July 31, 2006
Off-By-One
The Apache Foundation recently fixed an off-by-one bug in the mod_rewrite
module
--- modules/mappers/mod_rewrite.c.orig 2006/07/11 20:33:53 420983 +++ modules/mappers/mod_rewrite.c 2006/07/27 17:03:34 426138 @@ -670,7 +670,7 @@ int c = 0; token[0] = cp = apr_pstrdup(p, cp); - while (*cp && c < 5) { + while (*cp && c < 4) { if (*cp == '?') { token[++c] = cp + 1; *cp = '\0';
of the Apache webserver.
A theoretically exploitable flaw? Ho hum, you say.
Well, for the past seven months, or so, here on golem, child httpd
processes have been occasionally dying, leaving messages of the form
httpd(29884) malloc: *** Deallocation of a pointer not malloced: 0x1923800; This could be a double free(), or free() called with the middle of an allocated block; Try setting environment variable MallocHelp to see tools to help debug
in the error_log
. By itself, this would not be a big deal except that, occasionally, a process would get “stuck” and continue issuing such messages until it filled the 250 GB disk. Yes, that’s a lot of messages. Running flat-out, it takes several hours to fill a 250 GB disk with 200 byte error messages. If I’m lucky, I catch it in time, stop Apache, trim the error_log, and then restart Apache.
But there’s an uncomfortable sense of being tethered to the machine, when you have to check every few hours to see if it’s gone berserk. Take the afternoon off, and you return to find a full disk, email messages refused, blog comments rejected, …
Without a way to reproduce the bug, nor any useful information from the crash-logs, I was somewhat at a loss to write a good bug report. So you can imagine my elation that fixing the above, relatively trivial, bug in mod_rewrite
seems to have fixed the problem.
Update:
Hmmm… It appears that the problem hasn’t entirely gone away. But it take several days from restarting the server for the first such message to appear. Something of an improvement…July 20, 2006
Energy
Last week, there was a mini-conference on Energy and Energy Policy issues at Aspen. I was too engrossed in my discussions with Dan Freed, Greg Moore and Dmitriy Belov on the subject of orientifolds and twisted equivariant differential K-Theory (more on that subject some other time) to attend most of the talks. Fortunately, the slides are now online.
In short, the challenges of meeting the world’s growing energy requirements, while meeting even the most modest targets1 for net carbon emissions will be an enormous challenge, requiring a great deal of technological ingenuity and enlightened leadership.
When you read about the dysfunctional process for getting new nuclear plants built (certainly a necessary, but not sufficient, part of the answer) in this country, you’re not exactly filled with confidence. I’m not sure what humble theoretical physicists, like ourselves, can do in a practical way. But, at least, we can try to raise the level of the public debate above its currently abysmally low level.
1 And even those won’t be enough to stave off various nasty ecological catastrophes. If you like calamari, best eat them now.
July 19, 2006
MovableType 3.31
Against my better judgement, I decided to go ahead and upgrade the blogs here on golem to MovableType 3.31.
You’ll recall that previous versions of the MovableType Administrative Interface did not come close to being well-formed XHTML. Out-of-the box, it was completely non-functional, when served as application/xhtml+xml
. Considerable effort was required to fix MT 3.1x. I skipped MT 3.2, because it didn’t seem worth the effort to fix.
But, for whatever reason, I decided to go ahead and install 3.31. Some of the problems I’d reported previously were fixed, but the busy beavers at SixApart introduced an equal number of new ones . My 1682 line patch file for MT 3.31 is almost exclusively devoted1 to fixing it to work under application/xhtml+xml
.
The OpenPGPComment plugin needed a small tweak
@@ -104,7 +105,7 @@ or return $ctx->_no_comment_error('MT' . $tag); my $blog = $ctx->stash('blog'); my $comment_text = defined $comment->text ? $comment->text : ''; - $comment_text = MT::Template::Context::munge_comment($comment_text, $blog); + $comment_text = MT::Util::munge_comment($comment_text, $blog); my $comment_id=$comment->id; my $comment_author=$comment->author; my $comment_date=MT::Util::format_ts("%H:%M %m/%d/%Y",$comment->created_on);
to get it to work under MT 3.31. A couple of other plugins needed to be updated2. But, generally, aside from MT itself, the update went smoothly.
Anyway, if you encounter any weirdnesses or yellow screens-of-death, report them here. I’m sure that the final size of my patch file will be a good bit bigger than 1682 lines.
Update (7/20/2006):
One weirdness is that Technorati and Feeds.app plugins (used on my sidebar) now seem to spit out utf-8, despite the fact that myPublishCharset
is iso-8859-1. So my sidebar is now not well-formed3. Grrrr….Update (7/20/2006):
The Commenting and Search issues seem to be fixed now.Update (7/22/2006):
I seem to have successfully nailed the problems with the Technorati and Feeds.app plugins. Umh …, well, modulo the fact that Feeds.app spooges Atom feeds containingtype="xhtml"
. But that’s a subject for a different post.Update (7/23/2006):
Another annoyance is the new built-in spam-fighting facilities. MT 3.2 rolled a version of spamlookup into the default installation. Unfortunately, unlike Brad Choate’s version, the designers of MT’s version of spamlookup did not put much stock in the notion that one might wish to assign very different weights to the criteria for filtering trackbacks versus those for filtering comments. So I was faced with the choice of either allowing a flood of spam trackbacks, or having some — perfectly legitimate — comments flagged as spam. Fortunately the spam-fighting API is pluggable, and I am slowly trying to re-establish the status quo ante. Apologies to those whose comments were (temporarily) blocked.1 A mere 316 lines are devoted to adding features; I haven’t put any thought yet into whether some of those modifications can now be replaced by plugins.
2 At least on my installation, the SimpleComments 1.33 plugin needed some further tinkering to work with MT 3.31. If you can’t wait for an official update, let me know.
3 Fortunately for me, that’s the one class of well-formedness errors that XHTML User Agents seem to tolerate.
July 11, 2006
Traffic Patterns
Chad Orzel decided to spice up one of his recent posts with a throwaway snipe about String Theory:
Neither of those [experiments at RHIC] is going to test string theory, of course, which demotes them to stamp collecting in the minds of some…
Unfortunately, this was not quite the non sequitur he intended it to be. And Clifford Johnson and Moshe Rozali jumped in to set him straight.
Chad responded that the remark was intended as a harmless bit of levity, and an “attempt to drive traffic (because I almost always get a bump in traffic when I talk tabout string theory…).” Which, as far as I’m concerned, is a matter between Chad, his readers and his conscience.
Ordinarily, I would, therefore, not even bring it up, except that it got me to thinking about the temptations of popularity. I was somewhat taken aback by the response to my recent post about Loop Quantum Gravity. With 150 comments (and still counting), the temptation is, clearly, to write a lot more posts about LQG, and fewer posts about the boring stuff I usually write about.
On the other hand, the desires to entertain and to inform are not necessarily congruent. Given the choice, I’m rather strongly in the “inform” camp. I’m afraid I’ve exhausted my current store of intelligent things to say about LQG and so I think I will return you to your regularly-scheduled programming.
In his response to Chad, Moshe pointed to some recent posts of mine on AdS/CFT and RHIC, which reminds me that I intended to post some more on that subject … soon.
July 10, 2006
Entropy of Extremal, Non-SUSY Blackholes
What with all the “fun” we’ve been having discussing LQG, I never did get around to posting about the recent paper of Emparan and Horowitz.
Better late than never…
July 3, 2006
Still Broken After All These Years
MovableType 3.3 is nearing release. I’ve been looking at it, thinking hard about upgrading this site (which is currently running version 3.1.7).
Unfortunately, the Admin interface is as broken as it ever was, should you wish to run it as application/xhtml+xml
. And it’s changed enough, so that the ~1700 lines of patches, required to fix the old version, no longer work.
I don’t particularly relish the idea of going to all the trouble of patching this release, if MT 3.4 is going to be just as broken, again. And, short of bribing Brad Choate to run a test blog as application/xhtml+xml
, I don’t see how to avoid that happening.
So, just as I skipped MT 3.2, I may pass on 3.3.