New hardware ordered: printer and kitchen computer

The kitchen computer project will be powered by a black ASUS EeeBox B203! The ancient 800 MHz (VIA Samuel 2 crap CPU) Mini-ITX machine I use for the prototype is very slow, has issues with the USB network adapter (NetGear WG111v3, ID 0846:4260),  and freezes occasionally so it will be retired soon! I will try to use Ubuntu Netbook Remix on the EeeBox.

I also ordered a new network laser printer, and actually not an HP! It’s a Samsung ML-2851NDR. The OpenPrinting database says that the very similar model Samsung-ML-2851ND works perfectly so I hope that the “R” does not mean “Requires Microsoft Windows”. It was cheaper than the HP LaserJet P1505N, even though the Samsung has duplex support and the HP does not.  Hopefully I will not share the experiences in this negative Samsung ML-2851NDR review.

Firefox 3.0 freezes waiting to resolve safebrowsing-cache.google.com in DNS

My current daytime setup is for various reasons a Windows XP installation with Ubuntu Jaunty running inside VirtualBox. I use Microsoft Windows for Outlook, SQL Navigator and some web browsing while using the Linux installation for development. This morning I started Firefox in Windows XP, changed focus to VirtualBox or some other window, and when I returned to Firefox it was frozen. I followed the standard Windows trouble-shooting procedure: reboot and get a coffee. When I was logged in again in both Windows and Ubuntu I got the same issue with Firefox in Linux. WTF?

At least I have the tools in Ubuntu to debug this issue. This is a simplified version and approximate order of what I did.

First, create ~/.gdbinit to make GDB a tad more user-friendly:

set pagination off
set radix 16
set print pretty
set history save on

Second, add ddebs.ubuntu.com to /etc/apt/sources.list:

deb //ddebs.ubuntu.com/ jaunty main restricted universe multiverse
deb //ddebs.ubuntu.com/ jaunty-updates main restricted universe multiverse
deb //ddebs.ubuntu.com/ jaunty-security main restricted universe multiverse
deb //ddebs.ubuntu.com/ jaunty-proposed main restricted universe multiverse

Install some debug symbols:

sudo apt-get install firefox-3.0-dbgsym libnspr4-0d-dbgsym xulrunner-1.9-dbgsym

Debugging time!

$ gdb `which firefox` `pidof firefox`

(gdb) thread apply all bt

Thread 2 (Thread 0xb08eab90 (LWP 4253)):

#9  0xb7e16c7f in getaddrinfo () from /lib/tls/i686/cmov/libc.so.6
#10 0xb7c8d739 in PR_GetAddrInfoByName (hostname=0xbc01ff4 “safebrowsing-cache.google.com”, af=0x0, flags=0x8020) at prnetdb.c:2026
#11 0xb7267940 in nsHostResolver::ThreadFunc (arg=0x92d9fd8) at nsHostResolver.cpp:697

Thread 1 (Thread 0xb7d4b6d0 (LWP 4243)):
#0  0xb8003422 in __kernel_vsyscall ()
#1  0xb7fe30e5 in [email protected]@GLIBC_2.3.2 () from /lib/tls/i686/cmov/libpthread.so.0
#2  0xb7c94ed9 in PR_WaitCondVar (cvar=0xcd1ebf8, timeout=0xffffffff) at ptsynch.c:405
#3  0xb7c94f57 in PR_Wait (mon=0xd47d178, timeout=0xffffffff) at ptsynch.c:584
#4  0xb726621b in nsDNSService::Resolve (this=0x92d4b00, [email protected], flags=<value optimized out>, result=0xbff19ac0) at nsDNSService2.cpp:49

So, we have a thread that is resolving “safebrowsing-cache.google.com” and another thread waiting for this hostname to be resolved. Could this be an issue?

Back at the command line, is there an issue with this domain name? Checking on my local computer:

$ host safebrowsing-cache.google.com
;; connection timed out; no servers could be reached

Trouble at Google? I must confirm that, so I login to one of my servers and run the same command:

$ host safebrowsing-cache.google.com
;; Truncated, retrying in TCP mode.
safebrowsing-cache.google.com is an alias for safebrowsing.cache.l.google.com.
safebrowsing.cache.l.google.com has address 74.125.10.92

Works fine, but what does Truncated, retrying in TCP mode mean? I will investigate that later.

Apparently the company firewall is unable to resolve this domain name, at least for the time being. Google Safe Browsing is built into Firefox 3, so how do I disable it? I looked in about:config and yes, there was a setting called browser.safebrowsing.enabled set to true. I set it to false and… Firefox still froze. Looking at about:config again, I found browser.safebrowsing.malware.enabled and set that one to false as well. Now I am able to write this blog post!

Disabling these configuration options is only curing the symptoms, not the disease. But can I cure an enterprise DNS server that fails to handle truncated responses? I doubt it.

To upgrade or not to upgrade?

I have updated a couple of my Ubuntu 8.10 (Intrepid) installations to Ubuntu 9.04 (Jaunty) but not yet my primary laptop. I was about to do that tonight (isn’t starting something at 22:00 a grea idea?) but the upgrade procedure showed me the message below, making me postpone the upgrade and write this blog post instead:

This computer is currently using the AMD ‘fglrx’ graphics driver. No version of this driver is available that works with your hardware in Ubuntu 9.04.

My graphics card (three years old by now) is described by lspci as an ATI Technologies Inc M56GL [Mobility FireGL V5200] and apparently these are no longer supported by the properitary fglrx driver. The Open Source radeon driver is rumoured to be pretty good these days but “never change something that works” is pretty useful on laptop where for example Suspend should work.

Speaking of the graphics card, dual-head with my LG L1510SF touch screen monitor works, but the touch stuff needs some tweaking and I’ll get back to that in another blog post.

The power of greylisting is aided by whitelisting

I’ve been running gld for more than two months now and it is truly efficient. The current statistics say:

# of entries in the database         : 16077
# of one hit entries in the database : 15100
Oldest entry in database             : 65 days ago

This means that almost 94% of the attempts to send mail through my server are only made once!

Unfortunately Facebook and Google Mail do not play well with greylisting, as attempts that are told Service temporarily unavailable, please try later by greylisting are very likely to be retried from a different IP. I’ve made a little script that scans /var/log/mail.log for such mail servers and add them to the gld whitelist table.

Now running Ubuntu 8.04 “Hardy Heron” on this server too

I had to mess around a lot with the upgrade, and when the upgrade was finished at last, the reboot failed so I had to get physical access to the machine. Strangely enough, when I rebooted it once more it worked fine!

The main issue with the upgrade was problems with verifying the hash of both package lists and packages. Some apt bug probably, but I don’t prioritize further investigation right now…

My new mail server got listed in Spamhaus XBL

The network owner where I have my current server is not very good at maintaining proper DNS and reverse-DNS records (!), and I consider it to be really important for mail servers to have those properly configured. In order to workaround this issue I’m now renting a Virtual Private Server (VPS) that allows me to set the reverse-DNS record myself, and that is the new SMTP server for my domains.

I checked the mail log from time to time to see that things were working properly, and after a while I noticed that a number of SMTP servers were refusing mail to me. My server had been listed in The Spamhaus Exploits Block List (XBL) for some reason! Why?

My server was actually listed in the Composite Blocking List (CBL), and it was listed because it sent a bad  HELO in its SMTP conversation. After a minor wild goose chase I realized that I simply had forgotten to change myhostname in /etc/postfix/main.cf from the default! I corrected the hostname setting in postfix, verified that HELO  was correct, requested unlisting from CBL and things worked fine the next day.

Highway to Dell, part six

(Continued from Highway to Dell, part five.)

Yesterday I noticed a problem with ssh on the Dell Inspiron 1525: I could ssh in any direction between the laptop and other computers on the same wireless network, but not to a computer outside of the wireless network. The issue was already reported as Bug #237894: I cannot connect to any server. Conection hangs up at "channel 0: open confirm rwindow 0 rmax 32768". The solution – as documented in the comments to the bug report – is easy but a bit unexpected: Disable the wl driver and use ndiswrapper for the wireless network interface! As I already had ndiswrapper working in Ubuntu 7.10, i only had to reboot after disabling the wl driver and the ndiswrapper was used instead and ssh worked!

Highway to Dell, part five

(Continued from Highway to Dell, part four.)

My wife upgraded the Dell Inspiron 1525 to Ubuntu 8.04 ("Hardy Heron") the other day and as far as I know, everything works fine after correcting the No Sound After Distribution Upgrade issue. I still haven’t upgraded my Thinkpad T60p from Ubuntu 7.10 and it makes be both proud and a bit annoyed that she’s running a more recent Ubuntu release!

Update Continued on Highway to Dell, part six.

Amazon Web Services used for ssh login attempts

I get ssh login attempts almost daily, mostly from DSL, asian or eastern european IP addresses but this one caught my eye:

 Illegal users from these:
    75.101.221.220 (ec2-75-101-221-220.compute-1.amazonaws.com): 210 times
       admin/password: 16 times
       test/password: 15 times
       tester/password: 15 times
       testing/password: 15 times
       guest/password: 14 times
       adm/password: 6 times
       administrator/password: 5 times
       .
       .
       .

It comes from Amazon Web Services! I thought that "cloud computing" for these attackers meant "bot network", but maybe that is not the case?

Let’s see what their abuse support says!