Tags: ntp

06/08/13

  07:05:00 pm, by The Dreamer   , 2118 words  
Categories: Software, Computer, BOINC, FreeBSD

sqlite3 SECURE_DELETE and Firefox

So a few days ago, databases/sqlite3 was updated in ports. And, in the portmaster run, I was faced with its config dialog. Think I had gone with the defaults previously, but decided to take a closer look this time. Saw that SECURE_DELETE, with the description "Overwrite deleted information with zeros". That sounds like a waste of time, I should probably turn that off.

A quick online search, I found this:

The secure_delete setting causes deleted content to be overwritten with zeros. There is a small performance penalty for this since additional I/O must occur. On the other hand, secure_delete can prevent sensitive information from lingering in unused parts of the database file after it has allegedly been deleted.

Yup, definitely just a waste of time...even says so. The OTOH, wrong. Why? Because I'm running my FreeBSD system on ZFS, which is copy-on-write. Its just spinning my wheels create a new copy of the file filled with zeros, and the old file is just unlinked somewhere intact, and then unlinking that new copy that it had filled with zeros. When just unlinking the old file achieves the same thing faster.

Of course, what happens a little while later there's an update to www/firefox in ports, where the configure fails because sqlite3 wasn't built with SQLITE_SECURE_DELETE. Well, I'm not turning on stupid for Firefox...I'm already disappointed by how slow it has become (and PGO seems to be broken again), to where chrome/chromium is now my everywhere browser. Which is working on the most part now that I don't have a Solaris workstation as part of my everywhere.

Well, its just configure that is testing for it and complaining...so there should be a way to turn it off. Hmmm, no option to do that, guess I'll have to later the configure script. Do I inject a patch into the files directory? Looks like the file is being adjusted elsewhere, though I don't see a patch in files that is working on it. Okay, its the post-patch target in the Makefile. Can I just add to that? Guess the way to do it is to change AC_MSG_ERROR to something that doesn't terminate the configure. Unfortunately I have portmaster.rc opertion "PM_DEL_BUILD_ONLY=pm_dbo" uncommented, so can't quickly look what AC_MSG_??? I could use. Find some online documentation, that describes AC_MSG_CHECKING, AC_MSG_RESULT, AC_MSG_NOTICE, AC_MSG_ERROR, AC_MSG_FAILURE, AC_MSG_WARN...first 3 are messages that aren't emitted if '--quiet' or '--silent' options are used. I don't think those options are used normally, but seems like a good idea to me. I'll use AC_MSG_NOTICE (though now that think of it, AC_MSG_RESULT is probably valid, since it was an AC_MSG_CHECKING that comes before the AC_MSG_ERROR...)

Well, AC_MSG_NOTICE is undefined. Guess the autoconf being used is different than the one I found online. AC_MSG_ERROR and AC_MSG_FAILURE cause exits, but AC_MSG_WARN writes to stderr and continues. Guess, that's what I'll have to use then.

So, I insert the change, and create quick diff so that I can reapply it as a patch for next time....

Code

--- Makefile.orig  2013-06-03 17:45:05.000000000 -0500
+++ Makefile  2013-06-04 18:22:37.335175851 -0500
@@ -89,6 +89,7 @@
post-patch:
  @${REINPLACE_CMD} -e '/MOZPNG/s/=[0-9]*/=10511/' \
    -e '/^SQLITE_VERSION/s/=.*/=3.7.14.1/' \
+    -e '/with SQLITE_SECURE_DELETE/s/_ERROR/_WARN/' \
    ${WRKSRC}/configure.in
  @${REINPLACE_CMD} -e 's|%%LOCALBASE%%|${LOCALBASE}|g' \
    ${WRKSRC}/browser/app/nsBrowserApp.cpp

Pages: 1· 2

11/07/09

  06:30:40 pm, by The Dreamer   , 175 words  
Categories: Software, Computer, Networking

Another problem with karmic upgrade of box

Found another problem with my karmic upgrade of 'box'. The clocks on everything were starting to drift....well 'box' is my NTP server.

I check the ntp.conf, and it was still correct. Then I realized ntp started while bind wasn't....so it omitted a time server to sync with. (and nothing for the initial sync).

So, that's another thing to bounce in /etc/rc.local on boot.

I did find a posting somewhere that suggested apparmor was the causing problems, so I tried removing that....but that didn't solve the problem, though putting it back it did work once....but rebooting again to see if it was a fluke, seemed to say that it was. So, stick with /etc/rc.local as the more reliable way to make sure these things are running..... :**:

Wonder if there'll be a time where I remove this kluge to see if things are fixed...or not. :??:

OTOH, with box on a PowerSource 400, I kind of hope that it'll never go down during typical power outages. Of course, who knows if there'll be another extreme one, like the icepocalypse.

06/19/09

  03:36:00 pm, by The Dreamer   , 710 words  
Categories: ReplayTV, Hardware, Computer, Networking, Home, Ubuntu

Guess that answers one question about 'box'.

This morning while I was at home waiting for the building owner to show up to see about some noises inside the wall behind kitchen sink/washer&dryer. UPS showed up with a box from TigerDirect.

That should be the off-lease IBM ThinkCenter S51 that I snapped up thinking I'd rebuild 'box' on a new machine.

The condo's quarterly pest control was going to be at 1:30pm today, so he was thinking of setting off some kind of pest control spray bomb in the utility room...which may or may not reach into the wet wall space of my condo. Or consult with the pest control company on what else to try. Later as I was listening closer to the noise, I wondered if it sounded like a feret...because there's a "Lost Ferret" sign out by the mailboxes. Turns out the "Lost Ferret" is from the unit above me.

I popped in to work for a bit, and then returned around 1:30pm for the pest control visit. I arrived to find that FedEx ground had been by and there was a box sitting by my front door. Meanwhile, the building owner said the neighbor upstairs wanted to take a look and see if he can get the ferret out, otherwise the ferret owner would pay to have an exterminator deal with it. There's no openings in the wall that I knew of, but I let him. Pest control guy later showed up to do some spraying.

Well, the box was the pulled/untested power supply that I had snagged off of ebay. All the power supplies that matched the part number online were of this 'untested/as-is' condition...or more than what I had original paid for the computer (and more than what the off-lease computer I just got). Alas, it didn't make 'box' work again. Either I got another dead power supply or there something else wrong with the system that is making the powersupply not turn on. Not have an ATX P/S tester handy, I can't tell if this is the case or not.

Anyways...that eliminates one option for getting 'box' back online.

I'm pretty much leaning towards installing the latest Ubuntu server....since it looks like the main things I'd require on the system are DNS (master), DHCP (wonder about setting up peering), NTP, ddclient x 2, and email relay to my outbound.mailhop.org account, vpnc. The ivs-status-sniff stuff will just go away. And, I'll gradually remove all evidence of it and simplify the configurations on my border routers (been close to running out of nvram on them).

Hmmm, just realized that I never changed the configs on the routers to account for the lack of the internal router 'box' to reach my ReplayTVs for IVS...not just they were (date) confused because they were doing NTP off of 'box'...and first DNS in the search list was 'box'....

Also not sure vpnc is needed now, since it won't be functioning as an internal router anymore. Someday I'll upgrade to a computer where it'll be safe to install a vpn client again. My windows boxes are both pretty dorked in the network config department. The W2K box is completely dorked...when 'lhaven' died...it became pretty usuable because I couldn't get into the configs to change my DNS server. I haven't found the install disk, so risking a repair install hasn't been an option. The other computer is also somewhat messed up, though not as bad.

Both messed up networking are connected to previous attempts to install VPN software (SecureRemote). It was largely flawed because they didn't support users with their own routers doing NAT. Largely because every IANA non-routeable ranges were being used somewhere within the worldwide network of the company, which was all NAT'd behind a single IP in Canada. Made location based (or restricted) services fun to use from work...because they would mistakenly set Canadian preferences or deny access because only US IPs were allowed.

It was particularly bad with Yahoo..which kept bouncing us over to yahoo.ca and then defaulting to only searching Canadian sites.

Anyways....wonder when I'll get cracking on trying to build the new 'box'. The off lease machine came with a 40G drive, but do I use it...or see if I have any other IDE drives around (probably too late to buy one).

:hmm:

Now instead of subjecting some poor random forum to a long rambling thought, I will try to consolidate those things into this blog where they can be more easily ignored profess to be collected thoughts from my mind.

Latest Poopli Updaters -- http://lkc.me/poop

bloglovin

There are 20 years 3 months 25 days 22 hours 19 minutes and 15 seconds until the end of time.
And, it has been 4 years 9 months 1 day 15 hours 43 minutes and 41 seconds since The Doctor saved us all from the end of the World!

Search

September 2017
Mon Tue Wed Thu Fri Sat Sun
 << <   > >>
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30  
Google

Linkblog

  XML Feeds

Who's Online?

  • Guest Users: 5
This seal is issued to lawrencechen.net by StopTheHacker Inc.
blog engine

hosted by
Green Web Hosting! This site hosted by DreamHost.

monitored by
Monitored by eXternalTest
SiteUptime Web Site Monitoring Service
website uptime