Friday, January 29, 2010

New Deadwood snapshot

I posted a new Deadwood snapshot last night where I have begun work on the bailiwick checks. My plan for the bailiwick check, which I will do next week, is as follows:
  • Look at what the NS record points at and the query sent by the client.
  • If they are the same, go to the next part of the bailiwick check.
  • Remove one label from our query (make or make simply .com, or make .com the name of the root server)
  • See if they are the same; if they are we pass this part; if not, keep lopping off labels until we match or the query is less than zero-length (fail, exit routine)
Part two:
  • Let’s get the Bailiwick for this query (if this NS record was told by us upstream that these are records for .org; the bailiwick is .org; if this is a root server, tha bailiwick is any querty; if this NS record was told by us upstream this is for, the bailiwick is, and so on)
  • Let’s remove one label from the NS record given to us
  • Let’s compare the NS record with the bailiwick this NS record has
  • If they are the same, we’re gold and have passed the bailiwick check
  • Otherwise, remove labels from the NS record and compare with the bailiwick until we either get a match or the truncated NS record is shorter than our bailiwick. If we get a match, it’s gold, otherwise it’s out-of-bailiwick

Thursday, January 28, 2010

Why I don’t buy stuff from Apple

As someone who has been involved in the computer industry for 15 years, I will let you guys in on a little secret: I have never bought hardware from Apple. Seriously.

The thing is this: I don’t like how Steve Jobs tightly controls the hardware. For example, with an iPhone...what if I want to install an application that isn’t part of Steve Jobs’ walled garden (The iPhone application store?). Well, I can’t unless I break in to (“jailbreak”) my own iPhone.

I’m sorry, but I shouldn’t have to do something that voids the warranty of my product and risks bricking it just to download and run an application on it.

My Nokia 5310 has one thing going for it: I can download and put any J2ME (Java for mobiles) game or application on it and it runs like a charm. I have a nice Spanish-English dictionary, for example, and didn’t have to pay a dime for it. Ditto with the open-source games I have on my phone.

As for the iPad, my question is this: What does an iPad have that a netbook doesn’t have? Like a netbook, the iPad doesn’t fit in my pocket. Unlike a netbook, the iPad doesn’t have a real keyboard and costs twice as much. With a standard under-$300 Dell Mini 10, unlike an iPad, I can run all of the applications I run on Windows, including a full C and *NIX-like development environment. If I don’t like Windows, I can run Linux. Or even MacOS X...wait, take that back, Apple made a change to the latest Snow Leopard kernel so it won’t boot on an Atom processor.

Who besides Apple would be able to get away with deliberately disabling their software on hardware customers want to run it on?

Wednesday, January 27, 2010

New Deadwood snapshot: NS records now linked to glue AR records

In today's Deadwood snapshot, NS records are now linked to glue AR records.

Next: Bailiwick security testing.

Tuesday, January 26, 2010

New Deadwood snapshot: dwx_check_answer_section

I have created a second Deadwood snapshot today; as I get going working on recursion, I will at times make multiple Deadwood snapshots in a single day.

In this snapshot, I have added a function called dwx_check_answer_section, which goes through the answer section of a remote DNS reply and marks answers which are not either a direct answer to our question or part of a CNAME chain leading up to an answer to our question as RRX_IGNORE. In other words, it tells Deadwood to ignore answers which don't answer our question.

Next: Revise dwx_check_answer_section to not allow CNAME chains after a direct answer to our question is found or an answer at the end of a CNAME chain is found. Then: Add code which links up NS replies in the NS section with A and AAAA glue replies in the AR section.

New Deadwood snapshot: More work on recursion

I spent over an hour this morning slowly but surely giving Deadwood recursive support. There’s a lot of infrastructure I’m slowly putting in place.

Another MaraDNS wish list item

OK, I just got another MaraDNS wish list item:
  • DNS that changes one's answer based on one's location (Geo DNS)
The answer is the same as for other MaraDNS wishlist items: No, unless you pay me to implement it.

The only things I plan on implementing for MaraDNS are full IPv6 support, full thread-free recursive DNS, full Windows service support for MaraDNS 2.0's recursive resolver (Deadwood), and good BIND zone file support (via a Python script which is mostly done). After all of this is done, I have no plans to implement new features for MaraDNS unless someone steps up to the plate and compensates me for my time.

Sorry, guys, I'm getting married in under three weeks and the married lifestyle is not compatible with the lifestyle of someone writing open source software "for fun and for free".

Monday, January 25, 2010

New Deadwood snapshot: On to recursion

I am finally starting the work to give Deadwood full recursion. I have added a hook in the function cache_dns_reply() to call something called dwx_cache_reply() in DwRecurse.c, which gives me enough scaffolding to start building up the infastructure to look at a DNS packet received from a remote DNS server and, based on the reply, determine how to continue processing the DNS request.

In addition, I have removed all Deadwood snapshots older that Deadwood 2.5.01.

Friday, January 22, 2010

Deadwood 2.5.01 released

I have just released Deadwood 2.5.01. This is a testing release; while bugs will be fixed, the emphasis is more on adding features.

This release adds the filter_rfc1918 parameter, which is enabled by default. This filters out all DNS replies with IP addresses that are non-global (RFC1918) addresses; in other words, 10.x.x.x, 192.168.x.x, and 172.{16-31}.x.x addresses. This is done for security purposes.

In addition, this release can be compiled with the tiny TCC compiler, and there is a Windows .7z file which includes the Deadwood source and the TCC compiler for people who wish to compile Deadwood on Windows without installing MinGW/Msys.

It can be downloaded here:

Wednesday, January 20, 2010

New MaraDNS snapshot

Since some freetard thinks a "security report" which they can send me in private email is a report of a segfault, without doing any due diligence whatsoever to see if the issue in question can be exploited, I have updated my mailme.php to point out it's not a security report unless you have "done due diligence to determine how the security bug you think you found can reasonably be exploited".

I have replied to this twit with my "pay me for support or I'll forward your email to the list" form reply, but have also fixed the segfault in question. This is a segfault; it's not a security problem because a NULL pointer dereference can only be exploited in the kernel, not in userland (where the kernel promptly terminates the process). The fix can be downloaded here:

I wonder what idiotic excuse freetards will use to email me asking me for support next. Having the "I'll make your email public if you reply" note at least stops them from replying to my "pay me for support or take it to the list" form reply with some idiotic "But I'm entitled to free support!" reply.

And, yes, I have no problem with people sending me these kinds of reports to the mailing list.

New Deadwood snapshot: filter_rfc1918 now fully tested

I have created a SQA test for filter_rfc1918, fixed a bug where it did not work unless blacklist_ip was also enabled, and made sure Deadwood passes all regressions. It can be downloaded here:

In addition, I have made sure the code compiles with no warnings in recent versions of GCC and compiles without problem in TCC and have made a release of Deadwood's source code with TCC bundled so people can compile Deadwood on Windows without needing to install MinGW + MSYS:

Cool blog on the problems of freetards

There is a cool blog entry on the problems of the attitudes freetards have, and the issues with “free content”. There is no such thing as a free lunch, and the new economy hasn’t changed that.

People who think open-source software (OSS) makes it possible for all content to be free don’t understand how OSS changes the relationship between the developer and the user. A lot of people think an OSS program is like a commercial program, but free, and that they can ask for features or get support for free, and it gets pretty tiring to have people email me asking for free support, even though I make it clear that I don't provide free email support for my program.

The thinking behind OSS is that I donate some of my coding time and effort to the greater community. In return, people are free to contribute bug fixes or improvements to the program, or supply support on the mailing list. For example, someone wanted better IPv6 support, supplied patches, and now MaraDNS has good IPv6 support. Another person wanted better Windows service support, and supplied patches to make MaraDNS’ new recursive core be a full Windows service. Other people answer user's questions on the mailing list or translate documentation. Webconquest very generously provides me a free Linux shell account and hosting for the web site.

Likewise, I found an OSS Doom random generator I liked and provided bug fixes and improvements to it; when I lost interest in it, another person became the maintainer and improvements continue to be made even though I no longer work on that code. And, there is a Free Windows Civilization clone for Windows which I have provided a bug fix and extended the documentation with.

OSS doesn’t mean we have the right to demand all content be free or that we are justified in pirating media and software. OSS means that we can, together, make free content which complements the for-pay content out there.

Tuesday, January 19, 2010

New Deadwood snapshot: filter_rfc1918

In private email, someone has expressed interest in sponsoring MaraDNS having the ability to filter out RFC1918 (private) IPs in DNS replies. The reason for this is that it stops potential security problems; see for the technical details.

I told the potential sponsor I would do this for free for Deadwood (since I still add security enhancing features to Deadwood at my discretion for free), and gave them a quote for me to add this to MaraDNS 1.4, explaining I would not be able to start until this week because I was planning my wedding last week. They expressed interest in paying me, but have not done so yet. Hopefully, I will get some pocket change implementing this for MaraDNS 1.4; in the meantime, it has been implemented for Deadwood, and can be seen here:

I have implemented and documented this parameter, and have modified all SQA tests to have filter_rfc1918 = 0 in them.

Next: Test this change; not only do I have to make sure this hasn't broken any existing SQA tests, I also have to make a SQA test for this parameter, called filter_rfc1918

Sunday, January 17, 2010

New MaraDNS snapshot

I have updated license.html to no longer mention MaraDNS 1.2, and advocacy.html to no longer imply DjbDNS only has one known security hole (it currently has three known security problems).

The only changes are documentation updates; no changes to the code have been done.

It can be downloaded here:

Tuesday, January 12, 2010

Deadwood support clarification

OK, it finally happened: Someone emailed me with a Deadwood support concern. So, I have just updated the Deadwood page and the page with my email address to clarify the following (which is in Deadwood's INSTALL.txt):

The channels of support for Deadwood are the same as for MaraDNS: Post it to the MaraDNS mailing list or pay me for support via email. Details are at

Sorry, guys. I'm not being paid for my time writing these programs, yet give these programs away free of charge with very liberal (BSD) licensing terms. I used to provide free MaraDNS email support, but this no longer became practical about two years ago; the backlog became too big for me to answer in a timely manner. Please either pay me or use the mailing list if you need support. Ditto with blog comments; please don't ask questions on the blog; the place for free support is the MaraDNS list.

Monday, January 11, 2010

New MaraDNS snapshot: Minor changes

I have released a new MaraDNS snapshot with no changes except having its internal copy of MaraDNS' download and changelog pages updated to be current with what's on the webpage.

It can be downloaded here:

As an aside, I now delete all old snapshots of MaraDNS when a new release is made. If people want some, but not all changes between versions, they can patch MaraDNS themselves; all of the patches and other changes from one stable version of MaraDNS to the next are in the folder update/version and can be applied by hand if needed.

Next: Back to finishing up Deadwood.

A programming project idea

One idea I have had bouncing around my head for a while is to make an generalized engine for a turn-based strategy game. I’m thinking something along the lines of Xconq, but done right.

I’ve blogged about Xconq before; Xconq is a game that had a lot of potential that was never realized.

To be fair to Stan Shebs, when he started the Xconq project in the 1980s, he did not have a lot of tools available today for making video games.

To wit, if this idea in my head every become reality, I’ll use two libraries Stan did not have:
  • SDL for handling graphics, and for abstracting the OS away from the application (SDL runs on Linux, Windows, and Mac OS X)
  • Lua for handling the scripting; the best embeddable scripting language Stan had was a Lisp dialect, which, while elegant, is hard for end-users to learn
In addition, while the goal will be something that can easily make just about any turn-based game out there, I will focus on only one turn-based game.

My plan is to have a C-language layer between SDL and LUA; this layer will handle the nuts and bolts of the game (drawing the tiles, pathfinding, drawing the units, making the GUI), and have LUA control all of the rules of the game. To keep things simple, the engine will only allow hex tiles, and allow only either a flat map (border around the edges), or what I call a “sphereoid” map: Flat map, wraps like a cylinder left-right; going north of the North pole puts you at another square on the north pole, ditto with south pole; this is topologically equivalent to a sphere. The engine, if ever made, will assume units move to one adjacent hex per movement point (teleports, a.k.a. the “Silver Mage” in Wesnoth, will come later), and different hex types will have a weight (for the pathfinder), movement cost (different from weight for tiles that damage units), and visibility (for determining shroud updates and fog of war).

Movement will be Wesnoth style; click on a unit once to see where it can move; click on a square to move the unit there; right click after left-click to cancel the movement; right click on a unit will pop up a menubar defined by the LUA script. With the exception of things like "Save Game", "Load game", other menubar items will be determined and processed by the LUA script.

Anyway, this is just a “blue sky” idea right now. Back on Earth, it’s time to give Deadwood real recursion. Speaking of which, Deadwood is now used by CERN laboratories. You know, the guys who invented the World Wide Web (which was just a side-project to help people share research) when not doing real research.

Sunday, January 10, 2010

Technology changes in the 2000s

Now that the first decade of the 2000s (2000-2009) are behind us, an overview on how technology changed during these years.


Cell phones went from being a fairly expensive tool used by affluent people to becoming universal and a teenage fashion statement. The cell phone I had at the beginning of 2000 did only one thing: Make and receive phone calls. The cell phone I had at the end of 2009 can make phone calls, take pictures, play mp3s, and even play simple video games, not to mention recording and playing back simple video clips.

There was a single “smart phone” in 2000: A black and white combination cell phone and Palm device that cost about $1000. Smart phones are now less expensive, widely used by affluent workers, are in full color, and include cameras.

In 2000, the handheld PDA to have was the Palm. At the end of 2009, the handheld PDA to have was the iPhone.

In 2000, a laptop was expensive and used by affluent workers. By the end of 2009, laptops were everywhere and actually more common than desktop computers.

In 2000, a sub-laptop was very expensive and uncommon, mainly used by affluent traveling workers. The mid-to-late 2000s, inspired by a project called “One Laptop Per Child”, gave us the netbook: A small laptop without a CD-ROM or other things people expected with a computer that is actually less expensive than a full-sized laptop.

In 2000, 1.44 meg floppy discs were still widely used. While Apples were somewhat notable for not having floppy discs, any standard PC such as a Dell still included a floppy drive (I remember in 2000 at work being annoyed a driver for a network card was larger than 1.44 megs in size, forcing me to burn a CD to give a computer network card support). At the end of 2009, computers do not come with floppy drives, which are now only fairly rare external USB add-ons.

In 2000, recordable CDs were still expensive; computers usually did not have recordable CDs drives (they were usually external drives), and CD blanks were about $1 each. CD blanks had their price drop like a rock in the early 2000s and were about 30 cents each by the beginning of 2005. Soon, DVD recorders and blanks also went down in price, being about 30 cents each by the end of 2009.

VHS died in the mid-2000s, with the transition to DVDs and DVRs made. In early 2006, Wal*Mart stopped carrying VHS movies.

HDTVs gained a significant foothold in the 2000s.

While not universal, the hi-def video format war was won by Blu-Ray in early 2008, paving the road for hi-def to become the next-generation home video format, a process that was still ongoing at the end of 2009.

James Cameron finally released another movie at the end of 2009, Avatar, which was the first mega blockbuster to use 3D.

Portable music players were CD players at the beginning of 2000, with cassette-based players still in use. mp3 players were uncommon, and existed both as CD players that could read mp3s on a data disc and the occasional flash memory mp3 players with 32 megs of memory or so. Through the 2000s, we went from this to portable mp3 players using tiny hard discs, to flash mp3 players with gigabytes of memory, as well as having cell phones able to play mp3s (cell phones still often used strange non-standard headphone connectors at the end of 2009, but the transition to using standard headphone jacks was well under way)

At the beginning of 2000, social networking was essentially non-existent. The mid-2000s gave us the MySpace phenomenon; by the end of 2009, MySpace was a has-been, mainly used by musicians to promote their music, and Facebook was the social networking site to be on.

Hybrid cars became a reality. The 2008 spike in gas prices caused the Toyota Prius to be the car to have, as well as making expensive gas-guzzling cars and SUVs outdated. By 2009, GM (who didn’t have a hybrid at the time) was facing bankruptcy.

Digital cameras became universal, with film only still used by pros and artists at 2009’s end.

Saturday, January 9, 2010

C-evo on netbook bug fixed

There's a bug in C-evo (the largest game I put on my 50 megabyte "desert island" disc) where it doesn't fully work on a netbook. In more detail, the diplomacy screen is nay-to-impossible to use on a screen only 600 pixels high because its top is cut off.

Since one rule I have for all software on my desert island disk is that it must work on a netbook [1], I have fixed this bug. Look at c-evo-netbook-fix.c and c-evo.netbook-fix.exe at This program, which is run in the same directory as cevo.exe, creates a cevo-netbook.exe with this bug fixed.

In more detail, the offending code is this line in Term.pas:


These are the variables used:

NatStatDlg: The window that pops up when you hit F9 (the nations window)

UserTop: Its default starting position, whose top is off the screen on a netbook unless we fix the above line.

Screen.Height: How high our screen is

PanelHeight: How high the "panel" on the bottom of the screen is

NetStatDlg.Height: How big the nations window is.

8: An eight pixel cushion so it looks a little nicer.

Since I don't have Delphi 4, I had to find the resulting compiled code the hard way. The offending -8 above is byte number 723333 in the code (as a positive 8, since the compiled code subtracts 8, instead of adding -8). Since C-evo is using the "subtract this 8-bit signed value with a value of 8" opcode here, we can make the number in question a negative number, resulting in the window being moved down instead of being moved up.

[1] The target netbook is a Intel N450-based netbook with a 1024x600 display.

Humourous Slashdot posting from 2001

Slashdot poster predicts the iPod will fail in 2001. The exact quote was “I don't see many sales in the future of iPod” OK, put your foot in your mouth.

Friday, January 8, 2010

Battle of Wesnoth random map templates

I have created a few Battle of Wesnoth random map templates. One (the forest one) I actually created back in 2007; the others I made this week. They can be downloaded here:

MaraDNS 1.4.02 released

I have just released MaraDNS 1.4.02 today. This has one important bug-fix: csv2_default_zonefile works again. Also, I’ve updated the documentation to reflect 1.4 being the current MaraDNS release, and the SQA regressions work in my current development environment (CentOS 5) — using these tests is how I found the csv2_default_zonefile bug.

It can be downloaded at Sourceforge and on the MaraDNS download page:

There is also a changelog.

Thursday, January 7, 2010

New MaraDNS snapshot: csv2_default_zonefile works again

While working on the SQA regressions today, I discovered that csv2_default_zonefile accidentally was broken when I disabled zone names with stars in them. I just released a snapshot today which fixes this, and can be downloaded here:

Tuesday, January 5, 2010

Rant: Using open source to justify piracy

This last weekend, Slashdot had yet another idiotic since open source software exists, it's OK to be a pirate thread.

This type of freetard thinking annoys me greatly. The thinking amounts to this:
  • Artists, movie makers, musicians, and other generators of intellectual property have an inherit desire to generate these things
  • These people don't care if they are paid or not
  • Therefore, all media should be free and there should be no intellectual property
This completely ignores the obvious truth that artists, movie producers, musicians, software developers, and other creators of intellectual property, do indeed care whether or not they get paid.

Freetards with this thinking look at the free software movement to justify this asinine thinking. More annoyingly, many of these freetards think they can have the same customer-provider relationship with a free software developer that they have with a piece of commercial software paid for.

People with this thinking generally do not understand the collaborative nature of open source development. They think, in so many words "I want you to work hard making this and am unwilling to pay your nor to lift one finger helping you". They do not understand that, if they want better documentation for a program, they can write it themselves. If they want better artwork for an open-source video game, they can draw it themselves. If they want to see a feature implemented, they can implement it themselves.

They think they can just demand that the developer/artists/whoever do this work for them "for fun and for free".

This is the thinking of a small extremist minority; the internet allows all sorts of wild and fringe theories to be propagated and supported in online bulletin boards.

Monday, January 4, 2010

ObHack 006.7 released

Fritz has created and I have uploaded and released ObHack 006.7, a random map generator for Doom, Doom 2, and Heretic:

Deadwood snapshot update: Compiles in TCC

I have updated Deadwood so that it compiles and runs using TCC in Windows.

The majority of the work doing this was adding the appropriate libraries and header files to TCC itself. This in mind, I have created a new directory with a 7-zip compressed version of Deadwood with TCC and all needed libraries and header files to compile Deadwood included. Since TCC is LGPL, I also have a copy of TCC's source code. These files can be downloaded here:

I also have added a version of the batch file to compile Deadwood in TCC to the main Deadwood release.

I had to make a one-line change in Deadwood to get it to compile in TCC: I forgot to correctly declare one parameter as an extern. This is the advantage of making sure Deadwood compiles in something besides GCC: By using other compilers, I can catch mistakes that GCC does not catch (even with -Wall). In addition, we now have a distribution of Deadwood's source in under 300k that includes a compiler; this is useful for Windows users who don't want to deal with installing MinGW and MSYS before compiling Deadwood.