System Overlord

A blog about security engineering, research, and general hacking.

IPv6: On my Linode, and at Home

Hurricane Electric, ARIN, and others, report that we may be as close as 12 days to exhaustion of the main IPv4 pool.  Accordingly, I decided it was time to get both my VPS and my home network IPv6-ready.  It wasn't as painful as I feared, though doing it in DD-WRT is a bigger pain than it should be.  If I had an OpenWRT router, it looks like it would be easier.


Is 25 Old?

I’ve begun to feel… restless. Periodically, I feel that I haven’t done anything significant, made contributions, achieved anything. Tonight I couldn’t sleep, so I decided to do a little browsing to see who how old some notable figures were at the time they started or achieved something significant. This list includes many of the people who inspire me, and some who are just well known and have made large achievements. It’s notable that the average achievement age is 23.

19:

  • Bill Gates founds Microsoft
  • Matt Mullenweg launches WordPress

20:

  • Mark Zuckerberg launches Facebook
  • Ian Murdock founds the Debian Project

21:

  • Steve Jobs co-founds Apple Computer
  • Rob Malda starts Slashdot (then Chips & Dips)

22:

  • Linus Torvalds releases Linux 0.01
  • Darren Kitchen launches Hak.5
  • Mark Shuttleworth founds Thawte
  • Dries Buytaert releases the first version of Drupal

25:

  • Miguel de Icaza starts the Gnome Project

26:

  • Steve Wozniak co-founds Apple Computer

27:

  • Kevin Rose launches Digg
  • Theo de Raadt starts the OpenBSD Project
  • Patrick Volkerding founds the Slackware Linux Project

30:

  • Richard Stallman founds the GNU Project

It looks like 27 is about the upper limit for the kind of creative and innovative work I’ve wished I could achieve. Unfortunately, I’ve begun to believe that I just don’t possess the imagination and inspiration necessary for notable achievements. The technology world is a very young one.


Learn Regular Expressions. Seriously.

I can't tell you the number of IT Professionals (whether developers, sys admins, etc.) who have told me that it's not worth their time to learn regular expressions. I thought that way at one point, but now I'm astounded at that thought. Regular Expressions are one of the most powerful tools available for working with data.

I'm currently working on a tool that reads /proc/net/tcp.  Trying to parse that without regular expressions would be dozens of lines of code.  With regular expressions (in Python) I have a one-liner to parse each line of the file.  And that's for a file that's intended to be machine-readable.  (Though, admittedly, /proc/net/tcp is a lot less machine-readable than, say, /etc/passwd.)

The authors of the RE engines have done the hard work and figured out how to optimize the parsing of the lines and matching the RE.  For stupidly simple cases, an RE may be slower, but once you get to complex parsing, it's much easier.

The only thing I haven't figured out is how to parse values that don't conform to a particular order (ala GNU getopts).


Wordpress and APC 3.1.3p1

In order to improve performance on my blog (it is on a light-weight Linode after all), I use APC as both an opcode cache and an object cache.  On Ubuntu Server 10.04, you get APC 3.1.3p1 if you install the php-apc package.  Unfortunately, this version of APC has an issue with the same script execution inserting 2 values for the same key, which is apparently something several of Wordpress's configuration pages does.  If you run into this issue, you'll see lots of messages like:

[Thu Jan 13 18:25:26 2011] [apc-warning] Potential cache slam averted for key 'wp:abcc00cacabcc9adefb123ffde234abc:1:options:alloptions' in /srv/wordpress/wp-content/object-cache.php on line 235.

You may also notice that changes to configuration options don't seem to get saved, despite Wordpress saying they're saved.  (I didn't check if the database was correctly updated, but I suspect it was, and only the data currently being used from the cache is incorrect.)

Some people will tell you to use apc.slam_defense=0; or apc.slam_defense=Off;, but it turns out that APC 3.1.3p1 is lacking that option.  In later versions of APC, they have modified the code to cleanly handle the same key being inserted more than once within the execution of a single script.  So, perhaps the solution can be found in a newer version of APC.

PECL has APC 3.1.6, so let's try installing that:

sudo apt-get remove php-apc
sudo apt-get install php5-dev php-pear libpcre3-dev
sudo pecl install apc

Make sure you still have your /etc/php5/conf.d/apc.ini set up properly (it should still be), and you should be good to go after a quick sudo service apache2 restart. You should now not see the "cache slam" messages appearing in your Apache error logs.


Net Neutrality: Why It Matters

The discussion about Net Neutrality continues to heat up.  Over at LifeHacker, they asked "What Would You Miss Most if the Net Wasn't Neutral Anymore?"  One user responded with a comment that compared Cable TV to the Internet.  Either I failed to understand his sarcasm, or he's totally missing the point.

Until recently, your cable company was just a transporter of someone else's data -- the TV networks.  You paid extra for extra channels, which is fine with me, as your cable company is then paying the TV producers for the content.  If paying my ISP meant all sites were then free to access, that might even be fine.  But it won't be, I'll still be paying Netflix and my ISP.

I don't mind the idea of paying reasonable fees for my bandwidth.  I don't mind the idea of prioritizing traffic so that VoIP is seamless, streaming video doesn't stutter, etc.  Why I do mind (and will NOT tolerate as a customer) is the idea of my ISP prioritizing their VoIP product over that of a competitor, or the idea of an ISP blocking certain services unless you pay extra.  Bandwidth is what I pay for, it shouldn't matter where it's going.

Ultimately, if my ISP adopts blocking or anti-competitive practices, I will be cancelling my services and I will be filing complaints with the FTC, BBB, and other organizations.  The internet has become what it is because of the innovation promoted by a free and open internet, and filtering by ISPs will be disastrous.  Perhaps it's time for an ISP revolution.

[Edit: Steve Wozniak (inventor of the PC) also has some strong views on Net Neutrality.]