Ellipsis

I love it when 82 characters do a ton of work for me.

Today I’m trying to debug Courier-IMAP ssl errors that are reported in the log file as “DEBUG: Unexpected SSL connection shutdown”. We’re using QMail so the times in the log file are in tai64, and I’m using Eric Rescorla’s SSLDump:”http://www.rtfm.com/ssldump/” to debug the SSL traffic, which reports time in epoch seconds. I’d like to correlate the SSL traffic with the logged errors. Here’s how:

In window 1, I monitor the QMail logs with:

tail -f /var/log/qmail/imap4-ssl/current | tail64nlocal

which gives output like:

2007-10-30 06:26:02.322254500 tcpserver: status: 30/40
2007-10-30 06:26:02.322255500 tcpserver: pid 9635 from 1.2.3.4
2007-10-30 06:26:02.322257500 tcpserver: ok 9635 buzz.example.net:10.1.1.20:993 :216.220.209.17::57693
2007-10-30 06:26:02.439369500 DEBUG: Connection, ip=[1.2.3.4]

In window 2, I monitor the SSL traffic with:

sudo ssldump -e -k imap.example.com.pem  port 993 | ~/bin/epoch2local.rb

where the script @epoch2local.rb is:

#!/usr/bin/ruby -p

$_.sub!(/1\d{9}/) { |t| Time.at(t.to_f).strftime("%Y-%m-%d %H:%M:%S") }

A quick dissection:

• ruby -p places your code in a while gest; ....; print; end loop
• $_ is the current line
• .sub! does in place substitution, changing the value of $_
• sub!(pattern) { |match| block } the string matting pattern is passed into the {} block as the variable match. The result from the block is substituted for the original string
• /1\d{9}/: assume that a 10-digit number starting with 1 is the epoch time (true for another 30 years or so)
• |t| Time.at(t.to_f).strftime("%Y-%m-%d %H:%M:%S") : PFM. No, not really. Pass the match into the block as t. Convert to a float, then a Time value, then format as %Y-%m-%d %H:%M:%S

I then get SSLDump out put as:

23 21 2007-10-30 06:41:19.1945 (0.1309)  C>S  application_data
24 3  2007-10-30 06:41:19.2474 (0.1185)  S>C  Handshake
      Certificate
24 4  2007-10-30 06:41:19.2474 (0.0000)  S>C  Handshake
      ServerHelloDone  

And I can match up the times with the QMail logs. Fini (although I still have the original question to resolve)

I’ve been working with the security incident response tools on the Helix CD, and been intrigued by Harvey Carlan’s Forensic Server Project

However, the Sourceforge files for the FSP server don’t run on MacOSX or other Unix-style machines because it uses the Win32::GetCwd and Win32::SetCwd modules. The simple patch, below, can be saved as, say, “fspc.patch” in the same directory as the unzipped FSP files. To patch, run:

patch -p0 < fscp.patch

Here’s the patch:

--- fspc.pl.orig    2007-10-24 15:40:22.000000000 -0400
+++ fspc.pl    2007-10-24 16:18:09.000000000 -0400
@@ -18,6 +18,7 @@
 use Digest::MD5;
 use Digest::SHA1;
 use Getopt::Long;
+use Cwd;

 #--------------------------------------------------------------------------
 # Globals
@@ -39,7 +40,7 @@
     exit 1;
 }

-$setup{basedir} = Win32::GetCwd();
+$setup{basedir} = getcwd();
 $setup{casedir} = $config{casedir} || "cases";
 $setup{casename} = $config{casename};
 $setup{port} = $config{port} || 7070;
@@ -296,14 +297,14 @@
 #------------------------------------------
 sub _setup {
 # clean up the directory names
-    $setup{basedir} = $setup{basedir}."\\" unless ($setup{basedir} =~ m/\\$/); 
-    $setup{casedir} = $setup{casedir}."\\" unless ($setup{casedir} =~ m/\\$/);
-    $setup{casename} = $setup{casename}."\\" unless ($setup{casename} =~ m/\\$/);
+    $setup{basedir} = $setup{basedir}."/" unless ($setup{basedir} =~ m/\/$/); 
+    $setup{casedir} = $setup{casedir}."/" unless ($setup{casedir} =~ m/\/$/);
+    $setup{casename} = $setup{casename}."/" unless ($setup{casename} =~ m/\/$/);
     my $casedir = $setup{basedir}.$setup{casedir};
     mkdir $casedir if (! -e $casedir && ! -d $casedir);
     my $curr_case = $casedir.$setup{casename};
-    mkdir $curr_case if (! -e $curr_case && ! -d $curr_case);
-    Win32::SetCwd($curr_case);
+     mkdir $curr_case if (! -e $curr_case && ! -d $curr_case);
+    chdir($curr_case);
     print "Setup complete.\n" if ($config{verbose});
 }

@@ -312,5 +313,5 @@
 # clears setup data so it can be renewed
 #------------------------------------------
 sub _reset {
-    Win32::SetCwd($setup{basedir});
+    chdir($setup{basedir});
 }

Here’s a noobie mistake. A daemon I have running to report on new files being uploaded to a webserver started dying on me when the filenames had a ’%’ in them.

I was doing a complete ‘Duh!’ coding mistake. Take this program:

#!/usr/bin/ruby  -w
require 'syslog'

PROGRAM_NAME="testlog" 
LOG_FACILITY=Syslog::LOG_LOCAL2

$log=Syslog.open(PROGRAM_NAME, Syslog::LOG_PID, LOG_FACILITY)
$log.info("Starting args: " + ARGV.join(" "))

exit

If you run it:

t.rb my message

You’ll get this in the log file:

Oct 23 08:14:06 raymond testlog[7570]: Starting args: my message

However try this:

$ .rb my "%message" 

./t.rb:11:in `info': malformed format string - %m (ArgumentError)
        from ./t.rb:11

The problem is that syslog interprets ’%’ in the message string as a printf style format character. That’s the way of the underlying Unix library, like it or not. And the code will barf if you try @$log.info(“Starting args #{variable}”). The correct way to code is this:

$log.info("Starting args: %s", ARGV.join(" "))

and the ’%s’ gets the argument string value substituted in.

One could write here about the need to sanitize tainted input, but I won’t.

When trying to connect to a remote CIFS share today using the Mac OS X 10.4.10 Finder, I was getting the very unhelpful error:

The finder cannot complete the operation because some data in “smb://myservername” could not be read or written. (Error code -36)

Googling for this (or GoodSearching, in my case) didn’t turn up much of use. The system logs in /var/log/* weren’t of much help either. Far more useful was the smbclient command, which is part of the Samba installation. E.g.:

$ smbclient //server.addomain.univ.edu/Admin -W ADDOMAIN -U USERNAME
Password: 
session setup failed: NT_STATUS_PASSWORD_MUST_CHANGE

Oh! Excellent! That’s right, I’ve not used that password in eons, and it’s expired. Thank god I didn’t waste my time chasing red herrings. Now, how do I change my password from a Mac?

Being a general Windows nincompoop, I actually called technical support first off, but that wasn’t any help. Fifteen seconds of pondering, and 1 minute of reading the man page, and I came up with this:

$ smbpasswd -r aaddomain.univ.edu -U USERNAME
Old SMB password:
New SMB password:
Retype new SMB password:
Password changed for user USERNAME

All done!

In the last few days I’ve been perusing the DC Urban Moms site trying to track down a childcare situation for my younger son that isn’t as depressing as his current one. Although I try to stay focused on the task at hand, I have a hard time not getting distracted by the gorge-inducing discussions on hiring admission consultants for preschool at Sidwell Friends or today’s doozy on avoiding vaccinations. I couldn’t hold my tounge and had to respond to this:

I know that there is not currently clear scientific support for the autism theory or any other negative effects from the recommended vaccine schedule. But it just seems like a lot to me and with all the anecdotal evidence … I’d rather be safe than sorry, particularly since it doesn’t hurt anything to delay them.

with this:

Doesn’t hurt anything to delay them….unless your child dies.

There are several things that trouble me about this thread. One issue is the weighing of anecdotal vs. statistical evidence (and evaluation of risk), the second issue is ethical.

With regards to evidence and risk, the hesitation seems to be based on unsubstantiated ties to autism, or substantiated but rare adverse reactions. With respect to MMR, note that as recently as the 1989-1991, 123 children died from measles (“http://www.metrokc.gov/health/immunization/compare.htm”). In 1994, and outbreak leading to 294 cases started among skiers at Breckenridge, so it ‘snot just the hoi polloi who are susceptible (http://www.cdc.gov/mmwr/preview/mmwrhtml/00032422.htm). More outbreaks are listed at http://www.cdc.gov/nip/diseases/measles/history.htm#global

In contrast to the real chances of catching the disease, especially in DC with the large population of people travelling worldwide, the adverse reactions are in the 1 in 1,000,000 range (ibid, metrokc.gov). Frankly, if kids of DCUM aren’t getting vaccinated, then you should list that in your playgroup info so you stay away from each other. The risks from measles alone are real and the evidence is hard to deny.

The ethical issue regards herd immunity. If immunity rates are over 94% (http://en.wikipedia.org/wiki/Herd_immunity) then measles won’t be able to spread through a population. In the case where a vaccination poses a remote risk of side effects, it’s tempting to forgo the vaccination and rely on immunity of the herd to protect you. However, if the immunity level falls below a certain threshold (somewhere between 83% and 94%) then all the unimmunized are at risk. By choosing to delay or avoid a vaccine, you risk pushing the immunization rate below that threshold, and you are putting at risk just not your own child, but all those who could not get vaccinated or for whom the vaccine did not provide immunity. And that just seems wrong.

Disk cleanup aides

Again, some chatter at work that I wanted to note for

• Grand Perspective
• Disk Inventory X
• OmniSweeper
• AppZapper: find and destray application that haven’t been used in a long time
• Monolingual: remove localizations for unused languages
• Delocalizer: ditto

Setting localhost DNS for development sites (Mac OS X)

There’s been a discussion at work on how to get devlelopment sites, e.g. http://mysite.local, to resolve to 127.0.0.1. My colleague Ethan Winn passed along this:

#!/bin/sh

# usage:  make_vhost_dns.sh my_site.dev.local

sudo niutil -create . /machines/$1
sudo niutil -createprop . /machines/$1 ip_address 127.0.0.1
sudo niutil -createprop . /machines/$1 name $1
sudo niutil -createprop . /machines/$1 serves './local'
exit

That’s all

A colleague sent me the following list of his favorite Mac productivity enhancers (to which I’ve added *s if I’m already on board):

QuickSilver * http://quicksilver.blacktree.com/

AppZapper http://appzapper.com/

Hazel http://www.noodlesoft.com/hazel.php

CoconutWifi http://www.coconut-flavour.caom/coconutwifi/index.html

Cyberduck http://cyberduck.ch/

Free Ruler http://www.pascal.com/software/freeruler/

SpamSieve http://c-command.com/spamsieve/

iTerm * http://iterm.sourceforge.net/

Jumpcut http://jumpcut.sourceforge.net/

To this I would add:

TimeOut http://www.dejal.com

Actiontastic http://www.kaboomerang.com

A few years ago I crafted a little script for X11 that would lock me out of my system once an hour so I could stretch and refocus. Now that I’m working from home I’m in dire need of tools that help me to focus and relax and recenter.

So this week I did some searching on lifehacker, and sooned turned up TimeOut. TimeOut runs in the background, and can be set to provide mini-breaks and regular breaks at specified intervals. The way I have it set now, about ever yten minutes my screen fades to grey over about five seconds, then shows an eight second progress bar, then fades back into my work. Every hour I get a five mnute break.

What this does for me: every ten minutes I refocus my eyes and breathe deeply AND I ask myself: am I really doing something worthwhile, or have I gone off track (often, yes). The hour breaks keep me from taking unscheduled breaks, while making sure I get the break time I need.

All told, a great kick to my productivity and happiness.

Just a snippet for latter reference:

sudo -u apache -h nice svnadmin dump -r 18000:48135 //path/to//svnroot 2>fff.svnadmin.err | svndumpfilter—renumber-revs include sites/production/fff.org sites/devel/fff 1>fff.svndump 2>fff.dumpfilter.err &

As of today, I’ve restructure my work arrangment to 66% working from home for UCAR/NCAR , 33% working for EchoDitto. One thing I’ve found in the past is that my productivity can lag when I’m not in a traditional work environment, and working from home has led to weight gain and listlessness.

If I were insane, I’d do things the same way I had in the past, but I hope I’m not. So here’s how day one has gone:

• Got a good swim and bike in before work
• Set up a well lit office with lots of natural light and reasonable ergnomics (actualy, my chai sucks, my mouse is too low, and my second monitor is too old).
• Set up a sound system
• Warned my boys (at home with a nanny these days) of the dire consequences of intruding into my space
• Kept tabs of my work in real-time with the Harvest time-tracking app
• Wrote a short work week description to my bosses
• Kept my breaks short and focussed (morning coffee, lunch, afternoon snack)

  Still, I spent too much time following web trails, and not enough writing, writing, writing. So, since goals publicly stated are more likely to be realized than those that are not, I’ll use my blog for both some technical updates and productivity ones also. Now I’d write more but my nanny has to leave.