Yesterday was my birthday, and it was full of cookies, pies, magical pixie dust and things made entirely of sugar and spice!
The remainder of the day was spent re-installing Debian Lenny upon my EEE PC - Somehow I managed to completely screw the system.
Because the EEE PC is one of those ultra-portable machines I mostly used it when I was travelling, or outdoors. That mean I was generally receiving poor connectivity and the system packages weren't up to date.
While I was in bed I figured I'd dist-upgrade it to the recently released Lenny. Unfortunately I started the dist-upgrade inside X.org, once I realised this I figured I'd cancel the operation via Ctrl-c.
Bad news everbody: I think I was unlucky enough to interrupt an upgrade of libc, or something equally critical. Every single application gave segfaults afterward.
I had two open root terminals and I could navigate around via cd .., and "echo *", but all other commands such as sudo, dpkg, strace just gave segfaults. (Even static commands gave errors - so it might have been the dynamic loader that was borked, I admit I didn't look too closely.)
I figured reinstalling would be a good solution since the machine has a 4Gb root partition and /home was stored on a separate 16Gb volume. Unfortunately I managed to misjudge the installer's partitioning step and nuke the partition table on the external volume so I ended up losing the whole system.
Happily reinstallation was a breeze as my home network is setup to allow installation via PXE network booting (at some point I should document NFS-root PXE-booting). It took me longer to fiddle with the BIOS on the EEE PC to allow network booting than it did to complete a minimal install. Which I guess is good.
I still need to restore my backup of /home/, but that can wait a few days. Right now I'm loathe to touch the machine at all - although I did distract myself by getting KVM to PXE boot:
# create 4gb disk image
dd if=/dev/zero of=/tmp/img.img bs=1024 count=4096k
# launch KVM
sudo kvm -no-acpi
-boot n -tftp /var/lib/tftpboot/ -bootp /pxelinux.0
-net nic,macaddr=00:0E:35:be:de:ad -net user
It seems that KVM wants to have access to the local TFTP root directory so I just pointed it at that. Since my desktop machine is also my TFTP + DHCP host that works out nicely. (A quick scan of the manual suggests that QEMU/KVM has funky built-in TFTP code, so it doesn't actually forward TFTP requests over the network.)
DHCP requests were certainly passed around as expected though and were answered via my local dnsmasq installation. I did see errors at every DHCP request in syslog, but they seemed harmleess enough:
gold dnsmasq: no address range available for DHCP request via qemu0
ObFilm: Never Been Kissed.
Tags: birthday, dnsmasq, eee pc, lenny, pxe
15 March 2009 21:50
This weekend I mostly fiddled around migrating machines from Xen hosting to KVM hosting. Ultimately it was largely a waste of time, due to various other factors. Still with a bit of luck it will be possible to move the machiens next week.
That aside I spent a while updating my blogspam detection site. As a brief recap this site offers a simple XML-RPC service which allows you to test whether incoming blog comments are spam or not.
Originally this was put together to fight an invasion of comments submited to the Debian Administration website: The site currently shows:
Depressing. But not as depressing as the real live stats which show since I last reset the counters 36,995 spam comments vs. 1,206 non-spam comments. (live updating counters here)
Anyway I updated the service today to add two new plugins, both of which are a little reactionary.
The first new plugin is called "multilink" and is based upon the observation that spammers rarely know the markup of the site they are submitting comments to. This means you can frequently see submitted comments like this:
<a href="http://spam.com">buy viagra</a>
Here we have three different styles of links - "a href", "link=", and "url=". I figure this is a clear indicator of a confused mind, or more likely a spammer.
The second new plugin is designed to stop people who enter "<strong>" words. It is a little coarse but actuall zero false positives in the real world so I'm going to leave it live to see how it works out.
In happier news I'm just back from a trip to the beach. Sand rocks. Even if it wasn't windy enough for my kite ..
ObFilm: Dracula ("Bram Stoker's Dracula" - 1992)
Tags: blogspam, kvm, xen
19 March 2009 21:50
About a year ago I was looking for a "support system", to allow people to report issues and then allow myself and my partner to handle them.
I looked at several packages and eventually decided upon roundup. (Minimal dependencies, included in Debian Stable, Simple to setup.)
Over time my annoyances with this package have grown, so its definitely time to look again at the support landscape. For the moment I decided to give in to pressure and try RT. Unfortunately this was very quickly the result:
[Tue Mar 17 18:54:23 2009] [crit]: <rt-3.6.7-5189-1237316062-367.1-3-0..>
Could not send mail: Couldn't run /usr/sbin/sendmail:
Cannot allocate memory at
/usr/share/request-tracker3.6/lib/RT/Action/SendEmail.pm line 334.
How much memory does the system have? 400Mb "real" and 256Mb "swap".
I've bumpted it up to 512Mb + 376Mb respectively. Lets see how that helps.
I'm reminded, once more, that in theory a support system is a small piece of software. In terms of my RT install all I did was install it, configure it such that when a new user submits a ticket they get back an autoreply with login details and can view/edit/close their own ticket via the web interface. This wiki page helped.
This is a step up from roundup which has a weird idea of security - if you allow a ticket submitter to use the UI they can see all open/closed tickets.
Anyway I'll keep testing it for a couple of days and if the memory helps then I guess its a small price to pay but .. ugh. Maybe the home made solution is the more practical solution..
Tags: oom, request tracker, roundup
21 March 2009 21:50
Last week I resigned from my position as member of the Debian Security Team.
Historically several Debian teams have had members inactive for months and years at a time, and I'd rather be removed of my own volition than end up listed but inactive like that.
It's been a pleasure working with all members of the team, past and current (especially Joey), and who knows I might return in the future.
If you're interested in security work then getting involved isn't difficult. It just takes time, patience, and practise.
ObFilm: The Goonies
Tags: debian, debian security team, security
30 March 2009 21:50
All being well the Debian Administration website now fully supports UTF-8.
This change was a long time coming, considering the amount of time the site has been live.
Most of the changes have been present for a while:
- Correctly setting the database to store UTF-8 internally, rather than latin1.
- Correctly setting the charset of the generated pages.
The only missing part was ensuring the at the text input by visitors/users was correctly decoded and treated as UTF-8. This was handled by updating changing the Perl CGI module to explicitly call charset appropriately.
Since the code behind the site masks the database, memcached, and CGI handles behind singletons the change itself was pretty trivial:
I made more changes this evening to tie it all together, and to ensure that my Database connection is always forced to use UTF but I think that wasn't so important.
I hope this is vaguely useful the next time I have to fight with character sets & encodings. It is just all so nasty. Failing that these pages are vaguely useful:
ObFilm: Run Lola Run
Tags: debian-administration, utf, utf-8, utf8