sysfault's kernelpanic

added a public repo on github, kernelpanic.
for now it just hosts a gist with a kernel patch that helps sysadmins do blindfolded remote linux kernel upgrades


this patch allows you to automatically start the softdog on linux kernel at module initialization time. read this page 'til the end to see why in the name of god you need this.

django request object provider

*gadjo.requestprovider* solves the problem of accessing django's HTTPRequest
object whenever is needed, without explicitely passing it down the path of

read more at pypi django requestprovider's home

FREE yahoo! pop3 imap and smtp services

You can use Yahoo!'s SSLized pop, imap amd smtp services if you register your account within specific geographical regions. For me Australia worked like a charm. If you know other regions for which Yahoo! offers SSLized pop3/imap/smtp, let me know by commenting to this post ;)

How to enable the services:

Huawei K3765 3G modem on FreeBSD

So you want to use your huawei modem on FreeBSD. I mean, REALLY use that device with your mobile internet provider. Then read on.

debian GNU/kFreeBSD

got meself  a new pair of horns for the devil inside me :-P
so there goes imagemagick:
cd ~/pics/debsd/
cp ../debian-logo.png ./left-horn.png
convert -flop left-horn.png right-horn.png
convert left-horn.png right-horn.png +append debsd.png
more sizes +favicon.ico at

console autologin

have you ever been woke up in the mid of the night by a phone call, booted your computer and spent the next 20 minutes trying to type your 16 chars beautifully randomized password so you can get console access? cry no more. here's the malfunctioning mind's login program. with some more infos on launchpad

grub autoboot next

useful tip to deface a failed kernel upgrade and no console access situation: grub autoboot next

python subtypes

this entry's solely purpose is for holding comments. either flames, requests or bug reports, until I get to use trac somewhere

playground: python safeint type source

safeint type is supposed to help  simplifying the logic of computations with integers explicitly defined within some boundaries when you want the results of safeint algebraic operations to also respect the defined boundaries.

google appengine python sdk startup problems

if you have any google eggs in your system (like protobuf for example) and you are trying to start the google appengine sdk you will get a "could not find version file" error. this is mainly caused by coding outside python peps guidelines (more exactly, package namespaces) and some more bad coding style.

I reported this bug just after last year's christmas but I guess the appengine has so many bugs they are busy with something else more important :-P

I gave detailed infos on the appengine bugtracker. The patch that fixes the problem is also available here.

if the live appengine is written the same way ...
i wish you happy hacking.

openssh random local port forwarding

you can't forward a random local port with openssh. forwarding a local random port with -L is useful when you use the option within some batched maintenance tasks (and not only, for some pure randomness just makes geeks feel secure). the  "random local port forwarding" job seems to be half done in the openssh original source tree (openbsd). ubuntu dudes added one more unneeded test (dummy?) in mux.c. I wrote a patch to solve this problem.

the original ssh client:

ssh -L mailgw
Bad local forwarding specification ''

the patched ssh client:
./ssh -L mailgw
Last login: Wed Jan 19 16:00:40 2011 from 
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994

the result:
tcp        0      0*               LISTEN      15010/ssh       

note the "0" port specification in the fwd arg.

here is a link to the patch generated against ubuntu openssh 5.5p1 source package. the same patch can be easily rewritten for the openssh original source tree (openbsd) if the mux.c diff is ignored (no unneeded test from bsd guys)

few notess
1. getting the next available port with a script and feed the ssh args with it immediately after does not guarantee you at all the port will still be available when ssh binds to it
2. how are you going to dig what port was used? see above
3. I failed to understand this:
if (fwd->listen_port < 0 || (!remotefwd && fwd->listen_port == 0))
why should random listen ports should be allowed for remote forwards (-R) and not for local forwards / dynamic forwards? it just doesn't make any sense.

getting your proxy to work with iptables DNAT

here are some things you should consider when writing your DNAT rules for having some traffic forwarded to a transparent proxy that you wrote it, no matter what you do with the packets :)

getting exotic socket options in python

note: this post appeared here because of me not reading the documentation properly.

more specifically, after reading python's socket module documentation i understood that you can't get to read socket options that are not defined in the libc headers. more, i concluded that you can't get to read anything else than integers either, once i also missed the explanation for bufflen argument. ofcourse, this is totally false but by the time i figured i'm stupid i already had two other ways of getting one of the exotic socket options installed by third party system software. specifically, the SO_ORIGINAL_DST option defined by linux netfilter.  one way was by writing a C extension (not gonna talk about it here as i don't have anything new on the subject) and the other was by using ctypes module to load and call libc' s getsockopt. however i will provide in the end the correct one-liner that does it right without any headache... if you know your weapon.

freebsd huawei K3765 3g modem ppp vodafone setup

UPDATE: check this newer post for complete info

freebsd8 needs to be patched until usbp4 is committed (maybe it was already). i submitted the patch to the team.

getting the next available tcp port (freebsd only)

in doing some automated sysadmin tasks like ssh port forwarding you may need to dig at runtime for a free tcp port to use

linux huawei 3g modem ppp vodafone setup

when I bought this modem and the subscription from vodafone like a year ago the above mentioned dudes had no idea how to make it run under linux. they said they do tho. they had an entire dev team developing python guis that weren't working. thats tipical for corporates.

ipfw pf processing order

it depends on who hooks first into pfil framework and where it hooks.

the hooking:
ipfw hooks into pfil when the module is loaded
pf hooks into pfil when pf gets enabled via pfctl -e, not when the module is loaded

both are hooking into ip_output and ip_input. the pfil hooks are maintained in tailq lists and the order used with insertion is dependent on the direction where the hook is added.
both ipfw and pf have hooks for both input and output.
the input hooks are inserted in the head of tailq. the output hooks are inserted at the tail of tailq. this to maintain the order of hooks-calling in sync with the packet flow.

let's talk about hooking in ip_input:

when ipfw module gets kldload-ed, it hooks into pfil's tailq head with its input hook and into pfil's tailq tail with its output hook
when pf gets loaded, it doesn't hook yet
when pf gets enabled via pfctl -e, it hooks into pfil's tailq head with its input hook and into pfil's tailq tail with its output hook through an ioctl call.

at this moment, the order is:
ip_input: pfil -> ipfw
ip_output: ipfw -> pfil

if you kldunload the ipfw module and kldload it back the order will change:
ip_input: ipfw -> pfil
ip_output: pfil -> ipfw

by default, on a freshly installed freebsd system, the firewall startup sequence is the one mentioned just above:

godel# rcorder /etc/rc.d/* |  grep -nE '/i?pfw?$'
freebsd default packet filtering order: 
  • ip_input: ipfw -> pfil ->
  • ip_output: pfil -> ipfw ->  
FreeBSD default filtering sequence

pf gets enabled first, with its input hook inserted into head and its output hook inserted into tail
ipfw gets enabled second so its input hook will be called first on input and last on output chain.
if you run this sequence of commands:
pfctl -d
pfctl -e

things will change backwards.

NFS clients behind NAT routers

when trying to mount filesystems over NFS from NAT-ed machine (that is, a machine behind a NAT router) you have big chances to get the following error:

migrating mailbox configurations from qmail/vpopmail to postfix

Although I use tinydns, I don't exactly like qmail because it's too much of a spartan. I do postfix. Call it church practice. My migration procedure was pretty simple and I'll touch below only a part of it, the configuration of mailboxes. I didn't have anything else to take care of other than forwards and local maildirs so I didn't treat the case of mail pipes (one needs to translate those into postfix transport maps).
You probably want to modify the config vars (first lines). The script will append whatever generates to existent postfix config files.

b43-phy1 ERROR: PHY transmission error

After I finally sold my sony vaio I got myself a dell inspiron 1520. All seemed to work fine after I installed a Linux Gentoo but on the first big download I noticed the error in the title, notable transfer timeouts, sudden deaths and if none of the above happened I would still get a very low transfer limit (maxed to 200KBps).

Below is a link to a linux kernel config that has b43 driver fully working (my wifi card is a bcm4311, arch is x86_64). What I think it was happening is for some reason I was using PIO mode instead of DMA mode. Normally PIO mode is enabled for debugging purposes and I think somehow I enabled it (or there was a FORCE_PIO enabled by default? I don't know). I'm not 100% sure that this was the problem as I didn't had time to fully check (yet) but a diff on the config files shows it clearly.

diff -Nu /usr/src/linux-2.6.31-gentoo/.config /usr/src/linux/.config | grep PIO

C++ template-based friend operators describes two ways of solving the "call to non-template" error. This error gets thrown when one defines a template class with some friend operator(s) declared in a natural manner, not thinking that declaring the template friend(s) like this will resolve the method into a non-template one. I find the first method of pre-declaring the operator to be tiresome and the second i say it can make the class definition unreadable if the operator definition is complex. I'm going to choose a third way of defining template friends:

implicit, may-be-safe super.__init__ call on derived class instantiation: a starting point

What do I really understand by inheritance? I mean, what is to be inherited?
I would say it is behavior ... and that would be enough. It's a sane way to propagate knowledge. You don't want to inherit data from your ancestors other way than compiled as carefully selected behaviors that will eventually help you interpret a live information stream and that you can  upgrade to something well suited for your existence.