iNode: Nota Bene

Here's a history lesson for you … Sealand and HavenCo, the "secure offshore datacentre". It's alleged to be dead – by the main admin, who now runs a competing service in the US.

Start with the Wikipedia Sealand article, then hop over to the Defcon-11 presentation held at Metacolo (or the more readable googleised html version

Some ISPs seem to have started to send warning emails to people running their own DNS servers badly … specifically to address the currently publicised “Open DNS server” security problem.

If you run your own zones, check them out with the handy www.dnsreport.com website. Don't just automatically follow their advice – even google's zones get warnings. I expect that google know what they're doing :-)

So I was looking at the Solaris source this week, trying to figure out how I'm able to issue kill commands with the pid in two formats – one just as you'd expect, and the other as (4294967296 - pid) …

(I didn't find the answer, but suspect it's because uid_t is long. Still, I didn't find the function that would have confirmed it)

However, the real point of this post is that I really like OpenGrok -- it's a great browsing environment. Colourful, and fast! But what makes it cross-reference so extensively?

The answer is Exuberant ctags! And the nice bit about that is that it'll tag Ruby … I must try that some time soon … it'll also tag "Assembler, AWK, ASP, BETA, Bourne/Korn/Zsh Shell, C, C++, COBOL, Eiffel, Fortran, Java, Lisp, Lua, Make, Pascal, Perl, PHP, Python, REXX, S-Lang, Scheme, Tcl, Vim, and YACC"

Just a reminder, recently posted from mdz@ubuntu – the 4.10 release, Warty Warthog, is about to officially end-of-life.

As of the 30^th of April, 2006, there will be no further security updates for this version. See https://lists.ubuntu.com/archives/ubuntu-announce/2006-March/000061.html for more details.

Theoretically, the wider community could choose to support this version, and retrofit security changes. In practice, I don't think it's likely to happen. It was the very first Ubuntu version to be released, and an upgrade is strongly recommended.

The next version of Ubuntu, Dapper Drake, will be released on the 1^st of June 2006. This version will be officially supported for 5 years on the server, and 3 years on the desktop. It's a little late – it should have been released on the 20^th of April 2006, but the edlay was put in place for clear reasons. See https://lists.ubuntu.com/archives/ubuntu-announce/2006-March/000058.html for more details.

Here's an example problem: you have Apache 2 running under OSX, you upgrade to OSX 10.4 (Tiger) … and suddenly you notice that "all your PDFs are broken".

Your actual problem might be that files sent by Apache are being truncated at 64K (plus a few bytes). Those few extra bytes worry you – if there was a 64K limit being triggered, how do those extra bytes get through?

OK – it's the router, firewall, or ISP, isn't it? No – tcpdump the server while it fails to send a file, and look at what you see. You'll see the data packets being sent … then stop. The client will continue sending ACKs until it has caught up with the outgoing flow … then after a few seconds the server actively closes the connection with FIN,ACK.

If a router had killed the traffic flow, you wouldn't see the correct ACKs, and you wouldn't see a tidy shutdown. So what's happened? Apache has decided to stop sending data, that's what.

To confirm this, stop your webserver for a while, and use nc to pump one of your PDFs out (OK, that's not a perfect test, because your problem might be HTTP inspection, not just plain data transfer). nc succeeds in sending the file. So it's not a basic inability to transfer more than 64K out of the machine.

Apache can send PDFs onto a localhost interface fine – I'm not quite sure why this works, but it complicates things a little :-) If that had failed, it would have been more definately Apache's problem – but as it works, it seems to be an Ethernet interface problem.

Hitting google with a more precise set of symptoms eventually turns up a bug, logged by Apple, on the Apache Portable Runtime project bugtracker. This has been fixed in APR 0.9.7, which is the version used in Apache 2.0.55

Complications for fixing this problem – ServerLogistics.com are only shipping a Pre-packaged Apache 2.0.52 at the moment, which needs to be updated. Installing from Fink or DarwinPorts would get the latest version, as would compiling from source – if you have XCode installed (if you're replacing a ServerLogic bundle with a from-source build, make sure you get the layout and config options the same!). But at least you'll know what the problem is now :-)

The instructions at Richard5's blog have been successfully used by a non-source-code OSX admin I know with only one small problem – if you're keeping your old httpd.conf (and of course, you are!) and you have the auth_ldap_module selected (that's the default in ServerLogistics.com 2.0.48 at least) you will need to add an extra LoadModule line …

LoadModule ldap_module modules/mod_ldap.so
LoadModule auth_ldap_module modules/mod_auth_ldap.so

If you don't, your shiny new Apache2 won't start – but at least you'll be able to see the reason in your errors_log …

[Mon Mar 20 16:04:41 2006] [error] \
   Module mod_ldap missing. Mod_ldap \
   (aka. util_ldap) must be loaded in \
   order for mod_auth_ldap to function properly
Configuration Failed

Once again I regale this blog with old news, but it's just a function of my brain's information retrieval strategy …

Because of a local promotion that involved handing out money-like pieces of paper, I was telling a colleague about printer watermarking, and whizzed back to google to find the supporting evidence. Here we have it - two nice documents from the EFF – one telling us that colour http://www.eff.org/Privacy/printers/wp.php"printers add watermarks'>http://www.eff.org/Privacy/printers/wp.php"printers add watermarks to your printed output, and one giving you the results of reverse engineering the Xerox dot pattern.

Oh, and money-like pieces of paper … that reminds me of the Deception Dollar and the (occasionally spamvertised, but otherwise beautiful) Dream Dollars

I've added an offsite comment/trackback service, Haloscan, in case any of you lovely readers need to share your thoughts about my thoughts :-)

So, if you spam/crack the comments, it's not happening on my server – it's happening to a big boy who probably knows how to deal with you …

To add HaloScan to nanoblogger, I followed their “Other” config examples, putting the javascript hook and courtesy image link (which will be updated to a nicer one soon) into templates/main_index.htm, and the actual link JS into templates/entry.htm

I guess they get the chance to advertise at you when you use the comments service. Fair enough …

I don't like Markdown (at least, the way it's done through nanoblogger), not least because I can't see any difference between a code block that works, and one that doesn't.

Plus, by default, stars around a word don't translate to “bold” ;-)

So, I've installed RedCloth into Ruby, and after hacking a one-line filter I'm trying to get nanoblogger to use Textile instead of Markdown. I'll probably have to edit my old articles, but there aren't many!

Textile has “nice” quotes, … ellipsis, 2×4 dimensions, trademark(TM), registered(R), copyright(C) markers, en - em-dashes – and a few other goodies. RedCloth has a few bugs, but workarounds are not too onerous.

See Installing Textile for more info.

So much of the Rails tutorial stuff is based around the “simple” examples of scaffold, that subtleties in the language syntax are missed out …

Here's what scaffold in Rails 1.0 produces for a form :-

    <%= start_form_tag :action => 'create' %>

In text descriptions of “how to do form upload”, we're told to add :multipart ⇒ true to the start_form_tag.

If we look at the Rails API for start_form_tag, we see a couple of extra options – one of which is essential for file upload forms, the :multipart …

    start_form_tag(url_for_options = {}, options = {}, *parameters_for_url)

What is very unclear at this stage, is that in order to add the :multipart option to the tag, you must now introduce () and {} syntax that was previously optional and therefore missing from the scaffold code generation.

    <% start_form_tag ({:action => 'create'}, {:multipart => true}) %>

This has recently been described on the Rails list as the “WTF!!” stage of grokking Ruby syntax.

Enjoy :-)

Nanoblogger wants you to remember the numeric ids for your categories, and doesn't seem to let you refer to them by name (which isn't unreasonable, as the names may have spaces and other metacharacters in them, and therefore might make quoting a big chore).

But it's difficult to remember them all the time, so I have hacked the build_catlinks() in plugins/blog_links.sh :-

    cat_id=`basename $cat_index .html | cut -c5-`
    cat <<-EOF
        <!-- $cat_id $NB_CategoryTitle --> \
          <a href="\${ARCHIVES_PATH}$cat_index"> \
          $cat_id $NB_CategoryTitle</a> ($cat_total) <br />

This creates a new value, $cat_id, made from $cat_index (which is the filename of the category datafile, e.g. cat_1.html) by stripping off the extension, and then the first four characters. This value is then added into the comment section, and the output text.

Unseen in the code snippet here is that the output from build_catlinks() is sorted (so the $cat_id in the comment is used to get them in the right order), and then the comment block is removed from the final HTML.

Another satisfying nanoblogger hack.

Oh, I know it's old news now, but I was very amused (“rofl”) with The Register's article about Symantec Norton antivirus booting people off their IRC connections when someone says the magic words "startkeylogger"!
http://www.theregister.co.uk/2006⁄03/03/symantec_security_glitch/

It's all over google as well, if you should care to look. At the moment, I'm typing from a windows box, with a Symantec product running … but it's not one of the Norton ones, so I was able to say these naughty words on a friendly IRC channel (one inhabited by non-Windows people, so no-one was disconnected!)

I've hacked a new stylesheet (not much different from the default) and done a lot of cleaning on the generated CSS, especially in the sidebar.

markdown processing now works for articles - see Fixing Sidebars for details.

Looks like markdown processing doesn't come with Debian 3.1's nanoblogger. So I lifted the plugin from the 3.3 distribution, and fitted it in :-) The downside is that I now have an unpackaged file on the OS - the upside is that it's simple, auditable, and useful!

Many moons ago, I created a page with a list of anachronistic Latin phrases, taken from one of Henry Beard's books. It's been well-linked over time, and Google pushed up it's PageRank. I still get the occasional email from people assuming that I must have good Latin skills – but I don't :(

Looks like Wikipedians have been hard at work on Latin (as I guess you'd expect), and there's now a good page to help you find standard phrases - http://en.wikipedia.org/wiki/List_of_Latin_phrases_%28full%29