warning: Creating default object from empty value in /home/gwolf/drupal6/modules/taxonomy/ on line 33.

Mátalo, luego virigüas (roughly: Kill him, ask questions later)

Submitted by gwolf on Fri, 01/16/2009 - 19:13

The phrase on this title is often attributed to Pancho Villa (1878-1923), Mexican Revolution leader. He had a fame of cruelty, killing suspects before even questioning them.
Today, it started as a very nice day. I had even time in the morning to find, fix, upload and send upstream a trivial bug in libgruff-ruby... At 11:00, I left the Institute as my father came to the city to do some paperwork... We sat having a cup of coffee in a restaurant near the office we had went to at around 12:00, and my phone rang.
And it was from work. That's never a good sign. My boss told me he was facing a massive virus infection, and decided to disconnect the firewall. I corrected him - that will do no good once the virus is in our system, if you want to disconnect anything, disconnect all of our switches.
Came back, and found him and my coworker stunned and not knowing what to do. He says, the antivirus alarm went off almost simultaneously on the two computers he had on his desk, and in few minutes over 15 computers all over the Institute were ill. The symptoms? Programs not showing up in the taskbar, copy/paste functionality b0rken, many programs misbehaved or just didn't open... They were grimly facing a complete recovery operation they have grown used to: The whole OS has become corrupted or destroyed, we will have to open the computer, extract the HD, install it elsewhere, back it up, reinstall OS and applications, restore the backup. Yes, I know too many extra steps are included here, but I have come to accept their ways of dealing with Windows. Nobody says dealing with Windows is fun. I like my work to be fun, so I stay clear of theirs.
I insisted on turning back one one of the switches, the one for the servers and my machine (and some more in the same physical area). OK'd. But they didn't want to switch on any other switch, so a traffic capture (tcpdump / wireshark) led nowhere - but at least it gave my my Google back.
They have configured the antivirus software we deploy to all of the Windows machines in such a way that it deletes upon sight any malware - And when they manually scan, they blindly hit Delete whenever anything is found as well. Of course, no infected binary was left alive for me to inspect, and the machines were dead. But I was able to glimpse at the name of the deleted file: rpcss.dll.
After googling a bit - Bliss! Joy! I found the answer. So here is the set of interactions, and how they led to this killing spree. Please remember I am a Windows newbie and speak just out of guesswork.

  1. This is a fast-spreading virus. My friend Rubén at DGSCA suggest it might be related to this report submitted today; at Barrapunto there is a thread about another virus that appeared four days ago, infected 1.1 million Windows machines on its first day, and so far is around the ninth million. Update: Equivalent thread at Slashdot, for the Spanish-impaired.
  2. The virus infects at least two copies of a system binary: %system32%\rpcss.dll and \Windows\ServicePackFiles\i386\rpcss.dll. Windows uses the second one to restore the first one in case it is damaged, if I understood correctly.
  3. The antivirus does not detect the infection when the library files are written, but when they are linked, so it only spots it the next time %system32%\rpcss.dll is brought into memory.
  4. This is a very common library - It takes care of, well, RPC. So, quite probably, this file will be linked again on the next program launch - or accessed when a running program requires anything not currently in RAM? Dunno. The thing is, the library gets linked.
  5. The antivirus will happily tell you it has killed a threat! Your nice RPC library is now defunct. ¡Mátalo, luego virigüas!
  6. So, of course, notifying the taskbar of a new window appearing, or clipboard actions, or whatnot will refuse to work.
  7. Machine restart, full system scan requested. The antivirus finds de second copy of this library in the master directory (\Windows\ServicePackFiles\i386). The virus used this location so that Windows won't restore a clean version over it. But yes, it will fall again under the claws of the antivirus... I guess. Anyway, the antivirus offers to delete this file as well, and does so.
  8. User is desperate. My coworkers are desperate. I am... mildly annoyed?

Once I found this line of thought... I went to a working machine, inserted my flash memory, and copied %system32%\rpcss.dll to it. Went back to a sick machine, and ran cmd. Then, it was just matter of copy f:\rpcss.dll c:\windows\system32, a simple reboot (it never hurts to reboot in Windows!), and problem solved!
Oh, as a side rant: I find it extremely annoying and sad that many people I know, sometimes with more experience as a computer operator/supporter than what I have of experience as a living human being, are so scared of using a command-line interface. They were dismayed at seeing no drag-and-drop and no copy/paste functionality were available! copy is not an option.
Anyway... Today was an experience on how a simple, mostly-harmless and quite-fertile virus is able to be terribly magnified by the presence of a trigger-happy antivirus.
Why won't they give themselves a chance to try something else? Say, GNU/Linux? :-/

( categories: )

Hyperdimensional strings

Submitted by gwolf on Wed, 01/14/2009 - 17:41

I am stunned no more people have been bitten by this. Or at least, the Intarweb has not heard about it. Censorship perhaps? I haven't researched more into the causes, but anyway...
I was pushing a project I have had lingering for some time from Rails 2.0.x to 2.1.x (yes, 2.2 is already out there, but 2.1 is the version that will ship with Lenny) - The changes should not be too invasive, as it is a minor release, but there are some quite noticeable changes.
Anyway... What was the problem? Take this very simple migration:

  1. class CreatePeople < ActiveRecord::Migration
  2. def self.up
  3. create_table :people do |t|
  4. t.column :login, :string, :null => false
  5. t.column :passwd, :string, :null => false
  6. t.column :firstname, :string, :null => false
  7. t.column :famname, :string, :null => false
  8. t.column :email, :string
  10. t.column :pw_salt, :string
  11. t.column :created_at, :timestamp
  12. t.column :last_login_at, :timestamp
  13. end
  14. end
  16. def self.down
  17. drop_table :people
  18. end
  19. end

The problem is that PostgreSQL refuses to create a hyperdimensional string field. I offer this here to you, line-wrapped by me for your convenience.
  1. PGError: ERROR: syntax error at OR near "("
  2. LINE 1: ...serial PRIMARY KEY, "login" character varying(255)(255) NOT ...
  3. ^
  4. : CREATE TABLE "people" ("id" serial PRIMARY KEY,
  5. "login" character varying(255)(255) NOT NULL,
  6. "passwd" character varying(255)(255)(255) NOT NULL,
  7. "firstname" character varying(255)(255)(255)(255) NOT NULL,
  8. "famname" character varying(255)(255)(255)(255)(255) NOT NULL,
  9. "email" character varying(255)(255)(255)(255)(255)(255) DEFAULT NULL NULL,
  10. "pw_salt" character varying(255)(255)(255)(255)(255)(255)(255) DEFAULT NULL NULL,
  11. "created_at" timestamp DEFAULT NULL NULL, "last_login_at" timestamp DEFAULT NULL NULL)

Beautiful. Now I can store strings not only as character vectors, but as planes, cubes, hypercubes, and any other hyperdimensional construct! Are we approaching quantum computers?
What is really striking is that... I found only one occurrence on tha net of this bug - one and a half years ago, in Ola Bini's blog. No stunned users looking for the culprit, no further reports... Strange.
Still, the bug was fixed in Rails 2.2 about half a year ago, although not in revisions of earlier versions. I will request the patch to be applied to earlier versions as well. Sigh.

( categories: )

Three ways to type a space

Submitted by gwolf on Wed, 12/17/2008 - 12:55
Three ways to type a space

Say... Is this by any chance a keyboard specifically laid out for writing Python?
(Seen in a terminal at the José Vasconcelos library, central Mexico City)

( categories: )

5 million breakfasts a day?

Submitted by gwolf on Wed, 12/17/2008 - 12:38
5 million breakfasts a day?

Our municipal (Coyoacán, Mexico City) government announces 5,147,000 breakfasts are served daily in the Coyoacán public schools.
Sounds great, doesn't it?
...Until you remember Coyoacán has only 628,000 inhabitants. I'd venture to say, 100,000 children in public schools can be a decent figure. So... Is the government forcing each child to eat 51 breakfasts a day?
Truth to be said: A week after the advertisement appeared, it was replaced by other, more believable figures: Over 5 million school uniforms given to the students for free. And now it mentions Distrito Federal, which contains Coyoacán - The total DF population is around 9 million people (from the ~25 million that live in the metropolitan area), say 3-4 million kids in school age, lets assume 2.5 million of them go to public schools. Two uniforms per kid. Sounds possible.

( categories: )

License to steal?

Submitted by gwolf on Wed, 11/26/2008 - 17:15
License to steal?

Seen in the "Universum: Museo de las Ciencias" library:
This hall has an anti-robbery safety system. Avoid it.

( categories: )

Familar poetry

Submitted by gwolf on Wed, 11/26/2008 - 14:02

I love it when a lack-of-humor and lack-of-appropriateness-originated flamewar causes somebody to point me towards a very nice display of intelligent humor. Specially when it is so close to me, to my roots, to my family and my personal history. FWIW, for several years, while I was a BBS user, I used WereWolf as my nickname. Great thanks to Frank Küster - and, of course, to Christian Morgenstern.

The Werewolf - English translation by Alexander Gross

A Werewolf, troubled by his name,
Left wife and brood one night and came
To a hidden graveyard to enlist
The aid of a long-dead philologist.

"Oh sage, wake up, please don't berate me,"
He howled sadly, "Just conjugate me."
The seer arose a bit unsteady
Yawned twice, wheezed once, and then was ready.

"Well, 'Werewolf' is your plural past,
While 'Waswolf' is singularly cast:
There's 'Amwolf' too, the present tense,
And 'Iswolf,' 'Arewolf' in this same sense."

"I know that--I'm no mental cripple--
The future form and participle
Are what I crave," the beast replied.
The scholar paused--again he tried:

"A 'Will-be-wolf?' It's just too long:
'Shall-be-wolf?' 'Has-been-wolf?' Utterly wrong!
Such words are wounds beyond all suture--
I'm sorry, but you have no future."

The Werewolf knew better--his sons still slept
At home, and homewards now he crept,
Happy, humble, without apology
For such folly of philology.

( categories: )

Almost 0.5Mbugs

Submitted by gwolf on Thu, 09/18/2008 - 10:07

I was already used to regularly receiving Bubulle's bug 500000 contest reports. Lately, he has been busy pushing translators to get d-i in shape - But expect notices from him soon! Right now, we sit at 499416 bug reports so far registered in the Debian BTS. We are really close to the half megabug mark!

( categories: )

Long time without biting... But the name is:

Submitted by gwolf on Fri, 09/12/2008 - 11:35

I stopped playing so-called memetic games a long time ago. But I liked this one - Thanks to Nicolás Valcarcel.
So, what are the current names?

aikoa (temporary name, /methinks)
Work desktop
Home server
cajita (yes, not very imaginative - it's a Mac Mini)
Main work server
Virtualization host
Work firewall

Other current machines have much less exciting names. Some of the older machines I have named (and with which I worked enough time to remember them) include shmate, lactop, conetontli, tepancuate, tlamantli... And many other long forgotten.
Oh, and... About a pattern? No, don't try to find it. Of course, if you do find it, I'd be delighted to know! :)

( categories: )

Freedom itches

Submitted by gwolf on Fri, 06/13/2008 - 20:43

In this Free Software movement we have many mottos - One of which, describing what motivates us to work writing code, is scratch where it itches.
Of course, I could not keep it to myself - Almost a week ago, I took part of the World Naked Bike Ride. What I didn't tell you... Is that it became obvious I cannot reach most of by back - And it's because I'm mostly careless. When the WNBR started, it was still quite cloudy, even starting to rain... so I was mostly careless.
If you opened the newspaper PDF I attached to my previous post, you'll surely remember (not an easy sight to get out of your head, I guess) I had painted on my back "Vehículo libre de emisiones" - Emissions-free vehicle (and yes, it's strictly true: My bike is zero emissions. The animal riding it might not be... But that's a different story). Add incomplete sunblock to the equation, and...

Were it not for the poor lighting conditions under which I took the photo, you'd clearly appreciate the words "libre de" on my back.
And... Well, one week later, my freedom itches.

( categories: )

Cooking itchiness

Submitted by gwolf on Sun, 05/04/2008 - 10:35

Every now and then, I want to understand a bit better English. Today, when Joeyh mentioned nettle soup, I had to ask Wikipedia what a nettle is. And Joey, no wonder it itches... It refers to around 45 species of genus Urtica in the family Urticaceae - In Spanish, of course, urtica is known as ortiga, or as blind person's herb, as even a blind person will quickly recognize it to touch - Touching it will cause the apt-named urticaria, which Joey seems to have discovered and learnt to fear. At least in Spanish, urticaria is generalized and used to call all kinds of skin diseases.
It happens to be a very common plant in the area I live and dwell in (the ecological reserve REPSA spans a good portion of the University, and limits my neighbourhood), a large extension of Southern Mexico City where the lava of the small Xitle volcano covered everything, rendering a good portion of the Mexico City valley unfertile, known as malpaís (badland, literally).
Anyway... I don't think I'll rush to cut some ortigas and make them into soup, as both Joeyh and Wikipedia (Spanish and English versions) suggest. But it is always an option, having so many fine specimens around.
This posting serves no other purpose than to show my appreciation to the Mexico City Area

( categories: )

Password security, data safety - A government perspective

Submitted by gwolf on Thu, 04/24/2008 - 17:38

One week ago, I went to a branch office of Servicio de Administración Tributaria, the government office in charge of processing taxes. This year, I plan on doing something quite bold, as my Mexican friends will acknowledge: I will prepare my (quite simple, I hope) tax declaration by myself. I do not want to be held hostage of the accountant guild - So I might end doing some fuckup which in the end costs me money or time. I hope it is not the case.
Anyway... Last week I went to this office, as I needed either a CIECF (Clave de Identificación Electrónica Confidencial Fortalecida - Strengthened Confidential Electronic Identification Key) or a FIEL (Firma Electrónica Avanzada - Advanced Electronic Signature). No, please don't believe it is a security token, a card with printed numbers, a one-time-pad or the sort - The CIECF is... A password. Why is it strengthened? Because it has the feature of including a question, in case you forget the key, to allow you to change it. I guess the FIEL is a more reliable device, but I prefer not to even request it.
And as far as the questions go, the emergency questions for CIECF suck. First, I was not even asked the meta-question - I was not told why this information was needed. So imagine the clerk saying: Full name? ... Date of birth? ... RFC (Tax ID)? ... Favorite color? I was there just... Stunned. Why do you need it? Oh, just in case you forget your password. Ok... Don't you have any other questions which I am not prone to answer a different thing, and that are not dead obvious for a casual passer-by? (I guess that at least 1/4 of the public will say blue. Feel like brute-forcing SAT to its knees?) Other questions include your fathers' second family name, your favorite soccer team, your pet's name... It seems they took the first "security dos and don'ts" book off the wall, and started reading backwards.
But anyway, that's the system, and I must play nice with it. So I get back home, and decide to start hacking up my declaration. No, Mr. Policeman, I'm not saying I would try to break into the SAT - I just say it is a complex and non-obvious task to do. Now please release me. Thanks.
And I enter the system. Of course, I tried first with Iceweasel, knowing it would fail (it is documented: MSIE 5.5 recommended). I tried again with Konqueror. I tried, sigh, with MSIE from inside Wine. No luck. Well, even from within qemu's Windows 2000. Wrong password. WTF?! Stranger: It worked with SAT's My portal, although it didn't with the declaration, which is what matters now.
I cannot take the time every day to come to the SAT and move my data - It was a full week until I came back again. I insisted on fully logging in to the system, to be sure the password I entered this time was right. As well as my über-secret safety question, of course.
And it failed.
Until the clerk noticed something strange in the way I typed...
Sir, excuse me..., he muttered, why are you typing such a long password? Well, basically because I value my tax declaration, and I know brute force is a powerful force. (explain it, of course, in simple terms) Oh... No, the password must be eight characters long.
No wonder.
So I entered the first eight characters of my password, which was a true work of prose for their standards, at around 20 characters. And it worked.
Now, for bonus points: What do we gather from the fact that the long password works fine in one system, but in another system it only the short version? Why, but of course! I guess the passwords for every economically active Mexican is stored in their master database in plain text. Isn't it just beautiful?
Anyway, it seems I have a lot of work to do. If all goes as planned, maybe next year I will be for hire as a public accountant? Hmh, does not sound too much like fun, does it?

( categories: )

German and APT::Acquire::Translation

Submitted by gwolf on Mon, 03/10/2008 - 13:25


The webinterface for it doesn't require any authentication at all, leading technically to anonymous translations all over the place. The so-called "review" process consists of the same not-existing authentication, leading to a situation where unknown people can put in whatever they like and have other (or potentially the same) unknown people acknowledge that.
The language team has actively chosen that way because it was said that bad translations simply won't happen and that the review (three people opening the page and clicking onto a button) will not let that happen. Well, it happened. And is happening all over the place.

Hmmm... That sounds quite like a definition of Wiki in my book. Just add a version-control layer underneath, and...
Oh, you didn't? Umh... Tough luck! :-(

( categories: )

cat STDERR | rot13

Submitted by gwolf on Fri, 02/08/2008 - 11:52

Cannot help but laugh and share.
I've been triaging and trying to reproduce some oldish bugs on pkg-perl's packages. Some bugs are no longer there, some have to be forwarded upstream, and so on. Usual tasks, yes.
Until I stumbled with #406227. I just have to laugh and share! Hope nobody feels ashamed - The bug is the result of different people coding maybe under pressure and with quite different mindsets :)
For some reason I fail to understand, the submitter's test case (rot13 implemented over a HTTP proxy) is invoked in the report as ./rot13 2>/dev/null. Of course, when trying to debug a bug report, the first thing to do is not to ignore STDERR. So, off goes the 2>/dev/null. What happens next?

  1. 0 gwolf@mosca[2]/tmp$ perl ./rot13 &
  2. [1] 4394
  3. 0 gwolf@mosca[3]/tmp$ GET -p <a href="http://localhost:8080/" title="http://localhost:8080/">http://localhost:8080/</a> <a href="<br />
  4. Can't" title="<br />
  5. Can't"><br />
  6. Can't</a> locate object method "filter" via package "UGGC::Cebkl::ObqlSvygre::fvzcyr=UNFU(0k604160)" (perhaps you forgot to load "UGGC::Cebkl::ObqlSvygre::fvzcyr=UNFU(0k604160)"?) at /usr/share/perl5/HTTP/Proxy/ line 126.
  7. 500 EOF when chunk header expected

WTF... Well, at least the program name gives me a clue... Lets try to "decrypt" the error message...

  1. gwolf@mosca[4]/tmp$ echo 'UGGC::Cebkl::ObqlSvygre::fvzcyr=UNFU(0k604160)' | rot13
  2. HTTP::Proxy::BodyFilter::simple=HASH(0x604160)

hrm... How comes the filter is filtering its own code and only then refusing to find itself!? Ok, time to open up the manpage - Remember, I'm only group-maintaining this pacakge, I am not yet at all familiar with it! Ok, so the core of the filter is when the submitter states:

  1. my $proxy = new HTTP::Proxy();
  2. $proxy->push_filter(response => new HTTP::Proxy::BodyFilter::simple(sub { tr/a-zA-z/n-za-mN-ZA-M/; }));

While the manpage states it should be invoked as:

  1. my $filter = HTTP::Proxy::BodyFilter::simple->new( sub { ${ $_[1] } =~ s/foo/bar/g; } );
  2. $proxy->push_filter( response => $filter );

Of course, once looking at it, the answer is simple: The submitter left out which element to act on in the anonymous function body - The ${ $_[1] } =~ part. Adding it makes gur svygre jbex nf rkcrpgrq... Err, sorry - makes the filter work as expected.

Now, bonus points: For the non-Perlers out ther: How come we get the namespace translated as well? Oh, that's very simple: In Perl, as in Python (and concievably other languages I'm unaware of), the object is passed to any of its methods as the first argument. Functions in Perl receive their arguments via @_ (read: the default array). And, of course, the tr (regex-based transliteration) takes by default the first thing it sees - the object itself. And what happens when you apply a (string-oriented) regex to an object? Of course, it gets stringified - which, by default, in Perl means converting it to the closest possible description: "a hash reference blessed as an object of the class such-and-such at this memory location". That string gets worked on, and we get UGGC::Cebkl::ObqlSvygre::fvzcyr=UNFU(0k604160). This proxy does not die on very-very-short web pages, where the whole content fits on one iteration of the code (although it does not work correctly - the text remains unaltered, of course, as it was not worked on), but if the request spans several chunks, the second time the filter is called, it will be... just gibberish.

Oh, and what about the extra ${ (...) } around $_[1]? Oh, simple: The string is passed as a scalar reference, so it can be modified in place. Yes, it's the Perl way of pass-by-reference instead of pass-by-value (the default behaviour): Of course the parameter is only passed as a value. Only that the value is incidentally a reference - but who cares? ;-)

Anyway... Many oddities. I would implement the module in a completely different way, and it looks quite backwardish in my book. But then again, TIMTOWTDI.

( categories: )

Royal abuse

Submitted by gwolf on Wed, 01/09/2008 - 10:54

I just went to our Institute's yearly ceremony of rosca de reyes. What's that? Well, according to the tradition, on January 6 the tres reyes magos (boringly translated to English as three wise men - It should be something like three wizard kings) payed a visit to the newborn baby Jesus. In Mexico, the tradition mandates that every family, group of friends, or whatnot should gather and eat rosca de reyes, a round, sweet bread, usually some 10cm wide. The rosca has some plastic babies hidden in it, remembering how baby Jesus had to be hidden and smuggled out of his birthplace. And, according to the Mexican tradition, if you cut your piece of rosca and get the baby, you are expected to buy tamales for everybody on February 2, día de La Candelaria. (why? Don't ask me!)

Anyway... An image is worth ~10Kb of UTF8 (so it's still better to describe it, as it weighs around 63K, but what the hell):

Two babies?! I was abused by the Three Wizard Kings! (at least it does not sound as sad as "I was abused by three wise men"!) I'll have to buy tamales for everybody on La Candelaria twice, even if they are no longer hungry!

( categories: )

Debian Developers fail Turing tests?

Submitted by gwolf on Fri, 12/07/2007 - 12:31

Ok, so two people replied to yesterday's post about triple negations - Dato (by email) and MadCoder. Both, said basically the same thing: || false and && true are silly noops. And yes, knowing this, I added them. Why? Clarity... At least having them at the end of a test shows the statement is of conditional nature (and not just another obscure attempt to do ${DEITY}-knows-what). They at least look cleaner than a one-line-squashed if block in a makefile. To me, at least ;-)

But... If you noticed this post's title, it goes beyond this comment - One of the most benefical effects I noticed when I installed Jaws 0.7 (over 0.6, of course) is that I no longer had the swarms of spambots flooding me - I often had hundreds of comments a day, and nowadays I hardly get any spam. Now, I fail to see what is so strange in my blog's comment forms (it does not even have any obvious Javascript, although it does obfuscate a bit the source of the captcha image). And you are not the first Debian people to complain you cannot post comments to my site. Strangely, few non-Debian people have ever complained.

And yes, the spam has stopped, almost completely.

So, Debian guys: Are you human?

( categories: )
Syndicate content