nosh version 1.40

The nosh package is now up to version 1.40 .




This version sees changes to the doco, improvements to network
configuration, and a change to machine ID generation.

FreeBSD binaries


I plan for this to be the last release with binaries built on FreeBSD
10. I am going to upgrade the build machine.




There is now an |ifconfig| command in the toolset, with a command-line
interface and output similar to the FreeBSD |ifconfig|. It is primarily
intended for use on non-FreeBSD systems, to provide a FreeBSD-like
|ifconfig| where one does not have the actual FreeBSD tool. The
|ifconfig_at_*| services generated by the external configuration import
subsystem make use of it on Linux operating systems, allowing the
services themselves to be pretty much the same across platforms.

It handles multiple (unlabelled) addresses per interface and both IP
version 6 and IP version 4 addressing, which are two of the
long-standing complaints against the old |ifconfig| programs from GNU
inetutils <> and NET-3 net-tools
<>. It has no notion of
overwriting a single "primary" address. It has a |broadcast1| flag for
calculating the broadcast address from the prefix length and address.
It prefers the new (since 1993) notation for IP version 4 network
masks. It can do the FreeBSD style of EUI-64 address assignment for IP
version 6 with an |eui64| flag.

And it colours its output if writing to a terminal. (-:

Machine ID generation


FreeBSD from 2007 onwards used the SMBIOS system UUID from the machine
firmware as a fallback source for a machine ID. |setup-machine-id| prior
to this release of the toolset would do the same for compatibility.
This has now been removed from |setup-machine-id|. The privacy problems
that it entails have turned out to outweigh what little utility it had.

Systems that would have fallen back upon the SMBIOS system UUID will now
fall back to creating UUIDs using the C library. Note that the FreeBSD
C library still uses MAC addresses to create UUIDs. The OpenBSD and GNU
C libraries use CSPRNGs.

There is also now an |erase-machine-id| command that resets all of the
machine ID storage locations set by |setup-machine-id| to a nil UUID.
The |machine-id| service now calls |erase-machine-id| at shutdown.

Thus: Machine IDs (when using the supplied service bundles) now have a
lifetime from bootstrap to shutdown, will not persist across reboots, do
not reveal the SMBIOS system UUID and are not constant and correlatable
because of it even when explicitly wiped, and can still reveal MAC
addresses on FreeBSD.

The new |machine-id|(7) manual page lists some of the known users of
machine IDs, explains where machine IDs are stored, and gives some of
the history of machine IDs.

Square mode


Square mode is now switchable in |console-terminal-emulator|, using DEC
Private Mode 1369. |console-control-sequence| has a |--square| option
for changing it.

Other tools


|ucspi-socket-rules-check| has gained the ability to check |uid/self/|
and |gid/self/| subdirectories when handling UCSPI-UNIX connections.



The Guide now includes the original command manuals, written in DocBook
XML. These are directly readable using a GUI WWW browser and the
supplied stylesheet. The conversions to HTML are still supplied, but
reading the original DocBook XML format is better.

TUI WWW browsers such as lynx cannot read DocBook XML. Their deficiency
has inspired a new |console-docbook-xml-viewer| tool that parses and
displays the manual pages with a simple full-screen interface on a
terminal. This can of course display other DocBook XML manual pages as

External configuration import improvements


The external configuration import subsystem now allows various
extensions in a |/etc/network/interfaces| file, including |ipv4ll|
stanzas (which will cause |avahi-autoipd| services to be set up) and
|eui64| stanzas. A "|broadcast +|" setting is now transformed into the
aforementioned |broadcast1| flag for |ifconfig|.

It also now once more treats |false| for the login shell as signifying a
non-personal user account.

More service bundles


There are a few more service bundles in this release, including ones for
Laurent Bercot's mdev, for two-ftp, and for NcFTPd.
