Archive for the ‘Uncategorized’ Category

Preventing RDNSSD from Ruining the SD Card

July 20, 2017

So I have a Raspberry Pi running in the Freifunk Bremen network. It has a dynamic IPv6 address; and since there are currently five active gateway servers on this network which also act as DNS servers, I wanted to get these DNS server addresses dynamically as well.

This can be done with the rdnssd daemon: it listens for IPv6 Neighbour Discovery Protocol packets (in particular Router Advertisements) and extracts the DNS server addresses from them. The addresses are then written to the /etc/resolv.conf file so that they are used as normal DNS servers by the system.

However after setting this up I noticed that the green LED on my Raspi was lighting up every few seconds, indicating “disk” activity. Of course with a Raspi there is no magnetic hard disk but rather a MicroSD card which contains the file system; and since these cards can only tolerate a limited number of write cycles, the frequent LED blinks were worrying.

The cause of the write accesses was that the /etc/resolv.conf file was rewritten every few seconds. IPv6 RA packets are received quite frequently here (about 100 packets per minute!); and each time the ordering of DNS servers is updated to prefer the server that was received most recently.

Updating the /etc/resolv.conf file is done by the resolvconf tool (actually the openresolv tool, if you look under the hood). It takes name server addresses from various sources (like DHCP client, VPN connections, RDNSSD, and static network configuration) and combines those into a single resolv.conf file. So whenever RDNSSD wanted to reorder the DNS servers it had received, resolvconf rewrote the /etc/resolv.conf file.

To prevent the resolvconf tool from frequently writing to SD card, I took the following steps:

  • make /etc/resolv.conf a symbolic link to /var/run/resolv.conf.
    /var/run resides on a ramdisk so data written there does not touch the actual SD card. This also means that the /var/run/resolv.conf file will be lost during reboot; but the resolvconf tool will recreate it during boot.
  • disable the unbound_conf=/var/cache/unbound/resolvconf_resolvers.conf line in /etc/resolvconf.conf. This line was causing the resolvconf tool to also update the /var/cache/unbound/resolvconf_resolvers.conf file every few seconds (which was unnecessary in my case, since I don’t have an Unbound DNS Server installed on the Raspi); and since /var/cache is stored on the SD card, this caused an actual write access to the card.

After making these two changes, the green LED once again remains dark, and cat /etc/resolv.conf shows that the IPv6 name servers merrily change every few seconds.

Calendarserver and DAV_DAV_NOT_CALDAV error

December 6, 2015

So I had just copied the data of my Darwin Calendarserver from an old to a new disk, but Thunderbird only showed the error DAV_DAV_NOT_CALDAV (“CalDAV: Calendar points to a DAV resource, but not a CalDAV calendar”) on console when trying to open the calendars.

After enabling verbose logging in Thunderbird (by setting calendar.debug.log and calendar.debug.log.verbose to true) and digging through the Lightning sources (in the extensions/{e2fda1a4-762b-4020-b5ad-a41df1933103}/components/ directory of my Thunderbird profile), it turned out that the error was that the calendars had the “{DAV:}resourcetype” attribute set to just “collection” rather then both “collection” and “calendar”. This was also visible when opening https://homeserver/calendars/users/oliver/calendar/ in Firefox. However, I couldn’t find out the cause for this from Calendarserver, neither from logs nor from code.

But digging into other directions finally produced a result: the extended attributes were missing on the copied data. Sure, the old disk had had the user_xattr flag set in /etc/fstab; and the new partition even uses that flag automatically (as seen from /proc/mounts). But for copying the data, I had attached the old disk via USB and had mounted it manually – and in that step I had forgotten to specify “-o user_xattr” :-( . Without that parameter, even “cp -ax” can’t copy these attributes.

After mounting the old disk with the correct and copying the data over again, “getfattr -d -R /var/spool/caldavd” finally showed lots of extended attribute values, and Thunderbird finally opened the calendars. Success!

Firefox Private Browsing Windows Are Not Independent

November 11, 2015

Public Service Announcement: If you have multiple “Private Browsing” windows open in Firefox (41), they all share the same cookies. So if you think you can login to a site multiple times using multiple Private Browsing windows, you’re out of luck with plain Firefox.
More importantly, if you’re logged into Facebook in one PB window, opening a second PB window won’t protect you from being tracked by Facebook.

You can test this on by setting a test cookie in one PB window and then visiting the site in a second PB window, where the cookie from the first window will be displayed.

Of course this information leak not only affects cookies (they are just the most obvious piece of information that’s leaked between windows). For example, when running the browser history sniffer at in one PB window, it also shows sites you’ve visited in other PB windows.

In summary, this is not the kind of behavior I was expecting from a Private Browsing feature. In the end this feature is really just usable to avoid leaving traces on the computer, but doesn’t help to protect your privacy from the sites you visit.

Gedit File Search Plugin 1.2 now supports Gedit 3.12

April 13, 2014

The latest Gedit File Search Plugin now adds support for two more Gedit versions: Gedit 3.10 will be used by Ubuntu 14.04 LTS “Trusty Tahr” (soon be released), and Gedit 3.12 is currently the latest bleeding-edge release available.

Unfortunately the Gedit in Ubuntu 14.04 lacks some features which were used by this plugin: namely, the file browser in the side bar doesn’t offer a Search in Files shortcut any more, and highlighting of file search results in opened documents doesn’t work any more. While Gedit has regained these features in later versions, that’s only small consolation for Ubuntu LTS users.
I’m not sure if there’s a way to work around these shortcomings, or if it’s possible to add these features to the Ubuntu Gedit version. Guess once we actually start using it in the next weeks/months it’ll become apparent whether this is a real problem.

There haven’t been any other changes in this release; but if you run a new version of Gedit, download Gedit File Search Plugin 1.2 and give it a try!

jhbuild + etckeeper: “Please tell me who you are.”

March 3, 2014

>be using Etckeeper with Git under Ubuntu 14.04 alpha
>be running “jhbuild --sysdeps install”
>be entering password for package installation
>jhbuild installs packages successfully, but then…
>a wild error appears:

*** Please tell me who you are.


  git config --global ""
  git config --global "Your Name"

to set your account's default identity.
Omit --global to set the identity only in this repository.

fatal: unable to auto-detect email address (got 'root@trusty64vb.(none)')
E: Problem executing scripts DPkg::Post-Invoke 'if [ -x /usr/bin/etckeeper ]; then etckeeper post-install; fi'
E: Sub-process returned an error code

>”git config --global --get”
>shows correct email
>oh wait, sudo?
>”sudo git config --global --get”
>still looks good
>oh wait, actual root?
>”sudo su -”
>”git config --global --get”

$ sudo su –
# git config --global “root@trusty64vb”
# git config --global “Root”
# exit

(also, explains why problem didn’t appear in 12.04)

Gedit File Search Plugin 1.1 with support for Gedit 3.8

February 6, 2014

There’s a new version of the Gedit File Search Plugin available, which has been ported to Python 3. This means that Gedit 3.8 is now supported as well.

Internally, the code has been ported to run under both¬†Python 2.7 and Python 3. Also, to accomodate the plugin loaders in the different Gedit versions, there are now two File Search entries in the plugin selection dialog: one for “current” Gedit, and one for Gedit before version 3.8. If you’re unsure which one to enable, just try both: one will refuse to load, and the other one should work :-)

So if you have been itching to use the file search plugin with a current Gedit version, go ahead and download the new release!

gnome-shell: First Impressions

April 17, 2011

Just did some experimenting with new gnome-shell. Overall the usability seems to be nice; I could get used to it. The “cheat sheet” is a big help (not sure whether that’s a good or bad thing :)

Hard Problems:

  • too slow; this might be due to being run while lots and lots of applications were running on another display; or maybe the onboard Nvidia 8300 GPU is too slow for gnome-shell. Anyway switching to Overview takes about half a second, which is not acceptable for the overall usage concept.
  • no applets for CPU load monitor or system sensors. It seems that the old systray protocol is still supported, so maybe it would be sufficient to find a systray-implemented replacement for gnome-system-monitor applet. Also, no weather info in clock (I really got used to that in Gnome 2).

Soft Problems:

  • I’m missing some “rest mode” on the new desktop :-) Somehow with g-s there’s always some window occupying the screen, so there’s always some task right in front of my attention. With other desktops I could use the window’s Minimize buttons to make all windows disappear temporarily and get a mostly clean view of background image and some file icons, while all applications are reduced to some noise in the taskbar. I haven’t found a similar view in g-s yet, and it’s a bit unnerving.
  • the Applications tab in Overview takes some seconds to load, probably to display the gazillions of applications I have installed over the years. Not much of a problem if people always use the Search Bar, but still for hunter/gatherer people like me the entire Applications list becomes useless due to the lag.
  • which leads to the next point: I’d have appreciated some improvements over the Alt+F2 dialog in Gnome 2; instead it now has even fewer features. Maybe third-party tools like Gnome-Do will fill this gap.

Overall it’s certainly an interesting new desktop. If/when my home or work system becomes capable of running g-s, I will consider switching; and maybe the problems mentioned are fixed by then as well :-)

Side Note: Starting Multiple DevHelp Instances

December 4, 2009

Some time ago, a Gedit Master revealed on IRC that you can start multiple independent Gedit processes by setting the TMPDIR environment variable to another directory (the idea can be evolved into a small script).

Turns out this also works for DevHelp – hooray! Now if there was just a way to get this working for Nautilus; the devs broke this feature some releases ago, and I haven’t seen a cure so far.

Python+GTK: Getting the GError Message from a GPointer

June 28, 2009

In extension to the PyGTK FAQ entry “How can I access data returned with a gpointer?”, here’s a little snippet that extracts the GError message string from a GPointer object.

If for example you want to handle the WebKit.WebView load-error signal in a PyGTK application, you get the error description as gobject.GPointer. However, the C Webkit reference says that the parameter is a GError.

The GError C type looks like this:

typedef struct {
  GQuark       domain;
  gint         code;
  gchar       *message;
} GError;

GQuark is just a guint32.

So the gpointer points to a GError structure, and at the 8th byte in that structure there’s a char* with the message. Here’s how this message string can be extracted:

def _on_load_error (self, browser, frame, uri, gerror):
    ptrValue = int( str(gerror)[13:-1], 16 )
    StringPtrType = ctypes.POINTER(ctypes.c_char_p)
    messagePtr = ctypes.cast(ptrValue + 8, StringPtrType)
    messageText = messagePtr[0]
    print "error occurred while loading %s: %s" % (uri, messageText)

In line 3 we define a new ctypes type (StringPtrType) which is equivalent to a char**. In line 4 we create such a char** (messagePtr), and in line 5 this is dereferenced to get the char*, which is then printed.

Now, as this snippet directly accesses memory structures, chances are that any mistake will make the Python interpreter crash. Also, I’m not sure whether this is portable to other Python implementations or to other architectures; so for any real-world use cases, it would be better to change the library to return the error in a proper format instead of a gpointer.

Log in for commenting?

March 1, 2009

Funny that there are still blog posts where users are required to log in before posting a comment. I wonder how many readers would go through the hassle of creating an account and logging in just to respond to a provocative post or to point out a flaw in the post.

Maybe the blog authors are always logged in and don’t even realize the hurdles they put up for others?