Emmanuel Dreyfus' publications







Software

NetBSD

Various bits of the NetBSD project:
Linux binary compatibility on PowerPC, amd64 and MIPS, 32 bit Linux binary compatibility on amd64, IRIX binary compatibility, X server on hpcarm, MacOS X binary compatibility, chrooted ntpd, ipsec-tools maintenance, a few packages, FUSE implementation ... [top]

milter-greylist

milter-greylist is an efficient and easy to set up spam filter for Sendmail. It is used in production on thousands of servers throughout the Internet. Wrote everything, except the numerous submissions from hardcore users. Many thanks to them. [top]

IPsec-tools

A few bits of the IPsec-tools project, which is an IPsec key exchange daemon:
Cisco VPN interoperability in IPsec-tools: Xauth with Hybrid auth, ISAKMP mode config, IKE fragmentation, and RADIUS support. Privilege separation. NAT Traversal (NAT-T) implementation for NetBSD. There is also some documentation explaining how to use these new features. Also check the paper presented at EuroBSDCon 2006 on this topic. [top]

DST

DST stands for Distributed Spam Traps. It is an attempt at building a real-time, strongly authenticated, DDoS-resistant tool for propagating spam reports. This seems to be a dead experimental software. [top]

milter-rcptfilter

Tool for building ACL on e-mail recipients. Useful for filtering out mail sent to unexistant addresses when you do not have time, courrage or knowledge to reconfigure Sendmail so that it blocks them properly. [top]

mdd

mdd stands for Multicast Data Dump. This tool is designed to spread a file to a multicast group. It was written to upload a hard disk image to a set of identical machines in a computer room.

Warning: The protocol is rather simple and does do any rate limiting. That makes it completely unsuitable outside of a private LAN where no congestion can occur. Do not use that tool on the Internet, it will eat all your bandwidth and flood the multicast group you send data to. [top]

cmapasswd

cmapasswd is a wrapper on the passwd command. It is designed to allow some users (e.g.: teachers) to change the password of users in given groups (e.g: students that forgot their passwords). A configuration file is used to decide who is allowed to change password for what groups of users. [top]

hobbitclient

Hobbit Monitor is a free software replacement for Big Brother. Hobbitclient is the free software replacement for the Big Brother client. It is written in C with OS-dependant backends. [top]

ldap2radius

A shell back-end written in C for OpenLDAP that enable bridging LDAP authentication to a RADIUS server. This is designed so that the actual LDAP database queries are sent to a real LDAP datababse, while the LDAP authentication is done through RADIUS. Note that you can also setup OpenLDAP to use SASL, SASL to use PAM, and PAM to use RADIUS. [top]

French mac keyboard layout for Windows

When running Windows in Parallels on a mac, you may get a PC keyboard layout. With a french mac keyboard, pressing - produces a =, for instance. There is an Apple driver for fixing this on recent Windows releases, but on NT 4.0, it's a bit harder. Here is a workaround.

Microsoft provides MSKLC, an utility for creating keyboard layouts, but it works only on Windows 2000 and above. Fortunately, the keyboard mappings it produces can be dropped in an NT 4.0 system and that will work. Here is Kbdfr.dll, a keyboard layout for a mac french keyboard. Just overwrite C:\WINNT\System32\Kbdfr.dll, reboot, and you will be done. Make sure your administrator password does not depend on the modified keys, or you might be locked out.

This keyboard maps correctly all characters that are written on the keys. For characters that are not written on the keys, such as |, {, and so on, the PC keyboard mapping is retained: Use AltGr-6 to produce a |.

Thanks to Arthur Duprat for helping on that hack. [top]

NFS-aware quota(1) for MacOS X

As of MacOS X.4, it seems impossible for quota(1) to report NFS mounts quotas. The command just seems unsable to query the rpc.rquotad(8) daemon. Here is a quick MacOS X port of NetBSD's quota(1), which is NFS-aware. [top]

Contributions to OpenLDAP

Minor but useful improvements to some OpenLDAP overlays:

[top]

CrudeSAML

CrudeSAML features a PAM module and a SASL plugin (for Cyrus SASL) that perform crude checks on SAML assertions: signature, dates, user Id, issuing Identity Provider and audience Service Provider. Using CrudeSAML, SAML assertions can be used by web applications as tokens for authenticating to other services such as IMAP (WebSSO for webmail), LDAP (WebSSO for unprivilegied LDAP web applications), or SSH (WebSSO to whatever hack you implemented by ssh).. [top]

SPIP2LaTeX

SPIP2LaTeX is a SPIP plugin that converts article and section to LaTeX. It can be used to generate nice PDF from web pages managed by SPIP.

See also the SPIP2LaTeX page at spip-contrib.net.
[top]

Apache modules

mod_mkdir is an Apache 2 module that creates directories on the fly as they are requested by the client. This is useful used with PUT methods, when the client attemps to drop a file in a directory that does not exits yet.

mod_logbeast in another Apache 2 module that attempts to spot BEAST vulnerable browsers. This is done by checking TLS version, cipher, and 1/n-1 split mitigation technique for vulnerable CBC ciphers with TLS up to version 1.0. The 1/n-1 split detection is a bit naive, as it does not try to parse TLS packets, but instead looks for the number of bytes obtained from mod_ssl.
[top]

OpenVPN modules

OpenVPN wtmpx(5) accounting module to have OpenVPN connections log available from the last(1) command.

OpenVPN Nagios plugin, which uses OpenVPN protocol to probe VPN services, checking for certificate expiration.
[top]

Nagios plugins

Nagios plugins in C, to check DNSRBL status, NetBSD's /etc/dumpdates for up to date backups by dump(8), OpenLDAP syncrepl, milter connectivity, and daemons presence, based on .pid files.

Useful patches

PHP 5.3 LDAP exop support. This brings to PHP LDAP operations such as PASSMOD, REFRESH and WHOAMI. PASSMOD is better than directly writing the userPassword attribute since it allows the use of overlays like slapo-smbk5pwd (NTLM and kerberos V password sync), or slapo-ppolicy (Password strength and reuse policy).

Apache 2.2 Elliptic curve support. Used with appropriate Apapche directives, this makes Perfect Forward Secrecy available for all modern browsers (as reported by Qualys SSL labs server test). Suggested Apache configuration:
SSLProtocol all -SSLv2
SSLHonorCipherOrder On
SSLCipherSuite ECDH@STRENGTH:DH@STRENGTH:HIGH:!RC4:!MD5:!DES:!aNULL:!eNULL

[top]

NetBSD support in GlusterFS

NetBSD support in GlusterFS. All required patches are contributed to GlusterFS repository.
[top]

Books and Papers

FUSE and beyond: bridging file systems

A paper on FUSE, PUFFS, REFUSE, PERFUSE and GlusterFS on NetBSD, presented at EuroBSDcon 2014, Sofia, Bulgaria, september 2014.
[top]

TLS hardening

A paper on TLS hardening, published in june 2014 issue of BSD Magazine.
[top]

Per-user filtering settings with milter-greylist

Filtrage sur mesure avec milter-greylist (Per-user filtering settings with milter-greylist), presentation in french at Solutions Linux 2009, Paris, april 2009.
[top]

SAML and services behind the web

SAML et services hors web (SAML and services behind the web), presentation in french for the CRU, Paris, january 2011.
[top]

What's new in NetBSD in 2006

What's new in NetBSD in 2006, EuroBSDCon 2006, Milan, Italy, november 2006.
[top]

Developer interviews

Interview of Open Source Software developers, on various topics:
Manuel Bouyer interviewed about Xen, Februray 2006, daemonnews.org.
Der Mouse interviewed on real time backup system, March 2006, daemonnews.org.
Jan Schaumann interviewed on NetBSD as a desktop system, April 2006, daemonnews.org.
[top]

My opinion on the European Constitution

Why I will vote no to the french referendum on the European Constitution. This is some non computer-related material, in french. I also wrote later about Lisbon treaty and the MES. I should really write something on the latest EU monsters like TSCG, six pack, and two pack.
[top]

Le cahier de l'admin BSD

Le cahier de l'admin BSD, 2nd edition. July 2004, Editions Eyrolles, ISBN 2-212-11463-X. In french (english version may pop up one day).
Le cahier de l'admin BSD, 1st edition. September 2003, Editions Eyrolles, ISBN 2-212-11244-O. In french.
Unix familly tree. Commercial poster for the cahier de l'admin BSD. Feature a nice Unix familly tree in high resolution and in color. The file is rather big.
[top]

Remote user access VPN with IPsec

Remote user access VPN with IPsec, EuroBSDCon 2005, Basel, Switzerland, 25-27 november 2005, proceedings p113-124
[top]

MacOS X binary compatibility in NetBSD

MacOS X binary compatibility: challenges and implementation, EuroBSDCon 2004, Karlsruhe, Germany, 29-21 october 2004, proceedings p65-80.
Interview on MacOS X binary compatibility in NetBSD, in january 2003, by ONLamp.com
[top]

Chrooting ntpd on NetBSD

Securing systems with chroot: what is a chroot jail, how does it helps securing systems? January 2001, ONLamp.com.
Chrooted ntpd in NetBSD: the actual implementation. February 2003, ONLamp.com.
[top]

Mail filters

Mail filtering techniques: a short introduction to internet mail, and a survey of different mail filtering techniques. May 2004, ONLamp.com.
Spam filtering with Sendmail Milter and greylisting: milter developement details, with the example of milter-greylist. June 2004, ONLamp.com.
[top]

IRIX binary compatibility on NetBSD

An introduction to binary compatibility, august 2002, ONLamp.com.
Unix program startup, august 2002, ONLamp.com.
IRIX oddities: system calls that you will not see anywhere else!, september 2002, ONLamp.com.
Native implementation of signals, october 2002, ONLamp.com.
Reverse engineering threading, december 2002, ONLamp.com.
IRIX threading implementation, april 2004, ONLamp.com.
[top]

Linux binary compatibility on NetBSD/PowerPC

Setting up minimal emulation support, may 2001, ONLamp.com.
Managing dynamic executables, may 2001, ONLamp.com.
Signals, june 2001, ONLamp.com.
Managing Java to work, june 2001, ONLamp.com.
Debugging the debugger, auguest 2001, ONLamp.com.
[top]

The MPC parallel computer

O. Glück, A. Zerrouki, J.L. Desbarbieux, A. Fenyö, A. Greiner, F. Wajsbürt, C. Spasevski, F. Silva and E. Dreyfus, Protocol and Performance Analysis of the MPC Parallel Computer, 15th International Parallel & Distributed Processing Symposium (IPDPS, 2001), San Francisco, USA, 23-27 avril 2001, p52.

A. Zerrouki, O. Glück, J.L. Desbarbieux, A. Fenyö, A.Greiner, C. Spasevski, F. Wajsbürt, F. Silva and E. Dreyfus, The MPC Parallel Computer : hardware, Low-level Protocols and Performances, Parallel and Distributed Computing and Systems (PDCS, 2000), Las Vegas, USA, 6-9 novembre 2000, Vol 1, p87-92.

[top]

Last modification: 2014/12/25