Ir al contenido principal

Ralsina.Me — El sitio web de Roberto Alsina

Sometimes things just click

I have been writ­ing we­b-based in­ter­faces for ap­pli­ca­tions for about 5 years. Noth­ing pub­lic, noth­ing very in­ter­est­ing, just tiny front ends for cus­tom tools in clients' in­stal­la­tion­s.

And I have hat­ed ev­ery minute of it. PHP hurt­s, Twist­ed hurt­s, mod­_python hurt­s...

For a cou­ple of months I have been us­ing Cher­ryPy and I fi­nal­ly am hav­ing fun do­ing it.

And af­ter I fig­ured out how to do AJAX us­ing it, it's even more fun ( be­cause the apps in­ter­ac­tion mod­el is not to­tal­ly brain­dead :-)

I don't ex­pect it to be as fun as PyQt/PyKDE, but it's to­tal­ly not aw­ful. I sup­pose the same epiphany comes to peo­ple when they use rails or some oth­er de­cen­t, pro­duc­tive, fun frame­work.

All in al­l, I could get used to this.

Simple password validation

I am writ­ing a sort of we­b-based ad­min tool for a clien­t, and I had this prob­lem: How do you val­i­date a sys­tem us­er from a scrip­t?

Well, this is how:

def validPass(name,password):
     p=os.popen('/usr/bin/checkpassword-pam -s login -- /bin/true 3<&0','w')
     if r==None: #Success
             return True
             return False

Just get check­pass­word-­pam from some­where.

Or, if you use some oth­er sort of au­then­ti­ca­tion scheme, some oth­er check­pass­word. They are meant for qmail, but they are very handy :-)

Impudent abuse of copy&paste

I of­ten check on the com­ments for the longer ar­ti­cles I write.

Since most of those are of a tech­ni­cal na­ture of­ten I find some­one post­ing a ques­tion, even years af­ter the ar­ti­cle was post­ed (thank google for that), and I like to an­swer them.

So, I check on my Lin­ux Boot­ing Process Un­veiled ar­ti­cle, and I find this:

This ar­ti­cle is post­ed on this site as well, and in its en­tire­ty:

http://www.­sec­­ux­boot.php post­ed by Joshua Pur­cell at 2005-03-14 16:14:41.492867-06

And guess what? It is! Thanks Joshua!

Ok, it's not just a copy. For in­stance, he re­moved the joke at the be­gin­ning, and man­aged to mis­spell init­tab in a ti­tle (as IN­NITAB).

I am not against copy­ing con­tent from my site. In fac­t, it says right here at the right side that you can. As long as you do the fol­low­ing:

  • Keep my name on it

  • If you change con­­tents, clear­­ly say so

  • Link back at me.

These guys at Sec­tion 6, specif­i­cal­ly TBo­nius de­cid­ed to do the fol­low­ing:

  • Re­­place my name with his alias. They even say all their con­­tent is (c) no­­body. Well, not quite al­l, guys!.

  • Ed­it and not mark it

  • Not link back

I would con­tact them ex­cept that:

  • They pro­­vide no easy way to do so

  • This does­n't look like a hon­est mis­­­take (like some vi­et­­namese site did), be­­cause of the ed­it­ing.

So... what­ev­er dudes. I can write ar­ti­cles like this in a cou­ple of hours, while hang­over. Nice that you find it worth steal­ing (bad­ly) down to the foot­notes!. But hey, that's just lame. Or, as you may un­der­stand bet­ter:

Sec­tion6 1z 7h3 5ux0rz!

Change of plans

Well, uCrux is not for me.

The main prob­lem is what lead me to it in the first place, uClibc.

Sad­ly, I can­not rec­om­mend it ex­cept for em­bed­ded de­vices. It has some prob­lems build­ing or link­ing spe­cif­ic soft­ware, but that's not it. The prob­lem is there is no up­grade route.

Since it prom­ises to break bi­na­ry com­pat­i­bil­i­ty ev­ery ver­sion, you have to re­build the world to, for ex­am­ple, see if a bug is fixed in lat­est snap­shot.

So, back to glibc, at least for a while.

And, since I de­cid­ed to switch to glibc, why not look at Crux's child, Arch? It's down­load­ing now.

UNIX stuff that makes no sense ( the rant)

First of al­l, I love Lin­ux. I have used it ex­clu­sive­ly since about 1994 (yeah, the last Win­dows I ac­tu­al­ly used for re­al was WfW 3.11).

Let's see how it makes no sense.

The Bin

Your sys­tem has /bin /s­bin /us­r/bin /us­r/s­bin /us­r/lo­cal/bin /us­r/lo­cal/s­bin 6 dif­fer­ent bi­na­ry lo­ca­tion­s.

What sense does it make to split bin and sbin? It on­ly makes it hard­er for reg­u­lar users to use tools the can need, like net­stat and if­con­fig.

As for /bin and /us­r/bin, it makes lit­tle more sense, if at al­l. Sure, put a ba­sic, func­tion­al sys­tem out­side /us­r, be­cause /usr can be a net­work FS. Well, who does that?

I mean, I have seen al­l-lo­cal and al­l-net­work sys­tem­s, but I have nev­er seen a /-lo­cal, /us­r-re­mote sys­tem in ten years.

And I sup­pose some­one does it, but that does­n't mean it makes sense. If you want a re­al, func­tion­al, un­break­able sys­tem you can use in case of net­work fail­ure: use a sep­a­rate par­ti­tion. Or use a Live CD. Or use a flop­py. All of those are more re­silient than your /.

As for /usr and /us­r/lo­cal... that's just a throw­back to when peo­ple were scared of in­stalling soft­ware. Peo­ple should in­stall pack­aged soft­ware any­way.

The Libs

/lib /us­r/lib and /us­r/lo­cal/lib. Just as much sense as the above.

The vari­able

/usr and /var. Here's what I think I heard: /usr is for un­chang­ing ap­pli­ca­tion da­ta (bin­s, lib­s, doc­s, etc.) /var is for mu­ta­ble da­ta (logs, spool­s, caches).

That way, you put /var in a sep­a­rate par­ti­tion and if apps run amok, your / does­n't fil­l.

Well... ok, I sup­pose. Ex­cept that the right way to han­dle that is to make sure your apps don't freak­ing run amok!

Say, logs? Ro­tate them by size, not by date!

Spool­s? Use disk quo­tas, and max­i­mum sizes!

Caches? They should be space-lim­it­ed.

And all ser­vices should be kind enough to fig­ure out when your disk is about to burst and do some­thing grace­ful with it.

Fi­nal­ly: if your /var fill­s, all your ser­vices will crash just as hard as if / filled. So what's the point? That you can log in­to the crashed box and fix it? You can do that with a full /, too.

The root of all evil

We live with the con­cept of a sin­gle almighty ad­min. Why?

If ev­ery ser­vice ap­pli­ca­tion had a sin­gle point of con­fig­u­ra­tion and mon­i­tor­ing (ie: /etc/app and /var/ser­vice/app (in runit ;-) and /var/log/ap­p, it would be triv­ial, us­ing ACLs, to al­low par­tial man­age­ment of the sys­tem.

Sure, there would be a re­al root for stuff like pass­word man­age­ment and such, but that's not so bad.

Why has no one both­ered do­ing this?

Per­mis­sion to barf

The Unix per­mis­sion sys­tem is at the same time hard­er and less pow­er­ful than ACLs. That on­ly on the last two years it has be­come prac­ti­cal to use ACLs on Lin­ux, and that still you can't count on them in ev­ery dis­tro is... ug­ly.

I could go on, but... I think you get the idea. Com­ing some day: a pro­pos­al to fix the mess.

Contents © 2000-2022 Roberto Alsina