Dell DRAC 5 – DCRAP 5

We have some Dell PowerEdge 1950’s with Dell’s server remote access device, the DRAC.  Previously, this DRAC system provided remote console using a java applet – worked fine once you had the jvm installed, even on Linux.

I think since DRAC version 5, they’ve replaced this with some custom plugin they’ve written and it’s appalling.  Firstly, whilst there is a Linux version I’ve not been able to make it even install.  Looking at their installer code, it just couldn’t have ever come close to working unless the quality testing department (ha!) were running their browsers as root, though it still wouldn’t work.  So I’m assuming Dell have no Linux QA.

(more…)

Segfault in Ruby Ferret query parser

Whilst working with the Ruby text search engine library Ferret, I came across a segfault in the query parser. It had already been reported and fixed, but I realised it can lead to a denial of service.

If you use Ferret anywhere that allows users to execute queries, those users can crash the Ruby process with a specially crafted query.  This was quite serious for a number of my sites (not to mention slowing development of a current app) so I applied the fix to the released 0.11.4 source and repackaged it as 0.11.4.1.

Obviously this isn’t in any way official, but it works for me and I’m sharing here for anyone else affected. Gem, tgz and zip here and just the patch available here (derived from the author’s changeset to trunk).

The patch is against the release source, as the subversion repository seems to be down atm (I got the changeset from the web bases subversion viewer).

Get upgrading!

ELER: Kill Your Tribal Elder

The video of the talks from Lug Radio Live 2007 are now online.  My talk was about free and open source software, crowd wisdom and leaders and was called ELER: Kill Your Tribal Elder.  If you missed it, you can view it there, if you feel it important.

Lighttpd and the wonders of strace

I ran Lighttpd under strace today whilst debugging a problem with mod_deflate and I found two mis-configurations just from watching the system calls it was making. In case anyone is interested, this is what I found.

Firstly, I’d enabled the system.use-noatime option but I could see that it was failing to set this mode when opening a file to serve:


open("/home/john/.../newsniffer.css", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_NOATIME) = -1 EPERM (Operation not permitted)
open("/home/john/.../newsniffer.css", O_RDONLY|O_NONBLOCK|O_LARGEFILE) = 40

I realised that Lighty drops privileges on start-up, and the O_NOATIME option is privileged. No biggie, but a wasted system call is a wasted system call, so I disabled the option. To my surprise, this fixed the blank/empty page problem I was having with mod_deflate. Clearly a bug, but now I can file a slightly more helpful bug report (this is the Lighttpd dev trunk btw).

Secondly, I’d always assumed (having read it somewhere, I’m sure) that Lighttpd selected the most efficient event-handler available on the operating system – on my Linux 2.6 system this would be epoll, but strace showed Lighttp using regular poll:


poll([{fd=4, events=POLLIN}, {fd=5, events=POLLIN}, {fd=-1}, {fd=-1}, {fd=-1}, {fd=-1}], 6, 1000) = 0

So, I explicitly configured it with server.event-handler = "linux-sysepoll" and now strace shows me:


epoll_wait(39, {}, 4096, 1000)          = 0

I’ve always found the strace tool very useful, but sometimes I forget and take it for granted. I love you strace tool.

MoinMoin wiki with Lighttpd 1.5

This took me a little while to figure out, so I’ll blog here to help others (and me, next time I need to do it and can’t remember how).

I use the MoinMoin wiki software to run a couple of wikis and they run under the Lighttpd web server. With the current stable Lighttpd (1.4) you configure it to use the MoinMoin fastcgi service a bit like this:


  $HTTP["url"] =~ "^/wiki" {
    fastcgi.server =  ("/wiki" => ( "mywiki" =>
      ( "host" => "127.0.0.1",
        "port" => 22000,
        "check-local" => "disable",
        "broken-scriptfilename" => "enable" )
      ))
  }

The new Lighttpd (currently in development, but to be version 1.5) has reworked the way you define fastcgi backends, and has lost the “broken-scriptfilename” option in the process. Without it, MoinMoin doesn’t see what wiki page you’re trying to visit, and can’t build new links properly. Luckily you can reproduce this feature with some proxy-core rewrites:


  $HTTP["url"] =~ "^/wiki" {
    proxy-core.protocol = "fastcgi"
    proxy-core.backends = ( "127.0.0.1:22000" )
    proxy-core.rewrite-request = (
      "_pathinfo" => ( "^/wiki(/.*)" => "$1" ),
      "_scriptname" => ( "^(/wiki)" => "$1" )
    )
  }

And your MoinMoin lives to be spammed another day.

Caffeine

I ran out of coffee on Sunday and found myself immediately planning on getting a fresh supply first thing Monday morning, which brought a caffeine addiction to my attention.   So, I decided not to buy any more coffee and in fact not to consume any caffeine for a week or so.   Here I am two days in and I’ve got a banging headache and feel pretty crap, which is strange considering I only usually have a coffee in the morning and perhaps a cup of tea in the afternoon.

I’m interested to see how this pans out, and how I get on post-withdrawal.

Feet on the beach

Louisa's feet

The chronicles of Lug Radio Live 2007

Me doing a lightbulb gong talk thingLUG Radio Live 2007 was great fun.  There was a real community vibe thing going on.  A quick random chronicle of the weekend from our point of view:

Arrived Friday evening, dropped things off at the hotel and went straight to the Hog’s Head pub to meet all the other early arrivers, of which there were many.  Met quite a few random and not so random people: Patrick Finch from Sun, who is just the nicest tech guy in the world.  We met him last year too.

Alan Pope, Neuro – both ELER fans and purchasers of many Geekz tshirts.  Johan and Sebastian from Sweden, who noticed my Knuth t-shirt and said his friend had one too and was surprised to learn we make them.  He took a photo of me wearing it and sent it to his friend back in Sweden :).

Andy Davidson, he’s from Sheffield and was surprised to learn there is a WYLUG planet and wanted to know how he could get listed on it.  Louisa recognised his name and he was then further surprised to learn that he is already listed on it.

Glyn Wintle from the Open Rights Group, who comes in a close second in the nicest tech guy in the world competition.  We hung out with Glyn for most of the rest of the weekend, especially since his stall was next to ours (we were selling our geeky tshirts and stickers and badges and crap).  He convinced me that I need to do a whole lot more with regard to defending our freedoms (like *actually* writing to my MP! Shock! Horror!)  We’re also going to switch our EFF donations to them.

(more…)

LUG Radio Live 2007 this weekend!

Remember, it’s LUG Radio Live 2007 this weekend in Wolverhampton, UK.  As you can see from the schedule here, there are some cool talks by some cool people (and also a talk by me :) and a big party Saturday night.

You can pay in on the door (a measly £5).  Details of local hotels to stay in here.

Hope to see you there.

CIA Freedom of Information – Publish Your Own

CIA sealThe CIA Freedom of Information website had the dumbest security hole in it.  With all the recent hoo har about the “Family Jewels” documents, you’d expect they’d do a quick once over on this stuff.  All the textual content on the document view pages is generated directly from variables passed in the url – with no input validation.

This opens them up to cross site scripting attacks (XSS) and really is just stupid.  Lucky they aren’t the GUARDIANS OF THE LARGEST CACHE OF SENSITIVE INFORMATION IN THE WORLD or anything – *phew*.

Anyway, using this bug, I made a website where you can write your own documents and publish them on the CIA FOIA website:

http://geekz.co.uk/cia-foia/

I guess that from tomorrow, any mail for me should be addressed to Guantanamo Bay.

Actually, technically you’re the ones doing the exploiting by using the links my site provides – so, you know, at your own risk and all that.

An example here.

local and remote subversion repositories with Capistrano 2

Peeking at the code of the upcoming Capistrano 2, I noticed you can define different scm variables for remote and local use, which is something I need (I was looking at the code in the hope it could do this :)

So, say I have my code stored in a subversion repository on my local disk, say file:///project/trunk. That’s fine for when Capistrano is querying the latest revision, but the remote servers need to use the repository url svn+ssh://mymachine/project/trunk.

Without modifying the code, this was impossible with Capistrano v1. With Capistrano v2, you can prefix any scm configuration variable with local_ and it will be used for local operations:

set :repository, "svn+ssh://mymachine/project/trunk" 
set :local_repository, "file:///project/trunk"

Leeds Ruby on Rails Talk

Ruby on Rails logoI’m talking about Ruby on Rails at the West Yorkshire Linux User Group on Monday 11th June 2007. I’ll be covering what Rail is, how it works, and how you use it. Starts at 1900hrs at the E.C Stoner (snigger) Building at the University of Leeds. There follows a talk about Sun’s ZFS file system by Tom Hall, then we retire to The Victoria Hotel pub for some real ale and whatnot.

I’ll be the tall one with the curly hair… stood at the front… talking about Ruby on Rails.

Directions and stuff to be found on the WYLUG website.