Fri, 28 Apr 2006
Zeroconf IP addresses
I always wondered why some Windows computers have an IP address from the 169.254/16 prefix. I have even seen this address on Apple and Linux systems. Today my curiousity was big enough, so I have looked up the answer.
Well, this block of IP addresses is allocated for "IPv4 link-local addresses", and the protocol for assigning the address from this block is described in RFC 3927. So far I knew the term "link-local address" in connection with IPv6 only. In IPv6, they are addresses, which are thought to be unique inside the same LAN. It seems that Apple and Microsoft (and Sun too) have decided that they need something similar for IPv4, in order to allow "ad-hoc" peer to peer communication between two "random" neighbour computers, without any prior configuration.
I was surprised that the address allocation protocol described by RFC 3927 is pretty simple and straightforward - usually I do something similar manually when I am on a foreign network without a valid IP address and with no BootP/DHCP server. It works the following way:
- Make up some IP address from the 169.254/16 prefix.
- Send an ARP query for this address.
- If an ARP response is received, restart from the first point, choosing a different IP address this time.
- If no ARP response is received, start using this IP address, and send an gratuitous ARP response.
The RFC 3927 formalizes this algorithm (defining proper timeouts, etc.), and adds a description of what to do when the IP address conflict is discovered later (such as after joining the two previously independent networks). Yes, it is insecure, and prune to the DoS attacks, but it is simple, does not require any type of new packets, and works with legacy hosts.
Thu, 27 Apr 2006
In a different time zone
My car was due to the bi-annualy mandatory technical check-up, so I wondered where it can be done. Well, the list is here at the Ministry of Transportation. However, the control stations in Brno are booked out for several weeks. Mirek suggested that I use the control station in Kunštát.
I called them, and wanted to book up in advance. I was surprised it is not even necessary to book up there. However, it seems that somewhere beyond Brno suburbs there starts a different time zone, which is maybe 3 or 4 hours off from CET :-). For example, on Fridays, the control station in Kunštát is open from 6am till 10am! They seem to completely miss the time when people are active, and they work during the night instead...
Anyway, I have decided to get up in the night, and visit them. The check-up went OK (save a minor oil leakage and a rusty exhaust pipe). I can surely recommend them. Even with 2x 43km drive it took only two hours (I left home at 6:30am and was back in Brno at 8:30am), definitely less than undertaking the check-up in Brno, even with prior booking the time.
Wed, 26 Apr 2006
Japanese input methods
Yesterday I did some experiments with writing Japanese in Linux/GNOME. It turned out it was pretty straightforward and Fedora is well prepared for writing Japanese.
I have installed Fedora without Japanese support, and in order to be able to write Japanese texts, I had to install the following packages:
anthy Canna Canna-libs scim scim-anthy scim-libs
Then I have added
Cannaserver to my system init scripts
chkconfig canna on), added a Smart Common Input Method
server/applet to my
and instructed X11 libs to use SCIM (in my
export XMODIFIERS="@im=SCIM" export GTK_IM_MODULE="scim" export QT_IM_MODULE="scim"
Now, when I choose Japanese from the SCIM applet on my GNOME Panel, I can do the following:
- write Japanese pronnouncation in Latin, and get them transformed to Hiragana (the first screenshot)
- transform words in Hiragana to Kanji (using the spacebar)
- switch between Latin and Japanese using
- switch between Hiragana, Katakana, half-width Katakana, and Latin using
The input methods can surely do more, but for now it is sufficient for basic Japanese (definitely better than using the Character map tool :-).
Wed, 19 Apr 2006
Gnome User Share
In order to explore Avahi a bit further I have decided to find out how the file sharing with Avahi works. I was surprised how simple, elegant, and UNIXish it is:
There is only one simple app needed, the gnome-user-share package (already available in Fedora Core 5). It is then possible to enable and disable sharing (System -> Preferences -> Personal File Sharing), set up a password for reading and/or writing to the share, and that's it. Shared files should be put to the ~/Public directory, and they are immediately visible by other clients (either with Apple systems, or with Linux, using Computer -> Network in Nautilus).
It works the following way: gnome-user-share (which is a very tiny application - 80KB including several message catalogs), has its own minimal Apache configuration file, and it simply starts Apache on a random unprivileged port, with DocumentRoot in the user's ~/Public directory, and with only WebDAV supported. It then publishes the information about the share (name and port number) using Avahi. So the other users can see a new WebDAV share, and can read (and, if needed, also write) this directory. Nothing special, but it is very smart and elegant way to glue existing tools (Apache and Avahi) to do something completely new.
That said, it surely can be improved: the ~/Public directory (if not present) should be created on demand when user enables the sharing, and probably its icon should be placed on a desktop. The directory could also have a special item for disabling/enabling the share in its Properties, and maybe even two alternative icons showing the current state. Also the name of the share can be something better than login's public files (at least use the full name/GECOS field instead of the login name here).
Fri, 14 Apr 2006
Hello, I am Filip Kasprzak:
Filip was born today around 10am. Both Pavlina and Filip are doing well. Filip is still too small, but I hope we will get him home in a few weeks.
Thu, 13 Apr 2006
I have decided to write another anime review. Hope it will be useful for somebody. Let's go to the outer space :-)
In a distant future, the mankind has inhabited the Moon, and it even has a small Mars colony. However, the Mars base is attacked and destroyed by an unknown weapons, which are later given the name Jovian Lizards. One of the inhabitants of the Mars colony, Akito Tenkawa, is found unconcious on the surface of the Earth shortly after the Lizards' attack. The long war between the Earth military forces and Jovian Lizards starts. The enemy seems to have better weapons, and they can even transport them using an instant space jump devices. The situation is really bad for the Earth. In the meantime, a privately owned company Nergal Heavy Industries has secretly developed and built its own space ship, ND-001 Nadesico (image on the right), which could be a welcome help to the Earth defense forces. However, being a private company, Nergal has its own plans with Nadesico. As the captain of Nadesico, Yurika Misumaru, the daughter of the Earth defense forces admiral, is appointed. By a pure coincidence, Akito gets a job as a cook at Nadesico few minutes before launch.
Who are the Jovian Lizards, and why are they attacking the Earth? Will Nadesico crew help the Earth forces, or will Nergal act according to its own secret agenda? How comes Akito appeared on the Earth shortly after the attack on the Mars base? Who killed Akito's parents shortly before the Lizard's attack? And what the last episode of Gekigangar 3 contains?
On the surface, Kidou Senkan Nadesico (Mobile Battleship Nadesico is the translation, and Martian Successor Nadesico is the English title) is a typical crappy space opera, this time as an anime. However, I was surprised that unlike most space operas, the Nadesico story is full of unexpected twists, and the viewer can never be sure what will happen in the next moment. In addition, Nadesico is quite innovative. One of the most original concepts is "anime within anime" - some members of the Nadesico crew enjoy to watch a fictional 1970's-style mecha anime named Gekigangar 3. It then serves as a parody part of the series, as some situations of the real life of the crew are similar to the episodes of Gekigangar 3. Nadesico has quite a lot of interesting characters as well: the child prodigy Ruri, former voice actress Megumi (a character inspired by a real voice actress Megumi Hayashibara, who played Rei Ayanami in Evangelion and Faye Valentine in Cowboy Bebop), ace pilot Akatsuki, and many others. As for the characters: guess where the Full Metal Panic got its character design?
Full Metal Panic (2002) versus Kidou Senkan Nadesico (1996):
On the left: Chidori Kaname (FMP) and Yurika Misumaru (Nadesico)
Upper right: Theresa Testarossa (FMP) and Ruri Hoshino (Nadesico)
Lower right: Sousuke Sagara (FMP) and Akito Tenkawa (Nadesico)
Nadesico is funny - I would say "a pure entertainment". Except that it is often more than that. It is quite serious sometimes (especially in the later episodes), it has an interesting plot, and (strange, strange) the main character is not annoying. The animation is a bit aged (Nadesico was created in 1996). The sound fits the series well, including the opening song of the fictional anime Gekigangar 3, OP and ED songs. There are few filler episodes (such as the episode when Nergal wants to choose a new captain of Nadesico in a singing contest :-). Anyway - I have to admit I liked Nadesico. As for the value, I have rewatched it after some time, and even then I did not find it boring. My favourite character is another pilot, Ryouko Subaru (on the right), and maybe Ruri as well. Nadesico is recommended, maybe except for those who expect a deep, brain-screwing plot like in Evangelion.
After the success of the series, the studio XEBEC even made a bonus for Nadesico fans, an OVA Gekigangar 3: the fictional anime-within-anime has been made real :-). The true sequel of Nadesico, however, is the movie named Nadesico: Prince of Darkness. It is quite short and fast-paced (do not even try to watch it without watching the series first), and it has much darker mood. Even if you are suspicious about any movie-as-a-sequel, give it a try. I think I liked Prince of Darkness even more than the series itself. And (minor spoiler ahead:) in the movie, Ruri is a captain of new Nadesico B.
Oh, and by the way, Ruri thinks you are a complete fool :-)
- Project Schiaparelli - a comprenehsive Nadesico fansite.
- Nadesico at AniDB
- Nadesico at AnimeNfo
- Anime Planet's similar animes
Wed, 12 Apr 2006
Open Recursive DNS servers
The slow but steady change of the Net from the cooperative network to the hostile environment full of fscking bastards continues: it seems the bad guys are using DNS servers as bandwidth amplifiers for DDoSes. Even CZ.NIC warns about open recursive DNS servers.
I thought that open recursive DNS servers are not a big threat (at most 10-fold bandwidth amplification, maybe less, low power of DNS servers, etc). So we had our DNS servers open. I often [ab]use this when I am on some foreign network where the DNS servers are not known (misconfigured DHCP or whatever), and I use our DNS servers in such situations.
Now it seems it is time to disable recursion for foreign IP addresses, and as for my laptop - I guess I will just install a cache-only DNS server there.
However, even with legal DNS queries it is possible to get a decent bandwidth amplification - for example, the query for our domain with RR type any is some 56 bytes, while the reply has 382 bytes - i.e. nice 6.8x amplification (with anonymization as a "nice" bonus). I don't think open recursion is the problem here. The problem is the connection-less nature of the UDP-based protocols. I am not sure about the solution, however. Maybe the TCP-only DNS even at the cost of higher bandwidth and resource usage, and higher latency of queries?
Fri, 07 Apr 2006
Red eye reduction
A friend of mine asked me how to remove red eyes from photos. I use Gimp, and a plug-in that "just works". In order to show him which plug-in to install, I had to search where-T-F I've got the plug-in from. It seems that most web tutorials point to the same Script-Fu plug-in, which is based on a Linux Journal article.
This plug-in works the following way: you select a subset of the red eye, and the plug-in tries to expand it (using the fuzzy select tool), and then desaturate it. However, this results in a light-grey eye, instead of the dark eye. Not to mention that it is difficult to set the parameters correctly in order to find the whole red eye, but nothing more. There are images like the following one, where there is a wide variety of red eyes.
So I definitely cannot recommend the above plug-in. Instead, I use Robert Merkel's red-eye removal Gimp plug-in (which is based on an older plug-in for Gimp 1.x, written in Perl by Geoff Kuenning). See the source file for the installation instructions. This plug-in works in an opposite way - you select the superset of the red eye, and it tries to guess which part the red eye is. It results in a naturally-looking dark eyes, while it keeps the highlights intact. The only drawback is that its selection is not fuzzy, so in a full zoom the borderline between the pixels this plugin has changed and those which it didn't touch is clearly visible. However, for common resolutions it simply does not matter:
So I hope that the next time I can find this plug-in by greping my own blog instead of wasting my time with Google which points to the other plug-in almost exclusively :-)
Tue, 04 Apr 2006
Why not use Qmail II.
Just a random rant about Qmail (see my
previous text for more complete description): I have found that Qmail
uses hard-coded UIDs and GIDs, and even when the six pseudo-users and
two pseudo-groups Qmail needs are installed in the system databases
group, it still uses
its own hard-coded UIDs and GIDs. However, they provide a separate tool
/var/qmail/bin/brand, which can binary-patch the Qmail files
to use another set of UIDs/GIDs when needed. However, this breaks the
packaging system's idea of what modification times and checksums the
Qmail files have. Ugly as hell. Bleeeeh.
Logging to /dev/console
I am upgrading a front-end server of our cluster (which runs
ldirectord), to a new AMD64-based system. While playing
with new version of
ldirectord, I have found that it is
acting a bit strange. It does not respond to
SIGTERM, and it
does not print anything to its log file. I does, though, set up the kernel
IP virtual services table correctly.
While trying to debug this issue using
strace(1), I have found that
/dev/console as its standard
output and error output, and some messages are printed only to
STDERR instead of syslog or the log file.
My system has a serial console, and when there is no active terminal connected to the console port, writing to
/dev/console simply hangs.
I have reported it to their bugzilla as bug #1180.
However, it seems that the author of
ldirectord is not sure
/dev/null instead of
even though I was not able to find any single daemon which uses
console as its error output (see the comment #3).
I believe using
/dev/console for this purpose is plain wrong. What other arguments should I use to support my view?