Jeremy Mates’s Blog

Continuing the fine tradition of terrible Chess/Shogi mashups:

Technorati Tags: chess

Posted by Jeremy Mates at 02:06 | Permalink

Been playing chess online at Red Hot Pawn as thrig. Good website interface, and offers rated games, so you know roughly where you stand against other players.

For a great change of pace, try Shogi. Piece drops play an important role, unlike chess, and the different piece types and upgrading provides for interesting gameplay. Check out maka dai dai Shogi—the name surely the product of a great drinking session—for a crazy cast of characters.

Technorati Tags: chess

Posted by Jeremy Mates at 01:15 | Permalink

The \ character performs multiple functions in Unix shells. One less known use is to bypass shell aliases. For example, I use srm(1) by default, and revert to the insecure (yet much faster) rm(1) for large files that do not require secure deletion (install packages, in particular).

$ alias rm rm='srm -s -z'

Practice with echo(1) to get a feel for \command behavior.

$ echo test test $ alias echo='echo foo' $ echo test foo test $ \echo test test $ unalias echo

However, nothing stops \command from being an alias itself:

$ alias echo='echo foo' $ alias \\echo='echo bar' $ echo test foo test $ \echo test foo bar test $ \\echo test zsh: command not found: \echo

You can also create a \echo command, and so forth:

$ chmod +x ~/bin/\\echo $ cat ~/bin/\\echo exec echo $@ $ \\echo test test

Technorati Tags: Unix

Posted by Jeremy Mates at 02:22 | Permalink

Much code, even if bug free, will leave a system in an inconsistent state should the unexpected occur. The resulting mess often requires extensive time and effort fix. Once running again, the code is no more than a house of cards waiting the next bump to fly apart. Writing fault tolerant code should be considered in addition to bug and security flaw free code.

Technorati Tags: coding

Consider a single line of a longer installation script. This line creates a Unix symbolic link file to a configuration file that varies depending on the class of the system being installed on.

#!/bin/sh … ln -s $class_specific_configuration $config_link

The code works, and will set the link up properly the first time. However, on subsequent installs, undesired behavior may result, especially when the $class_specific_configuration target changes. In this case, the symbolic link target will remain pointed at the old configuration file. Depending on the installation script, the error may be unlogged or very difficult to find. Should the service fail, linking the failure to an untraceable script event will not be obvious.

In this case, forcing the link creation usually is the best option: no race condition that a rm $config_link; ln -s … imposes, and a desired link update should the destination change:

#!/bin/sh … ln -s -f $class_specific_configuration $config_link

Going beyond the forced link update, a better system would use a guarded command, where a boolean expression first checks whether an action is needed, and only if required applies a change, then checks that the required change has been applied.

#!/usr/bin/perl … if (!-e $config_link or ( -l $config_link and readlink( $config_link ) ne $class_specific_configuration ) ) { symlink $class_specific_configuration $config_link; # TODO check if symlink has proper target… }

This method has the advantage of doing nothing if nothing need be done, and checking that the desired result took place. If similar logic is used throughout the script, the script may be run multiple times without adding duplicate lines to a configuration file or mounting a filesystem twice.

Downside: hard to write all the error handling and proper boolean expressions in advance. The Commands::Guarded Perl module greatly helps writing code in this style, and includes excellent discussion in the rationale section of the documentation. Other options include CFEngine, which follows a similar methodology when creating a link that is not exposed in the policy definition:

#!/var/cfengine/bin/cfagent -qKf … links: any:: ${config_link} ->! ${class_specific_configuration}

Additional background material:

• EWD472: Guarded commands, non-determinacy and formal. derivation of programs - Dijkstra’s article on guarded commands.
• Normal Accident Theory.
• Self-stabilization in Computer Science.

However, I do use goto on occasion. :)

Posted by Jeremy Mates at 02:43 | Permalink

Use replay-log to play back Unix syslogd(8) logs at the original, increased, or random speed. Logs sent to standard output. The logger(1) utility can resubmit these logs to syslogd(8), or the output can be used to test sec.pl rules. Examples:

• Replay logs from /var/logl/messages:

  $ replay-log < /var/log/messages

• Replay logs with three second random delay instead of actual delays present in the logs:

  $ < /var/log/messages replay-log -r 3

• Speed up literal playback:

  $ replay-log -f 3600 < /var/log/messages

• Send sshd logs to a named pipe, and read them with sec.pl:

  $ mkfifo logfile $ grep sshd < /var/log/messages \ | replay-log -f 1000 -o logfile & $ sec.pl --conf=sshd.conf --input=logfile

Technorati Tags: Perl, Unix

Posted by Jeremy Mates at 03:30 | Permalink

#!/bin/sh FILE=$1 ls $FILE

The above Bourne shell code works as expected, until a filename with a space enters the equation. Then things fall apart:

$ cat test # !/bin/sh FILE=$1 ls $FILE $ sh test /etc/passwd /etc/passwd $ touch "a file" $ sh test "a file" ls: a: No such file or directory ls: file: No such file or directory

Harmless in this test case: the script fails with an somewhat decipherable error. At worst, highly unexpected and unlogged behavior ensues. For example, an install script shipped with iTunes 2.0 ran into this problem, and sometimes erased entire disks.

An ugly workaround entails quoting anything that might be affected by this problem:

#!/bin/sh FILE=$1 ls "$FILE"

One could also mess with the IFS variable, though that change would affect all sorts of operators that act on IFS delimited data.

I instead favor Perl over shell code, which has the benefit of avoiding the shell (excepting various unsafe functions detailed in perlsec), and offering testable code through the -c command line argument and various test modules, such as Test::More.

A quoting gotcha aside, too many scripts (for the Bourne shell or other languages) suffer from a lack of test driven development. If possible, move code to modules, where each routine may be tested, in addition to sets of routines and then the entire script. Fragile black boxes that only offer inputs and outputs with no insight into the various substeps will never be as safe.

Technorati Tags: coding, Unix

Posted by Jeremy Mates at 06:34 | Permalink

Thanks to the Energy Policy Act of 2005, United States computers must account for the altered daylight savings time shifts. Systems that use UTC (and the misnamed gmtime(3) system call) instead of a local timezone that wanders will not be affected. On Unix, the fix should be as simple as deploying an updated timezone file.

If possible, always run Unix systems in UTC, though converting existing systems or ensuring UTC is used properly by all applications may be time consuming and expensive to implement. On known conversion problem: a system runs in UTC, and starts an application in UTC. A user with a custom timezone set restarts the application via sudo, causing the application to run under their custom timezone. Hilarity ensues.

Tweaking sunrise and sunset to save energy, while providing kickbacks to the oil industry, all while vehicles still guzzle down insane amounts of fuel: your friendly local government hard at work.

On a somewhat related note, TLS (the protocol formerly known as SSL) stops working in 2038 due to the use of a 32-bit Unix time value. But that’s years away. No need to worry!

Posted by Jeremy Mates at 06:43 | Permalink

$ A g₆₄ g₆₄ Segmentation fault

Posted by Jeremy Mates at 05:44 | Permalink

Contrary to my previous (untested!) expectations, the close(2) system call does not issue an error when closing a file on a full filesystem. Running writetest.c on Mac OS X results in fflush(2) throwing the error, and no error from the close statement.

$ writetest /Volumes/test/file error: problem flushing: file=/Volumes/test/file, errno=No space left on device $ df `pwd` Filesystem 512-blocks Used Avail Capacity Mounted on /dev/disk2s2 1032 1032 0 100% /Volumes/test

Programs, if paranoid, should check each flush or print statement (depending on the language), or checksum the data in memory, then verify what actually ends up in a temporary file, before an atomic rename(2) moves the data into place. System monitoring should also alert on high disk space use, as odds are not all programs behave properly when the disk is full. Or perhaps legal requirements frown on missing logs resulting from negligent disk space management.

Technorati Tags: close(2), coding, Unix

Posted by Jeremy Mates at 02:39 | Permalink

Wrote mathu a while back, when could not find a good (free) command line tool to perform quick calculations, such as:

$ cat input 7 4 2 5 $ mathu sum < input 18 $ mathu basic < input count 4 max 7 mean 4.5 min 2 sdev 1.8 sum 18

An updated tool could perhaps use Statistics::Basic or other module on CPAN to handle the heavy math lifting.

Technorati Tags: Perl

Posted by Jeremy Mates at 17:18 | Permalink

<style> allows remote CSS inclusion via @import and thus (in theory) workaround RSS missing the otherwise <link> included stylesheet information set in the HTML header section RSS lacks, being XML infested.

<description> <style type="text/css"><!-- @import url(…); --></style><$MTEntryBody encode_xml="1"$> </description>

Technorati Tags: CSS

Posted by Jeremy Mates at 04:47 | Permalink

Recently finished up book three of the Halfblood Chronicles, Elvenborn. Much stronger text than second in series, especially the conclusion and foreshadowing for a hopeful fourth text. First book The Elvenbane remains best in series for me. Overall, a light entertaining read.

Posted by Jeremy Mates at 03:11 | Permalink

The USDA National Nutrient Database grants access to actual nutritional data, far better than the nearly useless food labels: the 20% RDA for Iron in Teff might be correct, if you’re a 2,000 Calorie reference human, unlike the rest of us. Not the best interface on both the nutrient website and product labels. What would be really nice would be a UPC indexed database of foodstuffs. Then simply wander around with a bar code scanner, with a PDA hosting personalized nutritional data—exact iron content in micrograms, glycemic index if diabetic, or any new concern too expensive to reprint—plus the usual profile (carbs and whatnot).

Additional code could suggest food to meet some nutrient goal, with the inevitable “Hi! I see you’re trying to induce Iron poisoning! Can I help?” software flaws.

Technorati Tags: food

Posted by Jeremy Mates at 16:29 | Permalink