"...Depleted vitality has created an intolerance for any further stimulation, or demands on his resources. This sense of powerlessness, combined with frustration that he cannot control events, subjects him to agitation, irritation, and acute distress. He tries to escape these by stubborn insistence on his own point of view, but the general condition of helplessness renders this often unsuccessful. Is therefore very sensitive to criticism and quick to take offense..."I pointed it out to a few friends, and theirs were dead-on also. Scary how 8 colored blocks can determine so much about someone... if you believe such things.
Network Dissolutions
After three phone calls to them personally, I managed to get them to change my address and telephone number from the CT location to the CA location. I couldn't do this via their "automated" email system after 52 failed emails (with NIC tracking numbers on each of them). I then tried to remove this erroneous person from my record, and sent many more emails. I emailed Darin DeCuir at his given address (dead), and then did a Google search for his name, to find out if he had any other address I could use. I found one entry, and emailed him there. No response. I tried calling Kaiwan, and the numbers were turned off.
I then called Network Solutions back, and spent 75 minutes on the phone with one of their operators, who proceeded to do nothing more than send me a blank Service Template to fill out, which generated a volley of more failed "automated" emails. Another phone call the next day, 1:07 long, and the same results. This operator was much more clueless than the first. I was irate. She insisted that I send a fax in, on "company letterhead" (which I have none, and do not intend to) and photocopies of my license. I asked to speak with a supervisor, since I had emails and phone calls going back 5 weeks, without a single change to any of my domains, accounts, or records. Unacceptable!. She proceeds to tell me that the supervisor is in a meeting.
I settle, frustrated, on that, and decide to comply and send them a fax. I faxed a new copy of the Service Template to them, signed, dated, with NIC tracking number on it, and included photocopies of my CT driver's license and a photocopy of my passport. There was no doubting that the person whose name is all over the domain records, and the address of the registrar, my web company, is the same one which appears on both my passport and my license (and anyone who knows me personally knows how much I HATE having pictures of me floating around) I can literally count the number of pictures of me in existance on both of my hands.
I call them again to verify that changes I made to a domain in progress were indeed being made, and that my address on my own internic handle records was being updated. The (non-English-speaking) woman proceeds to tell me that I filled out all the wrong forms in my email requests. I explain to her that their staff needs more training, since the operator from the previous day was the one who showed me which forms to submit. I explain to her that I'm moving my domains from a network which has a DNS server, to a network without any local DNS. She proceeds to start talking to me in a condescending tone about how I can't possibly have a website without having a dns, and how a host, website, and dns are all the same thing, and have to exist before I can have a domain.
Ahm, no. I explain to her again what I'm trying to achieve, and she comes back in her best 3rd-grade-schoolteacher voice telling me that I'm wrong, and I obviously don't know how the internet works. "...the IP address is like a telephone number... " After 2 full hours on the phone with her, frustrated, I simply hang up on her. (blood boiling)
The next day I call again to verify that they received the fax (this was Friday), and the operator (very helpful) indicates that they do, and proceeds to read off information ONLY shown on my passport. Great! He says it will take 24-48 hours to affect the changes. Perfect.
I then log into EasyDNS (thanks again go to rasmus for giving me the tip) and set up my domains to relocate to the new network. I pull all of the records, hosts, subdomains, etc. into there, and purchase a 25-domain block.
I call NSI again (Saturday) to see if my information has been updated, so I can make the final moves, and the operator this time says that they never received my fax, and that none of my information was updated at all, because I used the wrong templates. I inhale slowly, trying not to reach into the phone, and have her go over the process with me, which I verified was the right process. She then tracks back three identical requests in 3 consecutive days with 3 individual NIC tracking numbers, that I requested, responded, and confirmed the domain changes with their automated system, but their system ate the final responses, and never made the changes. She then proceeds to tell me that they have a NEW fax number for "expedited" requests to change my info, and if I fax them again, but this time on "company letterhead", they can make the change in 24-48 hours instead of 3-5 business days.
After about an hour on the phone, and frustration mounting, I begin to boil.
"This is unacceptable. I have NIC tracking numbers going back 5 weeks. You've already confirmed that your system is eating the responses. I've got over 50 emails here from your system, full of NIC tracking numbers, requesting changes, and NONE have been made. I've faxed you everything about me possible, to verify I am who I am. I want my domains moved, and I want this other person off my record, he is blocking my access to change my information on a domain I paid for. You are deliberately restricting my ability to run a business. I would like you to either change the information now, as I've requested, or give me a supervisor."I call back, get someone else after 37 minutes on hold waiting for someone to answer the line, and THIS person tells me she's looking at the fax itself, and that it will take 3-5 business days to process. Why can she see the fax, but the previous operator 37 minutes previous, could not. Another volley of automated email, no changes made, and still I haven't seen a single change to my domains, other than my contact information in my internic record has been updated.(puts me on hold for 7 minutes)
"Sir, I'm sorry, but the supervisor is in a meeting right now but if..."
(I cut her off)
"Unacceptable! I called on Tuesday with the same request, and he was in a meeting then. No supervisor is in a meeting at 10:00AM on a Saturday morning. Either you get me a supervisor now, or you get me his manager. Pull him out of the meeting. I don't care. This is unacceptable. You gave me the same excuse on Tuesday. I don't want excuses, I want answers!"
(automated voice)
"We're sorry, the line has been cut. Please try your call again later..."
She hung up on me! (blood boiling)
The result is that I have less than one week to relocate my domains now, including the ones with incorrect information in them, and get a box built onto the new network. My current provider is cutting off the service. He emailed me asking me to call him, and specifically said not to email him back. I called him on his cell phone, left a message. I called him at home the next day, left a much longer message, describing the details of the changes I was making. No calls back yet. I'm getting very suspiscious.
h4xx0ring
ViewCVS
Apache
[Sun Jul 1 00:35:27 2001] [notice] Apache/1.3.20 (Unix) mod_python/2.7.2 Python/2.0 PHP/4.0.6 mod_gzip/1.3.19.1a mod_perl/1.25 mod_ssl/2.8.4 OpenSSL/0.9.6a configured -- resuming normal operations
There's still a problem though. If I have mod_python loaded, the server segfaults. GAR! Still working on that one. Certificates are working, and all of the Rewrite rules are functional. I've been spending some time splitting off the larger chunks of httpd.conf into separate external files, so I can manage them easier (it also makes it easier when you have to disable ssl, for example, to comment out one include line, then to comment out 75 SSL defines and structures in the master httpd.conf file itself).
For those wanting manual instructions (HIGHLY recommended), there's Apacompile. I found this invaluable trying to figure out how to juggle the things that were always nearly impossible manually.
Domain Hacking
No, the IRC services offered are not in any way going to be attached to, pointed to, or affiliated with the private services of OpenProjects, otherwise known as OPN. I will not confuse people by affiliating a free, open, public service with a closed, private service such as OPN.
Secret Project #209
Bones
Hair
Birthday's coming up. I wonder if I can get this sleeve colored in before Mike kills himself on his bike.
What a Saturday! I wonder what's in store for me tomorrow!
jailed()
I've designed a completely new way of handling this situation in my sandbox system here, one which I've never seen implemented or discussed before (I must thank all this Embedded Linux work for giving me the idea, and the guys in #perl on Efnet for helping me squeeze some of the last bugs out of the theory -- no, it is not implemented in perl, but trying to get something as spindly as perl installed in the jail, and remain functional, presented quite a challenge).
So far, in my testing, I have not been able to break through it. I have an edge, though, I know the technology used to implement it, which lets me know how to try to exploit it. Normal users on the server would not know this, or be able to find it out from their own vantage point.
"...Nothing is secure. Only secured..."
Creating a full file system inside a chroot() jail can involve several things, including hardlinks [bad, potentially insecure, doesn't cross filesystem boundaries], symlinks [ug, needs no explanation], or statically compiled binaries [definately not ideal for a server potentially holding hundreds of user accounts]. What I've managed to do, is provide a fully-working, non-crippled file system with intact shared binaries and libraries, including perl and python and friends, inside the jail, read-only, in a way which is reproducable, secure, and not crippled.
At this point, we have a fully-functional shell account, with all services read-only (using my new design), and the user themselves gets a nice large chunk of quota'd space under their account from which they can use for web, code builds, whatever (process-limited, and using idled, of course. There are ways around it, but that's already been taken care of on my end).
ObJailHack
int fd = open("/", O_RDONLY); mkdir("testdir"); chroot("testdir"); fchdir(fd); for (int i=0; i<10; i++) { chdir(".."); } chroot("."); execl("/bin/sh", "/bin/sh", NULL);
I'll let the others figure out what this fixes.
So much more to go, but I'm learning quite a bit of theory and technology I never knew before. I'll keep posting my findings as I go through them. Perhaps others can take advantage of some of this on their own systems. The next step is to start locking down every service and daemon on the box so that they too run in mode [3] or mode [4] above. Something similar to:
#include <stdio.h> #include <stdlib.h>You get the idea. More later.main(argc, argv) { int gidlist[] = { 505 }; chroot("/usr/chroot/MyDaemon"); chdir("/"); setgid(505); setgroups(1, gidlist); // or initgroups() setuid(505); execl("/bin/MyDaemon", "/bin/MyDaemon", NULL); }
Cellblock 3, LOCKDOWN!
I have been successful in implenting a quota on chrooted ssh shells (yes, I'll certainly document this and post a link when I'm done), and locked them down pretty tightly. What is this for? I am now expanding my services and opening up the cvs to the general public community. The server can now be used as a public cvs, web, database, development platform for anyone who has an open source project and wants to house it there.
Currently there are about a dozen public projects in the cvs and about a dozen others not public in there also.
and because of these changes, now we can offer...
A Free Public CVS Server and Development Environment
I have put up a container page as a placeholder until the new domains come rolling in and get pointed to the new box (a million thanks go to rasmus for allowing me temporarily host it on his connection until I can find a provider here in CA.)
What's "different" than other similar services?
When we say free, we mean free, not free with "...fine print..."
I'm open to suggestions of other tools and services we can provide, so if you have ideas or have a project you wish to host, please feel free to email me
Embedded Linux
Life's been busy, but it's moving along fast. Birthday comes up in about 2 weeks, turning The Big Three-OH.
Somehow I don't feel any different. Am I supposed to?
I have now tamed the 8-headed hydra of a beast which calls itself cross-gcc. After beating my head against the wall tracking down bugs deep into the guts and bowels of gcc and glibc, I figured it all out.
In the spirit of open source ("Release Early, Release Often"), I've whipped up a single-pass-build-script to make this all incredibly easy for anyone else to take advantage of.
Seems that every VA box I'm aware of (and many Andover boxes also) is/are down, except SourceForge. I would have personally preferred the opposite, but hey, that's just my opinion (these include themes.org, linux.com, slashdot.org, newsforge.net, linuxgram.com, andover.net, OSDN.com and others). Some people believe it has to do with VA's recent financial troubles.
Personally, I don't get into the politics of any of this, but here's the official Quit Slashdot.org Today page for those who want a laugh.
I just tried to do a whois on each of these servers and noticed some interesting things:
# date Sun Jun 24 05:41:54 EDT 2001# whois slashdot.org [whois.internic.net] Whois Server Version 1.3 SLASHDOT.ORG.SUCKS.COMPARED.TO.JIMPHILLIPS.ORG SLASHDOT.ORG
# whois linux.com [whois.internic.net] Whois Server Version 1.3 LINUX.COM.NEEDS.TO.RUN.FREEBSD.LIKE.HCCTRC.COM LINUX.COM.IS.KINDA.COOL.BUT.RUN.FREEBSD.LIKE.JIMPHILLIPS.ORG LINUX.COM.ALONETRIO.WAS.HERE.WITH.ALTAVISTWAP.COM LINUX.COM
My current bet's on more hacking going on. Nobody asked me to investigate this one though.
I ordered DSL finally, and will end up paying way too much for it. $99.00/month for 144k/144k of IDSL, not even real DSL. It's all there is here, but that beats the 14.4k dialup performance I've been getting lately.
URGENT
Spent the rest of the day fighting with Mantis bugs, and going the very-painful path of upgrading from 0.14.18 to CVS HEAD. Made about 1,000 fixes to the code for both "prettiness" and consistency
Then I hit a dead stop. Fatal bugs aplenty. I've posted 7 critical/fatal bugs today with it (0000591 through 0000597 over here. I really like Mantis. I really like where it's going. I don't like having to hand-reinstall these dozens of parts every time I upgrade though. It was a toss-up between Mantis and RoundUp. I leaned towards Mantis only because my server can no longer take any more hits from static Python binaries running under httpd.
The rest of the bug tracking packages out there failed miserably (I tested at least a dozen, from JitterBug to Bugzilla, GNATS, Double Choco Latte, Tracker, and a few others. rasmus has one he uses on bugs.php.net, which was nice, but not quite as full-featured as Mantis). These two are clearly the most powerful I've seen.
My end-goal of course, is to provide a nice, integrated, robust, set of tools for the developers that use my hardware and my free public cvs and to increase the speed with which we can close bugs and continue writing productive code.
I picked up two good books the other day. The first one is by John Douglas called Obsession, and is full of case studies of profiled killers, rapists, stalkers, and their victims. I'm about 1/2 way through this one, and it's only 2 days old. The human psyche and forensic pathology along with investigative detective-type work are beginning to pique my interest.
The second book I picked up was by Steven King, called Insomnia, and is about an older gentleman who loses his wife, and slowly begins losing sleep a little each day. He begins having "visions", which he thinks are hallucinations... I'm about 3 chapters into this one already. So far, it's pretty good.
02:30 PDT, time for food and one more deliverable tonight before I crash.
<selfless plug>cert me</selfless plug>
Note to self...
OOPS!
Tue, 19 Jun 2001 09:31:24 -0700 (PDT)
Never do a major revision release at 03:06am PDT again. I rerolled the packages, and replaced them. We caught two bugs early enough not to require a increment in the version numbering.
pilot-link 0.9.5 released!
My hands hurt
Spent all day trying to get gcc/binutils/gdb and friends compiled on both x86 and SunOS on an E3500 machine as a cross-compiler for ARM as a lab for this Embedded Linux Course. I don't know (or remember) SunOS as much as I probably should, much fumbling around was had (over 14.4k dialup no less). Thanks go to mkp for bailing me out here and there. He's not off the hook yet though. The guys in #solaris on Efnet were helpful also.
Now to decide if I want to drop some caffeine and stay up all night (or at least for the next consecutive 15 hours or so) and work on this course, or if I should just crash, and let biology wake me up.
What a week so far. Unbelievably productive.
The Wonderful World of Javascript
I've never done Javascript programming before (can I really call it that?), but here's what I have so far after about 2 hours of tinkering (it's a Javascript "popup" wizard walkthrough sort of thing), which will prompt for the URL (it snarfs it from the current page), an expiration time on the cookie (defaults to 1 day), and then the maxdepth of that URL, and sets two local cookies for those values. When it's all working (or I hit the string length limit on bookmark Location fields), it will walk the user through the full gamut of settings for that URL.
So far, this works, and properly sets the cookies. Why do I want to do this in a Javascript fashion? because my goal here is to make a Plucker "bookmarklet" that most users can use to ease their pain of Plucker configuration and sync'ing.javascript:q7Hm8=prompt('This webpage has ' + document.links.length + ' links.\n\nBelow is the URL of the current webpage. We can now store this value in a \n local cookie on your machine. Once your selected Plucker parameters are set,\nwe can then create a home.html file for you with these parameters.\n',location.href);
if(q7Hm8!=null) { // Prompt for two separate vals // which will be stored in two // cookies on the local machine pVj5D=86400000*prompt('Expires in...(days)','1'); m3xD=prompt('How deep would you like to gather' + location.href,'1');
// Prompt for the maxdepth value here 1m4g3s=prompt('How deep would you like to gather' + location.href,'1'); dT9v=new Date;dT9v.setTime(dT9v.getTime()+pVj5D);
// Store the first cookie (URL) void(document.cookie='PluckerURL='+escape(q7Hm8)+'; expires='+dT9v.toGMTString());
// Store the second cookie (maxdepth) void(document.cookie='PluckerMaxdepth= '+escape(m3xD)+'; expires='+dT9v.toGMTString());}else{void(null) }
An example of how it can be used (for this current page) is here
Reading the cookies back is a bit simpler. I won't bore you with the code, but it allows me to do some interesting things with it. The problem with Javascript is that I can't launch a local client application (plucker-build in this example, which is used to actually gather the content itself), nor can I write to a local configuration file. I can, however, put the data in a popup browser window, and have the user do a SaveAs from the menu on that window. It's not the best solution, but short of having to write several different plugins for each architecture, it will work for the moment.
I'm still trying to find out if Javascript has checkbox and <option select...> type of elements so I can make a real application out of this, in a client-side popup dialog "wizard" thingy.
Why am I not doing this fully in a webpage-style application? Because then you lose focus of the webpage you're on that you want to Pluck, and this must run client-side. I suppose I could make a webpage that contained similar code, and then submitted the URL to my server for final parsing and gathering, but my server doesn't have the bandwidth for that right now.
This all started from my original search google bookmarklet. You can click on it and it will pop up an entry dialog, or you can highlight words on the webpage, and click on it (go ahead, try it) and it will send that highlighted text to google as the search criteria.
I started playing a bit, and came up with another weird one to translate the current webpage into German (or any other language)
Mantis
As the Task List Turns... (unordered)
My hands hurt.
Wed Jun 13 00:06:18 PDT 2001
What irks me the most is that people ask us (as developers and maintainers) to fix this, fix that, add this, add that. What they fail to realize is that we are not always here to just provide for them. Many of us write software because it fills a hole in what we already do, or we want to make what we do easier. We are not an open software conglomerate to keep feeding "requests" into. If something doesn't work the way you want it to, and the author or maintainer doesn't seem to want to add that feature, add it yourself and submit a patch, or create your own version. You have the source. Whining about it only makes noise, and noise is distracting.
Open Source is not a pool of free development hours for people to just abuse. People who don't want to contribute, get muted to the bottom of the pile.
Beheadings
Sabaya said they beheaded the American:"..because the Philippine government is toying with us.."
On arrival of U.S. troops for joint exercises in the Philippines:
Sabaya: "Welcome to the party. If the U.S. troops come here, they're the ones we want to fight."
On any U.S. assistance in the hostage crisis:
Sabaya: We're raring to fight. We want to fight with the U.S.. Tell them to reinforce their troops, if they want. Maybe they think we'll be frightened. Well, all I can say is it's up to the government. They think that they can beat us in a gun battle. They think we will bend. We would relish dying than surrendering to them. Remember.
Two people confirmed beheaded, one of them a volunteer negotiator for the rebel group. The third person was an American, a tourist, who had nothing to do with the conflict at hand. His body has not been found yet.
IMHO, like the Philipino government, we should have a zero tolerance policy as well with these people. You kill an American, we destroy your military base, we strangle your finances, destroy your military facilities, and imprison the families, friends, supporters, and funding parties of your campaign.
You're not afraid to die, good.. BANG, you're dead. Anyone else?
Now where did I put that extra clip and that application to become a mercenary again...
Other Goop
The server was down for 19 hours. Lightning storm took out the power. Need to relocate that network to California.
Started converting all of my HTML pages over, customer and otherwise, into XHTML 1.0 validated content. Satisfying, but tedious.
Birthday coming up in a month. Might want to treat myself to some more inkwork on that right sleeve.
USB synchronization with the m50x Palm devices is almost working. That's the last thing left holding up the pilot-link release... Then it's on to the XML path, and gutting the architecture and codebase quite a lot... fun fun. I might have to prod dyork and some of the other XML and XSLT/DTD gurus here sometime soon for some databits on this.
Working on an internal Secret Project #209
Still working on the Embedded Linux Course
I think a vacation is looming on the very near horizon. Something very far away, please.
New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.
Keep up with the latest Advogato features by reading the Advogato status blog.
If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!