Profile

Cover photo
David Woodhouse
Works at Intel Corporation
1,314 followers|138,813 views
AboutPostsPhotosVideosReviews

Stream

David Woodhouse

Shared publicly  - 
 
Wanted: UI hacker to provide WebKit (or similar) based authentication GUI for OpenConnect to connect to Juniper VPN.

For full support,, we really are going to have to support arbitrary HTML forms, often with JavaScript. Sometimes with Java and Flash. All I want is the DSID cookie you get when you finish logging in.
2
1
Matthew Galgoci's profile photoDavid Woodhouse's profile photoSriram Ramkrishna's profile photo
2 comments
 
The NetworkManager auth-dialog for OpenConnect/Juniper is precisely where this would land.
Add a comment...

David Woodhouse

Shared publicly  - 
 
+Tiebing Zhang​ and I got a hacked-up test branch of OpenConnect to pass its first Juniper SSL VPN packets today. http://git.infradead.org/users/dwmw2/openconnect-juniper.git

Authentication isn't quite working yet; currently using https://smallhacks.wordpress.com/2012/07/15/jvpn-perl-script-to-connect-to-the-juniper-vpn-with-host-checker-enabled/ for that bit but it's coming together quite quickly now. We think we know how the ESP negotiation works too.

Anyone able to let me have an account on one? Or want to join in the fun? Not for the faint of heart quite yet but it should be soon.
7
1
Russ Dill's profile photoDavid Woodhouse's profile photoDenys Dmytriyenko's profile photo
8 comments
 
Now seems to be reliably passing data packets over TCP and UDP transports, and I've just implemented UDP (ESP) rekeying. It's almost ready for more widespread testing...
Add a comment...

David Woodhouse

Shared publicly  - 
 
Almost threw my laptop out the window last night.

Started attempting to write my monthly status report. Want to Cc it to the 'all department' mailing list, so start typing the address, wait for auto-completion (it changes frequently so I don't remember what it is this week). Gr, Evolution's address book and calendar seem to stop working every time I drop off the VPN and don't start working again when I rejoin. Probably related to https://bugzilla.gnome.org/show_bug.cgi?id=708175 in some way (a similar bug, if not a symptom of the same bug).

OK, restart evolution-addressbook-factory. Hm, it needs to download a new version of the addressbook. Oh, and for some reason the incremental update doesn't work (that one probably my fault) and it downloads a completely new copy. And then copies its 121MiB of data from the downloaded file into a sqlite database.

Now, Linux's performance under any kind of I/O load is really sucky, but this was even suckier than normal. During this period it took me three minutes just to focus on the xchat window and type a simple response to a question. Normally it's only a minute or two — and I'm not sure how much of that to blame on gnome-shell. Yes, I do have /proc/sys/vm/dirty_ratio set to 1, not the default 20.

I run 'iotop', and half the time it seems to be telling me there is no I/O. That's blatantly nonsense. Eventually I find that abrt is running — taking a core dump of Evolution, which has crashed. So it's writing the 4½GiB core dump to disk. Yes, four and a half fucking gigabytes. I have no idea what it's using it all for. I do periodically run it under Valgrind, and have experimented with some GObject trackers too, but there is no smoking gun; it just grows and grows and grows (as does Thunderbird, I'm told).

I ran gnome-abrt and started trying to file the report. But by the time it'd finished trying to process it, the fucking thing had been deleted! It seems that Yet Another Gnome Shell crash (qv) had caused the evolution dump to be removed while it was still being processed:

Nov 18 00:02:00 shinybook.infradead.org abrt-hook-ccpp[19897]: Saved core dump of pid 13172 (/usr/bin/gnome-shell) to /var/tmp/abrt/ccpp-2013-11-18-00:01:17-13172 (384856064 bytes)
Nov 18 00:02:00 shinybook.infradead.org abrt-hook-ccpp[19897]: /var/tmp/abrt is 1642394496 bytes (more than 1279MiB), deleting 'ccpp-2013-11-17-22:54:19-2299'

Thankfully, I had also loaded gdb on the coredump manually, and still had it open so I was able to keep a copy.

But even after all this crap had finished, the machine still hadn't recovered from the I/O load, so I gave up and went to bed. Twenty minutes later I came downstairs for Bonjela and Calpol and prodded it, and it still didn't come back. The backlight came on, but it just sat there at a black (but backlit) screen the whole time I finding and measuring out a syringe of medicine. Perhaps that was partly the normal shell crash on waking from idle, but probably not.

I no longer give Linux machines to my family to use. I still try to support the ones I have given out in the past, but it is increasingly painful — just as painful as it is trying to use Linux myself on the desktop.

This sure as hell isn't the year of the Linux desktop. It might just be the year of the MacOS desktop, for me.
GNOME Bugzilla – Bug 708175. "You must be working online to complete this operation". Last modified: 2013-11-05 09:54:25 UTC. Home; | New; | Browse; | Search; |. | Reports; | Requests; | Help; | New Account; | Log In. Remember [x]. | Forgot Password. Login: [x]. First Last Prev Next No search ...
11
Dan Carpenter's profile photoMauro Andreolini's profile photoAndreas Tunek's profile photoDavid Woodhouse's profile photo
23 comments
 
For my corporate users, the SSL certificate handling in Fedora 19 is a must-have. Installing the company's certs once and expecting them to Just Work, systemwide - not only for some apps, or some crypto libraries. Up to date and well-maintained (not just 'packaged') versions of other things like Evolution-EWS and pidgin-sipe are also extremely useful. The GSS-NTLMSSP module will land I Fedora first and be properly integrated there with a holistic view of the distro too, I'm sure...
Add a comment...

David Woodhouse

Shared publicly  - 
 
Cute...
Rod Cope, the founder of OpenLogic, shares seven reasons why closed source is better than open source, or so it seems.
12
2
Alex Riesen's profile photoSergio Schvezov's profile photoRobert MacFarlan's profile photoMarc Jones's profile photo
3 comments
 
+Alex Riesen, just in case to avoid misunderstandings, my comment was a pun intended after reading the article.
Add a comment...

David Woodhouse

Shared publicly  - 
 
Hm. Finally fixed the DVD drive firmware on my MacBook to be region-free (UJ-898 HE13), and vlc under OSX can play both region 1 and region 2 discs quite happily.

But nothing under Linux works; it still gets "Read of scrambled sector without authentication" errors. Even the 'csstest' tool from libdvdcss. WTF?
1
David Woodhouse's profile photoDavid Willmore's profile photo
5 comments
 
That triggers a memory of why they moved to using self-resetting RPC2 firmwares--some OS or player would do just what you're describing when it encountered certain behaviors in RPC1 drives. Sadly, that memory has been swapped to tape.
Add a comment...

David Woodhouse

Shared publicly  - 
 
"When you assume, you make an ass out of u and me" … the next person who quotes that idiotic crap at me is getting stabbed.

After all, I don't know that stabbing will hurt them. I only know that stabbing hurts some other people. I might have assumed it would hurt them…but they don't want me to make assumptions, so let's find out.

In fact, perhaps I don't even know that stabbing hurts other people. I've never seen it first hand. I have assumed that the news reports, and other things I've been told, are true. Maybe it's all a lie? Who knows?

The same goes for people who complain about making "generalisations" — it's the same thing, really, but with a different stupid reason for objecting to it. Our species only survives because of generalisations.

"Hm, I see tiger. Tiger eat my friend Ug yesterday. And another tiger eat my friend Ng last week. Tiger eat me? No, mustn't make generalisations or assumptions like that. Maybe this good tiger! I not run away!"
7
Florian Mickler's profile photoSimon Farnsworth's profile photoJamey Sharp's profile photoTim Smith's profile photo
17 comments
 
Well, whenever I run into people who do not understand the aphorism they are quoting (in this case, "consider the possibility that your assumption is wrong"), I simply remind them that "he who hesitates to look before he leaps, is lost". And wander off to find someone more interesting...
Add a comment...
Have him in circles
1,314 people
Josef Bacik's profile photo
Sachin Divekar's profile photo
Robert Berger's profile photo
Ethan Smith's profile photo
santi sanp sanp's profile photo
relevant firetechnicians's profile photo
Andrew Jeffery's profile photo
Matthew Miller's profile photo
Liam Girdwood's profile photo

David Woodhouse

Shared publicly  - 
 
Managed to update the OpenConnect web pages to admit to the new Juniper VPN support: http://www.infradead.org/openconnect/juniper.html

More testing would definitely be welcome. And if anyone can let me have a test account on a server, especially one with IPv6, that would be much appreciated.

Thanks +Tiebing Zhang and +Russ Dill for the help with getting this running.
VPN client compatible with Cisco AnyConnect SSL VPN
10
2
David Woodhouse's profile photoDenys Dmytriyenko's profile photoTu THCS's profile photo
 
Keepalive for ESP, with fallback to sending data over the HTTPS session, is now implemented. As is reconnecting the HTTPS if the connection is lost. In terms of features this is basically now ready for people to be trying to use it in anger.

The keepalive and reconnect could definitely do with some torture testing with tcpkill and selectively blocking UDP with a firewall, and it still offends me that we've only seen Legacy IP and now IPv6, but we're getting there... with some testing and some code cleanup now I have a clearer picture of how it all fits together, we might be able to make a release soon.
Add a comment...

David Woodhouse

Shared publicly  - 
 
I wish gnome-shell didn't keep crashing. Or failing that, I wish that filing bugs actually got things fixed. Am I getting grumpier in my old age, or is the Linux desktop getting progressively worse?
7
Bastien Nocera's profile photoDavid Woodhouse's profile photoSriram Ramkrishna's profile photoJesse Brandeburg's profile photo
66 comments
 
+David Woodhouse the gnome-shell crash still happens to me in F20. :-(
Add a comment...

David Woodhouse

Shared publicly  - 
 
Thanks Google for the shiny new Chromecast. Now, if you could just stop it resetting itself to factory defaults every hour or two...
1
David Woodhouse's profile photoDenys Dmytriyenko's profile photo
2 comments
 
are you sure you didn't get a lemon?
Add a comment...

David Woodhouse

Shared publicly  - 
 
Dear "executive headhunter". Calling my employer's switchboard and pretending to be my friend, and tricking them into putting you through to my mobile phone at 5:30am even though I deliberately removed my number from the first place they'll look... is not the best way to start a conversation with me.

Fuck. Off. And. Die.
7
Sriram Ramkrishna's profile photoSarah Mount's profile photoJared Hulbert's profile photoDavid Woodhouse's profile photo
26 comments
 
+Jared Hulbert This one appeared to be British. It was 5:30am on the US west coast when he called. No idea who he was trying to find meat for though.
Add a comment...

David Woodhouse

Shared publicly  - 
 
Sad, but quite possibly true…
1
1
Sriram Ramkrishna's profile photoChris Snook's profile photoBart Trojanowski's profile photo
2 comments
 
ACTA is much further along than SOPA or PIPA ever were, and more dangerous.
Add a comment...

David Woodhouse

Shared publicly  - 
 
Every time I try to use Amex travel, I wish I hadn't. Today's WTF: book a rental car, and their crappy site explicitly tells me "No credit card is required at this time.".

An hour later, I get an automated email saying that because the credit card details are missing in the reservation, they are unable to INVOICE it (their capitals) and asking me to call them. I can't even reply to the email, apparently.

If they can automatically tell that they need credit card details to make the booking, why in $DEITY's name did they not take the credit card details in the first place?
3
Theodore Ts'o's profile photoMichael Ewan's profile photoJohannes Berg's profile photoDavid Woodhouse's profile photo
10 comments
 
+Johannes Berg Perhaps for my 2013 experiment I'll get you to give me their number.
Add a comment...
People
Have him in circles
1,314 people
Josef Bacik's profile photo
Sachin Divekar's profile photo
Robert Berger's profile photo
Ethan Smith's profile photo
santi sanp sanp's profile photo
relevant firetechnicians's profile photo
Andrew Jeffery's profile photo
Matthew Miller's profile photo
Liam Girdwood's profile photo
Basic Information
Gender
Male
Work
Occupation
Linux kernel hacker
Employment
  • Intel Corporation
    Linux Kernel Engineer, 2008 - present
  • Red Hat Software
    Senior Software Engineer, 2001 - 2008
Links
Other profiles
Great meal in enclosed courtyard, looked after us and the babies well.
Public - 4 months ago
reviewed 4 months ago
1 review
Map
Map
Map