Twitter: @ewenmcneill -- July 2021

Thu Jul 01 01:21:42 +0000 2021 (#)

Replying to @ewenmcneill

Looks like RedHat fixed this Samba memory leak (with a back port) in Fedora 34, but apparently not in RHEL 8.4 / CentOS 8.4 (seems to be the Samba 4.13.9 leak fix).

(My client filed a RHEL support request, so maybe it’ll be fixed.)

Thu Jul 01 01:24:07 +0000 2021 (#)

Replying to @ewenmcneill

There’s also this bug for epmd on CentOS 8.4 for an IPA server which got closed as a duplicate of the ones upthread. So that tends to confirm it’s the same issue.

Thu Jul 01 03:27:14 +0000 2021 (#)

RT @ExcitedLeigh: The place where everyone stores their code arguing that they can ignore the licenses on that code and do what they please…

Fri Jul 02 04:50:26 +0000 2021 (#)

RT @slyall: When Greta Thunberg said "Our house is on fire" people assumed she was being metaphorical

Fri Jul 02 06:16:43 +0000 2021 (#)

RT @IanColdwater: Copilot is going to cause massive problems for open source licensing, and that is an actual problem people ought to be pa…

Fri Jul 02 23:03:40 +0000 2021 (#)

RT @helenleigh: Computer history is absolutely my jam and I'm really enjoying this book but I can't help thinking about who wasn't at the t…

Mon Jul 05 02:55:34 +0000 2021 (#)

Replying to @jillrouleau

My city ended up moving their annual fireworks display to Matariki (Maori celebration of new light, basically now just after the winter solstice).

It has the distinct advantage of being dark early, and nature is almost guaranteed to be fairly well dampened.

Mon Jul 05 02:57:24 +0000 2021 (#)

Replying to @jillrouleau

Of course fireworks sales to the general public are still “a few days in late spring” to coincide with a random attempt to blow up parliament (😮). So there’s non trivial late spring/summer fireworks.

(It feels like global warming will force these changes on us all.)

Mon Jul 05 03:45:57 +0000 2021 (#)

Replying to @jillrouleau

Ah yes the “travel to jurisdiction that has laws you like more” work around. We added a many thousand mile wide moat around our country to discourage that :-)

Tue Jul 06 01:50:42 +0000 2021 (#)

RT @luis_in_brief: I think this is fairly obvious, but just in case: if GPL code is unusable for or via Copilot, so is nearly all permissiv…

Wed Jul 07 01:39:01 +0000 2021 (#)

Replying to @nz_liam and @isomer

Having worked with... a lot of switch venders devices, at this point about the only thing I assume is the port numbers probably monotonically increase left to right.

Top first or bottom first is random. First port number equally so. (Shout out to the Dell switch starting at 5!)

Thu Jul 08 07:49:21 +0000 2021 (#)

RT @apollo_50th: "The Apollo 15 astronauts were limited to contact with 102 persons [yesterday] as they began a three-week preflight medica…

Fri Jul 09 10:12:31 +0000 2021 (#)

RT @linuxconfau: Woohoo - will be held online, worldwide, from 14-16 January 2022 with the theme ‘Community’. Whack…

Sun Jul 11 10:35:27 +0000 2021 (#)

RT @ComfyConAU: We are postponing ComfyCon AU 2021. We planned to hold it at the end of July, but with all that's going on in Australia, we…

Mon Jul 12 04:29:50 +0000 2021 (#)

RT @unixbigot: Did you know that it’s called “Enterprise Software” because it explodes in your face when anything unexpected happens? https…

Tue Jul 13 02:41:51 +0000 2021 (#)

Replying to @ewenmcneill

The samba epmd (smbd) RHEL 8.4 memory leak bug is apparently being fixed by a samba 4.13.3-4.el8_4 package update coming in “RHEL 8.4.z batch update 2”. (Uncertain when that releases, it took 12 days just to get this far with RedHat support.)

Tue Jul 13 05:45:21 +0000 2021 (#)

RT @PyConAU: Our schedule is now live! 🎉

Check out our lineup, and buy your ticket today!


Tue Jul 13 07:13:14 +0000 2021 (#)

RT @mjg59: Framing any discussion of whether Copilot produces copyright infringing code in the context of the GPL is missing the point. If…

Tue Jul 13 07:16:54 +0000 2021 (#)

RT @mjg59: A more longform description on my feelings re: Copilot and free software licenses:

Wed Jul 14 03:08:12 +0000 2021 (#)

Replying to @developerjack

Oh dear 😢

Hope y’all hang in there and things start to improve soon.

(Like you down thread I’m not surprised it got extended, as the “new cases” count is still going in the wrong direction. But it’d be nice to see it reach an inflection point soon.)

Thu Jul 15 23:05:58 +0000 2021 (#)

RT @GSGlabs: The LUNA @crowd_supply campaign is now active! 🎉 Please check it out and support us if you can. http…

Thu Jul 15 23:06:48 +0000 2021 (#)

RT @ktemkin: After a wild couple of years since I created the first revision, there's finally a chance to get your hands on LUNA: a super-i…

Sat Jul 17 00:10:32 +0000 2021 (#)

“[B]asically all modern mass market OSes [...] derive in some way from 2 historical microcomputer families... and both were from the same company.”

DEC PDP-{7,8,11} and VAX/VMS inspired a lot of what is widely used today.

(Via tweet I’ve since lost.)

Sat Jul 17 00:18:49 +0000 2021 (#)

That’s not retro computing, this is retro computing!

A vacuum tube computer, built in 2020/2021. It’s apparently quite a useful room heater, and can do some computation on the side! It’s a lovely piece of wall art too :-)

(Via a tweet I’ve lost.)

Sat Jul 17 05:45:43 +0000 2021 (#)

Modulo Bias: the impact of eg 256/107 being about 2.4. If you just use “% 107” to clamp the values then low values will end up more likely than higher values.

Interesting concept, with security implications, and a great article (from mid 2020).

Sun Jul 18 06:10:28 +0000 2021 (#)

RT @textfiles: For DEFCON Documentary (2012), I interviewed Dan Kaminsky @dakami for 30 minutes about DEFCON, speaking at hacking cons, and…

Sun Jul 18 08:57:35 +0000 2021 (#)

“Portal without Portals” is pretty wild: a game asset inherited from an earlier game can be used for a bunch of speed run glitching, so you don’t even need portals to complete levels.

The mouse wheel spawning of Airboats is particularly amusing! 😃

Sun Jul 18 22:22:51 +0000 2021 (#)

Replying to @dnaltews and @ktemkin

Yes, this ⬆️.

If someone wants to clarify something in a discussion six hours later, the way to do so is to add a clarification message to the record not attempt to “undo”/rewrite what was said hours ago.

(I too will sometimes edit for clarity in first few minutes.)

Sun Jul 18 23:08:11 +0000 2021 (#)

Replying to @ewenmcneill

After a couple of days trying my client got RHEL 8.4 samba 4.13.3-4 pre-release packages from RedHat support. They do solve the “epmd” memory leak. As best I can tell with the same 2 line diff as was upstream in April.

Unclear why RedHat are holding off releasing samba 4.13.3-4.

Mon Jul 19 06:50:13 +0000 2021 (#)

USB-C: one connector, one cable to rule them all.

Wait, I’m getting an update. 8 — eight! — different passive cable types ({USB {2,3.2g1,3.2g2},TB3} {3,5}A).

No wonder someone ended up colour coding cable types with nail polish.

Mon Jul 19 21:41:30 +0000 2021 (#)

Replying to @ravenslofty

“Your company” / “your organization”, or very similar, instead of “you”. Ie clearly directed at the collective not the individual (“you” is ambiguous in modern English).

Also talk about policies that lead to actions, and their impacts, rather than the actions of individuals.

Mon Jul 19 22:39:09 +0000 2021 (#)

Replying to @ewenmcneill

My calendar started reminding me PyConAU 2021 was soon... so I checked and it’s definitely in September (2021-09-10 to 2021-09-12).

On checking, I see why my calendar thought it was in August. Seems we didn’t know when PyConAU 2021 would be after all :-)

Mon Jul 19 22:42:38 +0000 2021 (#)

Replying to @ewenmcneill

I’ve updated my calendar reminders to the actual PyConAU 2021 September dates. But now I’m sad I have to wait even longer 😢

Tue Jul 20 01:50:12 +0000 2021 (#)

My longest parcel in transit of the pandemic just arrived: 14.5 weeks (102 days), (untracked 😢) surface post from Germany.

Sent 2021-04-09, arrived today. Seems like it might have survived the journey too (not opened it yet).

I’d almost given it up as lost!

Tue Jul 20 02:32:17 +0000 2021 (#)

RT @RealSexyCyborg: .@flipper_zero absolutely writing the book on how to keep your customers informed during the hardware crowdfunding proc…

Tue Jul 20 22:05:16 +0000 2021 (#)

Replying to @RealSexyCyborg

If you want to keep some of the fabrication montages then treating them as “B roll” footage over which you put audience attention retaining audio/subtitles about the project (rather than the build) can help.

But yes “watching fabrication” is fairly niche viewing now.

Wed Jul 21 01:27:49 +0000 2021 (#)

Now under 1 week until the Dell Networking OS 10 embedded TLS certificate expires (factory shipped up through at least late 2020). Expires 2021-07-27 18:23:26 UTC, but biggest impact would be on switch/service restart after that.

Wed Jul 21 01:31:54 +0000 2021 (#)

Replying to @ewenmcneill

To their credit, in the last couple of months, Dell Support have been pretty proactive about notifying customers about this DNOS 10 TLS expiry issue, and fixes (replace TLS cert, or upgrade to OS 10.5.1+ which in theory doesn’t require it).

Wed Jul 21 01:34:14 +0000 2021 (#)

Replying to @ewenmcneill

But it would have been better not to ship a difficult to replace/very embedded 5 year lifetime TLS certificate in the first place. Let alone continue shipping it from factory up through single digit months before it expires.

Wed Jul 21 02:15:17 +0000 2021 (#)

What I like most about today’s Linux size_t to int overflow exploit is that it also includes TOCTOU (time of check, time of use) attack against the eBPF verifier, by blocking the thread (with userfaultd or FUSE). That’s really elegant.

Wed Jul 21 02:19:19 +0000 2021 (#)

Replying to @ewenmcneill

Sadly it looks like this means that regular text (“//deleted”) means something useful to the eBPF compiler, which it’s then happy to JIT to native instructions.

It seems like maybe trusted machine instructions should use a different number space from common text data 🤔

Wed Jul 21 02:21:50 +0000 2021 (#)

Replying to @ewenmcneill

Also possibly the memory allocator should consider not doubling memory allocations beyond some (large) block size when doing realloc to expand a string. 1GiB to 2GiB is a huge jump (versus say 1KB to 2KiB).

That’s why a 1GiB + some bytes path can trigger the exploit... 😢

Thu Jul 22 05:54:15 +0000 2021 (#)

RT @apollo_50th: "Two years after man first landed on the Moon, the countdown started [yesterday] for next Monday's launching of Apollo 15,…

Thu Jul 22 06:41:42 +0000 2021 (#)

RT @arturo182: 3D printer transformed into a through-hole soldering machine 🤩

Fri Jul 23 07:15:43 +0000 2021 (#)

The Downtime Project Podcast (season 1 recently finished, more coming later) has been interesting listening. Even having read a bunch of the incident reports that they cover (one per episode) the analysis in the second half of each podcast is interesting.

Fri Jul 23 07:42:50 +0000 2021 (#)

Rule 1 for solving a problem you don’t know how to solve: see if you can turn it into a problem you do know how to solve. I too had never researched how they make sculpted foam. It seems the process is material specific and surprisingly material efficient.

Sat Jul 24 00:27:35 +0000 2021 (#)

RT @CCDHB: If you are in Group 3 and haven’t booked your #COVID-19 vaccination yet, you can now phone 0800 28 29 26 to book your appointmen…

Sat Jul 24 06:54:35 +0000 2021 (#)

RT @ImogenBits: are you tired of people telling you to switch to C++ because C doesn't even have pass-by-reference? don't worry! just* incl…

Sun Jul 25 09:07:48 +0000 2021 (#)

Somehow we’ve managed to turn buying lightbulbs into an exercise requiring advanced lighting physics knowledge and made it impossible to search for the key parameters required.

(It also appears I can have any 2-4 of my 5 requirements, one of which is “I can purchase it 😢)

Mon Jul 26 02:42:16 +0000 2021 (#)

Replying to @nye_nicola

My assumption would be “no symptoms before test, but isolating because of known possible contact”. At least that’s how it has worked here (NZ).

(Most recently NZ has asked people who were possible contacts to isolate and do 3 x tests.)

Mon Jul 26 06:07:52 +0000 2021 (#)

Replying to @hroethgar

“stable” kernels 😬

(At least distros still do more testing than “it compiles, ship it”. Even if they’ve also had a few nasty regressions too.)

Mon Jul 26 06:54:24 +0000 2021 (#)

RT @yaakov_h: oh no oh no oh no

Git branches are as case-sensitive as the filesystem the repo is cloned to.

A Windows user might think th…

Mon Jul 26 21:29:30 +0000 2021 (#)

RT @LibbyCutts: Brilliant thread. Scroll up for a discussion on supermarket logistics and why we might get short of posh booze. Scroll down…

Mon Jul 26 22:26:50 +0000 2021 (#)

RT @apollo_50th: Liftoff! #Apollo15 #Apollo50

Mon Jul 26 22:27:56 +0000 2021 (#)

RT @apollo_50th: Recap: Apollo 15 liftoff from Cape Kennedy at 9:34 a.m. EDT (13:34 GMT) on July 26, 1971. #Apollo15 #Apollo50…

Mon Jul 26 22:33:25 +0000 2021 (#)

RT @apollo_50th: Earth seen from approximately 30,000 nautical miles (56,000 kilometres) by Apollo 15 on July 26, 1971. #Apollo15 #Apollo50…

Tue Jul 27 00:44:00 +0000 2021 (#)

It turns out that not only does the Whare Hauora / Manawa units have MQTT functionality, they used it (via cloudmqtt) to submit results.

Which worked until last night (2021-07-26 21:xx). Now the (shared, AFAICT) cloudmqtt MQTT broker refuses connections :-/

Tue Jul 27 00:46:55 +0000 2021 (#)

Replying to @ewenmcneill

My guess is that maybe Whare Hauora / Manawa outgrew the shared MQTT broker and changed to a dedicated one, which presumably has a different host and/port. But I’ve not found anything confirming that.

Will see if they reply to my webpage contact request with new details.

Tue Jul 27 00:48:40 +0000 2021 (#)

Replying to @ewenmcneill

Otherwise I guess I’m setting up my own MQTT broker / database / graphing earlier than I planned. (Entirely possible to do, but I don’t really need more projects right now :-) )

Tue Jul 27 10:10:29 +0000 2021 (#)

Replying to @ewenmcneill

Roughly 24 hours later the Whare Hauora Minew G1 hub reconnected to the MQTT gateway and successfully submitted results again (2021-07-27 22:00 ish).

But I see “connection refused” if I try to connect again, so I suspect they’re running up against cloudmqtt plan usage limits.

Wed Jul 28 06:21:08 +0000 2021 (#)

Happy Dell OS10 switch TLS certificate expiry :-)

If you have a Dell switch running Dell OS10 and VLT, it’d pay to double check the TLS certificate expiry got mitigated (upgrade to 10.5.1.x or 10.5.2.x), or the certificates definitely got replaced, before you restart the switch!

Thu Jul 29 02:57:27 +0000 2021 (#)

RT @RealSexyCyborg: FFS let's go over this again. If men's appearance is not being policed and penalized at the same rate as women, then by…

Thu Jul 29 21:56:37 +0000 2021 (#)

RT @apollo_50th: The Scientific Instrument Module (SIM) bay door on the Endeavour spacecraft has now been jettisoned. Apollo 15 is at an al…

Thu Jul 29 21:58:41 +0000 2021 (#)

RT @apollo_50th: Apollo 15 has completed the Lunar Orbit Insertion (LOI) burn. The firing time was 398.4 seconds with a ΔV of 3,000.1 ft/s,…

Thu Jul 29 23:51:19 +0000 2021 (#)

Replying to @ewenmcneill

Interestingly having rebooted a couple of Dell switches with old TLS certificates, the stunnel process using them does start after reboot. But obviously anything connecting to it still gets “certificate expired” if it checks.

I guess it’s really unused cruft now 🤔

Fri Jul 30 00:19:30 +0000 2021 (#)

Replying to @ewenmcneill

Even on a Dell switch with VLT enabled I didn’t see anything connected to that stunnel process before rebooting.

(With VLT on Dell switchOS 10.5.0.x there are multiple connections to three stunnel processes using those certs.)

Fri Jul 30 00:48:48 +0000 2021 (#)

Replying to @ewenmcneill

This morning Whare Hauora did send me new MQTT details (new server domain/port; rest is identical to before AFAICT).

So they’ve clearly ended up having to move at least some users off their old (shared?) cloudmqtt instance to make room for other recent deployments.

Fri Jul 30 00:54:29 +0000 2021 (#)

Replying to @ewenmcneill

Config change was quick to do (cut’n’paste in new MQTT URL) and connected immediately AFAICT.

It did take ~15-20 minutes for new results to be uploaded though (normal interval is 10 minutes), so I suspect it reset the “next upload” timer. Seems okay now (2 x results received).

Fri Jul 30 01:25:46 +0000 2021 (#)

RT @apollo_50th: CAPCOM: "And, at the present time, all the systems, otherwise, are looking fine, and you're GO for DOI (Descent Orbit Inse…

Fri Jul 30 10:06:26 +0000 2021 (#)

RT @ktemkin: we talk about “imposter syndrome” a lot in our communities, but rarely does anyone explain that it’s actually a complex trauma…

Fri Jul 30 22:00:50 +0000 2021 (#)

Replying to @trogs

Well that’s an improvement: they used to ship with 10.4.something up through late last year.

Also the official Dell “can’t upgrade” fix does have a new (~30 year) TLS cert. With a complex install script. So hopefully they at least changed the TLS cert in the factory image.

Fri Jul 30 22:02:48 +0000 2021 (#)

Replying to @tveastman

MQTT (of which mosquitto is a common server implementation) is a message bus protocol, which allows messages to be sent to devices as well as from them. So an always up connection is the common model, same as mobile phone push protocols.

Fri Jul 30 22:06:05 +0000 2021 (#)

Replying to @tveastman

But yes, MQTT resource usage is fairly low.

CloudMQTT is clearly a business offering, with market segmentation built into their price model. I suspect they don’t make money at $5/month shared, and run it as a loss leader “demo” and as community service for testing things.

Fri Jul 30 22:07:13 +0000 2021 (#)

Replying to @tveastman

Also if you haven’t already been sent the updated MQTT server details I could send those to you. Only thing that should need changing is server/port AFAICT.

Fri Jul 30 22:09:30 +0000 2021 (#)

Replying to @tveastman

I suspect for what WH are doing they should be using the web HTTP POST action in the gateway. Which would build a TCP connection on demand and then tear it down.

People generally use MQTT for, eg, home automation to join “button pressed” to “turn device on” in complex patterns.

Fri Jul 30 22:17:47 +0000 2021 (#)

Replying to @tveastman

I suspect the smallest dedicated plan is a t1.micro equivalent :-)

The CloudMQTT pricing also includes their setup/admin of it for you, etc. As business service pricing it didn’t seem too unreasonable for “I don’t want to do this myself”.

Fri Jul 30 22:21:04 +0000 2021 (#)

Replying to @tveastman

DM hopefully sent. And an email just in case the DM didn’t send (it seemed to get stuck trying to send the screenshot of the email; same details are in text).

Fri Jul 30 22:25:55 +0000 2021 (#)

Replying to @tveastman

As WH deployed the MQTT connection is unencrypted. You can also run MQTT over TLS (in general, and on those gateways / CloudMQTT on a different port).

Yes my understanding is the sensors a Bluetooth beacons, so broadcasting with less than full Bluetooth session encryption.

Fri Jul 30 22:27:33 +0000 2021 (#)

Replying to @tveastman

I’m not actually sure of those sensors support Bluetooth pairing (and this being queried). They may just be yelling “hey, anyone that’s listening, this is what I know” periodically :-)

Sat Jul 31 08:28:37 +0000 2021 (#)

RT @textfiles: In a world where people are falling over each other to use GPUs to burn up on hashing, Internet Archive is using them for Op…