Profile

Cover photo
Jered Floyd
Works at Permabit Technology Corp.
Attended MIT
Lives in Somerville, MA
1,764 followers|70,457 views
AboutPostsPhotosVideos

Stream

Jered Floyd

Shared publicly  - 
 
Anyone here have experience debugging ISC bind? (Also, why do we use this awful software?)

My main name server is returning SERVFAIL for some queries, intermittently. One that seems to be consistent is trying to get the address for the MX for oddnoise.com. If I restart bind I can either query the MX, or query the A record for mail.oddnoise.com, but once I've done one the other will not succeed until I restart bind.

I increased logging, and just see, for example:
query failed (SERVFAIL) for oddnoise.com/IN/MX at query.c:7002

I made the mistake of staring into the abyss that is bin/named/query.c. The function "query_find" is 1907 lines long! And line 7002?

default:
/* * Something has gone wrong.
*/
QUERY_ERROR(DNS_R_SERVFAIL);
goto cleanup;

I can't make this shit up. A 2000 line main function and "something has gone wrong". I weep for humanity.

But, anyway, ideas on how to fix?
1
Seph Aliquo's profile photoDoctor Memory's profile photoJered Floyd's profile photo
6 comments
 
The super-annoying thing here is that it works the first time because when you do a query against the working glue record you get back additional records that contain working data (that is used to answer the query at hand successfully), but it appears those don't get cached but the busted authority record does, which means subsequent queries fail. Fail. Fail fail fail. 
Add a comment...

Jered Floyd

Shared publicly  - 
 
On one hand, open source software is great because you can fix your own bugs.

On the other hand, I just spent the last four hours figuring out, fixing, and submitting a patch for a bug that was introduced in 2012 into the expletive pile that is cyrus-sasl2.

If most security and authentication software is like cyrus-sasl2, we are all doomed.
2
Jered Floyd's profile photo
 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815208 if you care. If you're getting 0 back from read() then it's not a good idea to keep looping for more data.
Add a comment...

Jered Floyd

Shared publicly  - 
 
How do I make the main feed (or whatever it's called) in G+ wider? Before the redesign it was only using about half the horizontal space in my browser. With the NEW IMPROVED! G+ now it's using about one quarter. I get about 5 words per line....
1
Doctor Memory's profile photoJered Floyd's profile photoGreg S's profile photo
9 comments
Greg S
 
I just measured and I see the text being almost exactly the same width in the old and new format. Both comically narrow given the size of the window but no significant change.

Really I don't see any functional changes. Just another in the merry-go-around of pointless UI revamps. Still no way to filter or hide sources of posts which has made Facebook nearly tolerable. The only reason G+ is at all readable is that the signal/noise ratio is still relatively high but it's rapidly becoming lower and looks like it'll soon be all reshares and social junk.
Add a comment...

Jered Floyd

Shared publicly  - 
 
Help! I'm getting a shakedown by Barracuda Networks.  They seem to be getting out of the "anti-spam" and into the "protection racket" business.

Recipients have been getting bounce-unsubscribed a community mailing list that I administer.  The most recent bounces say that this "blocked using Barracuda Reputation;  http://www.barracudanetworks.com/reputation/"

Visiting that page provides no information on the specific reason my MTA has been blocked so I can't determine if there is a configuration issue, and has a link for one-time removal.

Below that it says "One way to get your email through spam filters even if you are listed on the BRBL is to register your domain and IPs at EmailReg.org." OK, sounds good, I can prove that my IP address is allowed to send for my domains -- I thought that was what SPF and DKIM were for (which are configured) but whatever.

However, I click through to emailreg.org and AFTER signing up for an account and configuring it they then reveal that there is a $20 "administrative fee" per domain.

This should be criminal, but I'm sure it isn't.  Does anyone have a solution for the Barracuda Networks Protection Racket?
3
Nathan Barwell's profile photoMary-Anne Wolf's profile photo
2 comments
 
Did you look up your reputation here http://www.barracudacentral.org/reputation and did it say anything useful?
Add a comment...

Jered Floyd

Shared publicly  - 
 
Huh.  "Collections" are what I wanted when this whole G+ started nearly 4 years ago.  I fear it may be too late for here now, but I hope that Facebook copies it...
1
Add a comment...

Jered Floyd

Shared publicly  - 
 
Dear LazyPlus:

Another Mac OS Yosemite problem; maybe someone can explain?  I'm finding that I am intermittently not able to connect to my mail server from Firefox or telnet, which a totally unlikely error.  This is easily shown in two simple commands:

[~] jered% host zimbra.convivian.com
zimbra.convivian.com is an alias for hiro.convivian.com.
hiro.convivian.com has address 72.5.31.108

[~] jered% telnet zimbra.convivian.com 80
zimbra.convivian.com: nodename nor servname provided, or not known

WTF, resolver?

Love,
--Me
1
Mieke Citroen's profile photoCamilla Fox's profile photoJered Floyd's profile photo
6 comments
 
So, I believe both this and my previous complaint (not connecting reliability to the local Time Capsule) both have something to do with mDNS failures.

I think this because there seem to be mDNS queries around the failing connections, and dtruss is reading files like /etc/.mdns_debug around the same time, so this is all quite circumstantial.

I'm not at all clear on how to debug this further - I've never "set up" mDNS and none of my devices have obvious configuration tweaks around it.  I'll look at some packet traces next, I guess.
Add a comment...

Jered Floyd

Shared publicly  - 
 
Durability problems in Linux LVM2 Snapshots?

I've just started using LVM snapshots on Linux, and am finding that they... aren't.  That is, the data is changing.  For example:

matrix:~# lvcreate -L1G -s -n hiro-backup /dev/matrix/hiro-root
  Logical volume "hiro-backup" created
matrix:~# md5sum -b /dev/mapper/matrix-hiro--backup
aeff90770c48e88e54e7d9c6a8e9a114 */dev/mapper/matrix-hiro--backup
matrix:~# md5sum -b /dev/mapper/matrix-hiro--backup
f1d4a2fb268ebc43f273d00d00f7e666 */dev/mapper/matrix-hiro--backup
matrix:~# md5sum -b /dev/mapper/matrix-hiro--backup
3615adce9adab4285a2f2fffe0ad7b85 */dev/mapper/matrix-hiro--backup
matrix:~# md5sum -b /dev/mapper/matrix-hiro--backup
2a12cb121e74d0f4201fdfaeacbac63c */dev/mapper/matrix-hiro--backup
matrix:~# lvdisplay /dev/matrix/hiro-backup
  --- Logical volume ---
  LV Name                /dev/matrix/hiro-backup
  VG Name                matrix
  LV UUID                oKs1tf-GbFE-Tm2V-AU0N-Dkfj-lmjZ-YAuIoB
  LV Write Access        read/write
  LV snapshot status     active destination for /dev/matrix/hiro-root
  LV Status              available
  # open                 0
  LV Size                68.83 GB
  Current LE             17620
  COW-table size         1.00 GB
  COW-table LE           256
  Allocated to snapshot  17.53%
  Snapshot chunk size    4.00 KB
  Segments               1
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     256
  Block device           253:8

I'm not overrunning the snapshot journal.

These don't appear to be mis-reads from the disk, in that the data that changes seems plausible revisions like changes to log or state files. (I'm using these snapshots for backups, and I've compared them.)

This is an older kernel: Debian 2.6.26-26lenny2

I'm aware that the snapshot is r/w, but there is no process writing to it.

Am I missing something about how LVM works? 
1
Theodore Ts'o's profile photoGreg S's profile photoJered Floyd's profile photo
14 comments
 
The snapshot isn't overrun, and I've also mounted it read-only in further testing.

The volume is the backing device for a local Xen guest. The VM is running (it's a mail server) but it can't write to TJ snapshot - it's not even mapped to the VM. 
Add a comment...
Have him in circles
1,764 people
Seethu Natarajan's profile photo
Jethro Shen's profile photo
Saba Jamalian's profile photo
Raul Palencia's profile photo
Arun Prabhudesai's profile photo
Shay Wilhelm's profile photo
Doctor Memory's profile photo
Nick Mathewson's profile photo
Donna Wrublewski's profile photo

Jered Floyd

Shared publicly  - 
 
Will I miss anything important if I just blacklist all IP addresses in China? My server isn't even a meaningful target, yet I have 1000s of portscan and ssh brute force attacks per day, and every since one is from China.... I'm not concerned about any of them being successful but this is just insane!
1
Ry S-H's profile photoJered Floyd's profile photoTracy Hall's profile photo
4 comments
 
er... actually, looks like FB decided to spellchuck "with" to "without" - the databases are a combination of as much coverage of China ISP's (and N. and S. Korea, as well) as possible, plus a database of "honeypot" hits - on a crappy-ass register.com shared server, adds about 100ms latency.  Cut the annoying (and mostly completely ineffective) hits to our ecommerce by about 98% or better.  *most* of the hits from china were either very stupid or very low level - I speculate probes to catalog vulnerable sites.
Add a comment...

Jered Floyd

Shared publicly  - 
 
Anyone else here use BuddyNS for secondary service? They seem to be processing AXFRs but not propagating to their network and it's causing serious operational issues for me. I have a paid acct but there's no response from support@... I think it's two guys and no pager. Any ideas?
1
Add a comment...

Jered Floyd

Shared publicly  - 
 
I appreciate that Google recognizes when it's made a mistake: http://googleblog.blogspot.com/2015/07/everything-in-its-right-place.html

Does this mean we get Reader back next? Please?
4
J B Tait's profile photoJered Floyd's profile photoElliot Schwartz's profile photoDoctor Memory's profile photo
5 comments
 
For the record I like Newsblur well enough as a reader replacement, but it's a one-man shop and to put it mildly does not have google-style uptime. :)
Add a comment...

Jered Floyd

Shared publicly  - 
 
Googlers: How limited is Google Takeout?  I was trying to grab individual labels from a GMail account and after three it just says "Oops, something went wrong!"

"Sorry, you are trying to create too many archives. Please try again later. [Help Center]"

The Help Center, like all Google documentation, is absolutely and completely useless -- not even mentioning this case at all.  (Like, seriously, I think all google "Help" links should just result in a pop-up in 96 point type saying "FUCK YOU!" -- that's about how helpful they are.)
1
Matthew Gray's profile photoJered Floyd's profile photoRic Lebrecht's profile photo
3 comments
 
Why on earth is there a limitation?
Add a comment...

Jered Floyd

Shared publicly  - 
 
Dear LazyPlus,

I upgraded my Mac to Yosemite, and now I can only connect to my Time Capsule once without rebooting.

That is, I can connect to it once (as a file server or backup target), but if I unmount it then I can't connect again until I reboot my Mac.  I get "Connection Failed", and logs say:
12/5/14 5:31:20.125 PM NetAuthSysAgent[510]: DNSAddressResolver:Resolve CFNetServiceResolveWithTimeout failed
12/5/14 5:31:20.125 PM NetAuthSysAgent[510]: ERROR: AFP_GetServerInfo - connect failed 64

Airport Utility is also unable to see it, even though I'm connected to it and the Internet.

Apple software updates seem to be just gigantic piles of fail these days.  Does anyone have a solution for this?

--Me
1
Jered Floyd's profile photo
 
This does seem to be a common problem in web searches, with no actual answers.  Or, rather,  most of the answers are special-case and don't apply (i.e. diasble firewall)
Add a comment...
People
Have him in circles
1,764 people
Seethu Natarajan's profile photo
Jethro Shen's profile photo
Saba Jamalian's profile photo
Raul Palencia's profile photo
Arun Prabhudesai's profile photo
Shay Wilhelm's profile photo
Doctor Memory's profile photo
Nick Mathewson's profile photo
Donna Wrublewski's profile photo
Education
  • MIT
Basic Information
Gender
Male
Work
Occupation
CTO
Employment
  • Permabit Technology Corp.
    CTO, present
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Currently
Somerville, MA