binfalse
Auth issues
February 18th, 2011Sitting on an almost well configured host, I experienced some authentication issues the last few days…
So for example I’m using xtrlock as default X locking mechanism, but if I try to run it on this machine I got the following error:
Mmh, that is crap. My workaround to temporarily avoid this problem: Connecting to another host via SSH, running xtrlock within a GNU screen session ;-)
But that’s no solution for a longer time… So I started debugging. First of all I grabbed the sources from the apt repository and searched for this error message. Turned out to be this piece of code (beginning with line 94 of xtrlock.c
):
Ok, seems that the provided password(-hash) is shorter than 13 characters… Going on debugging, the content of pw
comes from getpwuid(getuid())
and seems to be ok (matches my users profile like it can be found in /etc/passwd
). At this time (line 1) pw->pw_passwd
contains only an single x
, more information can’t be retrieved from the passwd
-file..
Next the code checks whether SHADOW_PWD
is defined, means whether we use an additional shadow
-file. Since thats the case this code is executed and the variable sp
gets the broken-out fields of the record in the shadow password database that matches the username pw->pw_name
(validated, my user). Checking this sp
variable I recognized that it is null
! So pw->pw_passwd
won’t be updated and still contains the single x
from the passwd entry…
First I thought about a bug in the getspnam ()
function, such things might happen due to the Debian unstable release I’m using, but after some further thoughts I checked the shadow file itself:
In comparison with other systems with working xtrlock instances I figured out, that this file shouldn’t only be owned by root. Instead the group has to be shadow! So here is the solution to this issue:
And everything is working fine again. Have no idea what or who changed the permissions for the shadow-file…
Update:
By the way, afterwards I tried to use Xscreensaver instead of xtrlock, but I wasn’t able to unlock the screen when the shadow rights are wrong. The /var/log/auth.log
held messages like that:
But this is just for google-searchers ;-)
Open Source DNA
February 17th, 2011Yesterday I was a bit confused when I read this tweet. Manu Sporny, founder and CEO of Digital Bazaar, announced in his blog that he has published his genome..
He send some saliva to 23andme, they analyzed his DNA and provided his genetic code to him (let’s neglect the discussion whether data from 23andme-chips represent a fully sequenced genome..). This process is very smart and not expensive, so this part of his announcement is not spectacular. Lot’s of people are doing so.
The interesting part of this article: He published the results (roughly 1 million SNP markers) from 23andme as open source project to github, licensed under CC0! So he has released all his rights on this data.
In general a very impressing step, he might be the first person who published its DNA under such a license. His intentions are more than exemplary, providing access to genetic data to everyone that wants to work with it, i.e. researchers.
So far, so good, but there are some disadvantages, he still dealt with some of it. For example, what if anybody uses this information against him? I.e. healthcare provider, they might deny him to avoid high costs because they detected some pre-existing conditions in his DNA. It may also affect employment and can lead to discrimination. His reaction:
I’ve thought long and hard about each of those questions and the many more that you ask yourself before publishing this sort of personal data. There are large privacy implications in doing this. However, speaking solely for myself, I think the benefits outweigh the drawbacks.
Very nice, but there are also some ugly implications he apparently didn’t thought about! All these disadvantages don’t only affect himself, they may also affect relatives (children, parents, siblings..). Did they all agree with this publication?
I can’t see the advantages to an anonymously publication. Attach some demographic information like age, gender, educational background and everyone is satisfied. Then you don’t have to bear any consequences with bugs in your DNA.
With all due respect for his engagement, I think this step is not really sophisticated.
Valentine's Day
February 14th, 2011Yes, it’s that time again, Feb 14th.. It’s Valentine’s Day.
Don’t know who has told my wife, but now I have to do some love, uuurgh..
How ever, this one is for my little valentine:
Love you soo much, of course! ;-)
PS. If you are able to catch one of these flower or praline seller: beat the living daylights out of them!!
java.lang.OutOfMemoryError: Java heap space
February 12th, 2011I was just contacted concerning this Java memory problem, here is how you can get rid of it.
The amount of Ram for an Java application is limited by the JVM. To provide more memory to a single application you can start your Java process with two more parameters, like:
This allows Java to use up to 1024 MB. Here -Xms
specifies the initial heap size, while -Xmx
determines the maximum size.
For machines with much more mem you might use g
instead of m
to set the size in gig’s. So -Xmx10g
limits the amount of RAM to 10 GB.
Of course it’s annoying to apply these parameters to all your Java runs, so to change this behavior user-wide, you may create an alias like:
or better: Tell it to the Java Plugin Control Panel!
Using Xfce you can find this tool in your panel’s menu in the Settings section. Gnome users may look in System > Preferences. If you don’t want to move your mouse you can also run ControlPanel
from your terminal.
This opens a window, default parameters can be applied in the tab Java, click View… and add your parameters to the Runtime Parameters column. This tool afterwards writes something like the following line to $HOME/.java/deployment/deployment.properties
:
So advanced users craving for trouble may edit this file on it’s own :-P
MySQL upgrade failed
February 11th, 2011Still upgrading some of our servers from lenny to squeeze, actually I run into MySQL trouble…
While upgrading from the package mysql-server
5.0.51a-24+lenny5 -> 5.1.49-3
aptitude told me the following:
Mmh, a look into the /var/log/syslog
pointed to the following errors:
Many messages at once.. To make a long story short the main problem is this line:
So edit your /etc/mysql/my.cnf
and comment the following line (in my configuration it’s line 94):
That’s it, retry to configure the new version and everything will turn out all right.