so here we go again.

Posted on by
Reply

Docker is going nuts after I had to reboot for some ‘critical’ update for something else.

Looks like it’s going crazy regarding ARP:

07:27:18.632243 ARP, Request who-has 172.17.0.4 tell 172.17.0.2, length 28
07:27:18.632275 ARP, Reply 172.17.0.4 is-at 02:42:ac:11:00:02, length 28

Of course the weird thing is that 172.17.0.2 doesn’t need to talk to 172.17.0.4 at all.

I keep getting this on the db server:

2018-04-11 9:11:30 139923730724608 [Warning] Aborted connection 4226 to db: ‘virtuall_wp152’ user: ‘root’ host: ‘172.17.0.3’ (Got timeout reading communication packets)

which of course is up the entire time.  restarting either the web server or the db server puts me up for seconds at a time.

So while I move stuff around, and get ready for a re-install of my base OS, as I can’t seem to figure out why the bridge has freaked out, if you can read this, then the sloppy.io container thing is actually working.  And at least on the surface, moving container persistent storage, along with a DNS update looks pretty quick.

WinFile comes back from the dead.

Posted on by
8

WinFile!

Yes, this WinFile.  So Microsoft apparently went through their Windows NT 4.0 source code tree from 2007, and decided to pull this tool out, and send it out into the world.  It’s available in a ‘original’ version, and a ‘v10’ version which includes the following enhancements:

  1. OLE drag/drop support
  2. control characters (e.g., ctrl+C) map to current short cut (e.g., ctrl+c -> copy) instead of changing drives
  3. cut (ctrl+X) followed by paste (ctrl+V) translates into a file move as one would expect
  4. left and right arrows in the tree view expand and collapse folders like in the Explorer
  5. added context menus in both panes
  6. improved the means by which icons are displayed for files
  7. F12 runs notepad or notepad++ on the selected file
  8. moved the ini file location to %AppData%\Roaming\Microsoft\WinFile
  9. File.Search can include a date which limits the files returned to those after the date provided; the output is also sorted by the date instead of by the name
  10. File.Search includes an option as to whether to include sub-directories
  11. ctrl+K starts a command shell (ConEmu if installed) in the current directory; shfit+ctrl+K starts an elevated command shell (cmd.exe only)
  12. File.Goto (ctrl+G) enables one to type a few words of a path and get a list of directories; selecting one changes to that directory. Only drive c: is indexed.
  13. UI shows reparse points (e.g., Junction points) as such
  14. added simple forward / back navigation (probably needs to be improved)
  15. View command has a new option to sort by date forward (oldest on top); normal date sorting is newest on top

Which is quite the list of things to add to the old WinFile.

You can find the source & binaries on github.

So the source code to the Macintosh port of System Shock was just released

Posted on by
2

It’s the ‘classic’ MacOS. And it requires Code Warrior 10 to build. Apparently its for the PowerPC only, although I haven’t tried to compile it yet, as I foolishly just upgraded to 10.5 on my PowerPC, which of course has no classic support.

Source code is on github, here.

It’s a nice present from Night Dive studios.  I know that many people are mad at their reboot being consumed by feature bloat, but at least they aren’t going down into obscurity.

As always, enjoy!

Anyone in need of bash?

Posted on by
Reply

I found this post the other day, and thought it was interesting.

Date: 13 Apr 91 18:17:44 GMT
Organization: University of Helsinki
Lines: 18

I've recently ported bash to minix-386 (nice, but takes about 300kB of
RAM). It's been "tested" by me using it all the time (good editing and
history - couldn't live without it any more), but I won't make any
guarantees. If anybody is interested in cdiffs against bash-1.05, please
mail me (I'll post if there is enough interest).

The port definitely needs GCC, and 386-minix. ST-minix will probably
work as well (I've sent it to one ST-minixer), after changeing a #define
LITTLE_ENDIAN to BIG_ENDIAN. If the port already has been done by
someone else - just ignore this message.

		Linus Torvalds		[email protected]

PS. I've hacked the kernel to accept gcc-compiled programs directly
without going through gcc2minix, but I haven't tested it very much yet
(bash works though, so most things probably will). Changes are trivial,
mail me if interested. (And yes - it accepts old minix format too - you
don't have to recompile everything :-)

Naturally it’s about the impending birth of Linux.  First he needed to get GCC running under Minix 386, but I didn’t know at the time that he had patches floating around to allow Minix to directly run the GCC A.OUT format executables.

Scary to think that if Minix had allowed submissions and ‘bloat’ that Linux would have never been.

On the other hand, much like 386BSD the backpressure of having some kind of free BSD/UNIX system which did take in submissions was overwhelming, with the false start of 386BSD going the route of Minix and in that first critical year not pulling in any of the additional patches, while Linux grew by leaps and bounds.  By the time the AT&T vs BSDi lawsuit hit, well the game was already in Linux’s favour, even with it’s already fragmented distro base.

1.1.1.1

Posted on by
4

So cloudflare decided to launch their own DNS, on 1.1.1.1 and 1.0.0.1 .  Apparently in a bid to fix global censorship.  I’m on the road, out of China right now, so I can’t test at the moment, but later in the week I’ll be back, and check out how the Great Firewall handles it.

I’m guessing this is another bid to increase their case for being a content neutral safe harbour, although their CEO personally screwed that up last year showing that they can and will police content when it suits them….  Talk about oops.

As always that is the consequence of speech, some people are really secret assholes.  Although by teyitr to go all cultural revolution on them, you end up not only making them maryters, but also prove that they cannot be countered with words, but only through censorship.

This to me is the scary consequence of everything being commercial, and the right of free association.  Even some moron who thinks the moon is made of cheese can still get mail delivery, but will they be able to work, open a bank account, get internet, or even get food?

I other news, dumping Facebook drops cortisol levels after 5 days.  Turns out that hippy paradise of everyone being able to instantly communicate and share is actually a living hell.

Dump Facebook, hit the gym, get a life.

Life moves pretty fast. If you don’t stop and look around once in a while, you could miss it.” — Ferris

Happy April fool’s day.

Update, turns out the DNS works from China.  Naturally none of the sites load.

 
$ nslookup
> www.google.com
Server: 1.1.1.1
Address: 1.1.1.1#53

Non-authoritative answer:
Name: www.google.com
Address: 69.63.180.173
> youtube.com
Server: 1.1.1.1
Address: 1.1.1.1#53

Non-authoritative answer:
Name: youtube.com
Address: 203.98.7.65
>

Re-building old GCC distribution tars AKA patching backwards

Posted on by
1

AKA for everyone but me, who never read the readme.  For some reason I got pointed back to my old GCC 1.27 on MS-DOS article, and wanted to see when the 386 really did first appear, and after a bunch of messing around it was shipped in GCC 1.25

Sat Jul 16 14:18:00 1988 Richard Stallman (rms at sugar-bombs.ai.mit.edu)

* *386*: New files.

So there we are, July 16th 1988!

But looking a the ‘old-releases/gcc-1‘ directory there is no gcc-1.25.tar file! So how to get there from here?  Well the simple answer is to take gcc-1.27, and reverse patch it down using the patches in the patches directory.  The only catch of course is to read prior patches to the reverse to see if any files need to be renamed, otherwise there will be failures… specifically in the file gcc.diff-1.25-1.26

So normally I’ve always patched going up, but with the magical -R flag, you can go backwards!  So taking 1.27 you can go to 1.26 by running

patch -p1 -R < ../gcc.diff-1.26-1.27

And this will take 1.27 and downgrade it to 1.26.  As mentioned above the renames for going from 1.26 to 1.25 needs to be done in reverse:

Before installing these diffs, rename files as follows:

mv typecheck.c c-typeck.c
mv decl.c c-decl.c
mv parse.y c-parse.y
mv parse.h c-parse.h

so do the opposite, and then you can reverse diff.

For anyone who cares I put up the tar files on sourceforge here.

Fun with Empire EFI & OS X 10.6 on Intel

Posted on by
5

Who needs one, when you can have two?

So I wanted to get 10.6.3 running after I somehow ended up with not just one, but two retail copies on my last trip to America… So I’m using the positively ancient Chameleon boot loader, 2.0-RC5 .  I used to use the trendy Empire EFI boot loader, but it’s not working for me anymore with modern CPU setups.

I setup VMWare to use a Windows 10 x64 profile, but removed the hard disk, and re-add it as a SATA drive.  The default SCSI hard disk won’t work at all, but the available SATA works just fine.

Chameleon v2.0-RC5pre7

Boot up the Chameleon boot loader, and then drop to the text prompt (F5/tab) and then put in the following string to the boot loader.

platform=x86pc cpus=1 busratio=7 -v

After a minute or so it’ll boot up, and prompt for a language, afterwards the apple menu will appear, letting us select the disk took, where we can partition & format the disk.

After that it’s just as simple as choosing your options, accepting the license, and then you are off to the install part.

And just like that you are teleported to the magical world of OS X on VMWare.

Personally I like 10.6 as it’s the last version that supported Rosetta, although I guess if you want to run old stuff, you may as well just run 10.4.x in a VM now.  With a copy of Darwin 8.0.1 & 3 disks you can even boot up the deadmoo image, make an image of another deadmoo disk to yet another one, then install Darwin in a much larger disk, then boot back to deadmoo, and restore your 10.4.1 back onto the larger disk, fix permissions, and boot into a larger disk.

phew.

One thing is for sure, it’s a lot of work to get some kind of development machine to mess with WebObjects.  It’s probably easier than buying a G5, but I found yet another one in the States (hence the physical copies of 10.6) and lugged it onto the airplane.  Sigh the suitcase I bought for the trip broke, with one of the wheels coming off the suitcase, and as my G5 was over the 50lb weight limit, I had to pay a $100 USD fee to American Airlines to get my G5 home to Hong Kong.  I packed my “new” Studio Display incorrectly, so the 3rd ‘resting’ leg snapped. Sigh.

Computer Show – Printers

Posted on by
4

Oh sure, it's shameless marketing at it's finest, but wow, it's hitting the 80's vibe pretty hard.

RIP Gary.

Fun with Docker

Posted on by
1

Well it’s not really all that fun.

SO… in the start of the year I had decided I didn’t want to play site admin all day, and went to a hosted platform.  Things went well for a few months, then things didnt go well with constant database issues.

Then we went down hard for over 24 hours.  I was going to move back, but then everything started to work again.  But things had been spiraling down to unusability again.

So instead of just making a big VM like I had done before , I thought I’d try using Docker to host my website, with a few containers, namely each tier separate.

And oh boy does everyone love edge case docker stuff, but when it comes to actually moving something *INTO* docker, its basically you are on your own.

So yes, the http-https redirect is broken.  My categories are all missing. lots of stuff is busted.  And the supergloblamegacorp.com redirect stuff is missing. I’ll have to re-create that one after I get more stuff sorted out.

I haven’t given up yet…

Half of the fun was setting up the haproxy container, which in itself wasn’t so bad, although some times it wouldn’t pick up any config file changes, so I had to destroy it a few times, but naturally once I ask someone to look, and it’s working fine now.

So for the hell of it, here is my haproxy.cfg


global
maxconn 256
defaults
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms

frontend http-in
bind *:80
bind *:443 ssl crt /etc/haproxy/haproxy.pem
http-request set-header Host virtuallyfun.com if { hdr(host) -i virtuallyfun.superglobalmegacorp.com }
http-request set-header Host virtuallyfun.com if { hdr(host) -i superglobalmegacorp.com }
redirect scheme https code 301 if !{ ssl_fc }
mode http
acl host_virtuallyfun hdr(host) -i virtuallyfun.com
acl host_virtuallyfun hdr(host) -i virtuallyfun.superglobalmegacorp.com
acl host_virtuallyfun hdr(host) -i superglobalmegacorp.com
use_backend virtuallyfun if host_virtuallyfun

backend virtuallyfun
balance leastconn
option httpclose
option forwardfor
reqadd X-Forwarded-Proto:\ https
server node1 172.17.0.3:80

I wanted to use Let’s Encrypt to ‘secure’ access to the domains I have, and running the certbot manually…. in a ‘dry run’ I always got this fun and informative error:

NewIdentifier : ACMESharp.AcmeClient+AcmeWebException: Unexpected error
+Response from server:
+ Code: BadRequest
+ Content: {
“type”: “urn:acme:error:malformed”,
“detail”: “Error creating new authz :: DNS name does not have enough labels”,
“status”: 400
}

Which of course got me absolutely nowhere searching.  I thought it may be docker screwing things up, so I shut it down, and fire up an old fashioned standalone copy of Apache, and run the following:

certbot certonly –dry-run –non-interactive –register-unsafely-without-email –agree-tos –expand –webroot –webroot-path /docker/wordpress/html –domain virtuallyfun.com –domain virtuallyfun.superglobalmegacorp.com –domain superglobalmegacorp.com

And get the same result.

I get to the point of absolute frustration, and just decide to forget the dry run all together, as I know I can run it at least 5 times a day before I get banned, for a while, but maybe I’ll get something more useful.

# certbot certonly –non-interactive –register-unsafely-without-email –agree-tos –expand –webroot –webroot-path /var/www/html –domain virtuallyfun.com –domain virtuallyfun.superglobalmegacorp.com –domain superglobalmegacorp.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for virtuallyfun.com
http-01 challenge for virtuallyfun.superglobalmegacorp.com
http-01 challenge for superglobalmegacorp.com
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0000_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem

IMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/virtuallyfun.com/fullchain.pem. Your cert
will expire on 2018-06-26. To obtain a new or tweaked version of
this certificate in the future, simply run certbot again. To
non-interactively renew *all* of your certificates, run “certbot
renew”
– If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

Except it actually worked.

Creating the needed haproxy.pem is simple as:

cd /etc/letsencrypt/live/virtuallyfun.com/
cat fullchain.pem privkey.pem > /docker/haproxy.pem

To put the needed key along with the certs.  Naturally when this expires I’ll have to scramble to figure out how I did this.

Managing docker is fun as well. I went ahead and tried out portainer.io, which  naturally deploys as a container.  And it can manage remote servers, which I though was a plus as that means I could deploy it in my office, then simply connect to my server.  But that is where I found out that the config files for Debian are hard coded to always listen on a local socket, which breaks setting the proper JSON file to tell it to listen on a socket, and TCP/IP.  So just edit /etc/systemd/system/docker.service.d/docker.conf and either hard code it all there, or remove it from there and place it in /etc/docker/daemon.json

As always documentation is conflicting and all over the place.

My current feelings about docker…