Get with the programme

July 9th, 2013

Apparently my lack of any particular interest in the following things is like farting in nerd church:

  • Doctor Who
  • Firefly
  • Amanda Palmer
  • Brian Blessed

Nothing personal against any of these people/things. I just don’t really “get” them.

“My IP is blocked by a repressive regime, can I have a different one?”

July 7th, 2013

I asked this question on Twitter yesterday and got a wider range of responses than I expected, although from a limited number of people. So I wondered what others would think.

Say you sell virtual machines and a customer says:

My service allows journalists and others inside repressive regimes to get their stories out. My IP address is being blocked by one of these repressive regimes. Can you switch it for another one?

Would you grant that request?

Assume you have never heard of their service or anyone that uses it, have no independent verification of what whether they are saying is true, and haven’t yet looked for any.

Responses so far could roughly be grouped as:

  • 2x “Yes; it’s a reasonable request and other networks’ policies are their own business”
  • 2x “Yes; once, but check it’s not some global spam blacklisting issue”
  • 3x “Yes; but charge them for your time each time they ask for this”
  • 2x “No; you’ll end up with all your IPs blocked, which may affect other customers”
  • 1x “No; tell them to use a cloud with a constantly-changing IP address” (involves me losing the customer)

What would you do?

If you think suicide is weak or shameful, you just don’t understand

January 24th, 2013

Recently, someone fairly well known in certain circles committed suicide. People commit suicide all the time of course, but this person could fairly be described as a form of genius, a polymath, hero to many. Since their sphere of influence was (is!) strongly Internet-based, the net has been alive for weeks with people feeling the need to comment upon it.

I haven’t made a comment upon it because I didn’t know this person. I knew of them, of many of their great works and deeds and philosophies. Didn’t agree with some of them, but there you go. Anyone who knew anything about this person knows that the world is much worse off to not have them in it, so no one needs to hear that from me. Speaking about their circumstances specifically though is something I still don’t feel comfortable about. It feels to me a bit too much like some sort of leveraging of grief in order to just make statements about oneself.

Yes, I do realise that by just saying that stuff I have passed comment and now you all know something of my politics and beliefs so I’m really cool for how much I care right? Well, I couldn’t avoid it as otherwise it ends up coming across like, “I don’t care that they died; I didn’t know them.”

This particular incident though, being fodder for Internet discussion by persons not closely emotionally tied to the deceased, has lead to me now seeing quite a few people expressing views like, “don’t hero-worship someone who killed themselves, they’re weak and selfish.” Or, “I’m so disappointed in them that they felt this was necessary.” Like, publicly expressing them, for the world to see. Some influential people.

I still, weeks later, can’t quite put into words how much I am disgusted with these sorts of comments, or even exactly why I am. This is my best attempt so far and it’s not really going very well is it?

This is not about the individual concerned; these are views that some people express whenever there is a suicide that is notable enough to be a topic of discussion, but emotionally remote enough from them that they feel able to “speak their minds.”

There is just some shocking level of arrogance involved when you say that someone was weak, selfish, acted shamefully, disappointed you (YOU, for fuck’s sake!) by ending their own life.

I don’t entirely (thankfully) know what goes through someone’s mind when they decide to end it all but I am pretty sure that they are in such a bad place that any thought of what other people will think has long ago ceased to have any positive effect and probably has the opposite instead.

I don’t know how to stop people killing themselves through despair. I don’t know what the best strategies are. But please just stop acting like suicidal people feel they have some sort of choice, that if they would just not let everyone down so much it would go better for them. I can’t begin to imagine that helps.

Their action must have come from a place where they truly believe no choice exists, and if you can’t sympathise with that then please at least maintain a respectful silence.

Scanning for open recursive DNS resolvers

January 11th, 2013

A few days ago we unfortunately had some abuse reports regarding customers with DNS resolvers being abused in order to participate in a distributed denial of service attack.

Amongst other issues, DNS servers which are misconfigured to allow arbitrary hosts to do recursive queries through them can be used by attackers to launch an amplified attack on a forged source address.

I try to scan our address space reasonably often but I must admit I hadn’t done so for some time. I kicked off another scan and found one more customer with a misconfigured resolver, which has since been fixed.

After mentioning that I would do a scan I was asked how I do that.

I use a Perl script I’ve hacked together over the last couple of years. I took a few minutes to tidy it up and add a small amount of documentation (run it with --man to read that), so here it is in case anyone finds it useful:

Using the default 100 concurrent queries it scans a /21 in about 80 seconds (YMMV depending upon how many hosts you have that firewall 53/UDP). That scales sort of linearly with how many you do, so using -q 200 for example will cut that down to about 40 seconds. It’s only a select loop though so it’ll use more CPU if you do that.

Two things I’ve noticed since:

  • It doesn’t handle failing to create a socket with bgsend so for example if you run up against your limit of file descriptors (commonly ~1024 on Linux) the whole thing will get stuck at 100% CPU.
  • One person reporting a similar situation (bgsend fails, stuck at 100% CPU) when they allowed it to try to send to a broadcast address. I haven’t been ale to replicate that one yet.

Converting an IPv6 address to its reverse zone in Perl

November 29th, 2012

I’m needing to work out the IPv6 reverse zone for a given IPv6 CIDR prefix, that is a prefix with number of bits in the network on the end after a forward slash. e.g.:

  • 2001:ba8:1f1:f004::/64 →
  • 4:2::/32 →
  • 2001:ba8:1f1:400::/56 →

I had a quick look for a module that does it, but couldn’t find one, so I hacked this subroutine together:

Is there a more elegant way? Is there a module I can replace this with?

Must support:

  • Arbitrary prefix length
  • Use of ‘::’ anywhere legal in the address

How do I send a message of praise to a tube driver’s manager?

August 29th, 2012

Earlier today I was helping Mum to the station after she’d been down to stay with us for a few days. We were on the Piccadilly line, and I started to notice that the driver was doing a lot of talking. Apart from his upbeat and friendly tone—itself sadly a rarity it seems—he had something useful to say before each stop.

He was telling us things like:

  • Which side of the train the doors would open.
  • Where the elevators were located on the platforms and how many people could fit in them (“This elevator has a capacity of fifteen, one five, persons”!)
  • Short cuts for interchange between lines (“you’ll find it quicker to go up to the ticket hall but then do a U-turn and go back down to the Jubilee line”)
  • Between which stations it would be possible to make a mobile phone call.

Some of his attempts at humour may not have been to everyone’s taste…

Cross the platform for the District line to Barking. That’s Barking, woof woof!

…but looking down the carriage I saw more than one person with a smile on their face. On a dreary London afternoon that’s got to be a win.

As we started to reach Central London his comments became more like mini tourist information, calling out the interesting places that are near each station and I heard at least one person comment, “Oh I didn’t know that was there!”

I’ve lived in London since 2004 and I’ve never heard a tube driver put so much effort and personality into their announcements. It was a really welcome surprise; too often you can hear the exasperation in the drivers’ words and they don’t even say “please.” It’s worse than leaving it to the automated announcements.

No one loves their job all day every day and you can’t manufacture sincere enthusiasm, but it makes so much difference. Naturally we primarily want the trains to be punctual and reliable, but once that is covered, having an actually pleasant personality when dealing with the public also goes a long way.

So I was thinking, Transport for London employees probably just get a lot of grief when things go wrong, and a lot of the time that will be entirely out of their control anyway, but still they have to be the interface with the public and deal with it. Here is a chap that did personally go out of his way to do a good job; someone should say thanks. Maybe he’ll keep doing it. Maybe he’ll get others to do it.

I’d like to say thanks to him for making our journey entertaining and for helping to make London a more appealing city for our visitors. How do I make sure his manager sees this?

It was a Piccadilly line train headed for Cockfosters. It arrived at Piccadilly Circus at 13:20 Wednesday 29th August.

Update: Looks like it was this guy:

Opinions are divided!

Personally I would take his cheery announcements every day twice a day rather than the norm. Don’t stop!

50 Shades of grep (NSFW)

July 9th, 2012

<grifferz> is a bit of an odd name isn’t it

<taras> i thought it was going to be unix fanfic

<grifferz> maybe you could write and post some there

<taras> Torvalds cupped Stallman’s bristly sack in his delicate Finnish hand

<taras> “Let’s see if you’ve ‘Hurd’ of this position,” he whispered

<grifferz> 50 Shades of grep

Strategies for talking to Labour MPs about the draft Communications Data Bill

July 2nd, 2012

Dear Lazyweb,

I’m thinking of having a conversation, face-to-face, with my MP about the draft Communications Data Bill. I’ve already done some research on the logical and moral reasons why the bill is a terrible idea. I feel pretty confident in how I can articulate those points.

My MP is a Labour MP though, so I am wondering what additional points I can bring up that will appeal to the Labour party. I’m hoping that those of you who aren’t going to write to or visit your MPs would instead be willing to lazyweb me some advice.

Most obviously there is the fact that Labour is in opposition so anything they can say to criticise the coalition government is a good thing for them.

On that score, we have the following ace in the sleeve:

Labour have subjected Britain’s historic freedoms to unprecedented attack. They have trampled on liberties and, in their place, compiled huge databases to track the activities of millions of perfectly innocent people, giving public bodies extraordinary powers to intervene in the way we live our lives. The impact of this has been profound and far-reaching. Trust has been replaced by suspicion. The database state is a poor substitute for the human judgement essential to the delivery of public services. Worse than that, it gives people false comfort that an infallible central state is looking after their best interests. But the many scandals of lost data, leaked documents and database failures have put millions at risk. It is time for a new approach to protecting our liberty…

– David Cameron, “Invitation to Join the Government of Great Britain”, 2010

The problem I can foresee is, what if my MP points out that the bill is almost identical to the one Labour tried to introduce in 2008/2009 and therefore is something that she is broadly in favour of?

If this does happen then I could possibly try the angle that although Labour did investigate it, they found it had too much public opposition and was technically infeasible at a sensible cost. In effect I could try to spin this as a further attack point on the coalition that despite a past government having already spent time and money on this and getting an answer the coalition doesn’t like, they are going to do it all over again. If anything in an age when we have even less money and time to be spending on it.

I think my MP is a fan of Harriet Harman. Has Harriet Harman yet said anything that would indicate opposition of the CDB in all its past incarnations? What was Ms Harman’s stance on the CDB when Labour were proposing it? Give me links, people.

Any more ideas why Labour should get their hate on?

(If my MP is reading this, no disrespect is intended and I’m fully glad that you are able to read this without having to snarf it off of a black box on my ISP’s network! I look forward to having a chat with you about it.)


Just after writing this I contacted my MP’s secretary and asked for details of her surgeries. I was emailed back and asked if I would instead like to speak to her on the phone.

I was disappointed at not being offered a face to face meeting, but not wanting to appear to be a nutter I agreed to this and a call was scheduled for 2.30pm on Friday 6th July.

Depending on how it goes I may still try to have a follow up meeting. Whatever the case I will put all my concerns in writing anyway.

Update Friday 6th July:
It got to 3pm and I hadn’t had the call I was promised, so I emailed the MP’s secretary again to ask if it was still happening. The secretary replied immediately that she was sorry and would text my MP to find out what had happened.

Shortly afterwards I received a phone call from my MP, who was obviously in her car, apologising. She said that she had hoped to speak to me between meetings but was now having to rush to another and wouldn’t be able to, and asked if we could re-schedule the call for Monday 9th July.

I have agreed to that.

Update Monday 9th July:

Our phone call had been arranged for 11.30 today. By 12.30 I hadn’t received a call, so I emailed the MP’s secretary again to ask if it was still happening. As of 2pm I’ve received no response and I’m not available on the phone for the rest of today.

I’m rather disappointed that it seems to be so difficult to speak to my MP about this important piece of proposed legislation. I suspect that, as my first query about surgeries was turned into a suggestion of a phone call, that my MP doesn’t hold surgeries (I can find no details of any surgeries she may have held). I haven’t got infinite time to spend on this and am considering just putting my views in writing and calling an end to it.

Update Tuesday 10th July:

I received an email reply this morning from my MP’s secretary saying that she (the secretary) had not been working the day before so had not seen my email querying the lack of phone call. She asked me to confirm if a phone call had taken place. I replied that it had not taken place.

Around 5.45pm someone else from my MP’s office emailed me to ask if I was able to take a phone call on Friday (13th). No explanation of why the previously arranged call hadn’t happened.

I’m unsure at this point whether to suck it up and agree to reschedule the call, or whether to give up. If this were anyone in my personal or professional life I would have given up on them by now. But that doesn’t help anyone does it, and leaves me open to the criticism that I just didn’t try hard enough.

Update Wednesday 11th July:

Yesterday I was rather frustrated by the whole thing, but after a night’s sleep I’ve had chance to calm down and I’ve decided that in the interests of getting my point across I will swallow my pride.

I’ve again asked if a face to face conversation at a surgery is possible (because I think this is a complicated subject that isn’t best discussed on the phone), but if not then I’ve agreed to reschedule the call for Friday.

Around 09:45 I received a phone call from Mary Jo (secretary) who apologised unreservedly for how I had been treated and promised to sort it out today. I’m now glad that I didn’t lose my temper yesterday.

It’s since been arranged that I will have a face to face meeting with my MP on Friday 13th, so that’s great news.

Update Friday 13th July:

I think the meeting today went well. Ms Malhotra gave me plenty of time to discuss my concerns, seemed to genuinely take many of them on board and offered me some very useful advice for how I might like to take things further. She apologised for the initial problems I’d had in getting to speak to her. Overall I’m very glad that I persevered with this.

Of course there is much more to do, but making my views known to my MP was a necessary step.

SSH launchers for Ubuntu Unity

May 5th, 2012

Ubuntu 12.04

Given the recent release of Ubuntu 12.04, I thought it was about time that I upgraded one of my machines to it so that I could make sure I could still work with it effectively.

You see, both my laptop and my desktop were on the previous long term support release, 10.04. These days I don’t have a lot of patience for upgrading things every 6 months so I’m glad that the LTS releases are supported for many years. But after 10.04 Ubuntu made a bold departure away from the GNOME desktop and onto Unity. Knowing that I would be forced to change the way I did many things I have been putting off trying Unity. No more putting it off.

Terminals, Terminals, Terminals, Terminals, Terminals, Terminals

Given what I do for a living it’s fair to say that the predominant applications running on any of my desktop machines are many instances of terminals running SSH to remote hosts. I try to automate and configuration manage the hell out of everything, but it’s hard to avoid having connections open to a bunch of different machines at any one time.

In 10.04 what I used to do was have a .desktop file for each host that I commonly log in to, something like:

#!/usr/bin/env xdg-open

[Desktop Entry]
Exec=urxvtc -T specialbrew -e ssh specialbrew.localnet

I’d then have a menu called “SSH” added to my top menu bar, with an entry for each of those files. This was quite nice as I could also have multiple levels of menu, thus segregating different classes of host, hosts I administer with different hats on, customers I do consulting work for, etc.

Unity’s Launchers

Sadly that all goes out of the window with Unity. For a start there is no top menu bar. You’ve got the launcher down the side where you can add the launcher for gnome-terminal, but if you click that launcher more than once all that happens is you get your first terminal window brought back to focus.

There’s an open bug report asking for ways to set different properties on launchers, but judging by the age it doesn’t seem to be much of a priority.

I haven’t got a clue about launchers in Unity but I had a quick read of some documentation and worked out how to add a launcher for urxvt (my preferred terminal as opposed to gnome-terminal), and how to put different options on it. For example:

$ cat ~/.local/share/applications/rxvt.desktop 
[Desktop Entry]
Comment=Use the command line

[Desktop Action New]
Name=New Terminal (localhost)
Exec=/home/andy/bin/urxvtc -T stoli

[Desktop Action specialbrew]
Name=New Terminal (specialbrew)
Exec=/home/andy/bin/urxvtc -T specialbrew -e ssh specialbrew.localnet

[Desktop Action backup1]
Name=New Terminal (backup1)
Exec=/home/andy/bin/urxvtc -T -e ssh

Once you do something like that and get the icon locked on the Launcher, you can right click on it and be offered “localhost”, “specialbrew”, “backup1″, etc.

Okay that is workable, but it kind of sucks. That list will get huge, and it’s a flat list.


Lenses seem like a very powerful feature of Unity. When I was asking on IRC about how people handled this use case, someone suggested (sarcastically, I think!) that I needed to create a lens to view all my hosts.

I actually did have a look into it, and was initially rather put off by the task. Fortunately it seems that someone already had the idea of a lens that scrapes SSH hosts out of ~/.ssh/config and ~/.ssh/known_hosts.

The SSH Search Lens

After installing this, it worked pretty much as advertised. As noted in the README you do have to use “HashKnownHosts no” to take advantage of it being able to read ~/.ssh/known_hosts — some would consider that a security flaw. Rather than disabling known host hashing for all users, you can disable it just for yourself:

$ cat ~/.ssh/config
HashKnownHosts no

Note that it only re-parses the SSH configuration files when it starts, which means that if you SSH to somewhere new then it won’t be found in Dash Home until after you’ve logged out and in again (officially). I found that looking for the /usr/bin/python /opt/ process and killing it would cause it to be restarted next time I went to Dash Home. That saves a logout/in (but might be Bad).

The current version is hardcoded to call gnome-terminal, and I wanted to change that. I edited /opt/ and changed the following line:

TERMINAL_APP = 'gnome-terminal'


TERMINAL_APP = '/home/andy/bin/urxvtc'

(Yes, I compile rxvt-unicode from source and keep it in ~/bin. What of it? Wanna fight about it?)

After restarting the lens it failed to work. Nothing happened when clicking on the icons it found. It wasn’t sending anything to ~/.xsession-errors either.

In the end I had to strace it, only to find it was getting “permission denied” when trying to execute my TERMINAL_APP. What? I can execute it myself.


Yeah, unity-lens-sshsearch ships an AppArmor profile, /etc/apparmor.d/ to be exact. That specifies what it can execute, and it’s limited to gnome-terminal.

After adding the paths to my rxvt-unicode there (it’s pretty obvious how, if you look in the file) it was happy.

Deficiencies of the SSH Search Lens

So, obvious deficiences here:

  • Have to log out or risk killing the process to get it to index newly-added entries.
  • Hard-coded to gnome-terminal.
  • Still limited in terms of configurability to <command>, <user>, <host> and <port>
  • Still has a flat hierarchy — you’ve got a list of hosts that your search term will be matched against. Possibly greater knowledge of Lenses/Scopes could improve this.
  • My rxvt-unicode doesn’t have a nice icon like gnome-terminal does! I’m guessing I will be able to fix this by reading up more about the Launcher.
  • Would be nice if the stderr output of the lens went to ~/.xsession-errors like every other X application, instead of /dev/null that I note it is redirected to. I realise that ~/.xsession-errors tends to be known as “that multi-gigabyte file of garbage that no one ever looks at” but it’s marginally more useful than /dev/null!

But on the whole this is a fairly natural way for me to launch these SSH sessions — I can press the “super” key and start typing the host name and I’ll get a list of matching icons to click on.

Also even though I don’t know Python, the source of this lens seems quite readable so I may be able to improve it and/or make my own lenses in future.

Having Music Is Ace

April 30th, 2012

Tonight I’m on my own as Jenny decided to go to bed early; she has to get up very very early tomorrow for work. I got up a bit late today and don’t feel tired at all so I’m just contemplating an evening of work.

When I work I like to have a soundtrack, so I’m picking out a playlist for the next 12 hours (yes I will probably stay up all night).

What struck me is how much great music I have and what a terrible loss it would be if my collection were to be taken from me.

I’m not saying I have great taste in music. I don’t go to gigs — in fact I’ve never actually been to a gig at any venue larger than a pub — and I tend to find my new music through radio and TV; Later…, coverage of Reading, Glastonbury, that sort of thing. My taste in music has been described as “mediocre” by others, so I’m not saying I’m any kind of opinion leader here.

I was having a conversation on IRC recently about the streaming music service Spotify and how I don’t really understand the use case for it — I do get the mobile streaming part, it’s the idea of using it at home as your main method of playing music that I fail to comprehend.

During that conversation someone said to me:

“I use Spotify because I don’t have a music collection [...] I don’t derive pleasure from having a music collection.”

This idea completely boggles my mind! Looking through my collection I find all kinds of things with personal attachment.

It’s not that I feel like I have every bit of music ever. I know people who just download every bit of music they can and have hundreds of thousands of tracks. I’m not like that; I have just over 3,200 tracks most of which were ripped from CDs or purchased as online singles. If I don’t find myself listening to something for years then I usually delete it. So, my collection is stuff I do still listen to.

When building a playlist, every time seeing the list of albums brings back so many memories. Music that came out at certain times in my life, or was listened to a lot at certain times in my life. It brings back memories of my teenage years, university, past relationships (girlfriends who stole my CDs!), people who have since died. I’m not into a lot of obscure music, but there’s things there you won’t even find on Amazon as a CD, let alone on Spotify for streaming.

Maybe I am just getting old and not embracing the cloud. But how does one build a big playlist with something like Spotify? What about when they remove things from the service? I should just try the free version and see what it’s like.

Perhaps there are people of an older generation who don’t like the idea of only keeping music on the computer, and regard me with pity for not being immediately able to lay my hands on the CD or vinyl for most of my collection? That really doesn’t bother me; to me it’s the music that matters and it’s there for playing.

What bothers me is the idea of marking some track in the cloud as “liked” by me, and then later finding it’s disappeared for some reason so I can no longer listen. Memories gone.

If I did use something like Spotify I’d probably have to do some report of things I listened to a lot and make sure I buy them. I will get around to trying out Spotify at some point but I can’t imagine it will replace the desire to buy and own music, rather I would hope it would help me find more music that I like.

Because having music is ace.