davidb dives in

various musings and babblings.

Python-rwhoisd

| Comments

Back in 2003, as an exercise to help me learn Python, I wrote python-rwhoisd. Why an RWhois server? I had been the main developer and sole maintainer of the C reference version since 1996, and I had been thinking about writing a replacement in a nicer language ever since. So I pretty familiar with the protocol and problem space, and it was complicated enough to be able to sink your teeth into it, yet not so hard that you couldn’t do it fairly quickly. Basically, a great learning project.

Back then, I wanted this project to be unquestionably mine. I was paranoid enough to believe that if I used any of my employer’s equipment, network access, or time that my employer might claim ownership. Why they would want to is anyone’s guess.

So I was very careful to only work on python-rwhoisd at home, on my own time, on my own equipment. The initial version took me two weeks of nights and weekends. Hm. That makes it sound like I was furiously coding into the wee hours. I was actually only spending a few hours each day on it.

Python was a joy to use. My day job was in Java (and Perl) and it felt extremely liberating to be able to write so much code with so little typing. My favorite part was discovering that as I learned more about Python, my code kept getting smaller without getting less readable. Amazing!

Even though I had basically just written python-rwhoisd to learn a new programming language, I was planning on releasing it. I didn’t think that many folks would want it. RWhois wasn’t (and still isn’t) a popular protocol. But some of my colleagues were evangelizing IRIS at the time, and urged me to not release. They thought that it would muddy the waters, so to speak. So I didn’t release it, and then I basically forgot about it.

Fast forward five years. Just two weeks ago I suddenly wanted to learn how to use Git. I played around with tutorial-like git repositories, but it wasn’t enough. I needed something real to work on. I was casting about for a project that I could use, and I ran across python-rwhoisd, mouldering in a local CVS repository.

I had things that I thought should be improved about python-rwhoisd before attempting to release it again. The main thing was to add IPv6 indexing support, which I had done for the C version several years before. While this wasn’t a perfect project for learning Git in all of its glory (for that, I would need collaborators to merge with), it was good enough. Several days later, I’d added the IPv6 indexing and search support, and it was time to release it.

While I don’t expect there to be any major outpouring of interest over python-rwhoisd, it still should be easier to run than the C version (at least, for small datasets), and it should be possible to get it working on Windows without too much effort.

Get it here.

Running UNBOUND at Home.

| Comments

I finally got around the setting up unbound as my home resolver. I should have done this months ago, when it was in beta or before, since I had access to it. I kick myself. I feel bad. Oh well, let’s get on with it. My initial impressions:

  1. It will be nice once there are distribution packages for unbound. I spent more time that I would like (which is zero) figuring out where to put the log file, pid file, etc. Of course, I was installing it on a machine running Fedora Core 5…
  2. I was forwarding a zone to a nameserver running on localhost:20053. There is a gotcha to doing this, as, by default unbound won’t send any queries to localhost. You have to add a ‘do-not-query-localhost: no’ config line to fix it. Maybe this is something unbound-checkconf could detect?
  3. unbound’s configuration defaults leave it locked down fairly tightly. I had it running, but on my other machines, it seemed so slow – turns out, my queries were timing out and I was hitting my ISP nameserver. Make sure you add your networks to the ‘access-control:’ config parameters.
  4. I turned up the logging to debug some of my issues. Looking at the log was uncanny.

Anyway, it didn’t take all that long to set up. Hopefully relatively soon I (or someone else) will write up how to configure unbound to run in a few different scenarios.

Wordpress Upgrade (2.5)

| Comments

I realized that I was running a now-ancient version of wordpress, so I upgraded. It was easy. Yay wordpress 2.5!

RFC 5155

| Comments

Ben Laurie celebrates the publication of RFC 5155. I hadn’t gotten around to blogging about it, but I’m also pretty happy that this RFC finally made it out. Ben says:

It turns out that in general, to prove the nonexistence of a name using NSEC you have to show at most two records, one to prove the name itself doesn’t exist, and the other to show that you didn’t delegate some parent of it. Often the same record can do both. In NSEC3, it turns out, you have to show at most three records. And if you can understand why, then you understand DNS better than almost anyone else on the planet.

One of the fascinating things about working on NSEC3 was that it forced us to really understand how existence in DNS works. Basically, we had to develop the general form of the theory when we already had a special case (in NSEC). So, after we figured out how NSEC3 had to work, we actually knew more about how NSEC worked. For me and our co-editor Roy, this RFC culminates the 2nd round of working on the some of the problems that NSEC3 solves. The first effort was “DNSSEC Opt-In”, now published as an experimental RFC, RFC 4956. (That effort was also tied up in DNS minutiae and political wrangling and ultimately failed to make the IETF standards track). For us, it feels more like the culmination of 7 years of work.

Internet Draft Ideas (DNS Related)

| Comments

I’m at the IETF this week, and so I get to turn my brain to thinking about IETF-y things, like Internet Drafts that I think should (and could) be written.

Idea #1: Cache Poisoning Resilience

This would be a draft that describes steps beyond RFC 2181 that a resolver must do to protect itself from cache poisoning. (RFC 2181 addresses this problem by introducing credibility rules in section 5.4.1.) Modern caching resolvers need to do more to protect themselves from name poisoning attacks like malicious CNAME chains. I would expect this draft to be able to lay out a few simple rules like:

  • Discard any RRs in a response that are “irrelevant” (i.e., answer RRs that do not match qname/sname, addtional RRs that don’t match names in the RDATA of answer and authority RRs, etc.)
  • Discard any RRs in a response that are not at or below the queried zone.

Update: A draft similar to this was written in 2009 by my friend Wouter: draft-wijngaards-dnsext-resolver-side-mitigation-01. However, it doesn’t appear to address my suggested rules.

Idea #2: Authoritative Servers Should Not Chase CNAMEs

This is a draft discouraging authoritative servers from chasing CNAMEs out-of-zone (or, optionally, at all), based on conclusions presented in draft idea #1. This draft could either side-step or confront other possibly controversial things about CNAME processing, like whether or not the authority section should apply the head or the tail of a CNAME chain.

Idea #3: DNS Name Compression Standards

A draft mandating the DNS name compression only be done in one direction. Virtually all (or perhaps even actually all) implementations have DNS compression pointers only pointing to earlier in the message. This draft would propose that forward-pointing compression pointers should be treated as format errors. This would accomplish two things:

  1. Simplify what implementers need to support when parsing messages, and
  2. Outlaw any possibility of having to deal with a compression pointer loop.

And, in the process, effectively codify standard practice.

Bachelor Chow

| Comments

It has been ages since I’ve blogged, and at least one of my four subscribers reminds me of this regularly. So, here goes. I’ve come home pretty late from work, and I’m pretty uninspired when it comes to assembling some sort of dinner. After staring at the fridge fruitlessly for a while, I’m struck by an inspiration of sorts. I’ll make bachelor chow.

Now, I have no idea what is in the original bachelor chow (nor do I want to know), but my bachelor chow is just the name I’ve given to the worst thing that I cook for myself on purpose. So, here is the basic recipe:

Makes one serving:

3-4 oz. pasta, preferably penne, but anything will suffice.
¼ jar pasta sauce, any tomato-based variety.
Shredded cheese. I use Sargento’s 4-cheese mexican.

  1. Cook the pasta. You can salt the water, but I’ve been running periodic experiments with not salting the water, and so far, I can’t really tell the difference. It is even less important with this recipe, since taste is clearly not high on the agenda.
  2. Prior to completely cooking the pasta through, drain the pasta. Overcooking it is OK, undercooking it sucks, though, so err to the side of too long. Deposit the pasta into a microwave-safe plate or bowl. You know, the dish you are going to serve this on.
  3. Optionally stir in a little bit of olive oil and salt (preferably kosher or sea salt). You can stop right here and have a pretty good dish, even if it is nutritionally unbalanced. It is only going to get worse from here.
  4. Pour the (cold) pasta sauce over the pasta. Do not stir it in, just let it sit on top.
  5. Sprinkle the shredded cheese on top. Again, no stirring.
  6. Microwave on high for 2-3 minutes, until the cheese has melted.
  7. Enjoy. Or, at least, Tolerate.

This recipe violates almost every thing I’ve learned about cooking, but it takes me back to my just-out-of-college days when I was equally as lazy and less polluted by cookbooks, Cooks Illustrated, and Food Network.

Quest for Anti-Aliased Emacs

| Comments

In contemplating a move back to Linux for my day job, or at least a future where more of my work is done directly on my Linux box, I began to pine for decent anti-aliased fonts for Emacs. Both the windows and mac builds of Emacs 22 have this support built-in. Although, good luck trying to figure out how to change the font to what you want, at least in Carbon Emacs. Fortunately the default font of Monaco is pretty good (albeit not perfect). I don’t have a lot of experience with EmacsW32, even though I do have it installed somewhere. At first, I was puzzled as to why Emacs just didn’t come with anti-aliased fonts on Fedora 7 by default. Some web searches led me to believe that support was to be merged in before Emacs 22.1, and there I was, running 22.1. Alas, I had misread the interweb. If support has been merged in, it has been merged in after 22.1. Since 22.1 is the latest stable version of Emacs (as of this writing), it isn’t all that surprising that Fedora 7 doesn’t have this. Ah, well, time to move to the bleeding edge. Concise instructions for building a CVS version of Emacs with anti-aliased fonts can be found on the XftGnuEmacs page. I didn’t have a whole lot of trouble building and installing this version, but what I really want is a Fedora 7 package to replace the delivered packages. If I were running Ubuntu, this wouldn’t be much of a problem. So far, my attempts to hack the existing source RPM for Emacs haven’t met with much success. It doesn’t help that emacs take a while to compile, and I keep having to completely start over. I’ll update this entry if I ever get an rpm built.

Update: I’ve managed to work through the major issues, so here is the source RPM for Fedora 7. I’ve put some actual binaries here. This version doesn’t replace the stock Emacs-22.1. Instead it installs into /usr/local, but can easily be made the default version via the alternatives command:

alternatives --set emacs /usr/local/bin/emacs-23.0.0

Now that I have a working version of Emacs with anti-aliased font support, I’ve been hunting down what font to actually use. Bitstream Vera Sans Mono is a good default, but at the moment I’m trying out Anonymous. For the curious, the bit of elisp that I’m using to set the fonts is this:

(if (eq window-system 'x)
    ;; if we have the Xft-enabled version of emacs...
    (if (>= emacs-major-version 23)
    (progn
      ;; note: Anonymous doesn't come with Fedora.  You can get it here:
      ;; http://www.ms-studio.com/FontSales/anonymous.html
      (set-default-font "Anonymous-10")
      (setq bvsm10 "Bitstream Vera Sans Mono-10")
      ;; unfortunately, anonymous doesn't have bold or italic
      ;; so, use bitstream vera sans mono for that
      (set-face-font 'bold (concat bvsm10 ":weight=bold"))
      (set-face-font 'italic (concat bvsm10 ":slant=oblique"))
      (set-face-font 'bold-italic
             (concat bvsm10 ":weight=bold:slant=oblique"))
      ;; ...and no proportional font, for that matter
      (set-face-font 'variable-pitch "Bitstream Vera Sans-10")
      (add-to-list 'default-frame-alist '(font . "Anonymous-10")))
      ;; otherwise...
      (progn
    (set-default-font
     "-*-lucidatypewriter-medium-r-*-*-14-140-*-*-*-*-*-*"))
      )
  )

I’m doing it this way (instead of in X resources) so that launching Emacs-22.1 will still work. If you stick with Bitstream Vera Sans Mono (or DejaVu LGC Sans Mono which is very similar), then you won’t have to bother with overriding the bold, italic, and bold-italic font settings as those will basically just work once you set the default font. You would still have to deal with overriding the proportional font, however.

Why the Bluetooth Headset Hate?

| Comments

Over the past few days I’ve read not one, but two articles expressing the hate toward bluetooth headsets. And for both articles, I realized that it was misplaced hate. The authors (and commenters) actually hate the way that some people use them. That is, the whole standing around and talking to yourself thing. Fair enough, but some of us just want bluetooth headsets so we don’t have to keep buying special, vendor specific headsets, and yet also don’t want to hold the phone up to our ear for the whole hour-long conference call.