The Hive Archive

After cvs updating my ports tree in OpenBSD, I was going through and compiling a bunch of fun stuff, noticed this one building nmap:

config.status: creating nsock_config.h
   (  )   /\   _                 (
    \ |  (  \ ( \.(               )                      _____
  \  \ \  `  `   ) \             (  ___                 / _   \
 (_`    \+   . x  ( .\            \/   \____-----------/ (o)   \_
- .-               \+  ;          (  O                           \____
                          )        \_____________  `              \  /
(__                +- .( -'.- <. - _  VVVVVVV VV V\                 \/
(_____            ._._: <_ - <- _  (--  _AAAAAAA__A_/                |
  .    /./.+-  . .- /  +--  - .     \______________//_              \_______
  (__ ' /x  / x _/ (                                  \___'          \     /
 , x / ( '  . / .  /                                      |           \   /
    /  /  _/ /    +                                      /              \/
   '  (__/                                             /                  \
             NMAP IS A POWERFUL TOOL -- USE CAREFULLY AND REPONSIBLY
Configuration complete.  Type make (or gmake on some *BSD machines) to compile.

ASCII art makes me nostalgic.

The next release of Mozilla Firefox is approaching, with some of the following new features:

• Built in Anti-Phishing protection.
• Search suggestions now appear with search history in the search box for Google and Yahoo!
• Support for client-side session and persistent storage
• Changes to tabbed browsing behavior
• Search plugin manager for removing and re-ordering search engines
• Better support for previewing and subscribing to web feeds
• New microsummaries feature for bookmarks
• Inline spell checking in text boxes
• Automatic restoration of your browsing session if there is a crash
• New combined and improved Add-Ons manager for extensions and themes
• Extended search plugin format
• Updates to the extension system to provide enhanced security and to allow for easier localization of extensions
• Support for SVG text using svg:textPath

Do you love Firefox and want to help test the bleeding edge versions, but don’t want blood all over your computer? Are you worried that the Alpha software will kill your bookmarks and eat your GMail? Enter Altiris Software Virtualization Solution:

“Where virtual machine utilities like VMware Workstation manage entire virtual computers, Altiris Software Virtualization Solution 2.0 virtualizes individual software installations. Once installed on a system, SVS runs continually. If you install a program under it, SVS grabs all changes to the Registry and file system (including added and deleted files) that the installer makes and puts them in what Altiris calls a layer. Thereafter, the virtualization software directs file and Registry calls to the layer or to the base system as appropriate. The SVS-installed app looks perfectly normal, but disappears without a trace when you deactivate the layer. You can turn the app on and off like a light switch.” — Neil J. Rubenking, PC Magazine, 3-23-06

Altiris has made this software free for personal use and I’ve written some instructions to get you started (assuming you have access to a Win32 PC)

Step by Step

1. Download Bon Echo Alpha 3
2. Obtain Altiris personal use license. You don’t have to input your e-mail address on the download form (unless you want to). Kudos to Altiris for this.
3. Download Alitiris Software Virtualization Solution
4. Install SVS by unzipping the download and double-clicking the Software_virtualization_Agent.msi.
5. Make sure to check the Software Virtualization Admin Tool box, we will be using it later to create our own custom Bon Echo layer.



6. Reboot (it is Windows after all)
7. Open the Altiris Software Admin and select File -> Create New Layer.
8. On the Create New Layer dialog, select “Install application” and click Next.



9. Enter Bon Echo Alpha 3 as the Layer name and click Next.
10. Make sure Single program capture is selected, then browse to where you saved the Bon Echo Setup alpha 3.exe. Parameters can be left blank. Click Next.



11. Verify the information you entered is correct and click “Finish”.



12. Proceed through the Bon Echo Setup as normal. You can leave the defaults as is.



13. When you reach the final screen, right click on the Altiris Capture tray icon (yellow lightning bolt) and select Stop Capture.

At this point you should have a virtualized Bon Echo Layer. Use the Altiris Admin tool to enable or disable this layer. You can also reset the layer back to the default state from this interface. With this tool, you can help test beta software without worry of damaging your system. Be sure to report any bugs you discover.

There are also many pre-packaged layers available at: svsdownloads.com. Cheers!

I ran across the NYC Lisp User Group’s description of a Google Summer of Code project to port Lisp Cells to Python. I hadn’t heard of Cells before this, but this seems like a potentially cool thing. I would like to try this, especially on Python.

I’m not a Lisp coder, but it would be fascinating to go to one of their meetings. One can imagine anyone in NYC passionate enough to show up to a Lisp user group would be an interesting character.

I fixed up the parsing issues on Shelob so that it is somewhat respectable, instead of a bunch of hacks. It was obvious once I started looking at what the client was sending me (the LiveHTTP headers Firefox extension rocks), that I needed to break up each line and then seperate the values into a name and value.

After rewriting the getHeaders() function to use STL hash tables, not only is the code more flexible, but it is also cleaner. For example:

[code]
log.writeLogLine(inet_ntoa(sock->client.sin_addr), request_line, 200, size, headermap["Referer"], headermap["User-Agent"]);
[/code]

Here, with the headermap, it is obvious what values I am passing. Before the rewrite, I just had a bunch of tokens[3], tokens[5], etc.

I’m also toying around with the idea of privilege seperation and chroot jails. This sort of flows with the previous post of a micro-kernel type approach, similar to how Postfix works. While it is more secure, the programming challenges are pretty high. I may leave that for a later version. I still have a bit of cleanup to do before a release.

Aside:

Theo de Raat gave a nice presentation on exploit mitigation techniques that OpenBSD is using which relates to some of these ideas.

To get color ls output on OpenBSD, get a recent version of ports and then do the following:

1. cd /usr/ports/sysutils/colorls
2. make install
3. set your TERM to wsvt25
4. /usr/local/bin/colorls -G should now display similar to the GNU ls with the color option
5. Set the appropriate alias for your shell.

I fussed around more with logging today, which lead me to the parseHeader() function. Parsing is one of the weakest areas right now. For simplicity, I had implemented it by simply tokenizing on “space”, shoving the tokens into a string vector and then iterating over that vector for the tokens I needed.

So far, I’ve not peeked at anyone elses source code, Shelob is a clean room implementation of a basic HTTP server. However, I really need to clean up the parser. I thought about going with a full lexer using flex or something, but that is probably overkill. Plus, I’d rather not add another dependency. More thought on this is needed and maybe some research into how other people are doing this. Very much an area where security can go wrong, it needs to be done right.

The other thought I had while poking around, is that I could make each component into its own server, sort of a mini-microkernel approach. I could imagine a swarm of different servers, all being able to communicate. You could have the log server running on one host, seperate cgi servers for each user, as well as different backends. The only thing I’m not sure about is how much overhead this would be. A lot of the interprocess communication could happen over local UNIX sockets, FIFOS, or even shared memory, but it would be awesome if it all worked fast over a regular socket. Yet more thought needed here.

So far I’m having a blast playing with this program. It is nice to write something for yourself and make only the trade offs you decide. I don’t have any customer or management trying to shoe horn this thing into something I don’t want. Even if I never release it, it is a good brain excercise.

Today I added support for NCSA/Apache style logs. It has been nearly 2 years since I last touched this code and closer to 3 since I first wrote it. Surprisingly, I’m able to make modifications pretty easily. To me, this indicates that the design is semi-clean. The odd thing about Shelob is that it is literally my first C++ program. I’ve never so much as done a Hello World in C++ before writing a web server. Granted, I had done a fair amount of C before this and I’m using C++ more for the STL and namespaces.

It isn’t completely OOP, but C++ isn’t either. One of the big things that I was trying to do with Shelob was to use C++ strings exclusively, but I found out quickly that it is almost impossible not to drop down and use C style “strings” at some point, espeically when dealing with sockets. Right now Shelob is very incomplete, but it does have the following features:

• Compiles cleanly on Solaris/Sparc, OpenBSD/PPC, OSX/PPC, Linux/x86
• Binary is less than 60K
• Supports HTTP/1.1 Keep-Alive
• Basic log file support
• A filter class (currently supports adding a footer to every HTML page before serving)

Currently, it is forking, but I’m considering moving to a select model for speed. I would also like to be able to run it from Win32, but that is a much lower priority. It would be nice if Vista supported forking. I have some ideas for future features, but there are some areas that are a little rough in the current code that need refactoring. I also need to ponder what license to release under. I’m leaning towards BSD, but GPL is running a close second. I should probably look at other web servers and see what they are operating under.

Several years ago, I implemented a partially compliant HTTP/1.1 web server in C++. It is named Shelob, after the Spider Beast in Lord of the Rings, it’s also an acronym: Server for HTTP enviroment and Logging Outgoing Bits (credit goes to Darren Morin for the name). I ported it to Automake/Autoconf a year ago, and I would like to update it some and release it as open source. However, I probably need to come up with a new name to avoid copyright infrigement and to make it easier to find in search engines. Any ideas?

Apple Insider reports that the new Macbook laptops have user servicable hard drives. Awesome! I replaced my own G4 Powerbook hard drive when the factory one failed. I would not recommend this to anyone. The amount of various sized screws, hard to remove casings and tenously coupled cables make it an unfun adventure. Good to see they are learning from their mistakes.

Beautiful is better than ugly.
Explicit is better than implicit.
Simple is better than complex.
Complex is better than complicated.
Flat is better than nested.
Sparse is better than dense.
Readability counts.
Special cases aren't special enough to break the rules.
Although practicality beats purity.
Errors should never pass silently.
Unless explicitly silenced.
In the face of ambiguity, refuse the temptation to guess.
There should be one-- and preferably only one --obvious way to do it.
Although that way may not be obvious at first unless you're Dutch.
Now is better than never.
Although never is often better than *right* now.
If the implementation is hard to explain, it's a bad idea.
If the implementation is easy to explain, it may be a good idea.
Namespaces are one honking great idea -- let's do more of those!

Tim Peters