Writings Photos Code Contact Resume
GNU/Linux

You are here

The spammer or a DoS attack ? Doesn't really matter.

Submitted by msameer on Sun, 10/09/2006 - 6:55pm

So, I'm still a hardcore GNU/Linux administrator after all ?!

Apache "The webserver" is down. Looks like the master process gets killed by the kernel. That's weird.

Now what's interesting is the dmesg output:

TCP: Treason uncloaked! Peer 62.68.70.130:62537/80 shrinks window 1681427947:1681430707. Repaired.
TCP: Treason uncloaked! Peer 62.68.79.66:61105/80 shrinks window 288684489:288684490. Repaired.
TCP: Treason uncloaked! Peer 62.68.79.66:61107/80 shrinks window 285018062:285018063. Repaired.
TCP: Treason uncloaked! Peer 62.68.79.66:61137/80 shrinks window 282542156:282542157. Repaired.
TCP: Treason uncloaked! Peer 62.68.79.66:61161/80 shrinks window 305746809:305746810. Repaired.
TCP: Treason uncloaked! Peer 62.68.79.66:61185/80 shrinks window 341351133:341351134. Repaired.
TCP: Treason uncloaked! Peer 62.68.79.66:61213/80 shrinks window 356410419:356410420. Repaired.

Looks like the peer is playing bad games with my TCP/IP stack. Decreasing the window size. I guess that's why apache was holding too many connections. Something like 119 connections.

netstat output was interesting:

     88 CLOSE_WAIT
     21 SYN_RECV

I wouldn't know but I guessed that the high number of SYN requests is due gto the high number of half closed sockets.

The problem is that after I've decreased the CLOSE_WAIT time via:

echo 2 >  /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close_wait

The number of TIME_WAIT started to increase.

echo 10 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_time_wait

Of course all the above might be incorrect or even nonsense. Let's see.


On Gentoo.

Submitted by msameer on Tue, 04/04/2006 - 7:19pm

Gentoo is a GNU/Linux distro characterized by building all your software from the source code, Gentoo users often claim how much speed boost they got, Forgetting the long time they had to spend building the software. They also like to use weired optimization flags when they build the software resulting in breakage of the system.

A lot of people especially me like flaming Gentoo users, OK. I was tired, I'm not getting enough skeep since the beginning of this week, I was missing my evening coffee and I was hungry. I wrote this to CVirus on the EGLUG IRC channel:

C. Gentoo was our gatekeeper oneday
he also used to clean the cars in the mornings
get us the plumber whenever we asked him to
and many other things
after that he worked as a pimp under Mr. F. O. S. S.'s supervision




و الله هزلت

Submitted by msameer on Tue, 07/03/2006 - 8:37pm
$ btdownloadheadless --minport 8000 --maxport 8100 --max_upload_rate 3 fekh\ el\ sonna.torrent

ERROR:
got bad file info - path ~$ام المنة في تخريج أحاديث فقه السنة لمحمد ناصر الدين الالباني.doc disallowed for security reasons

جاء اليوم اللى يقاللى فيه لا من برنامج علشان السيكيوريتى

لا و ايه ؟ على جنو/لينوكس


تدقيق املائى من كلمات المصحف الشريف

Submitted by msameer on Sat, 04/03/2006 - 1:10am

اوكى

بصراحه نفسى اقول كلام كتير لانى فى حالة من الضيق لا يتخيلها احد
المهم

ده ملف قاموس للمدقق الاملائى aspell انا عملته من نص القران الكريم

فك ضغط الملف فى "/usr/lib/aspell" او دور بنفسك aspell بيدور على القواميس فى انهى داهيه و لو ما عرفتش ولع فى نفسك و بطل تستخدم لينوكس يا حمار

كان هدفى ان اعمل قاموس عربى ل aspell علشان نتنيل نعرف نعمل تدقيق املائى للعربى "و الله نفسى اشتم بجد" لان ى اكتشفت ان بغداد مش هاينفع و هابقى اكتب بوست ليه مش هاينفع

اللى طلعها فى دماغى انى اقوم و اعملها رغم انى كنت ناوى ماعملهاش "لانى محبط من ال community العربى" اسلام.

المهم جبت كلمات المصحف كلها و عملت منها قاموس بس خد بالك لو هاتستعمله ان فيه كلمات كتير غلط هايعديها و يقول عليها صح علشان الرسم العثمانى بتاع المصحف

عمرو غربية وعدنى انى هايبعتلى ملفات صح و هاعمل منها قاموس ينفع للعربى المعاصر

و علشان كده انا مش هادى للناس ال ملفات الاصليه اللى عملت منها القاموس و اللى مش عاجبه يخبط دماغه فى الحيط

و مش عايز اى حد يسالنى على الداتا لانى مش هاديها لحد. اسف

يا رب نفسى اتخانق مع حد


توغيد البقر!

Submitted by msameer on Fri, 03/03/2006 - 3:05pm

من الاخر

فيه ولامؤاخذه كلمات قليلة الادب فى البوست دى فاللى بيتضايق او بيتكسف او .... ما يكملش!!

كنت قاعد انا و محمد حازم و كريم قناوى و اسلام عامر

كان اهم مشروع طلعنا بيه هو احياء لحاجه كنت ابتديتها انا و علاء من كام سنه فى قعدة عربده

الا وهى اننا نحاول نعرب اسامى اوامر الجنو?لينوكس
فمثلا touch تبقى "حَسّسْ" و كده

اللينك اهى و كل واحد من حقه يحط اللى عايزه الصفحه لسه بسيطه بس انا عملتها سلق بيض فى نص ساعه و انا نايم على نفسى بعد ما رجعت!

سميه فراغ سميه قلة ادب سميه ضياع وقت سميه زى ما تسميه
ناس فاضيه و ماوراهاش حاجه ؟ حد عنده مانع ؟ حد نفسه فى حاجه ؟

تانى حاجه كنا اتكلمنا فيها رغم ان ليس لها علاقه بالى فوق ده:

فرعونكس متسنيه على اسم فرعون و انا فاكر فيه واحد على احد منتديات الجهل العربية قال لما سمع بيها: لم يجد غير اسم هذا الطاغوت ليسمى باسمه ؟

ففكرنا ان لو عملنا فرعونكس ب KDE و هى واجهة مستخدم اخرى لجنو لينوكس يكون اسمها "كفرونيكس" !!!!!!!!!!!

انا لسه صاحى من النوم :-)

صباح الخير!


Lighty powering foolab.org

Submitted by msameer on Sat, 18/02/2006 - 10:58pm
Yes, I've discovered that Lighttpd is now in Debian, I grabbed the sarge backport from backports.org and here it is!
Probably you won't notice anything, Maybe the server'll be a bit faster. But for me, I can serve more requests now as lighty is more lightweight than Apache ;-)
Graphs ? Generated every minute. ;-)


As you can see, I don't have much requests but why not use something that can allow me to expand ? :-)
Probably I won't leave the graphs for long, I'm just enjoying the rrdtool module of lighttpd!

Linux 2.6 SUX!

Submitted by msameer on Sat, 18/02/2006 - 2:04am

First, I know that I should STFU because I'm not going to write a patch to fix it but I can't as I'm not a kernel developer and the knowledge I have about the kernel development is the same as the knowledge I have about T.V internals ;-)

Really 2.6 is annoying, I don't know what's wrong with Linus. Yes thanks Linus for releasing Linux as a GPL'ed kernel and for working on it but you still suck :-)

A few days ago I went to the office, Powered on my laptop, startx and errrrrrr. I'm not allowed to startx. WTF ?

After digging around for some times I discovered that the Xwrapper.config file has been replaced by a strange file, I discovered later that it was the fonts.dtd file from the fontconfig package. WTF !!

Simply, I fixed the file and managed to startx, Something wrong with the colors ? I finally discovered that the rgb.txt file has been truncated. I also discovered that a lot of directories has been turned into files. I was sure that someone didn't crack my laptop. After I fixed this, I was trying to switch my keyboard layout to Arabic but it didn't work. Open a terminal and damn! "setxkbmap" is crashing, Google told me that some files might be missing. I reinstalled the relevant debian packages and it worked.

I had to stop and consider it, Is it a file system corruption ? I never had this with Linux before. I rebooted using a live CD, Ran fsck but it was fine. Odd!

I booted my normal system back and started to work, I'm a full time employee after all and this suck when you want to poke around :-)

Never mind, I'll have a detailed look later.

I was doing something when I suddenly got a message on the terminal and the file system was remounted read only by the kernel.

ext3_free_blocks_sb: bit already cleared for block

Enough is enough, The night before I installed the 2.6.15 kernel from sid. Now I can say that it might be a corruption in the kernel data structures. I rebooted and fsck again, shit I never had any entries in my lost+found directory since I swotched to linux, Now I have something like 22 Megabytes.

That's it, I downgraded the kernel to the 2.6.15 from testing, kept rebooting and running fsck until it stopped reporting filesystem errors.

Now what ? I'm not going to reinstall ? Sure no.

I need to verify all the packages, I found debsums but I also discovered that not all the packages install an md5sum for their contents.

At that point I decided to go home.

I used debsums to verify all the packages with md5sumsand reinstalled all the packages with corrupted or missing files. I then reinstalled all the packages without md5sums for 2 reasons:
1) I can't tell whether they contain corrupted files or not.
2) To allow debsums to generate md5sums for them.

Now the only problem is that the md5sums files might be corrupted too but I decided that I'm still lucky ;-)

Everything was fine but I was really considering FreeBSD but then I thought about it again, I can't use it without trying to contribute but I don't like to contribute to a code under the BSD license which can be closed anytime.

Also, I won't be using stable, I'll be using release which is equivalent to Debian testing, It's also my fault that I used a kernel from unstable but come on, That's Linux, We are not talking about windows here. I mean even so, It should be stable.

Sure I wish I can report this as a bug but how ? I don't have any information to report.

The other problem is: How the hell am I supposed to use such a kernel when it enters testing ?

I can't also compile from source again for 2 reasons:
1) I've been building from source since the late 2.2, I tried building 2.6.15 some time ago but damn, mutt wasn't able to open my main inbos, grep complained about inability to allocate memory when I tried to grep through the ~500 MB file. Something is wrong and this makes me afraid.

2) If such a bug is there when we have a team of people maintaining the Debian package, How can I be sure that I won't hit something more sever when I'm on my own ?

I know that everything can have bugs but the filesystem driver ? Isn't this too much ??