Info
2005-10-28 rfc in html format
I really hate the way RFCs are written. They're intended for people with 80col displays and for printing on USA letter paper. This really sucks, here in the UK we have A4, we work mainly with visual displays and most of us browse the web with displays that handle more than 80 cols, and as a result the text does not wrap with full screen width. The last time I looked I think we were up to RFC 6000 and something. The PDF format is just a printed version of the txt format.
Why has no one done anything about this?
Well someone has, it's called rfctxt2html.pl. But it's missing some files. The URL given as the permanent location is no longer available. Besides, it only converts the index file to HTML.
There are a number of things we know about the plain text files, to list a few:
- Paragraphs start with a single tab space
- Headings start with a numeric
- Pages have a header and footer (would be obsolete)
- Sub paragraphs start with -/[az]
- Diagram paragraphs have a higher percentage of ASCII drawing characters to text characters
should these be represented in pre tags or fixed width fonts? - Not all RFCs have their own table of contents
With these constraints I will try and create script to convert from one format to another. There is an RFC on how RFC's should be written, I beleive. There is also some strong arguments from ESR on producing RFCs in XML format.
2005-10-26 hate problems
I hate getting conenctivity problems, but this time I have been constructive with the whole issue by making a auto-trouble-generator. Why not give it a whirl, it might amuse you for some 60 seconds. It's all done in php, apart from the code that stripped the reasons form somewehre else...
#!/usr/bin/perl
use strict;
use warnings;
while( defined( my $var = <STDIN> ) and $#ARGV != -1 )
{
if( my @ar = $var =~ /^(<P><FONT color="lightblue"><CENTER>)The (.*) to (.*)<br>is (.*) because of (.*)...<br>(.*) is (.*)\./ )
{
my $val = $ar[$ARGV[0]];
chomp( $val );
print "array_push( \$adjective, \"$val\"); \n";
}
else
{
print "no match for $var\n";
}
}
The objective here was not to rip off some other site, it was to write something in perl, and then put it to good use with php. I don't really know what the overhead of using array_push over $array[n] is (since array_push had to push() a value into a list, where direct assignment might be more efficient, I don't know.
2005-10-25 just what the world needs
A few weeks ago, a friend showed me how to get a certain line from a file via a script using head and tail like so
cat file | head -40 | tail -1
to retreive the 40th line from the file. This is all very well, except it requires two program executions and could be passing a large amount of data (600th line for example) between head and tail. I have writen a proof of concept c program to demonstrate an alternative approach. I'm sure there are going to be some problems, but I've tested it with a small buffer and it seems ok to me, it took all of 30 minutes to write, compared to possibly 20 had I used c++, but as it's meant to be called from scripts I figure compact is better.
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#define BUF 1024
void trimcr( char *ptr )
{
char *p = strchr( ptr, '\n' );
if( p != NULL )
{
*p=0;
}
}
int main( int argc, char *argv[] )
{
// count lines in input
// if current line == requested line
// print line
int line = 0,counter = 0;
char *inp = malloc( BUF );
if( argc > 1 )
{
line = atoi( argv[1] );
}
*inp = 1;
while( !feof( stdin ) && ( inp = fgets( inp, BUF, stdin ) ) != NULL )
{
counter++;
if( counter == line )
{
do
{
trimcr( inp );
fprintf( stdout, "%s", inp );
}
while( ( strlen( inp ) == BUF - 1 ) && ( inp = fgets( inp, BUF, stdin ) ) != NULL );
fprintf( stdout, "\n" );
break;
}
if( strlen( inp ) == BUF -1 )
{
do
{
}
while( strlen( inp ) == BUF - 1 && ( inp = fgets( inp, BUF, stdin ) ) != NULL );
}
}
return(0);
}
2005-10-21 tiredness
This week I have been feeling mostly tired. So tonight is just a short post and maybe a little rough patch of 'number of views' for this techblog. First though, I'm going to show how to set rsa keypairs on your server/client, then how to do IDE burning in Linux.
ssh keypairs
SSH accepts both RSA and DSA keys. Each key is in two parts, the public and private key, the public key is what you give to others to authenticate yourself. The data you send to the far side can only be authored by the owner of the private key. The data is then verified by the public key. It would, currently, take many months to reproduce your private key from the public, perhaps even years, depending on the size. I prefer 2048 byte private keys. The larger the key, the greater the communication over head. I would not advise a key of less than 1024 bytes by todays standards.
Keys are creted using ssh-keygen -t type -b bytes, for example
$ ssh-keygen -t rsa -b 2048
You are then asked for a passphrase. The pass phrase is authentication for use of the private key. It adds some extra salt to the security. If you wish to script jobs through ssh, then you cannot use the pass phrase. It might be safe enough for you to consider ownership of the keys enough, or in other circumstances you might not wish to allow login without use of the pass phrase. To leave the pass phrase as null just press enter when asked
Generating public/private rsa key pair. Enter file in which to save the key (/home/ed/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/ed/.ssh/id_rsa. Your public key has been saved in /home/ed/.ssh/id_rsa.pub. The key fingerprint is: 2e:d3:32:51:6f:8f:f2:fc:c7:3b:e9:b1:49:2c:fb:8b ed@workstation
Now that the keys are generated you have one of two choices, either copy BOTH the public and private key to the remote side, OR you can keep the same key pair on all your nodes. Using the later you have less security, but less maintenance. On the server that you want to log into, you should copy your id_rsa.pub into the far side's ~/.ssh/authorized_keys file, when you attempt to log in, the far side will use your hostname to look up the id_pub.rsa in it's authorized_keys.
What I often do is set this up in the local system, then just distribute the keys and authorized_keys files together to all the systems that I have to log into. This is useful for backups as I can script 'scp' (the copy over protected socket) copy programs for all my tar.bz files. The failure of this when compared to NFS is that the old backups cannot be removed with scp - this is where we use SSH with the command line to execute option:
$ ssh user@host "rm ~/backups/oldbackup"
cdrecord
Back in the day, we had the hdc="ide-scsi" append line for the kernel. Due to kernels earlier than 2.4 the ATAPI layer was not stable for cd burning. The burner required SCSI emulation in order to sustain stable writing. With the advent of 2.6 we have gained a stable ATAPI layer for burning. If your kernel is 2.4, update it, 2.6 has lots of features that 2.4 doesn't have. Most of them you will not notice, but for the workstation there are many advantages to the scheduler which result in a more responsive experience. Here is what cdrecord would be executed with on a 2.4 and 2.6 kernel, respectivly
$ sudo cdrecord dev=0,0,0 cd.iso $ sudo cdrecord dev=ATAPI:0,0,0 cd.iso
creating the image
To take an image from a cd, in a foramt that is ready to burn has to be the simpilst way to create an image
$ dd if=/dev/hdc of=./cd.iso
That's all there is to ripping an iamge. If you want to make your own image, ready to burn to the cd, this is probably what will be best for you
$ mkisofs -J --joliet-long -r -o ./cd.iso ./directorywithfiles/
2005-10-20 all sorts
This time last year I would not have thought that I could possibly become so interested in things DNS, or is the world using more DNS tricks and applications? One possible use is that RBL lists are implemented widely by ISPs such as yahoo and msn and simply assumed to be the done thing these days? Last night I was incorrect when I thought I would have to query a given server for RBL check, I honestly wasn't thinking straight. It's just a simple lookup, that's all my code was doing anyway, but why would I think that it requires a defined name server? Well, because of my stupidty I went and wrote the same code in perl, since that has Net::DNS. Would be a shame to just through it away when I can post it here.
use strict;
use warnings;
use Net::DNS;
my $param = $ARGV[0];
if( $#ARGV == -1 or not $param =~ /^[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}$/ )
{
print "Usage: perl dnslookup.pl ipaddress\n";
print "\$ perl dnslookup 127.0.0.1\n";
exit;
}
my @at = split /\./, $param;
my @servers = split / /, "dnsbl.sorbs.net bl.spamcop.net relays.ordb.org sbl-xbl.spamhaus.org relays.mail-abuse.org nonconfirm.mail-abuse.org dialups.mail-abuse.org dnsbl.njabl.org elays.osirusoft.com list.dsbl.org dun.dnsbl.net vox.schpider.com whios.rfc-ignorant.org";
my $res = Net::DNS::Resolver->new;
for( my $i = 0 ; $i < $#servers ; $i++ )
{
my $answer = $res->query( $at[3].".".$at[2].".".$at[1].".".$at[0].".".$servers[$i], 'A' );
if( $answer )
{
print( "Entry is listed at " . $servers[$i]."\n" );
}
}
It's not as tidy as the shell script is it (arguably perl and bash are both shell script, as is php). For fairness, here is the same in php also (for being stupid I have decided to accomplish what my main goal was, to have the whole lookup take place in php anyway). Too much waffle, more code.
<?php
function getVar( $name )
{
return( isset( $_GET[$name] ) ? $_GET[$name] : null );
}
$ipaddr = getVar( "ip" );
if( $ipaddr == null || !preg_match( '/^[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}$/', $ipaddr ) )
{
echo( "Usage: dnscheck.php?id=w.x.y.z<br />" );
echo( " dnscheck.php?128.0.0.1" );
exit;
}
$servers = explode( " ", "dnsbl.sorbs.net bl.spamcop.net relays.ordb.org sbl-xbl.spamhaus.org relays.mail-abuse.org nonconfirm.mail-abuse.org dialups.mail-abuse.org dnsbl.njabl.org elays.osirusoft.com list.dsbl.org dun.dnsbl.net vox.schpider.com whios.rfc-ignorant.org" );
$ip = explode( ".", $ipaddr );
for( $i=0, $size=sizeof( $servers ) ; $i<$size ; $i++ )
{
$name = $ip[3].".".$ip[2].".".$ip[1].".".$ip[0].".".$servers[$i];
if( gethostbyname( $name ) != $name )
{
echo( "$ipaddr is listed at " . $servers[$i] );
}
}
?>
2005-10-19 rbl check
RBL (Realtime/Remote Blackhole/Block List) checks are usually performed by DNS lookups by software before accepting a client connection to authorise to deliver a payload. This most typically applied in email where the client is returned a 451/550 response before delivering email. I have seen RBL lists used in web and ftp servers in addition.
When a customer reports that a host you administer is listed in a RBL it can be quite a painful and time consuming effort to have it removed. I have therefore put the following shell script together to check a variety of servers. If you know of any other WORKING servers please let me know and I shall add them to the list here. If I receive enough then there shall be a page dedicated to maintaining the list.
#!/bin/sh
W=$( echo ${1} | cut -d. -f1 );
X=$( echo ${1} | cut -d. -f2 );
Y=$( echo ${1} | cut -d. -f3 );
Z=$( echo ${1} | cut -d. -f4 );
RBL="dnsbl.sorbs.net bl.spamcop.net relays.ordb.org sbl-xbl.spamhaus.org relays.mail-abuse.org nonconfirm.mail-abuse.org dialups.mail-abuse.org dnsbl.njabl.org elays.osirusoft.com list.dsbl.org dun.dnsbl.net vox.schpider.com whios.rfc-ignorant.org"
for i in $RBL ;
do
RESULT=$( host -t a $Z.$Y.$X.$W.$i 2>&1 );
if [ $? -eq 0 ] ;
then
echo -e "The IP ADDRESS ${1} is listed at $i:\n$RESULT";
fi;
done;
The above script has many possibilities, although what I dislike at the moment is that PHP does not query specific name servers. The nameservers used in a PHP name resolution are defined in /etc/resolv.conf. I would otherwise I would not have used a shell script. This is possible with Net::DNS in perl, so perhaps I will re-write this in perl, then it can work efficiently from a webserver (without needing a system() call).
I have intentions of working on the following projects:
- java threaded FTP hammer
- java button applet
- python database client
- gnome bug list
- pvfs network
really must do more research on this - afs network
- maildrop
- bounced email handler
Now, something slightly more important. There's a southpark episode being aired tomorrow night! I am beside myself!
Why do I like script more than plain code? Well, I can develop in RAD sooner with stability than with medium level c. Why spend hours going over something which can be done in a few lines? If you want further information, check this out master foo.
2005-10-18 its official
After some initial confusion, Theo de Raadt has confirmed that OpenBSD is now 10 years young. Many people thought that the date of first check in on cvs was 19951014, in fact its 19951018, gotta hand it to Theo, he's done a lot of work in the past 10 years, really kept the project going and stuck to the original ideas.
From: Theo de Raadt To: "Frank Denis \(Jedi/Sector One\)" cc: misc_AT_openbsd.org Subject: Re: Happy Birthday OpenBSD ! 10 years ! Date: Fri, 14 Oct 2005 08:39:15 -0600 Sender: owner-misc_AT_openbsd.org > Oct 14 OpenBSD born, Saturday 16:36 MST, 1995 Sorry, but so many of you are uninformed. RCS file: /cvs/src/Makefile,v revision 1.1 date: 1995/10/18 08:37:01; author: deraadt; state: Exp; branches: 1.1.1; Initial revision That is when the repository was created. That is the official date. I don't know where people get the other date from.
I took a look on archive.org to see what OpenBSD was like some years ago, the project goals are still the same as advertised on the site way back.
I have intentions to make a little java applet for buttons on this site, the .jar / .class file will probably reside on a different server some place, such as geocities. I don't know if this will improve things, having a applet for a link might encourage others to gete a java runtime, or it might distress viewers, in any event, it might add a bit of colour to this site.
Work wise, I had to spend quite some time filling out a RIPE request for IP space form today. They sure don't make it easy. You have to describe how the IP's are going to be used, I think you have to justify an immediate use of 1/4 of the assignment block by the end of the first year. The form itself was denied by our link provider. They provide the bandwidth and a managed router upon susccessful application. I don't claim to be a cisco expert, but I have dabbled, enough probably to have a play around with the router.
2005-10-15 dns to prevent adverts
I'm not sure where I read about advert blocking through DNS but it seems the best level to do this. Prevent all those wasted CPU cycles and network bandwidth by simply blocking those jpegs that get downloaded right at the very first point of contact - the DNS. To carry out this excercise we shall use TinyDNS and DNSCache from DJB's dbjdns tools (details on basic setup).
I will assume that you already have dnscache running in place, on a RFC1918 IP address. You may or maynot have noticed in /etc/dnscache/root/servers there is a file named @, this contains the IP addresses of the root name servers. It is often useful to put a FQDN (Fully Quallified Domain Name) in this directory with the IP addresses of it's name servers in the file. Whenever a request for a lookup of that domain is processed the query is sent to the DNS servers in the file.
echo 192.168.100.5 > /etc/dnscache/servers/root/internal.mydomain.com
For advert blocking we need to do much the same as the above example, however we need to send those requests somewhere that can respond with a 'Sorry this domain does not exist' response to aid with page load timings. For that we will run a second copy of TinyDNS on a local IP address which will respond to all queries with a failure message.
setting up the local interface
My system is debian based, that means that I should configure the device in /etc/network/interfaces like so
# vi /etc/network/interfaces
and insert the following lines
auto lo:1 iface lo:1 inet static address 127.0.0.7 netmask 255.255.255.0
Once done, just run /etc/init.d/networking restart. When you run ifconfig you should see
lo:1 Link encap:Local Loopback inet addr:127.0.0.7 Mask:255.255.255.0 UP LOOPBACK RUNNING MTU:16436 Metric:1
Now we can configure TinyDNS to listen on that IP address
tinydns-conf tinydns dnslog /etc/tinyforge 127.0.0.7
make a link in /service
ln -s /etc/tinyforge /service
We should see the process started ok in a ps listing
root 31163 0.0 0.0 1244 272 ? S 13:42 0:00 supervise tinyforge root 31164 0.0 0.0 1244 272 ? S 13:42 0:00 supervise log tinydns 31165 0.0 0.0 1368 284 ? S 13:42 0:00 /usr/local/bin/tinydns dnslog 31166 0.0 0.0 1256 276 ? S 13:42 0:00 multilog t ./main
Now to make the actual changes to dnscache. Lets start with a simple lookup:
# host -t a doubleclick.net doubleclick.net A 216.73.92.112
The lookup returns the correct result for what the internet publishes, but we want to change this so that we get an failure response, as soon as possible. To do this, lets make a file called 'doubleclick.net' in /etc/dnscache/root/servers/ and put the make 127.0.0.7 the file conetnts.
# echo 127.0.0.7 > /etc/dnscache/root/servers/doubleclick.net # svc -h /service/dnscache
The result should time out, but this is because there is no data.cdb file for TinyDNS to read. So,
cd /etc/tinyforge/root echo .: > ./data make
The lookup should now respond with a faster response,
# host -t a doubleclick.net doubleclick.net does not exist (Authoritative answer)
Brilliant! So what now? Well here is a quick script to get you started, you can email me more entries if you wish but I think this should cover the majority of advertisers and reduce vital bandwidth at your office firewall.
One more thing worth noting, if you find for any reason that a worker is looking at the tv guide too often, why not just block that particular sub domain of a popular site in the same fashion, using the tail program you can easily dump the output of the dnscache log file to a single collective log and then grep for dns lookups, list and sort.
php pointers
I consider a pointer to be a segment of memory that holds the memory location of another object or value, thus when you change the value which is pointed to, the pointer itself will be read as the updated value. In C this is simple enough
#include <stdio.h>
int main()
{
int *ptr;
int a = 5;
printf( "ptr: %p is %d\n", ptr, *ptr );
ptr = &a;
printf( "ptr: %p is %d\n", ptr, *ptr );
a = 7;
printf( "ptr: %p is %d\n", ptr, *ptr );
return 0;
}
$ gcc test.c && ./a.out
ptr: 0xb7fa5cc0 is 0
ptr: 0xbf8a1c40 is 5
ptr: 0xbf8a1c40 is 7
In the above example, ptr starts with a null value, then it's assinged the value of a's memory location. If we change a's value, ptr will also change when read. Simple enough. In java it's much the same story, except you cannot physically change the address where a pointer points, other than to assign it a new value though referencing a 'new' object or through assignation. Now lets look at that behaviour directly with php classes.
<?php
class foo
{
var $a;
function foo( $x )
{
$this->a = $x;
}
function set( $x )
{
$this->a = $x;
}
function printval()
{
echo( "Local value a = " . $this->a );
}
}
$fooa = new foo( 1 );
$foob = $fooa;
$foob->set( 2 );
$fooa->printval();
?>
when we run this (on php engines version < 5), we get the output of 1. This is because $foob is a copy of the object $fooa during assignation and there after independant of $fooa. If we want the two values to be linked our pointer on the C example we have to assign the 'address of', =&. If we change that, and make $foob = &$fooa, we will have 2 returned when we call printval();
This behaviour can prove to be rather a teadious change if you were not aware of it prior to discovering a deep bug. You must by now be thinking that when calling a function with some arbitary string that it would be more efficient to call with the address of. To make use of passing by address we can make functions like this
<?php
class foo
{
var $a;
function foo( &$x )
{
$this->a = &$x;
}
function set( &$x )
{
$this->a = &$x;
}
function printval()
{
echo( "Local value a = " . $this->a );
}
}
$data = "Long data to be passed.";
$fooa = new foo( &$data );
$foob = &$fooa;
$data = "More long data to pass";
$foob->set( &$data );
$data = "New val";
$fooa->printval();
?>
The output now gives us "New val", which is not the value that $this->a has when pass to set, but since $this->a points to $x which points to $data, when we change data we also change the value taht $x and consequently $this->a points to.
2005-10-14 ubuntu
People have been banging on about debin derivatives lately, knoppix, whoppix and ubuntu. Yesterday or the previous day Ubuntu Breezy Badger (5.10) was released, I decided to try a download from the bittorrent networks, which I thought would be faster than their mirror site, considering it's popularity. I was wrong, only the mirror sites offered bandwidth.
This was not a set back. The initial install went quite smoothly, although rather slowly, it's installed everything off the cd with no questions. This isn't as bad as it sounds, I've not yet looked at OpenOffice 2.0, which it installed combined with the correct dictionaries.
On the negative however, it's got VGA startup sequences and mouse event sounds, two things which I really hate, not what I consider UNIX!
I was expecting a distro, just like debian but with some recent packages, a bit like unstable, but a little more upto date, and perhaps stable. I cannot speak for it's stability just yet, but I can say it's up to date.
It installs a metric ass load of packages in the base install as I have already pointed out. Amoung this there is (but not limited to)
- gaim
- firefox
- evolution
- OpenOffice.org
- gnome
- gimp
- xchat
- synaptic
I'm not so bothered about this one, it's actually useful
I would consider this a install that's focused for someone who doesn't yet know which packages they might need. I'm sorry to say, this is not what I was expecting. The whole point about debian packages is that they're easy to install and maintain, so why install everything when it's such a simple process to install the package at a later date when you decide it's worth the bother?
The ubuntu package maintainers must be hard at work, the package versions are very recent and they all appear to be rather stable. The debian maintainers choose a different philosophy 'release it when it's stable, and no sooner'. This is not a bad approach where user interface is not concerned. I am definately swaid by this and will probably look at creating a new root fileystem on my desktop and move my stuff over. It may very well be worth it (or just rm everything besides /mnt/ and /home).
In other news, reports of a woman having a mp3 player implated in in her breasts the register, it's probably not going to happen for a while.
I do feel as though I am going to loose some street credibility using ubuntu, but I do think it's worth it. Using debian as a primary OS is a choice that one makes to keep security, through the rigorous testing that packages go through before they enter the stable archive. This is true for OpenBSD too, the applications are very tightly vetted before being checked into the package tree, the OS also has a six month release cycle.
All in all, it's not that bad, but with such a large application focused installation, I am slightly put off by it's lack of developement tools in the base installation. Everything else is just perfect. It looks and feels like debian in every other way and is probably easy for new user too.
Kernel packages are just the same, thankfully
cd /usr/src sudo wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.13.4.tar.bz2 sudo tar jxvf linux-2.6.13.4.tar.bz2 cd linux-2.6.13.4 make menuconfig make-kpkg kernel_image dpkg -i ../kernel-image-2.6.13.4_10.00.Custom_i386.deb
Is just the same as in debian. You do have to install the following before you can build the kernel of course
apt-get install gcc g++ make kernel-package libncurses5-dev
As the above points out, the default configuration of ubuntu is to not have a root password, all the root commands should be run with sudo, this way the root user cannot login. I don't like this behaviour so much, I am aware of the dangers that the root user can impose. I my user account is exploited then it's no difference for the exploit to execute something with sudo than it is to brute force the root password, or just find a root exploit on the local system. Setting a root password is a simple matter of
sudo passwd
Whats with LinuxFormat? I received my December issue yesterday! The mag came with a snippet about kernel hacking. It mentioned a few things for tweaking performance. Upon installing the new kernel (2.6.14) I was anoyed by a couple of things
- no menu prompt in grub [press esc]
- sound with gdm
- sound on events in gnome
To correct these! vi /boot/grub/menu.lst, comment the line 'hiddenmenu', and if you like, set the color line to cyan/blue white/blue. To turn off the sounds in gdm, vi /etc/gdm/gdm.conf, set SoundProgram to commented, then comment out SoundOnLogin, SoundOnLoginFile, SoundOnLoginSucces, SoundOnLoginFile, SoundONloginFailure and SoundOnLoginFailureFile. The other sounds effects in gnome can be turned off by unticking 'Sounds for events' in the sounds system preferences application.
A possible problem with the install is that the packages are all the latest versions, some systems are still using php3 for example, so if you develop something on a php5 system, what's to say that it will run ok on a php3 system? I notice from time to time in the php docs that some functions have different behaviour in different version.
2005-10-09 dns for everyone
I have just finished some code that allows remote users to update their DNS settings via a URL. This is good news for anyone who wants to use a subdomain of the following:
- ednevitible.co.uk
- is-cool.net
- lotterystats.co.uk
- linuxwarez.co.uk
- bsdwarez.net
- keyra.co.uk
- sexeh.net
- openbsdhacker.com
- keyraaugustina.co.uk
- usenix.org.uk
The plan is to provide one or more DNS records to users via an account. I don't really care where the DNS points or what it's used for, providing it is within the law of both this country and the country where it points. You will be required to provide an email address where I can send to you the update URL and any future system notices. This is required in case I decide at any point that I need a fee to renew one of the domains. If the domain is not in use by myself at the time then I will request that a DNS user either pays part of the renewal or you can have the DNS re-located to a name that is paid for.
The above list of names was inputted by hand, SQL Server has a slight difference to mysql, select a + 'text' + b from foo; can return a single column containing a and b, with 'text' between. In mysql this is not so, as it will add a + text + b together, and retrun a numeric 0, in most cases. The following will return the a string result which is probably what is desired:
select concat( '<li><a href="http://www' , strDomain, '">', strDomain, '</a></li>' ) from Domains;
I don't know what is the 'correct' or standard method. I just don't like one platform being different to another, especially when I hope that those programmers respect ANSI and RFC standards.
web statistics abuse
I noticed a lot of source addresses abusing my webalizer graphs. Porno site admins have stooped to a new low through promoting their site through web server log analysis. There is not much I can do right now about the problem, other than watch my log file for certain keywords, and then add the source address to my firewall drop list.
I have to use my tail program here to write the output of the multiple log files to a single log file, then grep that for keywords, sort the matching IP addresses, then filter through uniq. With the output construct iptables rules, then add.
A=$( find /var/www -type f -name web.log ); ./taill $A -op
Then in a second terminal run the following every few minutes
/etc/init.d/rc.firewall restart ; for i in $( cat op | grep ourmed | sed 's/ .*//' | sort -n | uniq ) ; do /sbin/iptables -I INPUT -s $i -j DROP' ; done ;
2005-10-06 File system jail
I came up with this idea when I was on the train. It's nothing brilliant and I expect this is quite a common solution to traversal of file system trees. Here it is in Java anyway.
This will soon be part of my FileSystem class/package for the server. There is no way that I know of to integrate with system user permissions. The best that I can hope for is that the server admin can set read/write/list permissions for the initial paths of each user. The server itself has to run as root/administrator in order to bind to the most common FTP port (21).
import java.io.*;
import java.util.*;
public class FileSystem
{
private String jail = "";
private String cwd = "/home";
public static void main( String[] args )
{
FileSystem fs = new FileSystem();
BufferedReader br = new BufferedReader( new InputStreamReader( System.in ) );
while( true )
{
try
{
Thread.sleep( 1000 );
if( br.ready() )
{
String s = br.readLine();
fs.cwd( s );
fs.pwd();
System.out.println( fs.physicalPath() );
}
}
catch( InterruptedException ie )
{
}
catch( IOException ioe )
{
}
}
}
public FileSystem()
{
this.jail = "/home";
this.cwd = "/";
}
public void cwd( String pathName )
{
Stack <String> s = new Stack<String>();
pathName = pathName.replaceAll( "\\\\", "/" );
if( !pathName.startsWith( "/" ) )
{
pathName = cwd + "/" + pathName;
}
String parts[] = pathName.split( "/" );
if( parts.length == 0 )
{
this.cwd = "/";
return;
}
for( int i=0,size=parts.length; i<size ; i++ )
{
System.out.println( "Stack Item is: " + parts[i] );
if( parts[i].length() == 0 )
{
s = new Stack<String>();
}
if( parts[i].equals( ".." ) )
{
try
{
s.pop();
}
catch( EmptyStackException ese )
{
}
continue;
}
if( parts[i].equals( "." ) )
{
continue;
}
if( parts[i].length() != 0 )
{
s.push( parts[i] );
}
}
pathName = "";
while( !s.isEmpty() )
{
pathName = "/" + s.pop() + pathName;
}
this.cwd = pathName;
}
public String physicalPath()
{
String retVal = "";
if( this.jail != null || !this.jail.equals( "" ) )
{
retVal += this.jail;
}
retVal += this.cwd;
return( retVal );
}
public void pwd()
{
System.out.println( this.cwd );
}
}
2005-10-05 been there, done that, got the novel biro, bsd and debian t-shirts, sun dvds and penguin in the can :)
I feel somewhat better about myself today, having given some money directly back to those who took time off work to run stands at the Linux Expo this year. Thanks to everyone who I spoke to for listening.
If you are at all interested in what I walked away with today, see here: photo [116k]. This photo incudes everything that I could fit in my bag. Probably the most useful items are the cup, t-shirts, pen and book, the rest is freely available. Come to think of it, those who were not in the Open Source villiage (the stands promoting open source) were not really worth speaking to. Their solutions were very specific.
Items I got include:
- Advanced UNIX Programming ISBN: 0-13-141154-3
This is cheaper at Amazon than what I paid at the expo, I'm not impressed. In future whan I buy books from places like this I shall hook up to a wifi hot spot and cheak the price before handing over money. - Debian mug
- Sun Star Office 8
- Sun Solaris
- OpenBSD SSH t-shirt
- OpenBSD puffy wire fish t-shirt
- Debian premium distro t-shirt
- Novel biro
- Ubuntu ISO
- Linux soft toy in a can
I am beginning to wonder if this whole Linux/unix thing is becomming an obsession with me. So what if it is? Surely I can't be doing harm upon this world through my constant toying with it.
2005-10-04 linuxexpo, one day away
The linux expo is just one day away. I can hardly wait, travelling to padington and getting a tube, how much more fun can a guy ask for?
I have nothing else of interest to say today, so I shall release my PHP website files for download under erm, GNU or BSD license, I don't care really, or maybe the Apache license, not really of priority.
I don't think that I'm the first person with this concept, but it serves it's purpose for my site. Downloads are here: dbblog v1
Installation
Create a database, named dbblog
mysqladmin create dbblog
Set permissions on the database for dbblog to create, read, update and delete:
mysql -uroot -proot -e"grant all on dbblog.* to dbblog@'localhost' identified by 'dbblog'"
Import the paragraph settings from db.sql
mysql -udbblog -pdbblog dbblog < db.sql
Once this is done make sure that the settings in config.php marry with the settings above.
Copy the .php files to /var/www/webdirectory/
Navigate in your browser to http://localhost/dir/edit.php and create your first entry. The editor is rather simple, but I think it's adequate for a simple blog site. If you wish to send me improvements, please make changes and use the diff tool to send me these so that I may import the patch here:
diff oldfile newfile > patchfile
2005-10-01 getting ready for the expo
Great things came in my mail today. First item was a letter from Linux Expo with my visitor pass. Second item was my dental plan. Back to the first item, there was a list of some free conferences which I can attend as a visitor, and a reduced rate for a LPI exam. If the exam takes place at the Olympia then I'll probably sit the test there if there is room available. Would be a shame to miss the opertunity.
The expo is being help at the London Olympia, just one or two stops on the circle line from Padington. In the evening the London Linux User Group will meet not far from the expo for a grand drinking and discussion session.
I hope there are some hot spots!