If you send enough e-mails, you’ll find that your process table is full and your machine just won’t work properly.
Filed as rdar://6451715.
]]>Jun 23 10:19:16 server servermgrd[303]: Got error -9845 for SSLHandshake Jun 23 10:19:16 server servermgrd[303]: Exception in threadListen: Socket: Connect failed
Server Admin’s error message wasn’t much help either; it just insisted that there was no server at that address (not true).
In the end it turned out that a certificate, together with its private key, had somehow ended up in the System keychain. And servermgrd stupidly picks up any such certificate (presumably at random, as I certainly didn’t specify which one to use anywhere) and tries to use it when performing an SSL negotiation.
Deleting this rogue certificate from the System keychain seems to have fixed the problem and I can now admin the server again with Server Admin, rather than having to use the command line and a text editor.
]]>Interestingly, though, I notice that it’s now being hosted directly in IP space belonging to Infinite Technologies. For those who don’t know, Infinite Technologies are colluding with the people running MSJ. How do I know this? Well, because we complained about MSJ to the ISP that they were using, who told us that it was being hosted by one of their clients and passed on our complaint.
In response, I got an e-mail from Ganesh Rao, who styles himself “Head of Network Operations/Network Architect”:
From: Ganesh Rao Subject: Re: macserialjunkie.com Date: 17 July 2008 17:26:42 BST To: Alastair Houghton
Hello Mr. Houghton,
And how are you related to this site or its activities?
Kind Regards,
Ganesh Rao
Head of Operations/ Network ArchitectInfinite Technologies
FF-2, #17, 5th Main
Airport Road
Bangalore 560 017W: www.InfiniteTech.in
P: +91.991-697-1255
E: [redacted]
Seems friendly enough, right? Well I explained what MSJ was and what id did and that I didn’t think that any ISP that claimed to be supportive of copyright should be hosting such a website. Ganesh replied:
From: Ganesh Rao Subject: Re: macserialjunkie.com Date: 22 July 2008 22:15:03 BST To: Alastair Houghton
Hello,
I contacted the webmaster, nothing of what you claim that the site hosts is true.
Please let me know if you have any proof to back your claims.
Kind Regards,
Ganesh Rao
Head of Operations/ Network ArchitectInfinite Technologies
FF-2, #17, 5th Main
Airport Road
Bangalore 560 017W: www.InfiniteTech.in
P: +91.991-697-1255
E: [redacted]
I found that quite offensive—basically Ganesh Rao was calling me a liar—and I said so. Eventually the conversation ended with
From: Ganesh Rao Subject: Re: macserialjunkie.com Date: 23 July 2008 14:28:29 BST To: Alastair Houghton
Hello,
You are too confident Mr. Houghton. Do you think your the first and only one trying to do this?
If as you assume this is going to be easy, your mistaken. We have connections with multiple Swedish ISPs. If we feel any discomfort from you, transferring data over to one of them and shredding this one wouldn't be too hard. You'll now end up fighting a case in Sweden, and perhaps some other country after that. Quite frankly - I don't see a point with this.
And to answer your question directly: no action will be taken on the site :)
Your best bet (and most economical) will be to contact the webmaster and have content you find uncomfortable removed.
Kind Regards,
Ganesh Rao
Head of Operations/ Network ArchitectInfinite Technologies
FF-2, #17, 5th Main
Airport Road
Bangalore 560 017W: www.InfiniteTech.in
P: +91.991-697-1255
E: [redacted]
Notice that the tone has changed completely. Originally Mr. Rao was trying to make it seem as if he had no relationship with Macserialjunkie. But in this final e-mail the relationship is obvious. He talks about how “we” have connections with multiple Swedish ISPs, and about how easy it would be to transfer the data over to one of them.
Anyway, after forwarding this to the upstream ISP, it seems that action was eventually taken to kick MSJ off the servers they were using. It has, of course, resurfaced, but this time at 94.100.27.140, which (surprise surprise) is registered to none other than Infinite Technologies and in particular Mr. Ganesh Rao:
OrgName: RIPE Network Coordination Centre OrgID: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL ReferralServer: whois://whois.ripe.net:43 NetRange: 94.0.0.0 - 94.255.255.255 CIDR: 94.0.0.0/8 NetName: 94-RIPE NetHandle: NET-94-0-0-0-1 Parent: NetType: Allocated to RIPE NCC NameServer: NS-PRI.RIPE.NET NameServer: SEC1.APNIC.NET NameServer: SEC3.APNIC.NET NameServer: TINNIE.ARIN.NET NameServer: NS.LACNIC.NET Comment: These addresses have been further assigned to users in Comment: the RIPE NCC region. Contact information can be found in Comment: the RIPE database at http://www.ripe.net/whois RegDate: 2007-07-30 Updated: 2007-08-07 # ARIN WHOIS database, last updated 2008-11-23 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database. % This is the RIPE Whois query server #2. % The objects are in RPSL format. % % Rights restricted by copyright. % See http://www.ripe.net/db/copyright.html % Note: This output has been filtered. % To receive output for a database update, use the "-B" flag % Information related to '94.100.27.0 - 94.100.27.255' inetnum: 94.100.27.0 - 94.100.27.255 netname: INFINITE-TECH descr: INFINITE-TECH country: NL admin-c: ITGR-RIPE tech-c: ITGR-RIPE org: ORG-ITPL2-RIPE status: ASSIGNED PA mnt-by: ITECH-MNT mnt-lower: ITECH-MNT mnt-domains: ITECH-MNT mnt-routes: ITECH-MNT source: RIPE # Filtered organisation: ORG-ITPL2-RIPE org-name: Infinite Technologies org-type: OTHER address: Postbus 964 address: 5000 AZ, Tilburg address: The Netherlands remarks: +-------------------------- remarks: Abuse Complaints = Email Only remarks: Technical Support = Email & Phone remarks: +-------------------------- abuse-mailbox: abuse@infinitetech.in mnt-ref: ITECH-MNT mnt-by: ITECH-MNT source: RIPE # Filtered person: Ganesh Rao address: PO Box 964 address: Tilburg, 5000 AZ address: The Netherlands phone: +31-(0)13-2202617 fax-no: +1 (408) 856-2445 abuse-mailbox: abuse@infinitetech.in remarks: +-------------------------- remarks: Head of Operations remarks: Technical / Sales / Abuse Dept. remarks: +-------------------------- nic-hdl: ITGR-RIPE mnt-by: ITECH-MNT source: RIPE # Filtered % Information related to '94.100.16.0/20AS35017' route: 94.100.16.0/20 descr: PL-SWIFTWAY-20080709 origin: AS35017 mnt-by: swiftway-mnt source: RIPE # Filtered
Their new upstream ISP appears to be Swiftway, a Polish firm that for some reason uses a UK domain name for its site. It seems unlikely that hosting MSJ is something that is allowable under Swiftway’s Acceptable Use Policy, since it (MSJ) clearly is used “to distribute…material in violation of applicable law…in a manner that will infringe the copyright…of others”.
]]>Or it would be if it weren’t falling foul of the limits on the Google App Engine beta :-)
]]>This, it seems to me, would be perverse (as indeed are interest rate cuts in the first place). We arrived in the current economic mess as a direct result of interest rates that were too low over a sustained period because of a failure to take into account the boom in the housing market, both here and in the United States; had the banks not been busy shifting the risk onto others, perhaps money would not have been lent inappropriately even under those conditions, but the combination of the two has turned out to be a disaster for the world economy.
The fix for these problems is twofold. It was clear that the only way to solve the crisis in the banking sector was recapitalisation, whether through mergers, takeovers, outside investment or—preferably as a last ditch alternative—state investment in banks. The alternative would be to allow banks to go bust, taking peoples’ savings with them; this is political suicide and therefore unthinkable to the modern political class, not to mention terribly unpleasant for the people whose money would be lost.
But the underlying problem of the overheating housing markets on both sides of the Atlantic can only be tackled by taking real estate prices into consideration when setting interest rates. And, to date, the Bank of England has still not been instructed to include house prices in the measure of inflation it is supposed to be working to keep at a low rate.
We should not be making rate cuts at the moment, let alone forcing lenders to pass on those rate cuts to consumers. To make rate cuts when the problem is excessive debt and when housing is still significantly overpriced is simply madness.
]]>This is annoying for three reasons:
Anyway, Mr. McCain, whoever is doing your e-mail campaign is doing you and your party a disservice. Spamming people isn’t going to make them vote for you; it’s going to make them vote for someone else. Probably Barack Obama.
(Of course, some may say, well, so much the better. I don’t really have an opinion on who the United States should elect as their next president. I suspect it will be Obama, and I hope therefore that he turns out to be a good choice for the American people.)
]]>To my mind, this is highly undemocratic. If there is a problem with MPs’ security, we already have a solution—posting a policeman outside their home. But without knowing MPs’ home addresses, telephone numbers etcetera, there will be no way for their constituents to contact them in an emergency.
It seems to me that some MPs have forgotten that their primary duty is to serve their constituents, and that they are supposed to make themselves accessible, not inaccessible, to those same people.
If MPs are not going to be required to publish their personal contact details, then they should be required instead to provide a method of contacting them directly that is guaranteed to work 24 hours a day, 7 days a week, 365 days a year.
]]>Unfortunately, there is very little documentation in Xcode itself relating to the unit testing feature. In fact, all I can find is the pointlessly short Xcode Unit Testing Guide.
It’d be really handy if the various STAssert macros were documented in the API documentation; constantly having to open up the SenTestCase_Macros.h header file is a bit of a pain, frankly. Since it’s now possible to put third-party docs into the Xcode Documentation window, perhaps someone will take the time to document the various macros?
But it isn’t nearly as much of a pain as the fact that there is no explanation anywhere of how to run your unit tests from the command line, or indeed how to debug a failing unit test.
Trying to run a unit test from the command line can be a real headache. Especially if the machine you’re testing on happens to be 64-bit capable, because when you try to run otest from the command line, OS X will choose the 64-bit variant, which probably won’t match the test bundle. Either way, if you’ve tried this and you haven’t seen error messages like “no suitable image found” or “GC capability mismatch”, frankly you’ve been very lucky.
The best way to show how to avoid these problems is probably to give an example, so here goes:
$ find . -name '*.octest'
./build/Debug/MyTests.octest
$ export OBJC_DISABLE_GC=YES
$ arch -i386 /Developer/Tools/otest ./build/Debug/MyTests.octest
The first line finds the test bundle. You don’t really need to do this every time (or at all, if you know where it is already).
The second line disables GC; this is optional, but if the code you are testing doesn’t support GC and the version of otest on your system was build with GC enabled, you need to disable it as shown here or you’ll get a “GC capability mismatch” error. If you’re seeing “GC capability mismatch” and your code is build to require GC, you probably need to update your version of Xcode (3.1.1 comes with an otest that does work with GC) or if that isn’t an option you could build a suitable otest binary yourself.
The third line is where things really get interesting. You can’t rely on just running otest, since the system you’re running on might choose the wrong architecture for your test bundle. Fortunately Apple has provided the arch command (see man 1 arch), which lets you ask for a particular architecture when running something from the command line. In the example, I asked for 32-bit x86, but I might just as well have asked for any number of other things.
If you’re unlucky enough to be trying to debug a framework unit test, you’ll also be having problems at this point with the system not finding the framework. To fix this, you can add something like
$ export DYLD_FRAMEWORK_PATH=`pwd`/build/Debug
to the above set of commands.
OK, so we know now how to run the unit tests from the command line. How do we get them to run in GDB? Simple. Something like
$ gdb -arch i386 /Developer/Tools/otest GNU gdb 6.3.50-20050815 (Apple version gdb-962) (Sat Jul 26 08:14:40 UTC 2008)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-apple-darwin"...Reading symbols for shared libraries ...... done
(gdb)
Notice the -arch i386 at the top… that sets the architecture, which you need to do at the GDB command. Then we proceed as before, but this time using GDB commands rather than shell script
(gdb) set environment DYLD_FRAMEWORK_PATH=/Users/alastair/Source/UnitTestTest/build/Debug
(gdb) set environment OBJC_DISABLE_GC=YES
(gdb) set args ./build/Debug/MyTests.octest
(gdb) run
Again, the DYLD_FRAMEWORK_PATH and OBJC_DISABLE_GC steps are both optional and whether you need them or not depends on your particular circumstances.
]]>Anyway, I recently went on holiday to Marrakech for a week, staying in a charming little riad just inside the medina walls. I’d describe the accommodation as basic but very pleasant; the staff were friendly, polite and helpful, and aside from the day when the Moroccan government turned the water off everything was pretty good, I’d say.
Marrakech was amazing. Very different from anywhere I’ve been previously. I think it’s become a bit tourist-oriented these days and I also think it’s been largely spoiled by the availability of cheap motorbikes and motorcycles (which the locals drive at breakneck speed through the souk and just about everywhere else as well).
That said, there’s still plenty to see and do, both in Marrakech itself and in the surrounding area. I think my favourite place was Aït Benhaddou, where I maintained my tradition of accidentally putting my foot in the nearest river/stream/pond. Fortunately it was nice and warm, so it dried out quickly.
I have a large pile of photos that I need to go through. I might post a few somewhere—we’ll see.
]]>Essentially the problem is that some types of network link have a smaller limit on the maximum packet size than others. Originally, machines used to simply assume the worst and only transmitted packets of up to 576 octets in size. This was quickly changed so that hosts using TCP/IP negotiate the maximum segment size during connection set-up. However, if there are routers between the two hosts, it is possible that the hosts’ MTU values are higher than the link between the routers.
If that happens, one option is for the routers to fragment the packets. Unfortunately this has several negative effects and has occasionally been deliberately blocked to prevent various types of Denial of Service attack.
A better approach, therefore, would be for the hosts to attempt to discover the MTU of the network path over which they are communicating. To do this, they transmit large packets with the DF (Do not Fragment) flag set. When a router receives such a packet, it is supposed to reply with an ICMP message indicating that the packet was too large and cannot be forwarded. When such a message arrives, the sending host can reduce the MTU of the link as appropriate and retry.
And herein lies the problem. Some sysadmins apparently don’t realise that ICMP messages are required for correct operation and block all of them. Or maybe they just block the one required for path MTU discovery. Either way, doing this breaks things badly and leads to all kinds of weird symptoms that people tend to blame on end users and their ISPs.
There are some tools you can use to investigate if you think this problem is happening to you; scamper seems to be particularly useful. e.g.
alastair$ sudo ./scamper -c "trace -M -P ICMP" -i 10.0.1.1will display the MTU at each point along the route from your machine to 10.0.1.1.
Or you can “just” set the MTU on your machine to a lower value. Unfortunately it is usually tricky to configure a special MTU for accessing the Internet and the usual Ethernet MTU for the rest of your network, and in order to avoid problems you really should have the MTU settings the same for all hardware on your network segment.
]]>Of course, the GPS and 3G features will be useful, particularly in the part of the U.K. where I live because EDGE coverage is patchy so with my original iPhone I ended up having to rely on GPRS which is pretty slow by comparison to EDGE, never mind 3G data. 3G, on the other hand, has pretty wide coverage here in the U.K.
]]>I was a bit worried about having to make the changes to the site because it involved updating some of the important tables in our database, but it all seems to have gone OK… only one “observation” from a customer so far, and I believe that problem is now fixed.
]]>Nor does the fact that these cracked versions could do serious damage dissuade people from downloading them, apparently. We can see from our daily sales figures a drop of nearly 30% since the illegal copies first appeared. Yes, that’s right, 30%.
The worst thing though, worse even than losing 30% of our business to these jerkoffs, is that because the crack was done by an incompetent, the programs could terminate at any time while they’re working on the users’ disks, leaving them with potentially serious filesystem damage. Filesystem damage for which we will be blamed, though it’s not our fault in the slightest.
]]>Sure, iPhone developers have to pay a one-off fee to Apple, and Apple does reserve the right to reject applications if they don’t meet the requirements stipulated in the SDK license agreement. And sure, iPhone does support DRM, something the FSF has been campaigning against for some time, but something the FSF is ill qualified to talk about as it does not, in fact, have any problems of its own with software, music or movie piracy.
I think the most objectionable parts are where the article says things like
iPhone exposes your whereabouts and provides ways for others to track you without your knowledge.
which is nothing less than blatant and unjustifiable scaremongering. Yes, the iPhone 3G has GPS. But in order for an application to use it, the user must agree to a message displayed by the phone. That is, the user is explicitly asked whether to allow an application access to their location.
There is also a claim that
[Fairplay] prevents you from installing free software -- software whose authors want you to freely share, copy and modify their work.
which is total bunk. If authors of Free Software choose to provide a build for the iPhone (and to do that, only a single developer need pay the license fee), they can submit their application to the App Store and Apple will distribute it for free and allow users to install it.
And sure, anyone who wants to modify the application will need a developer license, which they have to pay for. Why is this suddenly a bad thing? Wasn’t it FSF that made the point that Free Software was free as in speech and not necessarily as in beer? And isn’t it also the case that for many platforms those people who build their own versions of Free Software products require the use of commercial tools of some sort?
The go on to say that
Jobs would have us believe that all of these restrictions are necessary.
and he’s right. They are. Why? Because otherwise the iPhone would be full of viruses and other malware within a few months. The way Apple has chosen to do things does have some disadvantages, but it has the major advantage that it’s significantly harder to publish iPhone malware without getting caught than it is to publish malware for other mobile devices.
And as for the theory that Apple is
a single greedy, dishonest and secretive entity
well I think “johns”, whoever he is, needs to grow up. Apple is, of course, a business and is out to make money. That’s what businesses do. But they don’t do it solely for their own benefit; you and I hold shares in businesses, both directly and indirectly (through our bank accounts, our pensions, and a wide range of other investments). If they make a profit, we benefit. Likewise, if we don’t like how they behave, we can turn up at their AGM, or demand that those who represent our interests do so, and demand that they change their behaviour. This modern notion that big business is the Big Bad Wolf is borne out of ignorance, and it’s a great shame that the FSF seems intent on promoting this jaded and inaccurate view of the world.
It’s also a bit rich FUDding someone else and then accusing that other entity of being dishonest.
When I was a student, I used to think I agreed with some of the goals of the FSF. Maybe even most of them. In recent years though, they seem to have become more and more extreme and I now find myself wishing that they would either go back to their roots and forget about all these new things they’re complaining about, many of which have little or nothing to do with the original Free Software idea, or just pack it in and leave the rest of us the hell alone.
I certainly won’t be supporting them in future, and I have no intention of contributing to any of their projects (as I have occasionally in the past).
FSF, you’ve lost my support.
]]>