

  • Analyzing security with Nessus

    A bit more than a week ago we had to experiment with Nessus as part of a class assignment. Nessus is a very complete vulnerability scanner that runs on top of Unix-based operating systems. In order to not get obsolete too quickly, the set of checks it runs can be updated based on a database maintained by the product's company, Tenable (much like what happens with an antivirus utility). It is important to note that this list is always seven days behind the up-to-date list unless you are a paid subscriber, which is very reasonable.I liked how it worked and decided to try it at home to analyze my machines, so I went and downloaded the beta version for Mac OS X (I didn't want to fiddle with manual setup in other OSes...). After installation, it asked me for my activation code (sent by mail) and proceeded to download the most up-to-date vulnerability list (free version). At that point, it was possible to start the server part.When launching the client I was presented with a neat, native Mac OS X interface. Analyzing the whole home network was trivial and the results were impressive. Despite that it raised some false positives (depending on the configured paranoia level), it told me several things that were sensible and listed pointers to external information (CVE entries, knowledge base articles, etc.) that was helpful to solve them.If you are a network administrator, I bet this utility was already known to you but it came as new to me very recently and liked it. [Continue reading]

  • Parallelizing command execution with vxargs

    If you need to maintain multiple hosts, you know how boring it is to repeat the exact same task on all of them. I'm currently using PlanetLab as part of a class assignment and I'm facing this problem because I need to set up around 10 machines and execute the same commands on all of them.vxargs is a nice Python script that eases this task. It lets you run a command parametrizing it with a given set of strings (e.g. host names), similar to what find's -exec flag does. First of all, you construct a file with the list of host names you need to control and then feed it to the script alongside the command you need to execute. For example, to upload a dist.tgz file to all the servers:vxargs -a hosts.list -o /tmp/result scp dist.tgz {}:The utility will replace the {} substring with each line in hosts.list and will execute the command. The nice thing is that vxargs runs all tasks in parallel, maximizing efficience. During execution, its cursed-based interface shows the progress of each command. And when all jobs are over, you will find their output (stdout and stderr) as well as their exit code in the /tmp/result directory. Fairly useful.Despite that manually installing vxargs is easy, there is now a vxargs package in pkgsrc. [Continue reading]

  • What is keeping me busy

    I am sorry for the small amount of posts lately but I think this is the busiest semester I have ever had since I started my undergraduate degree four years ago. Here is what I have to do, sorted from more to less interesting:VIG (in pairs): Develop an application with Qt and OpenGL that shows a scenario and a set of cars moving around it. The interface has to allow the user to inspect the view, manage the cars (amount, position, etc.), configure the drivers (little models on top of the cars), set up the lighting and some other things.SODX (in pairs): Prepare a presentation of multicast in P2P networks (SplitStream, Overcast...) after studying these systems and experimenting with them. Also write reports for 6 assignments we have had during the course (three remaining).LP (in pairs): Write an abstract data type in Haskell that represents a network of processes (similar to the data flow programming paradigm) and add the ability to automatically convert this representation to Miranda executable code.PESBD (in groups of 5): Analyze and design a computer-based system to aid auction companies. This has to be done following the (Rational) Unified Process, going through the Inception and part of the Elaboration phases.SSI (in groups of 4): Analyze about the risks and attacks that a given company can suffer (focusing on computer-based attacks, but not exclusively) and write a report exposing possible ways to mitigate the problems.The worst thing is that all these tasks are due by the beginning of June and all of them are still half done. Add to these the need to assist to lectures, to keep up with emails and other daily stuff and you can imagine how the next three weeks will be.Now I'm looking forward the 23rd quite impatiently because it is when Google will publish the projects chosen for this year's Summer of Code. I will tell you more when the results are public. [Continue reading]

  • Article: Smart Pointers in C++

    A bit more than a year ago I discovered what smart pointers are, thanks to the Boost Smart Pointers library. Since then I can no longer think of a C++ program that handles dynamic memory without them, because it is highly subject to programming mistakes and is hard to write. (Of course, there are exceptions.)This is why I decided to write the Smart Pointers in C++ article which just got published in ONLamp.com. It contains an introduction to the idea behind smart pointers and describes those included in the C++ standard library and Boost. Hope you find it interesting! [Continue reading]