filipp's blog

Cyrus weirdness

filipp@mac.com — 2007-02-12T23:36:15+02:00

Feb 12 23:35:35 server launchd: edu.cmu.andrew.cyrus.master: exited with exit code: 75
Feb 12 23:35:35 server launchd: edu.cmu.andrew.cyrus.master: respawning too quickly! throttling
Feb 12 23:35:35 server launchd: edu.cmu.andrew.cyrus.master: 1 more failure without living at least 60 seconds will cause job removal
Feb 12 23:35:35 server launchd: edu.cmu.andrew.cyrus.master: will restart in 10 seconds
Feb 12 23:35:45 server master[14119]: empty option value on line 14 of configuration file
Feb 12 23:35:45 server master[14119]: exiting

That's just launchd's special way of saying that that cyrus is not starting up. The question is - what conf file is it talking about?
Let's check:

> man cyrus-master

OK, so there's two of them - /etc/cyrus.conf and /etc/imapd.conf. The first one had a comment on line 14, but the second one:

tls_common_name:

Setting a CN fixed the problem and cyrus was purring like a kitten again:

Feb 12 23:40:42 server master[14244]: process started
Feb 12 23:40:43 server ctl_cyrusdb[14245]: verifying cyrus databases
Feb 12 23:40:43 server ctl_cyrusdb[14245]: skiplist: recovered /var/imap/mailboxes.db (30 records, 5008 bytes) in 0 seconds
Feb 12 23:40:43 server ctl_cyrusdb[14245]: skiplist: recovered /var/imap/annotations.db (0 records, 144 bytes) in 0 seconds
Feb 12 23:40:43 server ctl_cyrusdb[14245]: done verifying cyrus databases
Feb 12 23:40:44 server master[14244]: ready for work

Good Things pt 2: YAML

filipp@mac.com — 2007-02-09T19:36:48+02:00

I got acquinted with YAML during my short run-in with Ruby on Rails (more on this some other day, hopefully). Their official description is:

YAML(tm) (rhymes with "camel") is a straightforward machine parsable data serialization format designed for human readability and interaction with scripting languages such as Perl and Python.

Absolutely brilliant stuff. What it gives you, is a simple (no joke!) portable data format that's truly human-readable (indentation, baby!) and can easily be parsed into virtually any programming language's native data structure.

For example, in PHP (via the excellent Spyc library), this is how my webapp's DB settings would look like:

database:
    host: localhost
    name: collective_development
    username: name
    password: passwd
    type: mysql
    charset: utf-8

Then you just do

include 'lib/spyc.php5';
$c = Spyc::YAMLLoad( 'lib/collective.yml' );

And your whole configuration is accessible in a PHP array:

$link = mysql_connect( $c['database']['host'], $c['database']['username'], $c['database']['password'] );

RewritesRule

filipp@mac.com — 2007-02-09T12:53:25+02:00

For my thesis, I'm building a simple (there's that word again!) publishing backend that basically just accepts any kind of media, gives you an interface to catalogue it, creates Torrent metafiles, etc and then spits out XHTML and RSS. For this to look nice, I decided to use Apache's mod_rewrite to use simple canonical URI's (like show/get/11, genre/Horror etc), so my rule looked something like this (L flag means it's the last rule and NC that the regex is case-insensitive)

RewriteRule ^([a-z]+)/(.*)? shows.php?p=$1&id=$2 [L,NC]

But then you hit the age-old problem. You have some files (like images, css, javascript etc) that you want the browser to access directly, without the redirect. I must have tried a bazillion different permutations of Rewrite conditions, but then ended up with these two:

RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f

Which, put before your RewriteRule, simply say:

Only apply the rule if the accessed file or directory doesn't exist on the server

Perfect. Mind you, there's also a "-U" switch which the Apache docs say should do the same thing, but I simply couldn't get it to work.

A really good way to learn these is to, in your httpd.conf set:

RewriteLog /private/var/log/httpd/rewrite_log
RewriteLogLevel 9

And just follow the output of that while your working on these.

Here's also some good practical RewriteRule documentation.Oh, and there's also a handy RewriteRule cheatsheet over at ILJD.

Apache 2.2.4 Universal Binary

filipp@mac.com — 2007-02-03T11:57:34+02:00

Long story short, I needed a server-side Python interpreter. For this there's two options (that I know of) - install Zope and run it along or in place of your existing web server (probably what any intelligent being would do), or go the hard way and run mod_python instead. The latest version works with either httpd 2.0 or later so it won't run OOtB on OS X. I figured since I'm upgrading my Apache anyway, I may as well grab the latest version. Turns out there's actually no OS X package out there for that (not counting the XAMPP monster, which is Intel-only). OK, no biggie I'll roll it myself - and why not make it UB as well.

> ./configure --prefix=/usr/local/httpd-2.2 --enable-isapi --disable-mem-cache --enable-mime-magic --enable-ssl \
--enable-http --enable-dav --enable-cgi --enable-rewrite --enable-so --enable-headers --with-ldap --enable-dbd \
--enable-auth-digest --enable-authnz-ldap --enable-authn-anon --enable-mods-shared=most --enable-ldap --enable-cache

I think those features should make it more or less usable also in a real server environment.

Then, due to a bug in GNU libtool, you have to manually replace all the sys_lib_search_path_spec lines in two files - srclib/apr/libtool and srclib/apr-util/xml/expat/libtool to

sys_lib_search_path_spec="/Developer/SDKs/MacOSX10.4u.sdk/usr/lib"

After compiling and installing I had to go through the config files to make it more of a drop-in replacement for Apache 1.3. So that it works nicely with what's already there without actually replacing anything. Simply start with config/httpd.config and work through it and all the included files to check for any "incompatibilities" with OS X (document rooot, the www user, homedirs, tmp dirs, the usual).

Finally you just need an interface to control the server. Some fancier distros come with PrefPanes, mine simply has a StartupItem with the service name "Apache 2.2". You set this up by adding something in /etc/hostconfig (like APACHE22=-YES-) and then the relevant StartupItem into /LibraryStartupItems. So finally, to start our new server:

> sudo SystemStarter start "Apache 2.2"

You can't use launchd because it's not appropriate for wrapping things like apachectl.

Currently things seem to run nicely, I'm still testing stuff before maybe building a package. WebDAV works, which is nice.

It's incredible how many things you have to keep in mind to finally get a successful build out, a lot due to the fact that configure scripts don't seem to do any sanity checking between the different switches. For example, you can enable DAV, but if you forget to add any auth modules, nothing will work. Or the fact that --with-ldap and --enable-ldap are two different things - and you only find out that the first one (which isn't even mentioned in --help, btw) is compulsory if you want to add any kind of LDAP support. It took a lot of TTA to finally get this far...

Fixing the Lumbard

filipp@mac.com — 2007-02-01T15:33:47+02:00

The G3 "Series" PowerBook is a really good machine for your parents - it looks "mature", it's "laptop enough" to take it to the cottage if needed, has a big screen (although pretty dim by today's standards), runs a browser and email just fine and is cheap. Ours had a problem with the power connect though, requiring them to wedge something under the power connector for it to work. Obviously just a bad contact - a perfect opportunity for some light hardware work. Not to mention a great excuse to buy some new tools:

The small Panavise that is simply awesome. I don't understand why they don't recommend these anywhere. Here it's about 40 EUR, but it's well worth it.

A new soldering iron. I got a fairly cheap Velleman to replace my old iron. Works well but the stand is pretty useless and it doesn't come with a sponge.

Some soder-wick and obviously some nice, thin lead-free solder

#8 (50mm) torx. This will be your new best friend if you work a lot with Apple laptops. I got a Velleman which was cheap (3 EUR) and came pre-magnetized.

If you haven't soldered in a while (or ever), there's a really nice tutorial over at Makezine.com as well as a primer on using a multimeter.

The plastic on these old G3 PowerBooks is pretty brittle by now from all the heat and long age, so you have to be extra careful! The problem turned out be a cold solder joint on the power connector. Works just fine now.

Working with hardware can be really rewarding - both in terms of fun and money. It's nice to work on something that you can actually touch, for a change. Sad that, in the long run, PC hw hacking is kind of a dying art because of all the crazy integration going on. I would not have been able to pull this off with a MacBook, I bet. That thing's just one big (actually small) logic board on the inside. So it's nice that there's still things like the Makezine.

My next hardware project's going to be building a RS 232 to USB adapter + some logging software for my trusty and obsolete Protek 506.

iTunes Store tips

filipp@mac.com — 2007-01-31T18:12:50+02:00

Define a shortcut for Power Search. System Preferences > Keyboard & Mouse > Shortcuts > iTunes > Search… I set mine to Cmd -F (odd that that doesn't focus on the search field, by default)

Wishlists. Just create a playlist and drag stuff from the store to it. Only works with individual tracks, sadly

Don't forget to de-authorize computer before formatting the HD. It's OK if you restore from a complete backup (including the stuff under /Volumes).

Use the Browse command (Cmd-B)

AppleScripting Keynote 3

filipp@mac.com — 2007-01-30T22:32:43+02:00

And in particular the add chart command. At first it seems like a really cool thing - easily create beautiful charts out of virtually any source. I was excited to try this with some Webalizer output. Looks like you have two options - the Automator Action or Script Editor

The action produces a chart right off the bat, but the input is weird:

Input: (Anything) Two dimensional array of chart labels and data.

What is that? After trying every possible permutation of what I thought an AS 2D array would look like (some of which even compiled!) with different kinds of input sources (AS, text) I finally gave up the Automator Action option.

Using script editor seemed promising at first, but a simple add chart with all the properties produced nothing. Finally managed to find this really nice example, but it only worked with Pages. Digging in the action's bundle revealed that you're supposed to tell the slide to add the chart. OK, time to put this new-found knowledge to work:

tell application "Keynote"
    set theData to {{1, 2, 3}, {4, 5, 6}}
    set theSlide to (slide 1) of first slideshow
    tell theSlide
        add chart row names {"Dec", "Jan"} column names {"Machines", "Visits", "Hits"} ¬
        data theData type "vertical_bar_3d" group by "column"
    end tell
end tell

Tadaa! Sweet. Now all that remains is to add the webalizer parsing code...

servermgrd bus error

filipp@mac.com — 2007-01-28T23:44:09+02:00

This happened after a failed attempt to add a signed cert from a CA - servermgrd just crashed. Trying to disable all SSL (/Library/Preferences/com.apple.servermgrd.plist) had no effect. Starting in debug mode just said this:

# servermgrd -d
2007-01-28 23:39:04.717 servermgrd[20540] *** _NSAutoreleaseNoPool(): Object 0x306030 of class NSCFData autoreleased with no pool in place - just leaking
2007-01-28 23:39:04.717 servermgrd[20540] *** _NSAutoreleaseNoPool(): Object 0x306420 of class NSCFData autoreleased with no pool in place - just leaking
2007-01-28 23:39:04.733 servermgrd[20540] Entering initialize
2007-01-28 23:39:05.600 servermgrd[20540] Starting idle processing
Bus error

Well, it turns out that the stuff about memory leaking is "normal". Here's the output of the same command on a totally unrelated, perfectly in-order Tiger server:

# servermgrd -d
2007-01-28 23:52:46.348 servermgrd[21665] *** _NSAutoreleaseNoPool(): Object 0x306020 of class NSCFData autoreleased with no pool in place - just leaking
2007-01-28 23:52:46.348 servermgrd[21665] *** _NSAutoreleaseNoPool(): Object 0x306410 of class NSCFData autoreleased with no pool in place - just leaking
2007-01-28 23:52:46.349 servermgrd[21665] Entering initialize

It's the Bus error that I'm worried about. Most of ktrace servermgrd -d and kdump -f ktrace.out is incomprehensible and so is pretty much /Library/Logs/CrashReporter/servermgrd.crash.log

Checking the last lines of kdump (kdump -f ktrace.out | tail -n 20) did mention /Library/Keychains/System.keychain, just shortly before the crash. A find -ctime 2 confirms that System.keychain was modified just around that fateful moment when this problem started. For the heck of it, I decided to move the old keychain aside, and create a new one:

# mv System.keychain System.keychain.old
# security create-keychain /Library/Keychains/System.keychain

Sure enough, servermgrd was open for business again:

server:/Library/Keychains root# servermgrd -d       
2007-01-29 00:20:48.654 servermgrd[20712] *** _NSAutoreleaseNoPool(): Object 0x306030 of class NSCFData autoreleased with no pool in place - just leaking
2007-01-29 00:20:48.655 servermgrd[20712] *** _NSAutoreleaseNoPool(): Object 0x306420 of class NSCFData autoreleased with no pool in place - just leaking
2007-01-29 00:20:48.655 servermgrd[20712] Entering initialize
2007-01-29 00:20:48.946 servermgrd[20712] Starting idle processing
2007-01-29 00:20:51.534 servermgrd[20712] Done with idle processing

I was actually able to salvage the certs and private keys from the damaged keychain file like thus:

# security export -k /Library/Keychains/System.keychain.old -t all -o ./all.pem

and then import them back into the fresh keychain:

# security import ./all.pem -P -k /Library/Keychains/System.keychain   
2 keys imported.
3 certificates imported.

The bad news is that although Server Admin works again, I'm unable to use the Certificate Manager. Any attempt to either add or import a cert gets replied by a dull "The selected certificate could not be retrieved. Going back to the list." Oh well, just another good reason to get more comfortable with the CLI - it's not as fragile... By the way, If you change SSL certs in httpd conf files, it seems it's better to stop and start the server, not restart (otherwise the old cert is still used).

Just for the record, the cert and key in /etc/servermgrd are disposable. If you delete them, they will be re-created by servermgrd on the next launch. Oh, and there's also certadmin, but it did absolutely nothing for me.

An interesting quote

filipp@mac.com — 2007-01-27T17:24:21+02:00

If the Mac was so great, why did it lose? Cost, again. Microsoft concentrated on the software business and unleashed a swarm of cheap component suppliers on Apple hardware. It did not help, either that suits took over during a critical period. (And it hasn't lost yet. If Apple were to grow the iPod into a cell phone with a web browser, Microsoft would be in big trouble.)

Excerpt taken from Paul Graham's excellent Hackers & Painters, published in 2004.

Building universal binaries

filipp@mac.com — 2007-01-24T15:23:51+02:00

So far I've had the best success with defining the following before configure:

> export LDFLAGS="-Wl,-syslibroot,/Developer/SDKs/MacOSX10.4u.sdk -arch ppc -arch i386"
> export CFLAGS="-isysroot /Developer/SDKs/MacOSX10.4u.sdk -arch i386 -arch ppc"

Sometimes this lead to:

gcc: -E, -S, -save-temps and -M options are not allowed with multiple -arch flags

in which case passing --disable-dependency-tracking to configure seemed to help.