Dropbear

Blog

  • Anti-Spam Fails

    A day or two ago I tried sending an email to a friend who happens to use the Road Runner ISP for his mail service.  Now this ISP doesn’t like dynamic IP addresses (using the increasing inaccurately named Dial Up List) so I have to punt the email through my ISP’s mailserver first.  Now that server is telling me this:

    The reason for the problem: 4.3.2 – Not accepting messages at this time 554-‘5.7.1 – ERROR: Mail refused – <150.101.137.131> – See http://sendersupport.senderscore.net’

    So their ISP mailserver is refusing connections from my ISP’s mailserver for some reason, probably on some spam list.  There’s a URL to look up the problem, so going there gives you three things:

    1. A redirection to https://sendersupport.senderscore.net/
    2. A badly configured webserver that uses the above URL with a certificate for www.senderscore.net
    3. A page that says “It works”

    Either Road Runner or Senderscore, preferably both, need to get a clue. Oh and going to https://www.senderscore.net/ gives connection refused. A bit of digging around shows the correct URL is https://senderscore.org/

    Now I just realized that my SSL certificate for https://enc.com.au/ expired on the weekend so I know these things can happen, but I’m one person (who was away for a while), why can’t companies get their act together?

    Enhanced by Zemanta

  • Careful with PIDs

    Quick question, what is the lowest Process ID you will find?  Most people (myself included until recently) would be able to say that the lowest number is 1 for the init process.  Plenty of programs including ps and pstree have this assumption.

    This assumption bit me this week with Debian Bug 687829 where pstree on a kFreeBSD would not return and used 100% CPU.  What was happening? Well it seems that kFreeBSD has a process ID of 0 and pstree used 0 for a fake root to the tree.  So with a real and fake process #0 hanging around in pstree there was a strange parent-child circle (I’m my own grandad!) between init and process 0 meaning when the tree was walked things go around in circles.

    The fix is basically to assume the tree starts at 0 and not 1 and that keeps things into perspective. So if you are wondering how inconsistent this goes, here is the list.

     

    • Linux has init  with PID 1 and PPID  0. There is no process 0
    • FreeBSD has init with PID 1 and PPID 0. Process 0 is kernel and exists and has PPID 0
    • Hurd has init at 1 with PPID 1. Process 0 is proc and has PPID 1

    So Linux the root is init PID 1, FreeBSD it is kernel PID 0 and Hurd its init PID 1 with a child with PID 0.

     

    Nothing like consistency! I do like the crazyness of Hurd where a child is created before a parent; nothing is normal in Hurd-land.

    I have some temporary code going proving the problem with psmisc and FreeBSD, the tree now looks like what you can see below.  This fix will also show up processes “hidden” under init that were previously hiding.

    ?()-+-acpi_cooling0(16)
    |-acpi_thermal(15)
    |-audit(10)
    |-bufdaemon(18)
    |-flowcleaner(22)
    |-g_down(4)
    |-g_event(2)
    |-g_up(3)
    |-hald-runner(547)---hald-addon-storag(569)
    |-hald(546)-+-hald(548)---hald(549)
    |           `-hald-runner(547)---hald-addon-storag(569)
    |-hald(548)---hald(549)
    |-idle(11)
    |-init(1)-+-etc....

     

    Related articles
    Enhanced by Zemanta

  • Australia Data Retention Scheme Stalled

    It’s been reported in the mainstream media that the Australian Data Retention Scheme has been referred to another committee, effectively delaying it to after the next election.  The Scheme was part of a broad review of the various security agencies powers and how to streamline them.  The initial paper originally stated that retention would be for up to 2 years for parts of the data set, without really specifying what the data was.

    There has been various ideas of what this data is, depending who you ask and when.  Some documents state it is only the accounting data; that user X used IP address Y at time Z, while others state it is email logs and a third have been the previous two plus web logs.

    There are many problems with a scheme such as this.  2 years of everyones web-browsing history is a desirable target for both legitimate and illegitimate access to that data.  Leaving aside would the access to the agencies get the right level of access; who else would want this data?  I’m sure that AFACT (Australia’s MPAA effectively) would like this data to go trawling.  The recent exposure of AAPT‘s data by Anonymous shows that there may be some other means of obtaining this data.

    I actually wonder, if the scheme was in, what they would find?  Take email for example; my email leaves my computer and directly communicates with the destination mail server. If someone pulled my email records they’d show very little information.  If it is too hard to run your own mailserver, I’m sure the enterprising no-gooders that they are so interested in finding can work out how to buy a remote mailserver somewhere.

    If that’s too hard, there’s always gmail with https, or VPNs, or TOR, or.. well there are plenty of options.  It probably comes down to how resourceful (if thats the word) people are.  By the way, mentioning https reminded me of the great little plug-in called HTTPS Everywhere by EFF.

    I’m glad to see that this legislation is stalled. To me the paperwork I saw appeared to be saying that they got some bad guys with what powers they have so they will catch more with more powers; therefore more powers are good, OK?  It’s a rather simplistic view of the world.  My only worry is its not stopped, just stalled so it might be re-animated in future.

     

    Related articles
    Enhanced by Zemanta

  • Context sensitive menus with GtkTreeView

    A project I now maintain called GJay uses the GTK+ toolkit and has a GtkTreeView that shows the directories and the songs in them.  I was wanting to add a context sensitive menu on that view so that you could do things to the item you have right-clicked on; generally file specific things like give me information about this song or queue it to play.  My only problem was, how to do it?  A few Google searches showed things that were almost, but not quite, what I was after.  The main problem being either the documentation was incomplete or it assumed I was after the selected field (the row I may of left-clicked on) and not the one I right-clicked on to get this event.

    This GtkTreeView uses a store where NAME_COLUMN is defined at 0, meaning it is the first column. The program uses this column to store the filename of the song.

    So first I needed to create an event to kick things off, we need to connect the “button-press-event” to our tree_view, which calls a function in this case view_on_button_pressed.

     g_signal_connect(tree_view, "button-press-event",
   G_CALLBACK(view_on_button_pressed), NULL);
    gboolean view_on_button_pressed(GtkWidget *tree_view,
                                GdkEventButton *event,
                                gpointer user_data) {
  GtkTreeSelection *selection;
  GtkTreePath *tree_path;
  GtkTreeModel *tree_model;
  GtkTreeIter tree_iter;
  gchar *name;

  if (event->type == GDK_BUTTON_PRESS && event->button == 3) {
    tree_model = gtk_tree_view_get_model(GTK_TREE_VIEW(tree_view));
    if (gtk_tree_view_get_path_at_pos(GTK_TREE_VIEW(tree_view),
          (int)event->x, (int)event->y,
          &tree_path, NULL, NULL, NULL)) {
      if (gtk_tree_model_get_iter(tree_model, &tree_iter, tree_path)) {
        gtk_tree_model_get(tree_model, &tree_iter, NAME_COLUMN, &name, -1);
        g_print("rc name is %sn", name);
      }
    }
  }

    So a breakdown of what my callback is doing:

    • Line 1:The callback’s widget is the GtkTreeView widget we connected the signal with
    • Line 10:Checks the event was a button press and button #3 (right button)
    • Line 11: Find the GtkTreeModel from the given GtkTreeView
    • Lines 12-14: Get the GtkTreePath that the right-click was sitting at by using the event coordinates.
    • Line 15: Convert the GtkTreePath into a GtkTreeIter
    • Line 16: Find the actual value we put into this row.

    The program, now that it knows the song title, can then go off and generate a menu for that song.

    Related articles
    Enhanced by Zemanta

  • debhelper versions – Guilty!

    After reading Jakub’s pet peeve about debhelper build-dependencies I decided to check my own and sponsored packages to see how they fare.

    find debian/ -type f -name control | xargs grep -h -o 'debhelper (>= 9[^)]*)' | sort | uniq -c
      2 debhelper (>= 9)
      2 debhelper (>= 9.0)
      3 debhelper (>= 9.0.0)
      1 debhelper (>= 9.20120115)

    Oops! Something to fix in all subsequent releases.

    Enhanced by Zemanta

  • Dejagnu tips

    Both the procps and psmisc projects use Dejagnu for their testing.  It’s interesting to try to understand how it all works and learning a new language TCL.  One of the big problems with Dejagnu is its documentation which is very sparse. So here are two things I’ve picked up along the way for a reference for myself and others.

    Locale

    We recently had a bug report on the procps list where tests for w failed for someone when the headers were shown.  After a some further debugging it was a locale problem, where the testsuite was looking for a number like 3.14 but the tester was seeing 3,14. There are many ways around this but for us it was to set the locale, with the following line in config/unix.exp after suggestions by Mike Frysinger should fix it.

    set env(LC_ALL) "C"

    Cleaning Up
    The documentation on this function is awesome! A title “Cleanup Procedure” and one line “cleanup()”.
    That’s all you get. The cleanup proc or function is called at the end of the testing. I use it
    to remove temporary files and things like that.

    proc cleanup { } {
        global test_file
        exec rm $test_file
}

  • pam bugs hurt

    I did some upgrades of what seemed like a million packages today on my Debian sid computer.  I was doing this remotely and when I tried to ssh back in I got kicked out after entering my password, hmmm.

    OK, so I waited until I could get in front of it and tried to login to the console and was greeted with the message “Cannot make/remove an entry” and kicked out, even as root; double hmmm.

    So it was boot into single user time which, thankfully worked. bash loaded ok so it wasn’t a shell problem.  However su failed which means we are into pam problem territory.  I found a bug report that sounded like my problem, but with no clear solution except upgrade in Ubuntu.

     

    The solution was pretty simple for me.  It’s something funky with /etc/pam.d/common-sesssion and a simple ‘/usr/sbin/pam-auth-update’ fixed it for me.

     

     

    Enhanced by Zemanta

  • JFFNMS 0.9.3

    JFFNMS version 0.9.3 has been released today.  This is a vast improvement over the 0.9.x releases and anyone using that train is strongly recommended to upgrade.So what changed? What didn’t change!  A nice summary would be fixing a lot of things that were broken or needed some tweaking. A really, really big thanks to Marek for all the testing and bug reports and also patient “just run this and tell me what it says” tests he did too.  If something wasn’t right before and works now, it is quite likely it is working because Marek told me how it broke.

    A brief overview of what has changed:

    • TFTP transfers work again
    • A lot of the wierd polling effects due to caching fixed
    • Lots of the selects in sub-tables now work
    • The PHP string-to-float brokeness in SLAs worked-around
    • Even more SNMP library cruft removed or escaped
    • HostMIB apps match properly
    • Interface autodiscovery delete and update fields back working

    You can download the file off sourceforge at

    https://sourceforge.net/projects/jffnms/files/JFFNMS%20Releases/

    Related articles
    Enhanced by Zemanta

  • procps-ng 3.3.3 released

    top
    Top in colour mode

    This weekend procps-ng version 3.3.3 was tagged and released for distribution.  There have been many patches and fixes involved in this release as we move from an unchanging static sort of code into something that is easier to maintain and build on various architectures.  The good thing is I’m down to 1 or 2 patches in the Debian archive which is a big change from the 30 or 40-odd I used to carry.  For the sole metric of getting that number down, the project fork has been a success.

     

    There were some post-release bugs I found and these were more to do with the various options turned on or off rather than what you’d see if you did the basic ./configure && make.  One of them was how the version numbers are defined in git, but would only appear if certain files were older than others (such as aclocal.m4 versus config.h.in)  Others were when certain features were turned on.  The make check doesn’t see all of this because it uses the default configure flags.

    One annoying thing of the autotools is conditionally installing man pages. This is where you don’t or cannot compile a binary so you don’t install the corresponding man page.  The automake documentation is of course obscure about this but I cannot see a way of distributing only a man page, so we have this fiddle where a file goes into dist_man_MANS or EXTRA_DIST depending.

    Interestingly, there has been some bike-shedding around Fedora-land (see the link below) regarding the name procps-ng versus procps.  Debian is lucky that we do have different upstream and package names (though not ideal) so apt-get install procps still gives you procps.  There also has been discussion about merging procps-ng into util-linux whichin the short-term won’t be happening.

    Related articles
    Enhanced by Zemanta

  • PHP floats and locales

    I recently had a bug report in JFFNMS that the SLA checks were failing with bizarre calculations.  Things like 300% disk drive utilization and the like.  Briefly, JFFNMS is written in PHP and checks values that come out of rrdtool and makes various comparisons like have you used more than 80% of your disk or have there been too many errors.

    The logs showed strange input variables coming in, all were integers below 10.  I don’t know of many 1 or 3 kB sized disk drives. What was going on?  I ran a rrdtool fetch command on the relevant file and got output of something like 1,780000e+07 which for an 18GB drive seemed ok. Notice the comma, in this locale that’s a decimal point… hmm.

    In lib/api.rrdtool.inc.php there is this line around the rrdtool_fetch area:

    $value[] = ($line1[$i]=="nan")?0:(float)$line1[$i];

    A quick check and I was finding that my 1,7…e+07 was coming back as 1.  We had a float conversion problem.  Or more specifically, php has a float conversion problem.  I built a small check script like the following:

    setlocale(LC_NUMERIC,'pl_PL.UTF-8');
$linfo = localeconv();
$pi='3,14';
print "Decimal is "$linfo[decimal_point]". Pi is $pi and ".(float)($pi)."n";
print "Half is ".(1/2)."n";

    Which gave the output of:

    Decimal is “,”. Pi is 3,14 and 3

    Half is 0,5

    So… PHP is saying that decimal point is a comma and it uses it BUT if a string comes in with a comma, its not a decimal point. Really?? Are they serious here?  I tried various combinations and could not make it parse correctly.

    The fix was made easier for me because I know rrdtool fetch only outputs values in scientific notation. That means if there is a string with a comma, then it must be a decimal point as it could never be used for a thousands mark.  By using str_replace to replace any comma with a period the code worked again and didn’t even need the locale to be set correctly, or that the locale for the shell where rrdtool is run is the same as the locale in php.

    Related articles
    Enhanced by Zemanta