Tristan pointed out that most of the images linked to below where, in fact, all the same. My mouse skills were obviously on the blink at that moment. The links have now been fixed.
Linux 2.6 has real per user accounting:
struct user_struct {
atomic_t __count; /* reference count */
atomic_t processes; /* How many processes does this user have? */
atomic_t files; /* How many open files does this user have? */
/* Hash table maintenance information */
struct list_head uidhash_list;
uid_t uid;
};
This means that process and open files limits apply across the whole system, not per session like they used to. It also means that if a setuid call would cause the resource limit to be exceeded then it returns EAGAIN
Also, Apache 1.3.28 has a known bug with CGI handling and SuEXEC which means it leaves zombies all over the place (offical patch released). Guess how this and the above conspired to bite me today.
Apache 1.3 cannot proxy SSL requests. But Apache 2 can, and it can cache the results. It also supports SCTP for those who know/care what that is.
Also, despite fluffing the second question it looks like I might have made the top 500 cut in the GoogleJam
And slashdot has just published this story about how the FTAA treaty is going to ratchet up IP laws again. But for once the UK isn't part of it.
Another letter to my MP, this time on software patents.
God doesn't work. "it puts God to the test - and there are clear instructions in the Bible not to do this" - well designed meme wasn't it? Poor deluded sods.
Diebold are making a mess about their memos being published and are C&Ding lots of websites.
Great picture: Found Nemo
The film is not fantastic, but a good way to spend a couple of hours.
A while ago Google announced the Google CodeJam which is basically another coding competition. This one is a little different to anything else I've done because it's a sit at home competition. This presents some advantages; it's most comfortable and you get a vim working the way you want. It also means there is a lot of scope for cheating.
Once you look at the first problem you have 60 minutes to submit solutions. You can only submit once, but they do have a reasonable testing framework.
The score you get for a problem is based on how long you take to submit it. Once the coding phase (this weekend) is over they go and test the programs and anything that fails a test is discounted.
The top 500 go onto the next round.
It's obvious that a single user could in fact be a team of coders working on the problem. It's also quite possible to be many users and to read the questions well ahead of your `time' starting. The latter problem is slightly resolved because there are 10 sets of questions. But that just increases the work needed by a factor of 10 and creating 11 users isn't a lot of work.
Personally I didn't understand what the hell the second problem was asking and, looking back on it, I still don't. And the second problem is worth 80% of the marks so I've failed this one. Maybe they will run it next year.
In crewing news - the City and Guilds Ball went very well even if I did get home at 7am the following morning and the punters arrived 3 hours before we were expecting them.
Running CGI scripts for users on your webserver is a dangerous game. Not only do users test their runaway fork-bombing scripts but they also install known buggy versions of phpBB and the like and let your webserver get compromised.
And even if they cannot get root, crackers can use your >1Gps of bandwidth to turn your poor webserver into the central warez site for the whole of Europe over the weekend. I know. It's happened to us.
And so, tweetypie is born. The first thing to do is get rid of modphp and force all users to run php via the CGI binary and build Apache with SuEXEC support.
User may complain about not having modphp, but just slap them with rack rails until they go away. Then install this patch which sets resource limits on all CGI scripts and configure iptables to block all outgoing non-system packets:
*filter :INPUT ACCEPT [89251:15855936] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [85660:11402157] -A OUTPUT -d 146.169.1.1 -p udp -m udp --dport 53 -j ACCEPT -A OUTPUT -d 146.169.1.24 -p udp -m udp --dport 53 -j ACCEPT -A OUTPUT -d 146.169.1.189 -p tcp -m tcp --dport 5432 -j ACCEPT -A OUTPUT -m owner --uid-owner sshd -j ACCEPT -A OUTPUT -m owner --uid-owner wwwnot -j ACCEPT -A OUTPUT -m owner --uid-owner root -j ACCEPT -A OUTPUT -m owner !--uid-owner root -j DROP COMMIT
Then setup 2000 bind mounts to work around a race condition in the kernel (you almost certainly don't have the kind of load that would trigger this - so you can ignore it) and voila!
Simple eh?
Within two weeks...
| Server | Function | Fuckup |
| Heron | Primary webserver | Well, this was an emergency move after a hardware failure of the old server. Unfortunately, we forgot some stuff and someone rooted it via phpBB and sudo. So another emergency move (3 hours last Sunday night) onto a new server which we will enable CGI on when we feel ready. (It's roughly the same as running a public access shell server). |
| Chukar | Online Backup server | RAID controller decided it was a good day to die. Emergency move to an unused server promptly killed it and after a second move it seems ok |
| Faya | Research group server | Multiple disk failure. Scrape remains off and replace |
| Parakeet | Syslog and secure console server | Primary disk failure. Scrape remains off and replace. |
And Merlin (major fileserver) froze solid today and needed a SysRq-B. I think we should ask physics dept what experiments that started doing about two weeks ago.
One top of that, every spare moment has been spent running Fresher's Week at the union. [photos]
Well, it's a new year at Imperial and that means a whole new lot of freshers and lots of people saying "God. I hope we weren't that clueless and dumb last year" (us) and "I feel ill" (them, drunk).
Hopefully photos of the freshers welcoming party will be up soon. That took the last 3 days of setting up but seemed to go down pretty well. The rest of the week involves shuffling equipment around for all the other fresher events as they happen.
Early this morning I actually managed to get to sleep on a sofa, on a stage, in the middle of the concert hall which was empty except for lots of intelligent lights, a really good drum-n-bass DJ and two huge speaker stacks giving 10kW's of sonic goodness.
Hmm, what else.. oh yea; Practical Cryptography is good. All crypto coders should probably have it on their shelfs. I've got a 7/2 split of courses over the next two terms (so I'm going to get buggered silly this term and be going to be going to random other lectures again next term for something to do).
Thanks to Polly for pointing that I'm that I'm in New Scientist again.
Just written a new letter to my MP about ID cards in the UK.
Ok, so I haven't posted anything here for quite a while and I'm still feeling too lazy to write anything so I'm going to post an edited version of an email I've just send because it saves me doing any work 
.
I've just got ADSL working in my new flat and the ADSL modem is so a Linux box with a silly menu system on the front. But it works, even if I'm a little afraid that the 50:1 contention is going to bite once all the students in this area manage to get it going.
Term starts at the end of next week (or this week, depending on when you consider the week to start) and so I've quite a lot of rigging to do before Saturday. (That's rigging in the sense of setting up stuff like this
(Typing this over ssh while emerging. I think I need to look at the QoS settings of this modem.)
I'm also the union server admin (FreeBSD) as of Wednesday and every society on Earth (seemingly) has suddenly realised that they need to update their webpage for the new year and can anyone remember the password? Can they buggery.
At least I'm giving them random passwords this year without the ability to change them, so there's no chance that they'll forget to write them down somewhere really stupid and obvious, thus saving me this problem next year.
And are there any new phd or staff boxes installed and ready? And are we really going to have the 25 new Apple dual-proc G5s (which arrived yesterday, weeks late) done and deployed by the end of the week? And am I going to have to install my automounter on every box that I actually want to use because autofs and amd are such piles of crap? And do I really think that just because my summer job ended yesterday that I'm not going to be pulling 12 hour days all next week in the department and at the union to get things ready?
Fun, fun, fun! :)
Well, updates to the Verisign countermeasures page are continuting apace. Thankfully it seems that ICANN and IAB are now applying political pressure to the problem.
New release of Bane. Nothing but a few bug fixes, but it seems stable (been running for 13 days here at least).
Also, I've released Conserv and Figures source code. If anyone actually wants to use either of them, just drop me an email (link at the top of the page) and it might motivate me to write some actual documentation
OpenSSH exploit
Just written a program to fix Verisign dumbness here
Update: That page also contains patches for BIND and djbdns as well now (those are not my code, however)
The missing files problem turned out to be a Mandrake rc.sysinit fault. The moral of the story is fsck has a "reboot computer" return code. Respect it.
And this is a little bit freaky. (from JWZ):
Aoccdrnig to rscheearch at Cmabrigde Uinervtisy, it deosn't mttaer in waht oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht the frist and lsat ltteer be at the rghit pclae. The rset can be a total mses and you can sitll raed it wouthit a porbelm. Tihs is bcuseae the huamn mnid deos not raed ervey lteter by istlef, but the wrod as a wlohe.
New Chicane album out tomorrow. I've already heard a bit part of it at their live consort and this will the be the first albulm in a long while that I've actually been looking forward to.
I've got permission to public domain everything that I've coded over the summer, which I shall be doing soon(ish). But for the moment I've got ext3 filesystems that are loosing files after a SysRq-Unmount. And I'm not talking about files that were open at the time, I'm talking about gcc and core libraries. So I need to find out what is causing that.
If you have one of these, upgrade alsa-libs to 0.9.6 and get the CVS versions of both alsa-kernel and alsa-drivers and put kernel in drivers as a subdirectory. Build everything and then it will pretty much work, but only in OSS compatibility mode.
If you get color sepation on your flat panel when using programs that do subpixel antialiasing (such as this Mozilla build) then put something like this into /etc/fonts/fonts.conf
<match target="font"> <edit name="rgba" mode="assign"><const>gbr</const></edit> </match>
and reorder the gbr string until it works (or set it to rrr to disable).
Thanks to Gentoo forums you can view your manpages in Vim, if you like:
export MANPAGER="col -b | view -c 'set ft=man nomod nolist' -"
I've put up a new page for Seagull's Bane. The new release only has better code comments and a tiny fix.
You can also see the documentation for another project of mine here. I hope to release the code for this and NSANet soon.
Personally, all the spam I get is filtered by procmail without any fancy statistical magic, or indeed, without looking at the body of the message at all. So if everyone could be like me the spam problem would go away.
But it seems that spam is a big problem for other people, and whilst I don't really worry about other people's problems very much when I have such a wide choice myself, spam filtering provides a nice thought exercise for a while. Not to mention a chance to lever in a few better ways of doing things
From a technical point of view I would start a company that runs sweatshops filtering spam by hand. They would have to have fair language skills, but English is pretty commonplace and there are enough sweatshop labors so I keep getting told.
However, I have a few non-technical problems with running sweatshops and it doesn't involve very much code, so probably isn't much fun.
AMTP is a small extension to the SMTP protocol that makes TLS mandatory and sets an evil bit (more or less) for each message. If the sending host doesn't correctly set the evil bit then you have a CA issued identity to lynch.
This is basically a 2-level trust tree. Everyone trusts the elite CAs and they trust all the ISPs in the world and so on. The major problem with this being that a CA issued identity costs, lots. From a management point of view this might seem like a very good idea. Get all those geeks off the Internet and then we can get down to making money off it ... somehow.
But it's making email sending exclusive (because it's expensive) and this is our end-to-end network goddammit.
There has been plenty of good work done by the reputation people about this sort of thing. But generally they are considering how to deal with reputation when you hold the whole graph. (Though anyone should feel free to point me at a paper which solves these issues). Dealing with reputation when one can only see a couple of small areas of the graph is a whole different matter.
Consider a simple system when a node (person) is free to setup a directed arc (reputation certificate) to any other node. Each arc has a float between 0..1 which indicates how confident the source is, that the destination will not send spam. Also assume that a node will accept a message if the sender can show a path from the target to the sender such that the product of all the arc weights is greater than 0.1.
Without a good knowledge of the graph, the sender isn't going to be able to find such a path, even if it exists. Assuming that there is a way to walk the graph, it's going to take a connection-request-reply to lots of different servers to get the information. (Because we wouldn't have it on one central server as that would be Bad).
See the aside below in which I contradict myself after you have read the rest.
However, most of the time I'm exchanging email with people that I have a good contact with. Messages which would require many hops of the trust graph are quite rare.
Thus it would be perfectly possible for search servers to hold much of the graph in memory. There wouldn't be a single central search server (as that would be Bad), but there wouldn't need to be as the server need not be trusted as it cannot lie. Possibly that would be enough to make the system work.
Issues that I'm no going to think about till the morning... negative certs, caching issues, the problem of time delay if a trusted source goes 'bad' (which are all rooted in the same issue).
Above, I state that searching the trust network wouldn't work. But it occurs to me that it would be fairly simple to find a path quite efficiently.
The trust graph is going to have a power law distribution. I don't know why, but I would be very surprised if it didn't. So, starting from two points A and B, to find a path between them walk up the orders until up hit a common meeting point at a high order node.
Walking up from B assumes that much of the time if C trusts D, then D trusts C. Because you actually want to find a path, in the end, that goes down to B. This assumption makes the graph look `symmetricish' and so the trick might produce a path pretty quickly. Unfortunately, the symmetric assumption falls down for the high order nodes.
You can see some of the documentation for DoC management network here
I've moved and have no inet link in the new place (yet) so I've not going to be writing too much.
The future of money: private complementary currencies
Well, here's the promised public release of Seagull's Bane. A simple linux automouter which doesn't do lots of silly crap (amd) that most people don't want and doesn't get trivially upset (autofs and amd).
It's Creative Common's public domain.
I'm going to switch to using it on my box at work, so I'll probably release a few new versions over a few days with fixes 
.
| File | Size | SHA1 | Type |
Of, and email is working again from Freenet's nice new server.
| / | Root |
| Alternate | The Weird and Wonderful |
| Backlinks | What are backlinks |
| John Gilmore | What's Wrong with Copy Protection |
| Archives | Blog Archives |
| One | Archive 1 |
| Two | Archive 2 |
| Three | Archive 3 |
| Four | Archive 4 |
| Five | Archive 5 |
| Six | Archive 6 |
| Seven | Archive 7 |
| Eight | Archive 8 |
| Nine | Archive 9 |
| Ten | Archive 10 |
| Eleven | Archive 11 |
| Twelve | Archive 12 |
| Thirteen | Archive 13 |
| Fourteen | Archive 14 |
| Fifteen | Archive 15 |
| Sixteen | Archive 16 |
| Seventeen | Archive 17 |
| Eighteen | Archive 18 |
| Nineteen | Archive 19 |
| Twenty | Archive 20 |
| Twenty One | Archive 21 |
| Twenty Two | Archive 22 |
| Twenty Three | Archive 23 |
| Twenty Four | Archive 24 |
| Twenty Five | Archive 25 |
| Twenty Six | Archive 26 |
| Twenty Seven | Archive 27 |
| Twenty Eight | Archive 28 |
| Twenty Nine | Archive 29 |
| Photos | Poor People Caught on Film |
| Jack and the Beanstalk | Jack and the Beanstalk |
| RIP Scan | Results of a Stage Scan Fire |
| Yosemite | Yosemite National Park |
| Projects | Incomplete things from the lab |
| Seagull's Bane | Linux Automounter |
| bttrackd | BitTorrent Tracker |
| CAPTCHA | CAPTCHA CGI script |
| Conserv | Console Serving |
| Deerpark | Using Tor with Firefox/1.1 (Deerpark) |
| DNSFix | Fixing DNS |
| Xovers | XTA Crossover Control |
| IAFS | Archive Org Storage |
| JBIG2 | JBIG2 Encoder |
| Verify | PGP Key Verifier |
| MaxFlow | Maximal Flow in Python |
| PyBloom | Bloom Filters in Python |
| pyGnuTLS | Python wrapping of GnuTLS |
| Sxmap | Apache SuEXEC Map |
| Hellard | Union Server Notes |
| Recordings | Free recordings |
| ICSM Choir | St Paul's Church |
| School | Ancient School Stuff |
| Writings | Who knows |
| Cap Systems | Capability Systems |
| Intro | Introduction to me |
| Suprema | JMC2 Group Project |
| MP Letters | Letters I've written to my MP |
| Sound | Sound With Dramsoc |
| SyncThreading | The wonders of user-land threads |
