Toward simple confusion
I was just upgrading my servers and noticed one was fetching diffs.
apt-get update
…
…
Get: 27 2006-09-10-1306.48.pdiff [293B]
…
This article shows this can be reverted by running:
apt-get update -o Acquire::Pdiffs=false
or adding the following line in /etc/apt/apt.conf.
Acquire::PDiffs “false”;
For the longest time I have been unable to decide between php4 and python as my preferred scripting language. Both languages are awesome, boast impressive libraries and user bases, and excellent documentation. While I am very fond of php4, for a while it was disappointing that php4 did not have a good CLI (command line interface). For a while I started moving all my sophisticated backend scripts to python. And then one day, I discovered that one of the php 4.3 releases contained a revamped ‘php4-cli’ with a distinct use different from ‘php4-cgi’. So needless to say, I am consolidating my efforts on php4.
Now my latest endeavor was porting a small python ‘curl’ like script. To port it over to php, I took advantage of the php curl libraries. At first I was executing the script under CLI and it worked fine. Later I tried to eexecute it via mod-php4 and it died miserably. The html output would just die at the curl_exec($ch);
After some looking I found this option:
curl_setopt($ch, CURLOPT_VERBOSE, 1);
And this generated the following nonsense in the apache error.log file:
* About to connect() to www.ups.com port 443
* Trying 153.2.228.50… * connected
* Connected to www.ups.com (153.2.228.50) port 443
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
[Sat Oct 29 02:32:39 2005] [notice] child pid 20202 exit signal Segmentation fault (11)
I searched on the internet and found some people with a similiar problem, but no clear cut resolutions. So I did the next most reasonable thing to do. I checked all my installed packages and then upgraded apache, php4, curl, and ssl. Yet still nothing. I’m sure the diehard unix people are immediately thinking its time for a stack trace, but I try to leave that as a last resort.
I read the php bug report 22213 and later this article on marc.thaimsgroup.com. What struck me as odd was that the guy recompiled openssl, and not curl. Later I checked the bug report again, and it just happened to be on the right spot:
[14 Feb 2003 8:41am CET] alan at pair dot com
Regarding notes/issues raised on bug #22112:
I made sure that apache is linking against only one copy of libssl and
libcrypto.
And then it struck me. I checked dpkg
ii libnet-ssleay- 1.22-1 Perl module for Secure Sockets Layer (SSL)
ii libssl-dev 0.9.8a-2 SSL development libraries, header files and
ii libssl0.9.6 0.9.6j-1 SSL shared libraries (old version)
ii libssl0.9.7 0.9.7g-5 SSL shared libraries
ii libssl0.9.8 0.9.8a-2 SSL shared libraries
ii openssl 0.9.8a-2 Secure Socket Layer (SSL) binary and related
and decided to try to remove the older versions of libssl. While only the 0.9.6 was freely removed, it did the trick. Now my log files show:
* About to connect() to www.ups.com port 443
* Trying 153.2.228.50… * connected
* Connected to www.ups.com (153.2.228.50) port 443
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* SSL connection using DES-CBC3-MD5
* Server certificate:
* subject: /C=US/ST=New Jersey/L=Mahwah/O=United Parcel Service/OU=Internet System/OU=Terms of use at www.verisign.com/rpa (c)05/CN=www.ups.com
* start date: 2005-06-24 00:00:00 GMT
* expire date: 2006-07-24 23:59:59 GMT
* common name: www.ups.com (matched)
* issuer: /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
* SSL certificate verify ok.
> POST /ups.app/xml/Rate HTTP/1.1
Host: www.ups.com
Accept: */*
Content-type: application/x-www-form-urlencoded
Content-Length: 1431
Expect: 100-continue
< HTTP/1.1 100 Continue
< HTTP/1.1 200 OK
< Server: Netscape-Enterprise/6.0
< Date: Sat, 29 Oct 2005 08:05:22 GMT
< Content-length: 6820
< Pragma: no-cache
< Content-Type: application/xml
* Connection #0 to host www.ups.com left intact
* Closing connection #0
Problem solved.
I’ve had a few brief encounters with CVS, but it never really got my interest. I’ve been neglecting the issue of revision control for a while. Recently I’ve been having to maintain 2-3 different sets of tools in maybe 5 disjoint machines. So I’ve decided to try to consolidate my efforts and minimize repetition. For now, I have opted to use subversion
To setup up svn on the server:
$ svnadmin create –fs-type fsfs /path/to/repos
Originally I created the svn as a berkley db, but changed it b/c the db requires a posix compliant file system. So it won’t work over nfs. Here is some propaganda for fsfs. To convert the db type after the fact:
svnadmin dump /path/to/old/repos > repos.dmp
svnadmin load /path/to/new/repos < repos.dmp
Other commands I used to get started using svn over ssh:
#check out the new repository
svn checkout svn+ssh://me@myserver.com/path/to/repos/trunk .
#import local files into the repository
svn import /local/path svn+ssh://me@myserver.com/path/to/repos/trunk
#directly create a directory on the svn server
svn mkdir svn+ssh://me@myserver.com/path/to/repos/trunk/new_directory
svn does solve a number of short comming of cvs. However, it still follows the same centralized server model and thus is hard to manage on networks with poor network connectivity. Currently I am waiting to see what direction Linus takes the Linux kernal development (which inherenttly involves distributed repository client model).
A second concern of mine is how subversion supports binaries. By their very nature, binary files are not easily monitored into revision control. Typically though, binary files are not changed very often. If they are, I probably would not care for the older versions. For these files, I have been looking for more of a file repository than a revision control source.
Another useful tool is the distributed file synchronization tool Unison.
I run debian unstable on my servers. I was trying to upgrade some of the packages, when I encountered the following message:
E: This installation run will require temporarily removing the essential package e2fsprogs due to a Conflicts/Pre-Depends loop. This is often bad, but if you really want to do it, activate the APT::Force-LoopBreak option.
E: Internal Error, Could not early remove e2fsprogs
Following the solution from Nick’s Personal Blog the following worked w/o any accidental snags.
apt-get - o APT::Force-LoopBreak=yes install e2fsprogs
The funniest thing that one can do when googling (translates searching for help/info using google) is to find your own website. In the last 3 weeks I have hit my own website 3 times seearching for info on setting up various programs on linux. The most recent was because my brother was having troubles connecting to our smtp server using his Treo. My own post talked about problems with ident. Sure enough, Cingular has a blanket firewall that blocks most everything. So the mail server could not send ident requests to the Treo. Turning off ident still didnt solve the problem. I tried also setting
rfc1413_query_timeout = 0s
smtp_enforce_sync = false
but that still did not solve the problem. According to the exim logs the client just disconnects. So I guess some client side debugging may be in order. In the future, I need to add more info on my posts so that if i do come back to them, i can actually understand the problem and the solution I found.
I just finished setting up my smtp auth support in exim4. Originally, I was going to perform authentication over the courier authdaemon as describe here, but i didnt quite understand the socket situation, so I opted for a more simplicitic route (since authdaemon uses a mysql backend). I also found a simple static password setup here. It did detail some good info about configuring exim3 correctly. Exim4 has a few different options.
To translate these options to exim4, I followed this email.
So I have the following in my exim4.conf
auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}
tls_certificate = CONFDIR/exim.crt
tls_privatekey = CONFDIR/exim.key
tls_advertise_hosts = *
To get the mysql query right in my authenticator, I followed the
manual. While I dislike going to the exim4 manual, its actually very verbose and informative. I have to start going there instead of google searching all day. I found some examples of authenticators here, here, and here. They were basically good, except that I realized they didnt do any query santization. So i changed references to $n to ${quote_mysql:$2}. Its also important not to have any extraneous white space after a query string – it can cause the condition to fail.
A reminder, if you are using mysql, you have to add the server in exim4
hide mysql_servers = localhost/db/user/password
I had alot of stumbling on the way, and found the best way to debug my configuration was to send mail:
$echo –ne ‘\0me\0pass’ | base64-encode
AG1lAHBhc3M=
$telnet localhost 25
> EHLO foo
> auth plain AG1lAHBhc3M
To increase debugging, I ran exim4 in debug mode:
$exim4 -C config -d+all -bs #where config is my new config file
For a while now I’ve been getting spammed by logcheck running on one of the servers i maintain. I had upgraded some random packages, and now started getting the following consistent messages:
Mar 25 14:23:01 localhost cron(pam_unix)[3477]: session opened for user mail by (uid=0)
Mar 25 14:23:01 localhost cron(pam_unix)[3477]: session closed for user mail
It turns out that sometime from pam .76-14 to pam .76-22 (the libpam-modules package in particular), the format of libpam reporting was changed to:
Mar 25 14:39:01 localhost CRON[3581]: (pam_unix) session opened for user root by (uid=0)
Mar 25 14:39:01 localhost CRON[3581]: (pam_unix) session closed for user root
Here is the cvs diff in logcheck concrning this issue. Here is the main logcheck homepage. For quick reference, here are the two regex commands that work for the older version:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ cron\(pam_[[:alnum:]]+\)\[[0-9]+\]: session opened for user [[:alnum:]-]+ by \(uid=[0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ cron\(pam_[[:alnum:]]+\)\[[0-9]+\]: session closed for user [[:alnum:]-]+$
To test the regex:
egrep -v -f rules/ignore.d.paranoid/cron < test2.log
assuming the rule is in the file cron, and test2.log is a sample of the log output. Another interesting tidbit of logcheck, is that it always runs all *more* restrictive rules.. ie “server” implicitly includes “paranoid” and “workstation” includes “server”.
Sometimes after cat-ing a binary file, my terminal goes a-wall and all i see are a bunch of liner characters. I found http://www.faqs.org/docs/Linux-HOWTO/Keyboard-and-Console-HOWTO.html that provides alot of useful info. The solution to my specific problem is:
% cat
^O
^D
Using ctrl-N instead of ctrl-O switches to line mode. Spsedly ESC-C is a general term reset. I havent been in a situation where this has worked for me.
I just installed Debian using the Debian Installer (to be included in Debian 3.1). Installation was as smooth as one could hope. The only real problem arose when trying to configure XFree86 against the i810 drivers and the dell 15″ lcd.
This guy’s experience was pretty helpful. Running Linux on my Dell Dimension 3000. I had some trouble with the video card. Unfortunately, I didnt read the guy’s page closely enough. So i had quite a bit of problems detecting 1280×1024 at 75hz or 1024×768 at 75 using 24bit color. It wasn’t until I found http://ubuntuforums.org/archive/index.php/t-5862.html that I figured it out.
“XFree86 -configure” provided a pretty good configuration file. I added the “DefaultDepth 24″ and specified “Modes 1280×1024 1024×768″. Still had to link the mouse correctly and also setup wheel support.
Dell’s are a bit too cheap at times. This computer has a loud case fan. Really annoying
Interesting article about free software titled Your software rights or the best tools: often a sad choice
Giving up function or convenience in trade for other more important benefits is a reasonable sacrifice, but what of the user’s rights? Should we give up everything for freedom?
I like the sound of that.. Well its not really much of a paradox.. While python is not a language pressed by the education system, it does have its home in the land of scripting, the web, and unix. And it does have a more theoretical basis… lambda! I use python a decent amount. However, for me its a struggle between python and php (with the stabilization of php-cgi). Because the Python db 2.0 APIs are too Java-ish, i prefer php for all my more complex tasks. php has the ability to get results in associative arrays, uses ” for empty string and null. I can deal with ‘None’ popping up everywhere, but I gotta have associative arrays. I just cant see myself doing row[ 23 ] and being correct. I stand corrected!! ADOdb for python! Here is the full article.
With all my computer woes, its hard to do anything on the computer. Earlier at Rice I was trying to log onto aim. Aimexpress failed on greenland (linux box) so I turned to gaim. Gaim loaded just fine. When I got to work I tried to log onto aim. I forgot I had left gaim running. So I had to kill gaim on greenland. When I loaded aim, my buddylist was wiped. So i’ll have to be careful of gaim from here on in. So tack another one on the list…
===== Update 12/26/2006 =====
AurorAManson posted this link which discusses how to recover your buddy list. Heres the core info:
If it’s not possible then follow these steps to recover your buddy list. First make sure you use a computer that has been signed in before with the aim name’s list in which you want to recover. You’re also going to want to make sure that you have your hidden files shown. In order to show hidden files on XP have a windows folder open click tools and go to folder options > click on the view tab > show hidden files and folders > ok. Once you have hidden folders shown go to: C:\Documents and Settings\+NAME+\Application Data\Aim\+SCREENNAME+\userinfo.bag. It will ask for you to open up the file. Select a document program from the list such as notebook or WordPad.
The file contained has a lot of different symbols in it, don’t worry just sift through and find the usernames of your friends copy and paste them back onto your new list and presto you have your friends back.
Very interesting article by Tim O’Reilly about Open Source software and paradigm shifts. Very interesting discussion about commoditization of a market allows for two opportunities: 1) “intel inside” monopolies for under the hood components, 2) Creation of new applications to run on the next layer up.
Q: How to setup transparent Squid proxy.
A: iptables -t nat -A PREROUTING -i $INT_IFACE -p tcp –dport 80 -j REDIRECT –to-port 3128
Q: Iptables version of stopping syn flooding
A:
#Create syn-flood chain for detecting Denial of Service attacks
iptables -t nat -N syn-flood
#Limit 12 connections per second (burst to 24)
iptables -t nat -A syn-flood -m limit –limit 12/s –limit-burst 24 -j RETURN
iptables -t nat -A syn-flood -j DROP
#Check for DoS attack
iptables -t nat -A PREROUTING -i $EXT_IFACE -d $DEST_IP -p tcp –syn -j syn-flood
So I have a Sangoma S514 card I’m trying to install in my firewall box. The installation manual provides a good bit of info fot a stock tgz and rpm install. However, nothing in the linux world is totally straight forward. So my firewall box is too slow to compile a kernel, so i decided to try to compile the drivers on my server.
1. cd /usr/src/; mkdir /usr/src/built (localize src code)
2. put latest src code in /usr/src/linux
3. Get the latest tgz from ftp.sangoma.com/linux/current_wanpipe
4. tar xzvf wanpipe-xxx.tgz
5. Change ./util/wanpipemon/wanpipemon.c all multiline string constants to use ‘\n’ per gcc 3 ANSI C compatibility
6. ./Setup –builddir=/usr/src/built/ [--with-linux=/usr/src/kernel-source-xyz/] install
7. cd /usr/src/linux
8. make menuconfig
9. Aside from normal firewall opts, make sure the two following are modules: CONFIG_WAN_ROUTER=m, CONFIG_VENDOR_SANGOMA=m
10. export INSTALL_MOD_PATH=/usr/src/built/ (modules are used on other machine)
11. Edit modules, add -DEXPORT_SYMTAB to MODFLAGS. (this is req’d for 2.4.21 kernel)
12. make dep bzImage modules modules_install
13. install kernel and utility on firewall