Pas un Geek en tant que tel

For tonight I set myself a rather trivial task: install Debian on a remote server which I can only netboot grml on, and where I have no console access. I figured it wouldn't be too difficult. However, Debian figured that it would be best to throw any possible obstacle my way.

I booted into grml, set up the partitions and file systems (/dev/md0 as /boot, /dev/md1 with lvm and the root file system). Then I mounted them in place and ran debootstrap. However, debootstrap said the configuration phase of the packages failed. So I chrooted into the system and ran dpkg --configure -a.

Then, I figured that Debian prefers to leave the most important programs uninstalled, so I ran apt-get install less bzip2 pax openssh-server sysklogd grub-pc linux-image-2.6.32-5-amd64. However, grub-pc decided it doesn't want to install itself successfully. A manual run of grub-install fixed this glitch as well. Then I set up a root password, enabled root logins for now in the ssh configuration and configured /etc/fstab and /etc/network/interfaces. I added a netconsole to the grub configuration, just in case.

Then I figured it was time to test the system, so I rebooted. However, I never saw the system come up. Also, the netconsole didn't log a thing. So I booted back into grml, installed kvm and tried to boot the system, only to find grub saying:

error while parsing number

So I fixed the device paths and re-ran update-grub2. Then the system booted but still didn't respond to ping, and had nothing on the netconsole. So I booted grml and saw that there was finally at least a dmesg.0 file. This file contained a number of hints:

netconsole: eth0 doesn't exist, aborting.
e100: eth0: e100_request_firmware: Failed to load firmware "e100/dm101m_ucode.bin"

So I figured that apparently the Debianists no longer ship firmwares anymore. I found a package called linux-firmware in the non-free repository and installed it. Then I rebooted and received ping replies from the system, but ssh never came up, the connection remained refused. So I booted into grml and found all logs in the chroot to be empty:

grml# ls -l  
-rw-r----- 1 root adm 0 Aug 31 23:20 /mnt/vms-planck--root/var/log/messages
-rw-r----- 1 root adm 0 Aug 31 23:20 /mnt/vms-planck--root/var/log/syslog
-rw-r----- 1 root adm 0 Aug 31 23:20 /mnt/vms-planck--root/var/log/daemon.log
grml#

So I installed Dropbear and configured it to listen to port 2222, then rebooted. The system pinged, but ports 22 and 2222 remained refused. When running the system in kvm again, I discovered strange messsages though and found the root cause to be a popular debootstrap bug:

grml# cat /sbin/start-stop-daemon
#!/bin/sh
echo
echo "Warning: Fake start-stop-daemon called, doing nothing"
grml#

So I moved /sbin/start-stop-daemon.REAL back to /sbin/start-stop-daemon, but instead of typing reboot I accidentally typed poweroff, and now I have to wait for the hoster to flip the power switch of the server again before I can continue, so things will remain interesting.

I guess being bitten by debootstrap, defaults, grub, netconsole, firmware and start-stop-daemon on the same day was a bit too much. Time to watch V for Vendetta and go to bed.

Update: Note to those who didn't realize: no, I didn't watch the film, I just found it fitting.

Thorsten Glaser from Tarent added a number of nice quotes from PHP developer Rasmus Lerdorf to the PHP source code of Evolvisforge, the gforge clone of his company:

I have absolutely no idea how to write a programming language, I just kept adding the next logical step on the way.

gforge_base/evolvisforge/gforge/common/include/utils.php:1009

I was really, really bad at writing parsers. I still am really bad at writing parsers.

gforge_base/evolvisforge/gforge/common/include/minijson.php

I'm not a real programmer. I throw together things until it works then I move on. The real programmers will say "yeah it works but you're leaking memory everywhere. Perhaps we should fix that." I'll just restart apache every 10 requests.

gforge_base/evolvisforge/gforge/www/pm/t_follow.php

We have things like protected properties. We have abstract methods. We have all this stuff that your computer science teacher told you you should be using. I don't care about this crap at all.

gforge_base/evolvisforge/gforge/www/pm/t_lookup.php

I think people like Rasmus explain a lot about the poor design and the many implementation flaws of the PHP programming language.

Thanks as well to Benny Siegert who provided the quotes.

During this second quarter of 2010, I added a number of Cassandra related packages to the pkgsrc package collection. They will appear in the next quarterly branches. The following packages have been added:

• databases/apache-cassandra: Highly scalable, distributed structured key-value store
• databases/libcassandra: C++ interface to Cassandra
• databases/p5-Net-Cassandra: Perl5 module for accessing the Cassandra database
• databases/py-cassa: Python client library for Cassandra
• databases/ruby-activerecord-cassandra: ActiveRecord Cassandra adapter
• databases/ruby-cassandra: Ruby extension for Cassandra

Apache Cassandra is a next generation, No-SQL, non-relational distributed database. Unlike SQL databases, it behaves more like a key-value store and can store nested data structures. Cassandra is already in use by a number of large web sites, and has clients for a number of programming languages, like the ones mentioned above.

Since a lot of the world still evolves around PHP, and a friend of mine asked me to host a PHP based blog, I was confronted with a typical PHP application which, like all typical PHP applications, enjoys heavily writing to its installation directory and keeping its own configuration there.

Being the automation freak I am, I rolled an RPM package of the PHP application which installs it into /usr/share. Then, a Puppet rule creates an Apache vhost in /home/www and union mounts the shared installation into htdocs, with a vhost subdirectory named confdata as read-write layer.

It turned out I had better used NetBSD for the task. The only unionfs implementation available in CentOS 5.5 is fuse based and called funionfs. However, funionfs doesn't support SElinux contexts, so everything ends up in the context fusefs_t, leaving it inaccessible to Apache. A small SElinux module fixed that:

module serendipity 1.0;

require {
    type httpd_t;
    type fusefs_t;
    class lnk_file read;
    class dir { read write remove_name getattr create search add_name };
    class file { read write getattr create setattr rename };
}

#============= httpd_t ==============
allow httpd_t fusefs_t:dir { read write remove_name getattr create search add_name };
allow httpd_t fusefs_t:file { read write getattr create setattr rename };
allow httpd_t fusefs_t:lnk_file read;

This might not be the most secure solution but nothing other than Apache runs on this VM anyway, so I didn't care enough. It's still better than turning off SElinux entirely.

In order to allow the software to access the database, I had to flip another SElinux switch:

httpd_can_network_connect_db --> on

Now things almost worked. However, installing templates via the web interface does not, so I went on to investigate:

% cd /home/www/s9y.zrh.internetputzen.com/htdocs/templates
% mkdir test
mkdir: cannot create directory `test': No such file or directory
% ls -ld test
ls: test: No such file or directory
% touch test
touch: setting times of `test': File exists
% ls -ld test
-rw-r--r-- 1 root root 0 May 24 20:49 test
% rm test

It's impossible to create directories in the funionfs. Apparently it's some kind of bug. Creating the template in confdir worked but it means the web interface is not working.

Looking forward to aufs2 in later versions of CentOS.

Since I was searching for my nanoblogger RPM or .spec file for the third time now, I decided that now that I'm leaving SyGroup it's time to move my software development and packages to a well-defined place. As I recently saw the domain young-solutions.ch and as I'm the owner of ancient-one.ch, I figured it would be a nice fit to put it all on ancient-solutions.ch.

If you're expecting content there yet, you're a tad too early. The idea is merely a sketch at this point. So far my plans comprise an installation of Gitorious so I can migrate my projects away from Github to my own hosted place. Of course, bsdprojects.net was meant for this initially, but it's less private.

The current idea of the domain looks as follows:

The spec files etc. would eventually end up on git.ancient-solutions.ch.

Anybody got a cthulhu logo?

Yesterday and today I tried using an USB stick as a medium for installing Fedora 13 on my netbook (a HP Mini 110). In the course, I discovered a bug in liveusb-creator which appears to umount the target file system (type vfat) properly before running syslinux in order to install the boot code. As syslinux also scribbles on the device, the result is a botched file system.

Thinking I had found the cause of my problems, I went on to create my own bootable USB stick — unsuccessfully of course. The /boot partition, which is located at the beginning of the device, always remounted itself read-only when I tried to install the kernel or grub. Sometimes it even showed up as read-write in /proc/mounts, yet it wasn't writable. So I started looking for SElinux context problems — none.

Attempting to set an explicit SElinux context for the /boot partition upon mounting, I unmounted the /boot partition, only to get some terrible notifications in my dmesg:

 Mar 10 11:51:54 methusalix kernel: ext3_abort called.
 Mar 10 11:51:54 methusalix kernel: EXT3-fs error (device sdb1): ext3_put_super: Couldn't clean up the journal

Yet somehow, it was unmounted. I tried to mount the partition again, which yielded:

 Mar 10 11:56:24 methusalix kernel: journal_bmap: journal block not found at offset 12 on sdb1
 Mar 10 11:56:24 methusalix kernel: Aborting journal on device sdb1.
 Mar 10 11:56:25 methusalix kernel: __journal_remove_journal_head: freeing b_committed_data
 Mar 10 11:56:41 methusalix kernel: ext3_abort called.
 Mar 10 11:56:41 methusalix kernel: EXT3-fs error (device sdb1): ext3_journal_start_sb: Detected aborted journal

In the end, the file system was not mounted. Great. So I ran a file system check, which crashed with ”Too many errors in inode …“

So my next idea was to run badblocks, so I tried to umount the root partition of the new system on the stick, and got some more nice kernel messages:

 Mar 10 11:57:01 methusalix kernel: EXT4-fs error (device sdb2): ext4_mb_generate_buddy: EXT4-fs: group 0: 6936 blocks in bitmap, 7095 in gd
 Mar 10 11:57:01 methusalix kernel: JBD: Spotted dirty metadata buffer (dev = sdb2, blocknr = 0). There's a risk of filesystem corruption in case of system crash.
 Mar 10 11:57:01 methusalix kernel: JBD: Spotted dirty metadata buffer (dev = sdb2, blocknr = 0). There's a risk of filesystem corruption in case of system crash.

Mount returned ”umount: /mnt: device is busy.“ although lsof did not reveal any users of the file system. All I could do at this point was to reboot and run badblocks thereafter. After running for approximately 1 ½ hours, it finally displayed:

 3921914
 3921915
 3921916
 3921917
 3921918
 3921919
 done                                
 Pass completed, 798052 bad blocks found.
 tonnerre@methusalix:~% 

I don't think there's any rescue for this USB stick.

Login name: nobody                      In real life: Nobody
Directory: /nonexistent                 Shell: /sbin/nologin
Never logged in.
No Mail.
No Plan.
No Future.
No Past.
No Hope.

(Thanks to salo for this nice one)

In a FAQ (Frequently Answered Questions), people usually expect answers to the questions they might ask. Ubuntu is taking things to a new level there and simply repeats the question, adding a new one in the end:

Question: Ubuntu One Client FAQ #588: "My Account says that I have had an account for x months. What does this mean?"

Answer: The My Account page says that I have had an account for x months. This is confusing. What does it mean? Does this represent the age of my subscription?

Source

Thanks for clarifying, Matt Griffin!

Waiving parliamentary immunity appears to be a rather common case these days. Currently, the European Parliament is debating IMM/2009/2056 – Request for the waiver of parliamentary immunity of Roberto Fiore.

Usually, this type of activity is pretty rare. But in these days where everyone is talking about the democracy being under attack by terrorists and ministers of interior, such signs should be considered as a clear indication that something else is going wrong.

It should also be noted that I do believe more in the guilt of Fiore than I do in the guilt of Tauss, whose immunity has also been waived by the German Bundesrat. Tauss is being accused of possession of child pornographic material. However, this coincided strangely with his refusal to vote in favor of the party line. Also, incidentally, one of Tauss' working areas was the investigation of child pornography, so fabricating proof would be an easy task.

With these cases at hand we should all ask ourselves the question: what is really wrong in today's politics?

The very positive reactions to Merkels election campaign event in Hamburg were rather disturbing than anything else. At first it seemed funny that the crowd screamed out loudly ”Yeah!“ after the first sentence of Dr. Merkel (stating that the Berlin wall had been crushed 20 years earlier), but the schema continued: every sentence of Dr. Merkel was followed up with a ”Yeah“ by the crowd.

I can only recommend this type of flashmobbing in political campaigns. If it happens at more of Dr. Merkels lectures, people will notice.

In the end, it was all predicted by a visionary with an edding on an election ad:

• Youtube video of the flashmob action