Sunday, March 27, 2016

What have I been reading this week? (20160327)

Much this past week's free time was spent experimenting with Monit, Bitlbee, Openfire, and Docker. Specifically, writing/tweaking code that connects to Openfire, checks for the presences of specific bots, and (if needed) restarts the missing bot's Docker container. Fun, huh?

I'm also studying for two tests in the month of April so my reading lists may be a bit short for a while. In any case, this weeks reading included the following:


- Google opens access to its speech recognition API going head to head with Nuance
- Docker now has native Mac and Windows apps


- Certified Ethical Hacker website caught spreading crypto ransomware
- Cryptography Is Harder Than It Looks
- Stealthy malware targeting air-gapped PCs leaves no trace of infection
- Having cheap PCB s made part 2.


- Amazon's Raspberry Pi guide lets coders use Alexa - BBC News
- Adventures in Narrated Reality
- From fuzzing to bug reporting

Above was generated by a homegrown bolt-on script for Wallabag, which is a free utility for capturing web content so that it can be read later.

Saturday, March 26, 2016

Troubleshooting a crashing bitlbee container in Docker

I've been experimenting with running containers on different flavors of Linux.  I've been noticing that what builds/runs on Hypriot is a bit buggy on Ubuntu or Debian (or just won't build).  Same problem for the other direction.

One of things I've been doing to teach myself Docker is to build a non-purple bitlbee container, with all of the available plugins enabled.  Wanting the bitlbee container to start on boot, I added Monit to the mix (wanting the additional features that Monit has when compared to Docker's restart capabilities).  On Hypriot (running on a RPi2), the kit runs without issue.

The same build on a "normal" Docker server periodically disconnects the IRC client.  In looking at the container's running processes, it shows a second instance of bitlbee running.  This shouldn't happen when using bitlbee's "-D" switch, which is what I'd employed in the container's start script.

Bitlbee's "-D" switch is supposed to cause bitlbee to service all clients via the same instance (i.e., one running binary).  Without looking at the code, I'm guessing that there's some sort of HUP signal or function that interrupts operation of PID 1 just long enough to annoy Docker, restart bitlbee with a second instance, and cause the problem I'm seeing.

I proceeded to play with each of the three programs' settings and think (hoping!) I may have a solution.  It's non-intuitive, but replacing the "-D" switch with the "-F" appears to fix it.

Bitlbee's "-F" switch intentionally creates a new instance of bitlbee for each new client that connects.  What's not documented is that it appears that the instance at PID 1 handles the initial connection and, when the client authenticates, the client is passed to a newly spawned bitlbee process. This appears to leave PID 1 to continue listening for new clients.

Fingers crossed.  Time will tell...

DNS Ass-hattery [6]

About 3 years back, I answered a DNS-related ServerFault question about underscores in domain names.  The answer amounted to a short work-around for dealing with the difference between Windows' DNS and BIND (short version: former allows them in A records, the latter doesn't).

This week, I received thanks from someone helped by my answer.  (Thanks for the point Steve!)

Since no good deed should go unpunished, someone else commented with the following ass-hattery: "Such customers should be gently pointed to appropriate documentation, then told to obey the RFCs - or get off the internet."

To steal from John Scalzi's practice of grading hate mail, I have the following (rhetorical) questions:

  • Would you define appropriate?  There _are_ DNS servers (e.g., from Microsoft) which allow the use of the underscore.  Shouldn't you beat them up first?  You know: stomp out the root cause of the problem.  One problem: MS was using the underscore in hostnames before it was using the IP protocol.  You're going to have difficulty in getting them to change a ~30-year practice.  Another: there are A LOT of MS admins & users.  I'm thinking they out-number you.
  • You're also going to have to point out which RFC's are inappropriate.  At least one DNS RFC indicates that "the rules" are voluntary (to quote: "they are there for those who wish to minimize problems"[1]).
  • Are you somehow implying that the IETF now has an enforcement arm?  What if the customer doesn't want to "get off the Internet"?
  • I can't shake this feeling that customers are somehow (at least indirectly) responsible for our salaries.  If we start dictating to our customers, won't they take their business elsewhere?

Technically, my work-around does not violate the RFCs (putting the underscore in a CNAME record is allowed).  At the same time, it helped Steve.  If the RFC's are actually read, the prohibition against the underscore is limited only to A records (not CNAME, SRV, or other records).  The stated purpose is to differentiate host records from other records.[2]

The RFC's are Internet standards, somewhat like table manners[3].  Compliance is considered polite but not mandatory.[4]  There's no fines or prison terms involved for being mildly rude.[7]


[1] From RFC1912. That's the most derogatory statement I've yet seen in an RFC.
[3] I'm attempting to use the same level of subtle-ness as that used in [1].
[4] If everyone on the Internet complied with all of the RFCs, we wouldn't be able to use the Internet, not to mention that pigeons would become an overworked (and probably endangered) species [5].
[5] In some parts of the world, avian transport is actually faster.  (see "Pigeon versus Telkom SA" near the end of
[6] I wanted to entitle this post "Ass-hattery in Comments" with a subtitle of "What's wrong with ServerFault nowadays".  Since the blog engine doesn't allow such, I went with "DNS Ass-hattery".  I'm hoping that ServerFault has recognized that negative-value comments, such as described above, actually damage their business.
[7] See?  I'm not disagreeing that it's "a bad thing".  The difference is that I'd provided a solution rather than recommending that people get off of the Internet.

Tuesday, March 22, 2016

Managing Docker-based Jabber bots with Monit?

I've "Dockerized" much of my in-house automation, some of which has a Jabber interface (e.g., one bot can control the lights, fan, audio, etc. in the office). I've added monit into the mix, which ensures that the bots' containers are running (most of those using process matching since PID files are sandboxed).

I'm feeling the need for additional "support" in that there might be issues which prevent the bot from properly connecting to the Jabber server, even though the bots' containers are actually running.  I'm thinking that the solution might provide for monitoring via Openfire's presence service:

1) A cron job which periodically:

  • Connects to the Openfire presence service.
  • For each Jabber user present, touch (the Linux "touch") a file within a specific folder (call it that watch folder).
  • Deletes all files within the watch folder which haven't been "touched" in a specific number of cycles (I'm thinking 2).

2) A monit job which periodically:

  • Checks for the existence of a specific bot's watch file.
  • Restarts the bot (and sends alert?) when the bot's watch file doesn't exist.

What do you think?  Will attempt in the next few weeks (i.e., with this pose, it's on my "to do" list).

Sunday, March 20, 2016

What have I been reading this week? (20160320)

A bit more time for reading this week. The "shiny" has worn off of my new fascination with Docker, mostly because of my effort to Docker-ize Java programs (problematic at best). While I did write/adapt a few new programs for my own use, my note-taking went neglected (the "to do" list is a bit long now). Playing catch-up seems to have the highest priority.


- sdhand/x11fs - A tool for manipulating X11 windows


- Forget About It: Your Middle-Aged Brain Is Not On The Decline
- Intel Marrying FPGA, Beefy Broadwell for Open Compute Future
- Autoconf Tutorial - Part 1


- Mathematicians Discover Prime Conspiracy Quanta Magazine


- tcpdump is amazing
- How a Ragtag Gang of Retirees Pulled Off the Biggest Jewel Heist in British History
- The Translation Paradox
- Illegal Math
- If You Had 15 Days to Learn Calculus, How Would You Do It?
- Amazon and eBay to be held liable for VAT fraud by sellers


- Adjusting with Moore's Law


- SQLite with a Fine-Toothed Comb

Above was generated by a homegrown bolt-on script for Wallabag, which is a free utility for capturing web content so that it can be read later.

Sunday, March 13, 2016

What have I been reading this week? (20160313)

Another light week for reading. Tried to attend a few after-hours meet-ups (sorry Adam). The capstone for the week was the melt-down of the Jabber/Bitlbee/bot box (short version: kernel upgrade on Cubietruck was unsuccessful, requiring physical dismantling of the machine and mounting the SSD on another system).

Picked up "Rule 34", by Charles Stross, and a Certified Technical Trainer manual, and have been reading those. The former is OK so far (more verbose opinion later) and the latter reads like just about every other training guide (i.e., dry).

The Docker effort is picking up speed. This morning, the Mouffette bot is running in its own container. Other bots (lights, server control, etc.) should be online shortly (need the alarm clock to work tomorrow!!).

In any case, this week's reading:


- Where does swearing get its power and how should we use it? Rebecca Roache Aeon Essays


- Memory Corruption Vulnerability in "libotr"


- How FPGAs work and why you'll buy one
- Syntax Highlighting Off Robert Melton
- Dead Kennedys frontman goes after the modern music industry

Above was (mostly) generated by a homegrown bolt-on script for Wallabag, which is a free utility for capturing web content so that it can be read later.