Tag Archives: FOSS

y2k10 bug: spamassassin might tag mail as spam

Leave a reply

[ This is bug affects only to people using the spamassassin spam filtering software ]

Fabian Arrotin reports about this spamassassin bug, which tags mails dated 2010 and later - as potential spam (increases its spam-score). This is not silly - many spammers use fictional (far past/future) dates, wishing their spam would stay in the top/bottom of the long list of mails.

This bug alone didn't cause false positives in my spam folder (only increased the score from 0.0 to 0.6), but in some configurations or situations it could happen.

The Fix

Continue reading

udev debugging toolbox

5 Replies

Ever wondered why a certain rule doesn't get run? Ever got confused (or disgusted) by udev rules format?

Well, despite all the udev clutter, there are many useful tools in the udev package, which help to understand udev's behavior and decision making. I'm still far from knowing all the tricks, but here are some things that I've learned recently:

Note: the udev tools got changed several times during the last 5 years. I'll cover here the latest version (149), and the older, RHEL/CENTOS5 version.

1. udevadm info: get all info available to udev about a certain device (or all devices):

# udevadm info -e (RHEL5: udevinfo -e)

Try it.. amazing, eh? You can use each detail to write udev rules to match these devices.

Continue reading

Sudo make me a sandwich

Leave a reply

Sudo

Q: How come "which ifconfig" (runing as a user) finds nothing, yet "sudo ifconfig" does work?

A: sudo has a compile-time parameter called with-secure-path, which sets a different PATH for the sudo environment. Debuntu secure path contains /sbin:/usr/sbin, and that's how it works. This feature gets two goals: convenience (no full path required for common root cmds) and security (ignoring potentially bad user PATH).

NOTE that RHEL doesn't use this option, and running "sudo ifconfig" there simply fails.

Q: How come sudo requests a password only on the first run?

A: Sudo has a nice mechanism for creating these "sudo session" things. After authentication, sudo creates a 'timestamp dir' (in /var/run/sudo on my Debian), then uses its date to check when the last successful authentication took place.

  • Session timeout is configurable, defaults to 15mins.
  • sudo -k kills this session by simply removing the timestamp dir.

All info is found in the sudo(8) and sudoers(5) manpages

Setuid and LD_LIBRARY_PATH

Just a quick insight from my workplace: to my surprise, a setuid binary deliberately ignores many environment variables such as LD_LIBRARY_PATH and LD_PRELOAD.

Security Shmecurity..

hostupd v0.92 is out: [DNS-updating helper tool]

2 Replies

Hostupd is a very simple perl script, which makes use of the Net::DNS module, to assist in updating DNS records dynamically.

Here's a sample hostupd command which adds both A and PTR records:

hostupd add myhost myip

on complex environments, it might not autodetect the zone and server ip:

hostupd add -s mynameserver -z myzone myhost myip

The the last commit took place on 2002 (when I was a perl newbie, it shows..). Today, 7 years later (wahhh!), I've found and fixed an annoying bug by a adding a single line.

RIP sysvinit, welcome upstart

1 Reply

After Ubuntu and Fedora, Debian also migrates to upstart.

To summarize the article in the previous link, the main reason for the change is that the kernel is now no more blocking on some hardware scans, and this might make some init scripts (e.g. fsck, network) start before the device is initialized. We now need an event-based init system, so the kernel could "tell" it when the device is ready. This is something that upstart is capable of.

Now I wonder if RHEL6 would inherit upstart from Fedora, this will mean a complete victory for upstart.

Avahi and other (relatively) new desktop technologies

Leave a reply

Every time when I try to sit and study, I find something better to do. This time it was playing with Avahi and some avahi clients such as pidgin, amarok, pulseaudio.

What is Avahi?

A free zeroconf implementation which is very common on Linux distros, just as Bonjour is Apple's zeroconf implementation. AKA multicast DNS (mDNS), and is probably similar to the Microsoft-backed UPnP.
Long story short: it allows discovering and resolving the available services on the LAN (if they're zeroconf-aware, of course)

How do I use Avahi?

  • Discovering: If the avahi daemon is installed and running, the magical command avahi-browse -a (might require the avahi-utils package) would query and display all the available services.
  • Resolving: the following weird hosts line in /etc/nsswitch.conf enables resolving through avahi (usually with the .local suffix, i.e. ping mymachine.local):

    hosts:          files dns mdns4_minimal [NOTFOUND=return]

Software using Avahi out of the box:

  • Pidgin: simply add a new Bonjour account, and you'll be able to instantly talk to your LAN-neighbors.
  • CUPS or other printer config frontends: find zeroconf-supporting printers on the LAN.
  • Amarok v2: automagically finds all DAAP-shares on the LAN (iTunes, for example). The bad news is: iTunes v7 and newer weren't yet reverse-engineered, so amarok cannot login to the most popular DAAP servers. Apple, why won't you give us a hand?
  • Pulseaudio: using the paprefs program, you can choose to share your sound devices and become zeroconf-discoverable. This means that people running the padevchooser program can find your sound card and redirect audio to/from yours.
    • It seems to require a wide bandwidth (couldn't find an option to lower the sound quality)
    • I've experienced some bugs which required restarting pulseaudio and other voodoo, in order to make things work.

bash evilness

Leave a reply

I've been trying to read a file in bash, and keep all the lines in a single variable, printing it at once after the loop:


all="EVIL_BASH"
cat /tmp/myfile | while read line; do
all="$all $line"
done
echo $all

However the output was only: EVIL_BASH, instead of having the lines of the /tmp/myfile appended.

WHAT THE HELL?

Because of the PIPE, the whole 'while' loop runs in another subshell. This means that $all outside the loop  is not the same $all from within the loop!

Sounds simply like scoping (as in perl), but a really awkward one. Beware.

Local issues

2 Replies

This is not a post of original content, I'm simply linking to interesting things I've read recently.

  1. Israel: Linux-IL mailing list is inspecting some weird phenomenon. Looks like 012 ISP is blocking SSH packets which are  sent abroad.
  2. Hebrew: this feature is too hidden.. Diego explains that how to enable left/right alignment switching by ctrl+shift. (Useful for RTL languages).  The "trick" works for QT, KDE (3+4) apps.

Weird CSS tricks

Leave a reply

I was quite surprised to find out these two interesting css "tricks":

  • Data urls: putting the data inside the CSS (inline).
  • CSS sprites: instead of loading many small images (one per item), it's possible to load one big image that contains them all.. then play with the offsets to get the right image.