Peter's Blog

I had a need to put an ftp server on my slicehost slice so someone could upload stuff to a site I was hosting. I'd rather avoid ftp as a potential security hole but the alternative is to try to convert them to sftp and also the E editor only supports ftp.

I settled for vsftpd as the ftp server but it took ages to get this person's login to work. I had him set up chrooted to the directory he needed to be in and with his shell set to /bin/false to prevent him logging into a shell. When testing I couldn't log in as him without getting a generic error 530, login denied according to the log file (which didn't feel the need to say why login was denied). Of course my own login was fine.

The answer was in the vsftpd faq, it seems that vsftpd looks through a file called /etc/shells to see if the person connecting has a legitimate login shell and /bin/false wasn't in there. It says this check can be disabled but the incantation didn't work so I had to add /bin/false to the shells file.

I don't quite understand the logic of this design. Isn't it fairly standard to have users who can ftp in but not login? The /bin/false trick was following a precedent from the noble ubuntu/debian distributions.

I'm getting into the habit now of adding any file I edit in /etc to subversion (as noted here), if only as a way to keep track of which ones I have fiddled with. The 95% that I don't need to touch are not in subversion. I like this, I can recall what I did and why (through subversion comments) which will help me restore the system or replicate it. That way, next time I need to install vsftpd I can recall what other obscure system files need tweeking.

The more I use E the more I am liking it. I've researched for other editors with snippet support but things like jedit plugins come up. I tried it out but it just isn't the same, E has a bloat-free quality that is very alluring.

It has it's quirks though, mainly in the porting of Textmate bundles to Windows.

I wanted to be able to run makefiles and pipe the output through an error parser. There was already a command in there to do this so the process to run it would be:

• open the makefile
• make sure E knows it is a makefile
• press CTRL-R

This just gives the error 'target not found'.

Start editing the script in the bundle editor. The script appears to be a bash script so the learning curve is not too bad (e.g. no need to learn java).

Add 'pwd' to the script and it seems to be launching in C\Windows\System32 and there ain't no makefiles in there.

Add 'cd $TM_DIRECTORY' to the script to get it to cd to the directory where the makefile is and WAYHAY it runs and errors from the c compiler are listed in the results window. Click on and error and we are there at the source file/line.

This is how it should be.

I can believe that OSX is intelligent enough to not launch anything in the OSX equivalent of \Windows\System32.

And this will now work for ANY makefile, no dicking about creating new build configurations for each one, thank you Eclipse.

I've described before how I've been testing Firmware code written in C by compiling it into Ruby Extensions and using ruby's excellent unit testing framework.

Up till now I've been testing the 'middle tier' algorithmic code but how to go about testing the low level stuff, that which pokes the hardware?

The firmware I am developing is for the ST ARM750 microcontroller and I am using ST's own standard library which is very useful driver code for all the peripherals embedded on the chip. It is a very useful resource as the peripherals on this chip are very complex and the user manual is written in hardware engineer gobbledygook that you have to study like a legal document, looking for the small print (e.g. running it at 60MHz it kept crashing until I found the small print that advised me to enable 'burst mode').

Scanning through the source to this library I saw some #ifdef DEBUG statements that implied that it could be compiled into an emulation library. The code was written very cleanly so it took me very little time to write something in (of course) ruby to scan the header files and generate 5250 lines of C code to emulate this library. Here is an example of one of the generated library functions:

   1  /*
   2   * Emulate the function TIM_ClearFlag
   3   */
   4  void TIM_ClearFlag(TIM_TypeDef* TIMx, u16 TIM_FLAG)
   5  {
   6    VALUE nRet;
   7    VALUE oArgs = rb_ary_new();
   8    VALUE strFuncName = rb_str_new2( "TIM_ClearFlag");
   9    ID nId = rb_intern( "Function");
  10  
  11    rb_ary_push( oArgs, PassStructureArg( (void *)TIMx, sizeof( TIM_TypeDef)));
  12    rb_ary_push( oArgs, LONG2NUM( TIM_FLAG));
  13  
  14    nRet = rb_funcall( g_oCallBack, nId, 2, strFuncName, oArgs);
  15  
  16    /* nRet is not used */
  17  }

TIM_ClearFlag is the name of the function in the ST standard library. The emulation code takes the name of the emulated function and the two arguments to the function, converts them into ruby objects and passes them to a method called 'Function' in a ruby object. In the testing case, this object is something that will make sure the functions are being called in the correct sequence and with the correct parameters and will return the appropriate return value. Structure arguments are passed as binary objects which the ruby can decipher from the structure definitions in the ST library header files (also parsed using ruby).

Note that my system has a few limitations that are acceptable because of the simplicity of the ST library and the way it was coded:

• The parser I wrote just about handles the coding style of this library
• The calls to ruby do not support the case where the library may poke the values within a structure passed to it by pointer.
• It doesn't handle passing structures by value.

Now I have my low level testing library I will be able to do my testing using something I call signature analysis (I'm not sure there is a better software engineering term). I write the code, test it on the real hardware, then I can record the sequence of function calls made including the values of function arguments. Later on, in leiu of real hardware to test it on I can run the test code and compare it against the previously recorded signatures. Et voila, the reassurance that I haven't broken anything and I can sleep at night.

UPDATE:

My test library now includes a YamlFaker that can be used in two modes:

1. it will record a sequence of function calls
2. it will ensure a sequence of function calls matches a previous recording

The yaml script looks like this:

#
# This file is maintained by the YamlFaker module DO NOT EDIT
#
---
- test_CommandPWMSet Demand -200:
  - :Comment: |-

      Looking for demand to be correct according to the requested range and the
      scaling factors. Also ensure that for the fifth channel, the period is
      large for small demand as the output of this channel is inverted
  - TIM_SetPulse:
      args:
      - TIMx: TIM0
      - TIM_Channel: "0x2"
      - Pulse: "0x0"
  - TIM_SetPulse:
      args:
      - TIMx: TIM1
      - TIM_Channel: "0x2"
      - Pulse: "0x0"
  - TIM_SetPulse:
      args:
      - TIMx: TIM2
      - TIM_Channel: "0x2"
      - Pulse: "0x0"
  - PWM_SetPulse:
      args:
      - PWM_Channel: "0x2"
      - Pulse: "0x0"
  - PWM_SetPulse:
      args:
      - PWM_Channel: "0x4"
      - Pulse: "0x12c"
- test_CommandPWMSet Demand -100:
  - TIM_SetPulse:
      args:
      - TIMx: TIM0
      - TIM_Channel: "0x2"
      - Pulse: "0x0"

Most of the entries in the script describe the expected sequence of function calls, complete with arguments. I can ensure that the demand being sent to my PWM channels is what I expect. These recorded scripts could be quite useful, it is a complete log of the interaction with the hardware. If I ever had to change the code that poked the hardware I can compare the script recorded from the new code against my old script and make sure that any changes are what I would expect. This way I can be far more certain that my changes are correct before they hit real hardware.

My little daughter Elizabeth is 14 months and starting to walk. She is still wobbly on her feet and every now and then goes plonk on her backside. Fortunately, since her backside is only about a foot from the ground she doesn't sustain any injury and is soon up again. This leads me to wonder: do babies have short legs to make it less traumatic to learn to walk? If they had longer legs or were heavier, would nature have provided them with some kind of reinforcement to their posteriors? Is all this a lucky coincidence or has it in fact effected the shapes of babies and the age at which they start trying to walk? If there was no good compromise between leg length/weight/pain would we still be on all fours?

Teething is painful and nature says 'deal with it'. How painful could learning to walk have been?

I'm using cygwin bash as my default shell these days as my work is all on cygwin. To complete the cygwininess of the setup it is necessary to lose cmd.exe and finally free oneself of the limitations of Microsoft's 32 bit dos prompt.

To ~/.bashrc I add:

declare PATH=/bin:$PATH

because my cygwin /bin utilities get top priority.

For a shell I use rxvt. I set it up based on this page, the meaty bits of which I duplicate for my own personal reference, slightly tweeked to my preferences:

Step 1: Edit ~/.Xdefaults - the settings below create an 132x50 terminal window with a deep-blue-black background and yellow-white text (looks nice, easy on the eyes) and assign VIM-style color codes:

   1  ! ~/.Xdefaults - X default resource settings
   2  Rxvt*geometry: 130x50
   3  Rxvt*background: #000000
   4  Rxvt*foreground: #e0e0e0
   5  !Rxvt*borderColor: Blue
   6  !Rxvt*scrollColor: Blue
   7  !Rxvt*troughColor: Gray
   8  Rxvt*scrollBar: True
   9  Rxvt*scrollBar_right: True
  10  Rxvt*font: Lucida Console-16
  11  Rxvt*SaveLines: 2000
  12  Rxvt*loginShell: True
  13  ! VIM-like colors
  14  Rxvt*color0:    #000000
  15  Rxvt*color1:    #FFFFFF
  16  Rxvt*color2:    #00A800
  17  Rxvt*color3:    #FFFF00
  18  Rxvt*color4:    #0000A8
  19  Rxvt*color5:    #A800A8
  20  Rxvt*color6:    #00A8A8
  21  Rxvt*color7:    #D8D8D8
  22  Rxvt*color8:    #000000
  23  Rxvt*color9:    #FFFFFF
  24  Rxvt*color10:   #00A800
  25  Rxvt*color11:   #FFFF00
  26  Rxvt*color12:   #0000A8
  27  Rxvt*color13:   #A800A8
  28  Rxvt*color14:   #00A8A8
  29  Rxvt*color15:   #D8D8D8
  30  ! eof

Step 2: Modify your c:\cygwin\cygwin.bat to invoke your shiny new Rxvt instead of cmd.exe:

@echo off
C:
chdir C:\cygwin\bin
set EDITOR=vi
set VISUAL=vi
set CYGWIN=codepage:oem tty binmode title
rxvt -e bash --login -i

Now make a shortcut to /cygwin/cygwin.bat and life is sweet.

Oh! That's nice, it remembers my command history from the last time I ran it. Almost as if whoever wrote it had to use it.

An interesting way to pass the time is the 'Random Article' feature on wikipedia. You press it and get one of 2.2 million random pages. Often they are about obscure American towns but today it turned up Amazon SimpleDB. This looks interesting, an online database where you pay for the amount of data you use.

From what I can make out, data is stored in a huge hash, although each hash entry can hold multiple items (a bag in a hash?). They compare it to a worksheet but that analogy seems to be aimed at pointy haired bosses who can't think beyond Microsoft Office. The api looks very simple, it shuns SQL.

Advantages:

• someone else worries about scalability, administration, backups

Disadvantages:

• not SQL: not a bad thing but it could give problems when used with applications written for SQL (i.e. most of them).
• inversely, if you developed an application that relied on this, you better hope they keep it running.

So, it's interesting but would I want to rely on it? Probably only if it had an SQL shim on top so I could migrate away pronto, should the need arise.

Google for SimpleDb and there is lots of analysis around. 1024 bytes per item? Lexicographical comparison of dates and numbers?

I think I'll stick with SQL.

I got this email:

Hello,

Browsing on the Internet I came upon your website ($name) and I find it very interesting and useful. My name is Daniel Lee and the reason I am contacting you is my interest in purchasing advertising spot on your site. I will be very thankful if you tell me how much a text link or banner 120x60 / 125x125 on your home page or all pages will cost.

Thank you in advance!

Daniel Lee

It's tempting apart from two things:

• my site is not called $name. This looks suspiciously like a failed template expansion. A form email! How insincere can you get?!
• it is signed Daniel Lee and yet the email came from someone called Sylvana Cowper (which sounds like an auto-invented spam email name).

Long Time Quiet

I didn't play wow for about six weeks. I just had more interesting things to do. It was great, wake up in the morning and instead of jumping out of bed to play I would cuddle the wife etc. No dreaming about wow, focusing on the matters at hand instead.

I'm playing again now but less obsessively and it is better. I still cuddle the wife in the mornings and play once or twice a week. I'm not going to blog about it daily.

Maezyn

Maezyn (Markswoman hunter) is now 48. Levelling her is much faster now with lots of rest bonus and the generally faster levelling: she went 46-48 in less than three hours. Playing her feels harder than playing Maevyn (Beastmistress hunter) as she gets agro more often but it is rarely more than an annoyance.

For the forties she has been running Tanaris and Feralas. She dealt with the Tanaris pirates easily enough but probably because I'm much better at pulling than I was before. I'm going to send her next to Swamp of Sorrows and make sure she is in Blasted Lands soon to train one of the boars there: Beefy is long, long overdue training in charge and gore (there is a huge gap in boars to train between the 20's and 48-49). At 49 I'm also tempted by the rare spawn white flying snake thing in Feralas, just to try out for a bit.

Leatherworking

Leatherworking is getting hard. The stuff she can make is lagging behind her level. The mail armour she can make requires extended time killing Scorpids or Turtles and doesn't seem worth the hassle.

Skinning

Maezyn hit 300 when she was level 47. She skins at every opportunity and still loves it.

Maexyn

Maexyn is 27 and playing her is a bit harder due to Warlock nubiness. At 25 she dealt with two level 29 Worgen but it blew all her cooldowns, she doesn't seem to walk things as easily as a hunter. Tackling three mobs seems hard, all about fearing and DoTing. While in theory she can pull with a DoT she isn't able to do it as well as a hunter, often getting adds. I think it because without tracking (for most types of mob) she cannot position herself at the optimum place.

With the Voidwalker killing seems slow: 20 seconds for >= her level mobs which gets boring. I've experimented with the Succubus and drain tanking and that is ok but she starts needing food/mana breaks.

Good thing about Warlock: soul stones.

Tailoring

languishing a bit. I'm not gearing Maexyn nearly enough.

Enchanting

languishing a bit.

Maevyn

She discovered a new transmute: primal earth->primal life. This can actually turn a profit (3g->10g) but not as good as her bread-and-butter primal earth->primal water (3g->20g). She has enough cash to buy Maez and Maex their epic land mounts, I'm not sure I will bother to get either a flying mount, it depends how the finances progress. I know, I know, warlocks get the fiery hooved mount at 40 but the level 60 quest looks expensive and tedious and anyway I'd MUCH rather Maexyn had a mechanostrider (pink?).

Warcraft Sigs

The site that does the warcraft sigs is broken. There is a mirror site but it smells of wow gold so the sigs are not being updated at the moment.

I received an email from google asking me to confirm I wanted to reset the password on one of my gmail accounts. It's as if some swine is after one of my three gmail addresses. The one in question is my main personal account and has 6136 messages in it, consuming 388Mb of my 6440Mb allowance (I only delete spam). My two other gmail accounts (petersblog and one with a sensible name for 'business') feed into this account.

I love gmail and don't want to mess around with any desktop email applications. That was until now. Do I trust google security? Do I want to have to archive it myself? Another job for my slice?

A short update on my Slicehost vps which I have had for two months now. I love it. It's fast, reliable and I have no criticisms of it whatsoever. I've cancelled my vpslink vps and I will cancel site5 once the contract runs out. All my eggs in one basket (ok, two if you count the rsync.net backups). Slicehost offer backups but:

• they cost $15 a month
• you only get three
• they are snapshots of your live system and hence will back up the trojans, root kits or whatever your system has succumbed to
• rsync.net is independent

TODO: learn capistrano.

Peter's Blog: No affiliate links.