I just emailed my MP the following letter:

Dear David Lepper,

I would just like to thank you for signing Auston Mitchell’s Early Day
Motion 1155 Photography In Public Areas. I have been increasingly
concerned with reports of police action against innocent photographers,
including most recently a man assaulted by several security guards in
Stoke (http://www.flickr.com/photos/happyaslarry/2420960125/). I’m sure
you appreciate Brighton’s reputation as an artistic city and your
support for this motion shows your continued support for the
photography community in Brighton.

Yours sincerely,
David Pashley

If your MP hasn’t signed this EDM, I recommend you contact them to urge them
to sign it and if they have, contact them again to thank them.

Archive::Tar
is a useful library for working with tar archives from Perl.
Unfortunately, one thing it doesn’t allow is using data from memory as
the archive. From the TODO section:

Allow archives to be passed in as string

Currently, we only allow opened filehandles or filenames, but not
strings. The internals would need some reworking to facilitate
stringified archives.

Fortunately, it does allow you to use a filehandle. I’ve previously
mentioned
about how useful the IO::Handle subsystem in perl is. And we
should be able to use it in this case. The module we’ll want is
IO::String, which is a IO::Handle over a perl scalar. We can use it:

my $tar = new Archive::Tar(new IO::String($data));

Unfortunately when we run this now we get:

Cannot read compressed format in tar-mode at Foo.pm line 41
No data could be read from file at Foo.pm line 41

It turns out that this is because Archive::Tar uses IO::Zlib
internally if the file isn’t uncompressed, but this doesn’t provide the
ability to uncompress from a filehandle. The answer is to uncompress the
data before passing it to Archive::Tar and the easiest way to do this is
to use the IO::Uncompress::Gunzip module, so we can rewrite our code
to:

my $tar = new Archive::Tar(new IO::Uncompress::Gunzip(new IO::String($data)));

Now when you run the script, Archive::Tar has an uncompressed tar
stream. Yet another situation where IO::Handles comes to the rescue.

Because I always forget when I need to create a new class in
perl:

package Foo::Bar;

use strict;
use warnings;

sub new {
   my $this = shift;
   my $class = ref($this) || $this;
   my $self = {};
   bless $self, $class;
   $self->initialize(@_);
   return $self;
}

sub initialize {
   my $self = shift;
}

1;

If you have any useful additions I’d love to know.

Regular viewers will know that I don’t think favourably of MySQL.
Here is yet another reason. Let’s create an InnoDB table:

mysql> CREATE TABLE `User_` (
mysql> ...
mysql> ) ENGINE=InnoDB DEFAULT CHARSET=latin1;

Query OK, 0 rows affected, 1 warning (0.04 sec) 

One warning, but we’re running this as part of an import, so we’ll
fail to spot this and even if we did, we wouldn’t be able to get it back
out of mysql because SHOW WARNINGS only shows the last command.
So let’s look at the table we just created:

mysql> show create table User_G
*************************** 1. row ***************************
       Table: User_
Create Table: CREATE TABLE `User_` (
...
) ENGINE=MyISAM DEFAULT CHARSET=latin1
1 row in set (0.00 sec)

Eh? what’s going on? We asked for InnoDB, but have got a MyISAM
table. Lets look at the engines available.

mysql> show engines;
+------------+----------+----------------------------------------------------------------+
| Engine     | Support  | Comment                                                        |
+------------+----------+----------------------------------------------------------------+
| MyISAM     | DEFAULT  | Default engine as of MySQL 3.23 with great performance         |
| MEMORY     | YES      | Hash based, stored in memory, useful for temporary tables      |
| InnoDB     | DISABLED | Supports transactions, row-level locking, and foreign keys     |
| BerkeleyDB | NO       | Supports transactions and page-level locking                   |
| BLACKHOLE  | NO       | /dev/null storage engine (anything you write to it disappears) |
| EXAMPLE    | NO       | Example storage engine                                         |
| ARCHIVE    | YES      | Archive storage engine                                         |
| CSV        | YES      | CSV storage engine                                             |
| ndbcluster | DISABLED | Clustered, fault-tolerant, memory-based tables                 |
| FEDERATED  | YES      | Federated MySQL storage engine                                 |
| MRG_MYISAM | YES      | Collection of identical MyISAM tables                          |
| ISAM       | NO       | Obsolete storage engine                                        |
+------------+----------+----------------------------------------------------------------+
12 rows in set (0.00 sec)

Oh, so innodb has been disabled. We can fix that easily by removing
skip-innodb from my.cnf.

root@cmsdb01:/var/log# grep skip-innodb /etc/mysql/my.cnf
root@cmsdb01:/var/log#

But hang on a second, that’s not in the config file. What’s going on?
It turns out that the reason InnoDB is disabled is because of the
innodb_log_file_size setting not matching the files on disk.

root@cmsdb01:/var/log# grep innodb_log_file_size /etc/mysql/my.cnf
innodb_log_file_size            = 512M
root@cmsdb01:/var/log# ls -lh /var/lib/mysql/ib_logfile*
-rw-rw---- 1 mysql mysql 5.0M 2006-12-19 18:39 /var/lib/mysql/ib_logfile0
-rw-rw---- 1 mysql mysql 5.0M 2006-12-19 18:39 /var/lib/mysql/ib_logfile1

Rumour has it that you can just stop MySQL, delete these log files
and start MySQL again. I’m yet to try this as the server in question is
in production use. The alternative is to change the
innodb_log_file_size setting to match the file.

So in summary the problems with MySQL are:

  • Not logging warnings anywhere useful.
  • Converting engine types with a warning rather than throwing an
    error. This can be fixed by setting sql_mode to include
    NO_ENGINE_SUBSTITUTION.
  • Starting up and disabling InnoDB when there is a problem rather than
    failing to start, giving a false impression that everything is
    working.

MySQL has not impressed me this week.

Unfortunately I live in the UK, where 6 months of the year, the time
is GMT. Now is the time of year when I discover which of my servers don’t
have the right timezone configuration and show the wrong time during
daylight saving. For future reference, here’s how
to set the timezone to Europe/London rather than UTC.

root@cms01:/tmp/openssl-0.9.8g# date
Mon Mar 31 08:23:35 GMT 2008
root@cms01:/tmp/openssl-0.9.8g# tzconfig
Your current time zone is set to GMT
Do you want to change that? [n]: y

Please enter the number of the geographic area in which you live:


   1) Africa         7) Australia

   2) America        8) Europe

   3) US time zones     9) Indian Ocean

   4) Canada time zones    10) Pacific Ocean

   5) Asia           11) Use System V style time zones

   6) Atlantic Ocean    12) None of the above


Then you will be shown a list of cities which represent the time zone
in which they are located. You should choose a city in your time zone.

Number: 8

Amsterdam Andorra Athens Belfast Belgrade Berlin Bratislava Brussels
Bucharest Budapest Chisinau Copenhagen Dublin Gibraltar Guernsey Helsinki
Isle_of_Man Istanbul Jersey Kaliningrad Kiev Lisbon Ljubljana London
Luxembourg Madrid Malta Mariehamn Minsk Monaco Moscow Nicosia Oslo Paris
Podgorica Prague Riga Rome Samara San_Marino Sarajevo Simferopol Skopje
Sofia Stockholm Tallinn Tirane Tiraspol Uzhgorod Vaduz Vatican Vienna
Vilnius Volgograd Warsaw Zagreb Zaporozhye Zurich

Please enter the name of one of these cities or zones
You just need to type enough letters to resolve ambiguities
Press Enter to view all of them again
Name: [] London
Your default time zone is set to 'Europe/London'.
Local time is now:      Mon Mar 31 09:23:48 BST 2008.
Universal Time is now:  Mon Mar 31 08:23:48 UTC 2008.

More information is available in the Debian
System Administrator Manual
.

Recently, we rolled out a Shibboleth Single Sign On
service to protect one of our services. However, we started recieving
intermittant login failures, both on our automated monitoring and from
customers. Curiously these failures tended to happen mostly in the
evening, which isn’t a peak time for us. Debugging showed that the
authentication worked, but the authorisaton was failing. Shibboleth
works as an apache module and daemom that protects a service, which
communicates with a webservice that does the authenication processing.
The log files were showing an occasional SSL error in this communcation
link.

INFO shibtarget.SessionCache [43005] sessionGet: trying to get new attributes
      for session (ID=_d0cd2f93840bb92050b28fa73d19ce4f)
INFO SAML.SAMLSOAPHTTPBinding [43005] sessionGet: sending SOAP message to
      https://login.example.com/shibboleth/AA
ERROR SAML.SAMLSOAPHTTPBinding [43005] sessionGet: failed while contacting
      SAML responder: error:1408F06B:SSL routines:SSL3_GET_RECORD:bad
      decompression
ERROR shibtarget.SessionCache [43005] sessionGet: caught SAML exception
      during SAML attribute query: SOAPHTTPBindingProvider::send() failed
      while contacting SAML responder: error:1408F06B:SSL
      routines:SSL3_GET_RECORD:bad decompression
ERROR shibtarget.SessionCache [43005] sessionGet: no response obtained

We didn’t manage to find any suitable solutions on the internet, so
we pulled out the trusty wireshark and started looking to see what was
going on. We could see that the client was advertising deflate and null
compression, and that the server was responding by asking for deflate
compression. However the client would then claim that there was a
decompression error in the servers response. This opened a few lines of
enquiry. I made sure that both ends of the connection were running the
same version of OpenSSL and they were both using 0.9.8a from Ubuntu
Dapper. Interestingly 0.9.8a is the first version that had compression
support. We found a couple of suggestions including forcing connections
to be SSL2, which lacked compression or recompiling openssl without zlib
support. As the former was easier, we tried that first by putting

SSLCipherSuite SSLv2:-LOW:-EXPORT:RC4+RSA

in /etc/apache2/mods-enabled/ssl.conf as suggested by Debian
bug #338008
, and this seemed to work for around an hour. Packet
sniffing showed that it was still negotiating SSL3 including deflate
compression. Clearly we had to try something else.

Rather than recompile OpenSSL without zlib support, I thought I’d try
upgrading the version of OpenSSL to something later in case that fixed
the decompression bug. the version in Hardy is 0.9.8g, which sadly
required recompiling and disabling the Ubuntu change to enable
-Bsymbolic-functions during linking. Installing this on the
client end didn’t fix the problem, however installing it on the server
end seemed to fix it. So far it’s been running for 24 hours without an
error, so fingers crossed that this has fixed it for good.

#tag Debian,Java,gotchas,debconf

Installing the Sun Java packages on Debian or Ubuntu require to you
accept Sun’s license before you can install them. This means that it’s
not easy to install non-interactively, for example when using
pbuilder. Fortunately the license uses
debconf to check to see if you have already accepted the license. This
means you can use debconf to accept the license before you install the
packages. Create a file containing the following lines:

sun-java5-jdk shared/accepted-sun-dlj-v1-1 select true
sun-java5-jre shared/accepted-sun-dlj-v1-1 select true
sun-java6-jdk shared/accepted-sun-dlj-v1-1 select true
sun-java6-jre shared/accepted-sun-dlj-v1-1 select true

Then run /usr/bin/debconf-set-selections <file> and
when you install the java packages, you should find it doesn’t prompt
for the license any more.

By default, warnquota sends out emails with the device name in the
message, which probably doesn’t make much sense to most non-technical
users.

Hi,

We noticed that you are in violation with the quotasystem
used on this system. We have found the following violations:


/dev/mapper/Ubuntu-home

                        Block limits               File limits
Filesystem           used    soft    hard  grace    used  soft  hard  grace
/dev/mapper/Ubuntu-home
               +- 1044404 1000000 1200000  6days    1781     0     0

You can improve this by using /etc/quotatab to assign a more
meaningful name to the partition:

/dev/mapper/Ubuntu-home:user directory
/dev/mapper/Ubuntu-shared:shared area

I’ve been running Hardy on my workstation for a while and had
recently noticed that I was failing to type a space after “I”. I was
doing it far too much for it to just be me failing to press the space
bar properly, and it wasn’t happening after any other letter. After a
little bit of experiementing, I discovered that something was eating
shift-space. What was happening was that I was failing to release the
shift key quick enough after typing “I” and before I hit the space bar,
so it wasn’t getting passed on.

Turns out that the problem was a recent update of Hardy installed
SCIM, which uses
shift-space as a keyboard shortcut. To turn it off, load the SCIM Setup
program and go to the FrontEnd Global Setup screen and remove
“Shift+Space” from the Trigger hotkey.

Caused confusion for a few minutes. 🙂