|
|
In my previous post I expressed a desire to use regular expressions for files that may appear in multiple places in the tree due to bind mounts for /run and /var/run etc [1]. However there is a problem with this idea.
The SE Linux file labeling program restorecon reads the file /etc/selinux/$SELINUXTYPE/contexts/files/file_contexts which contains a set of regular expressions to assign labels to files. That file is ordered and the last entry which matches is the one that counts. When the file_contexts file is created the order is based on how many characters at the start of the file specification aren’t regular expression meta-characters. For example the entry “/.*” is at the top of the file (and therefore has the lowest precedence), which makes it the catch-all entry for files that have no other match. So an entry for “/var/run/REGEX” will have a higher precedence than one for “/var/REGEX”, this means however that when I replaced the “/var/run” part with a regular expression then it had a lower precedence and it didn’t work properly.
I should have remembered this as I did a lot of work on setfiles (which became restorecon) in the early days. I have now developed a new way of solving this and this time I’m testing it before blogging about it.
I have written the following PERL program to fix the file contexts, this adds multiple lines and uses a distro_debian conditional on them so that they don’t slip into upstream use – and so that if I lose track of where each patch came from I’ll know that I can delete them in future because it only matters to Debian.
#!/usr/bin/perl
use warnings;
use strict;
open(LIST, "find . -name \"*.fc\"|xargs egrep \"^/(var.*run)|(var/lock)|(dev/shm)\"|cut -f1 -d:|uniq|") or die "Can't get file list\n";
while(<LIST>)
{
my $filename = $_;
chomp $filename;
open(my $infile, "<", $filename) or die "Can't open file $filename";
open(my $outfile, ">", $filename . ".new") or die "Can't open file ". $filename . ".new";
while(<$infile>)
{
print $outfile $_;
my $newline;
if($_ =~ /^\/var\/run/)
{
print $outfile "ifdef(`distro_debian', `\n";
$newline = $_;
$newline =~ s/^\/var//;
print $outfile $newline;
print $outfile "')\n";
}
if($_ =~ /^\/var\/lock/)
{
print $outfile "ifdef(`distro_debian', `\n";
$newline = $_;
$newline =~ s/^\/var/\/var\/run/;
print $outfile $newline;
$newline =~ s/^\/var//;
print $outfile $newline;
print $outfile "')\n";
}
if($_ =~ /^\/dev\/shm/)
{
print $outfile "ifdef(`distro_debian', `\n";
$newline = $_;
$newline =~ s/^\/dev/\/run/;
print $outfile $newline;
print $outfile "/var" . $newline;
print $outfile "')\n";
}
}
close($infile);
close($outfile);
rename $filename . ".new", $filename or die "Can't rename " . $filename . ".new to " . $filename;
}
The next policy thing that I have to work on is systemd. From a quick test it seems that systemd policy changes will be more invasive than is suitable for Squeeze. This means that someone who wants to upgrade from Squeeze to Wheezy+systemd will have to upgrade to Wheeze policy before installing systemd. I think that I will make 0.2.20100524-10 the last version in Unstable based on the 2010 release, I will now start work on packaging the latest upstream policy for Unstable.
PS I’m not much of a PERL programmer, so if anyone has suggestions for how to improve the above PERL code then please let me know. Please note however that I’m not interested in making my code look like line-noise.
Currently Debian/Unstable is going through a transition to using /run instead of /var/run. Naturally any significant change to the filesystem layout requires matching changes to SE Linux policy. We currently have Debian bug #626720 open about this. Currently the initscripts package breaks selinux-policy-default in Debian/Unstable so that you can’t have initscripts using /run if the SE Linux policy doesn’t support it.
A patch has been suggested to the policy which uses a subst file, basically that causes the SE Linux labeling programs to treat one directory tree the same way as another. The problem with this is that it depends on a libselinux patch that is not in any yet released version of libselinux (and certainly won’t be in a Squeeze update). The upside of such a fix is that it would work for policy that I package as well as custom policy, so if someone wrote custom policy referring to /var/run it would automatically work with /run without any extra effort.
I think that the only way to do this is to just have regular expressions that deal with this in the file contexts. It’s a bit ugly and slows the relabel process down a little (probably no more than about 10%) but it will work – and work on Squeeze as well. One thing I really like to do is to have the SE Linux policy for version X of Debian work with version X+1. This makes upgrades a lot easier for the users. Ideally upgrading a server could be a process that involves separate upgrades of the kernel, the SE Linux policy, and user-space in any particular order – because upgrading everything at once almost guarantees that something will break and it may be difficult to determine the cause.
At this time I’m not sure whether I’ll add a new policy using the subs file before the release of Wheezy (the next stable release of Debian) or just keep using regular expressions. I can have the Wheezy policy depend on a new enough libselinux so it won’t be a problem in that regard (a new upstream version of libselinux with the subst feature should be released soon). In any case I need a back-port to Squeeze to use regular expressions to make an upgrade to Wheezy easier.
for n in $(find . -name "*.fc"|xargs grep var/run|cut -f1 -d:|uniq) ; do
sed -e "s/\/var\/run/\/(var\/)?run/" < $n > $n.new
mv $n.new $n
done
for n in $(find . -name "*.fc"|xargs grep var/lock|cut -f1 -d:|uniq) ; do
sed -e "s/\/var\/lock/\/((var\/run)|(run)|(var))\/lock/" < $n > $n.new
mv $n.new $n
done
for n in $(find . -name "*.fc"|xargs grep dev/shm|cut -f1 -d:|uniq) ; do
sed -e "s/\/dev\/shm/\/((var\/run)|(run)|(dev))\/shm/" < $n > $n.new
mv $n.new $n
done
I used the above fragment of shell code to change “/var/run” to “/(var/)?run”, “/var/lock” to “/((var/run)|(run)|(var))/lock”, and change “/dev/shm” to “/(var/run)|(run)|(dev))/shm”. It involves a reasonable number of changes to policy (mostly for /var/run), but hopefully this will be acceptable to the release team for inclusion in the next Squeeze update as the changes are relatively simple and obvious and the size of the patch is due to it being generated code.
There is one final complication, Squeeze currently has selinux-policy-default version 2:0.2.20100524-7+squeeze1, but initscripts in Unstable breaks versions <= 2:0.2.20100524-9. So I guess I could submit a proposed version 2:0.2.20100524-9+squeeze1 to the release team to fix this. I would really like to have the Squeeze policy work with initscripts from Unstable or Wheezy.
Any suggestions for how to deal with this?
Update:
I wrote the above before testing the code, and it turned out to not work. I’ve written another post describing a better solution that I have now uploaded to Unstable. I still have to sort something out with an update for Squeeze.
There is always been an ongoing debate about how to assign disk space into multiple partitions. I think that nowadays the best thing to do is to assign about 10G for the root filesystem for every desktop and server system because 10G is a small fraction of the disk space available (even the smallest laptops seem to all have disks larger than 100G nowadays). Even if 10G turns out not to be enough using separate filesystems for /var or /usr provides little benefit now that it’s easy to resize the root filesystem with LVM – and a separate /usr is known to be broken [1].
In a discussion on a private mailing list there was a suggestion that multiple filesystems should be used for security.
DoS Attacks
There are some minor security benefits in having multiple filesystems. If a critical program will fail when there is no free disk space then allowing an unprivileged process to use up all the space on that filesystem is a minor security issue, so having unprivileged processes not being permitted to write to important filesystems is a benefit. But most failures of this type are merely DoS attacks which usually aren’t a big deal – if you can control a local process there are usually lots of other ways of DoSing a system.
Links
Links have been the cause of many security issues in Unix over the years. Using different filesystems for different tasks can prevent the use of hard links in attacks aimed at exploiting race conditions. But even if you prevent hard links there are similar issues with symbolic links. SE Linux is one of many security improvements for Linux which allow restrictions on the creation of hard links. SE Linux also allows restricting the ability of processes to follow symbolic links, so a privileged process can be denied access to follow a sym-link that was created by an unprivileged process.
NFS
The subtree_check option in /etc/exports causes the NFS server to verify that file access is in the correct subtree. So if you export only one subdirectory of a filesystem to a given server then hostile code on that server (or on a network device which impersonates that server) can’t access other subdirectories. This option is documented as having performance implications and working best for filesystems that are mostly read-only, for this reason it’s turned off by default in recent versions of the NFS utilities.
So if you want to NFS export /home then it’s probably a good idea to have /home be on a separate filesystem to prevent attacks on the root filesystem. But of the systems with significant use of /home (IE anything other than accounts used solely for “su –“) most of them have a separate filesystem for /home anyway so this shouldn’t be an issue.
SE Linux
When mounting filesystems with SE Linux there is a “context=” mount option that allows specifying the context for all files on the filesystem. This can save a small amount of storage space for XATTRs and theoretically improve performance (although the difference is unlikely to show up on benchmarks for anything other than fsck). Generally the context mount option is only used for a filesystem that has a huge number of files with the same context, such as a mail spool that uses Maildir, Cyrus, or any of the other formats that involve one file per message. But again such data is generally stored on a separate filesystem for other reasons anyway.
I found one interesting corner case in regard to SE Linux systems mounting files from an NFS server. When an NFS server exports multiple subdirectories of a filesystem mounted on /foo then if one NFS client running SE Linux is to mount two subdirectories of /foo with different contexts then the second mount attempt will give the error “an incorrect mount option was specified”. This is because as of kernel 2.6.18 by default it’s not permitted to mount parts of the same filesystem with different mount options. The option “nosharecache” allows you to use different mount options, but does apparently permit some undesirable behavior in the case of hard links that cross between the subtrees. Thanks to Eric Paris for the tip about nosharecache.
The best example I can think of for which you might want context mount options that differ among files that are used for the same purpose on an NFS mount is a web server which has data files and CGI-BIN scripts. So it seems that a SE Linux web server that mounts it’s data over NFS and is at risk of having hard links between the CGI-BIN directory and the data directory is a corner case in which multiple filesystems is required for security. This seems to be a very unlikely case.
Conclusion
Servers that are deployed in the real world are complex enough that there are always systems with some unusual corner cases demanding configuration choices that aren’t expected. There are some real corner cases for SE Linux where multiple filesystems are compelled for security or for a combination of security and best performance.
But I wouldn’t make a generic recommendation of using lots of filesystems for security. I think that the people who encounter the strange corner cases can usually work out that they need to do something different. So a small number of filesystems seems like a good general aim that doesn’t conflict with security.
Anne Rettenberg wrote an article for Psychology Today that is critical of the idea of online dating [1], she cites one example of a man who visited a prostitute due to being depressed at his lack of success in online dating to support her claim.
The first big problem with her article is that she doesn’t mention the different experiences that male and female customers presumably have on online dating sites. I don’t know what it’s like for women on the dating sites so I can’t comment on that. But I’m sure that someone who works as a counselor could provide some useful insight into this matter. Also she didn’t even give a mention to the issue of gay/lesbian dating sites.
The next issue is that she didn’t offer any good advice for who should use online dating sites and what their aims should be.
Rejection
In dating in real life (IRL) it’s expected that the man make the first move, and therefore women end up rejecting lots of guys for various reasons. Anne seems to think that rejection online is somehow worse than rejection IRL, it probably is for some people but that certainly isn’t the case for everyone. The way that lots of dating sites seem to work is that women place adverts, men respond to them, and then the women reply to a small subset of the email that they receive. “Rejection” in this case isn’t a matter of telling someone that you aren’t interested, but of merely not replying to their mail.
From my discussions with a few men who’ve used online dating sites the strategy seems to be to send out initial messages to a few dozen women every day and then maybe get a few responses a day. For the messages that get no response you will never know whether the other person found someone else first, wasn’t interested in you for some reason, or just didn’t bother checking their email. The only comparison to IRL rejection is that which happens after phone numbers have been exchanged, which isn’t going to be that common (and has the same issues regardless of how the people met).
Guys, relax about the women who don’t respond to your first message. They probably get 100+ responses to their advert and don’t have time to even read half of them. If you get rejected later in the process then you can look through your email archive at a later date to try and discover what went wrong.
The Aim of Online Dating
The fact that Anne’s client visited a prostitute suggests that maybe he wasn’t really after a relationship. In which case using one of the many online services for finding sex partners might have been a better option.
Generally it seems that a good strategy is to try and have fun. I don’t know any men who have married someone from a dating site, but the general opinion seems to be that they are still worth using. If you meet someone in a bar then you might end up having a drunken conversation that is drowned out by loud music. If you meet someone over the Internet then you can have a quiet conversation over the phone – which seems to be a better way to get to know someone (and generally more pleasant for anyone who’s not an alcoholic). I think that men who have no immediate aim other than finding someone nice to talk to will do better than those who aim to score quickly.
Of the men I know who married women they met over the Internet (but not through online dating sites) I wonder how many of them would have ended up married if they hadn’t used the online dating sites first. It seems that men who regularly communicate with women outside formal situations (work etc) will have a better chance of impressing someone that they like than those who lack such experience.
Introverts
There are a lot of people who really can’t function in a bar. With the way our society works it seems that anyone who can’t handle the bar scene really should consider online dating.
How Counselors can Help
It seems to me that someone who is seeing a counselor and who is considering a new way of finding a SO should ask their counselor for advice first. It also seems to me that a good option might be to ask their counselor for advice in online dating. Instead of being unsuccessful and depressed a man who was seeing a female counselor could do well to ask her advice for how to impress women on the Internet. This is probably a business opportunity for female counselors who can advise men on such things, among other things it seems that seeing an “online relationship coach” would be perceived in a more positive manner than seeing a counselor or psychologist for the more traditional reasons.
TED has published a list of resources for suicide prevention and to help survivors and their families [1].
Psychology Today has an interesting article by Paula J. Caplan, Ph.D about the recent US Supreme Court decision denying female employees of Walmart the ability to file a class action lawsuit about their poor pay and working conditions [2]. She describes the problem as a focus on rights of the ruling class vs fairness to the workers, it could also be described as prioritising perceived rights of the rich over the rights of workers to fair treatment. It seems to me that her article has relevance to some of the discussions related to the treatment of women in the Free Software community.
New Scientist has an interesting article by Ferris Jabr about the use of MRI to discover brain-wave patterns correlated with Autism in sleeping toddlers [3]. This doesn’t seem likely to be useful for scanning the entire population as it currently has a false-positive rate of 7/43 (which would make false-positives outnumber true-positives by about 15:1). But it does seem likely to do some good in identifying young children who might be on the Autism Spectrum.
Shea Hembry gave an amusing TED talk about how he created art works for 100 fictional artists for his own exhibition [4]. He created a biography for each “artist” and every one had a unique style of art.
Steve Keil gave a passionate TED talk about the benefits of play – for children and for adults [5]. He focussed on the benefits for Bulgaria (where his talk was given) but it all applies to all humans.
Frederic Bastiat’s 1850 essays on economics are interesting, informatice, and well written [6]. Some of the themes such as the supposed economic benefits of maintaining a large army are the subject of political debate today.
Paula J. Caplan, Ph.D wrote an insightful article for Psychology Today about the recent US supreme court decision in regard to the Wal-mart case [7]. Her article seems to have some obvious parallels to the situation in the FOSS community. The idea of rights vs fairness, beliefs that are unconscious or unexamined, and the comparison of attitudes towards racial vs sexual discrimination (in terms of not treating sexual discrimination and harassment seriously) seem to all apply clearly.
Al Jazeera reports that the Fukushima disaster is worse than is reported in the mainstream “western” press [8]. Generally I wouldn’t be inclined to trust al Jazeera if other news sources were reliable. But unfortunately reliable news related to contentious issues such as nuclear power is quite rare. It will probably be quite a long time before we can be confident that we know much about Fukushima, everyone who knows seems to be lying.
Periodically Free Software people from other countries visit Melbourne on business trips. Usually when someone is sent any distance on a business trip (IE to Australia from anywhere other than NZ) they will stay in a good hotel (4 star or better), this generally means that they have a pool in their hotel. 5 star hotels and the newer serviced apartment hotels tend to have really good pools (1/4 olympic size isn’t uncommon). Hotel pools are very under-utilised, their main purpose AFAIK is to boost the hotel star rating – my experience is that it’s not common to meet other people in a hotel pool.
While food and drinks are often banned in the pool area my observation is that the only rule which matters is “no glass”. So hotel pools are almost ideal for pool parties, you just need to drink from cans or from drinks in plastic bottles that are poured into plastic cups.
If any Free Software person finds themself staying in a hotel in Melbourne Australia with not much to do in the evenings or weekends then one option is to call for a pool party. I’ve asked on a local mailing list and it seems that there is enough interest for a small party, the local mailing lists can be used to arrange a party.
Also one thing to note is that some hotels have outdoor pools, while Australia is generally a warm place the southern parts of Australia (such as Melbourne) get quite cold in winter, an outdoor pool is not going to be fun for the colder half of the year. So getting a hotel with an indoor pool is very important during the April-September period.
I run some servers that use the DJB Daemontools to manage their daemons [1]. This is something I would have changed years ago if given a chance because DJB software always seems to do things in a different way to other Unix software and causes pain. Unfortunately when you have a lot of semi-embedded systems that have intermittent net access it’s really not easy to change things, and having staff who aren’t computer experts who have been trained to use certain DJB software makes it even more difficult.
Daemontools uses multilog [2] to manage it’s logging, this gives dates of the format @400000004deedcea1e4a18d4. While DJB has written a tool to parse this it’s not always convenient, and I don’t want to install DJB software on every system that might be used for reading logs (among other things DJB software is not included in any popular distribution).
George Bernard Shaw says that “All progress depends on the unreasonable man” [3], of course he never participated in a large-scale software development project. In the modern age progress usually depends on people who can work with others, which is why DJB software doesn’t get used much – for every DJB program there is a similar program written by someone else that works about equally well on it’s own and is more than 10* more popular because of better interoperability.
So I wrote the following script to convert DJB dates to regular dates. It takes a DJB format date as the first command-line parameter as I generally just paste the relevant date into a different window. At some future time I may write a program to parse an entire log file and convert all the dates but I haven’t had a need for it yet. I think that I’ve done the hardest work involved in writing such a parser so someone else can use this as a starting point if they have such a need.
#!/bin/bash
set -e
DATE=$(echo $1|cut -c 10-17)
SECS=$(echo -e ibase=16\\n$(echo $DATE|tr "[a-z]" "[A-Z]")|bc)
exec date -d "1970-01-01 $SECS sec utc"
Last year the Psychologist and Baptist minister George Rekers who is famous for anti-homosexuality pseudo-science was discovered to be hiring gay escorts from Rentboy.com. Lots of LULZ there.
But the story didn’t end there. It turns out that George Rekers did some research on a child who ended up committing suicide as an adult, and the circumstantial evidence suggests that George’s actions are directly related to the suicide [1]. The Rentboy.com affair doesn’t seem so funny now.
The Box Turtle Bulletin has a series of articles about Kirk Andrew Murphy’s suicide and the roles of George Rekers and Richard Green in all of this [2], the articles are well written and generally appear to be well researched – I recommend reading the articles if you can stomach them (lots of nasty stuff is described).
The section answering the question of who’s responsible for the mistreatment of Kirk Andrew Murphy [3] where they describe the use of ABA (AKA the Lovaas Technique) is interesting. Ivar Lovaas worked with George Rekers in such “research” and published a paper with him. The term ABA gets an immediate hostile reaction in the Autism community, but until now I hadn’t realised why so many people hate it so much. It seems that to some extent I made the classic mistake of misjudging the reports of Autistic people who are unable to present their case well (as opposed to the psychologists who can present any position very well even if it’s utterly insane). In the past I had the impression that ABA wasn’t inherently bad, it was just implemented in a bad way in some cases – now it seems that ABA was designed in an evil way right from the start.
There is one massive problem with the Box Turtle analysis, he says “Behavioral analysts don’t dig around much into people’s feelings, fears, dreams, family relationships or childhood memories. Indeed, in cases like autism, Lovaas’s specialty, those avenues of exploration would be irrelevant“. It could be that Jim Burroway (the Box Turtle writer) is merely quoting someone else without attribution, but even so saying that the “feelings, fears, and dreams” of a group of people are “irrelevant” is just awful, a statement that denies the humanity of a group of people can’t be quoted without further explanation.
In his article about ABA Jim refers to childhood Autism as “a condition for which there is no hope for interior change” [4]. I’m not sure if he’s just saying that Autistic children are incapable of learning or whether it’s all Autistic people, in either case it’s nonsense in terms of science and nasty as well.
Generally I expect that members of various minority groups will show more sympathy to each other than they receive from the general population. Jim’s posts are a great disappointment. I understand that he would be rather stressed about the horrible things that George Rekers et al did, but even so he should be able to avoid that sort of thing. Jim is obviously a very talented writer and can do better.
One might think that Jim’s posts use the word “Autism” to refer only to the people who are non-verbal (or in other ways less capable than the huge number of Autistic people who work for companies like Google and IBM). But that’s no excuse either. You can find blogs and essays written by non-verbal Autistic people that describe their experiences if you care to search for them. It’s obvious that they are people too and deserve to be treated as people not objects. Abusing Autistic children to try and make them impersonate NT children is no less evil than abusing children who don’t fit gender norms.
It’s not that common to have a rally in favor of creating a new tax, but today I attended the Melbourne rally in favor of a “carbon tax” [1], it was the second such event this year. The rally was held in front of the state library, there is a reasonable size park there and it’s a great place for a few hundred people, and a few thousand can squeeze in there without any problem. But according to the best estimates 10,000 people attended and the venue was obviously a bad choice as all available space was used and the crowd was so great that it wasn’t much fun to be there. This was a great contrast to the previous rally in favor of a carbon tax which had maybe about 8,000 people attend and a much larger area [2]. The state library is a great place to hold a small or medium size rally where people can see it, but if you are going to get 10,000 people you need a bigger venue – as the exits were partially blocked by road work I’m sure that the local government wouldn’t have given a permit if so many people were expected.
Usually the city center is very quiet on a Sunday afternoon, but this afternoon everything was packed. An extra 10,000 people really makes a difference – although admittedly sunny weather would have helped. Australia wide there were apparently about 100,000 people attending similar rallies, that’s 0.5% of the population of the country!
The aim of the rally was to advocate a large enough tax on coal, oil, and other energy sources that emit CO2 to provide an economic incentive to minimise use and use alternate energy sources where possible. Currently billions of dollars are being given to polluting industries, instead those industries should be taxed and the money raised given to compensate needy people.
Looking North towards where I entered.
 
Two pictures from slightly different angles that are roughly East from where I was standing in the center of the crowd.
 
Pictures looking east through the band when people were starting to leave and looking south towards the exit I chose while on the way out.
In February I started the process of moving my phone and my wife’s phone to Virgin from Three [1]. The reason is that Three didn’t offer any good phones on affordable contracts, the cheapest that was suitable was a HTC Desire HD which would have cost me $55 per month, while I could justify spending that for my own phone (which is used for responding to SMS from Nagios to fix client servers) I didn’t have the budget to spend that much on my wife’s phone too – and I really want us to have the same type of phone for ease of support. So I chose Virgin who offers the Sony Ericsson Xperia X10 for as little as $29 per month – I chose a $39 per month deal that included 1500MB of data transfer and also had three months free which makes it effectively $34.12 per month.
When using previous phones that weren’t particularly smart I had also carried a Netbook and a 3G modem with me most of the time. Now that I have a phone that is a ssh client I don’t need that so I tried to cancel the contract today.
Three allows you to do almost everything over the Internet except cancel a contract – their web site doesn’t even give a phone number to call for that purpose. This must keep their support people busy, Vodaphone (which has just merged with Three) has recently had a horrible security breach because their sales booths used public Internet access for all customer data [2]. Also there is currently a law suit against Vodafone for poor network performance and misleading claims about service areas [3]. My experience with Three performance has been reasonably good apart from the fact that they advertised 3G service in Bendigo and provided none.
As Three are apparently desperate to retain customers they offered me free service for 6 months if I don’t close the account now. So I have a SIM that supports 1G of 3G data transfer per month for no charge until December (worth $90). What can I do with it? I don’t own a 3G modem as I gave that to my parents (who are quite happy with pre-paid 3G net access via Three) and the phones that I have which can be used for tethering are a little slow (usable for ssh and basic web access but not for Youtube etc).
Is there a way of selling such a SIM? Note that my name is still on the contract and any excess data or roaming fees will be billed to me so I can’t just put it on ebay.
I guess that one thing I can do is to use the SIM for receiving phone calls. For example if a friend was visiting from another country and wanted to receive calls without paying roaming fees I could lend them a phone.
Any ideas?
|
|
