Dec 122012
 

Something I’ve been wondering but have yet to see a good explanation for is if there is a difference between the way GCC handles const and static const.  Now in theory the compiler should handle them the same way but does it?  My web search didn’t really come up with much so I decided to test for myself.

A quick test using GCC 4.7.2:

const.c

#include <string.h>
#include <stdio.h>

void test()
{
        const char i[] = "not changed";
        char *j;
        printf("before %s\n", i);

        j = i;

        strcpy(j, "changed");
        printf("after i=%s\n", i);
}

int main()
{
        test();
        test();
}

staticconst.c

#include <string.h>
#include <stdio.h>

void test()
{
        static const char i[] = "not changed";
        char *j;
        printf("before %s\n", i);

        j = i;

        strcpy(j, "changed");
        printf("after i=%s\n", i);
}

int main()
{
        test();
        test();
}

How each turns out:

const.c

~$ gcc const.c -o const -g
const.c: In function ‘test’:
const.c:10:4: warning: assignment discards ‘const’ qualifier from pointer target type [enabled by default]
~$ ./const
before not changed
after i=changed
before not changed
after i=changed

Not only can I change the variable, but it resets it at each function call so this means it is reallocating the variable each time.

staticconst.c

~$ gcc staticconst.c -o staticconst -g
staticconst.c: In function ‘test’:
staticconst.c:10:4: warning: assignment discards ‘const’ qualifier from pointer target type [enabled by default]
./staticconst
before not changed
Segmentation fault (core dumped)

gdb shows the following:

Core was generated by `./staticconst’.
Program terminated with signal 11, Segmentation fault.
#0  0×0000000000400534 in test () at staticconst.c:12
12        strcpy(j, “changed”);

As you can see static const is stored somewhere actually read only and being static it is not being reallocated each time the function is called making this version more efficient.

 

 Posted by at 15:55
Nov 262012
 

If you are like me you get tired of constant email bounces from your web apps so I sat down and wrote this simple validator to save the mail server the extra load of having to deal with obvious typos.

// email Validator
// returns 1 on success 
// return -1 if the email is not in the correct format 
// return -2 if the email doesn't resolve 
function check_email($email) {   
        if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
                return (-1) ;
        }

        list($username, $domain) = explode('@', $email);

        //as per the RFC: check the domain for an MX record or A record and allow for IPv6 addresses
        if (!checkdnsrr($domain, 'MX') && !checkdnsrr($domain, 'A') &!checkdnsrr($domain, 'AAAA')) {
                return (-2) ;
        } 

        return (1) ;
}
Here is a quick example of how to call it:
$ret = check_email($h_email) ;

if ($ret > 0) {
        echo "valid email<br>" ;
} else {
        echo "error: " ;
        if($ret == -1 ){
                echo "invalid format<br>" ;
        }
        if($ret == -2 ) {
                echo "does not resolve<br>" ;
        }
}
 Posted by at 16:26
Jan 062012
 

Weak passwords are still by far the most effective way to break into a system and even though many people think they have clever ways to obfuscate their passwords, they often fail badly either by inadvertently making something guessable or by coming up with something so hard you have to write it down somewhere or use a password manager just to use it.  How bad is it?  I have had 3 different techs assign me the same login “Gerhard” and  password “G3rh4rd”  and at an additional time someone even tried to be even more clever “G3h4rd!”  This is bad.  I know from experience that I can expect a password guessing script to hit my personal server at least 4 times daily.  Originally the scripts all hit the ssh port until I took countermeasures but now they check every open port for possible password combinations from FTP to SASL to web logins and even with my countermeasures I can expect to have 1 or 2 accounts on my system cracked per year forcing me to disable someone’s website until they change their password again.

How can we come up with a password that is both hard to guess and easy to remember?  Thankfully it is easy.

Take a couple of lines from a song you like but not the first lines and not the chorus.  For example take this verse from a Election–The People’s Right [1] written in 1801:

We should support and pleasure take
In frequent Free Elections.

Now take the first letter of each word. “wssaptiffe”  and there you go. The password is not an actual word so not likely to be hit by a dictionary attack but if you know the song you know your password so it’s easy to remember.  One important note though: if ever the password was used on a website that got broken into you must assume the password is now added to several dictionaries for future attacks.

[1] I selected this song because it was the first one I could find that was both out of copyright and readable.

I feel this is important enough that I grant permission to republish this article provided a link to news.innerfire.net stays with the article.

 Posted by at 10:40
Dec 132011
 

onbattery.tar.gz

I’ve been doing some work on my Debian Linux laptop lately and I have some nightly maintenance (disk check, btrfs tree balance) I want to do that will simply suck my battery dry if I’m not plugged into the wall.  I did a quick web search to see how to check from a script to see if the system is on battery power or not and what I found was:

  • Using outdated interfaces.
  • fragile
  • More complicated than it needed to be.

So I ended up writing something that took far less time than the original search did.  How did I do it you ask?

Enter the acpi command.  On old systems it uses proc and on new systems it uses sys.  It cares so we don’t have to. It is not designed to be used in the way I want but writing a wrapper around it is easier than browsing either the proc or the sys interfaces on their own so I made this simple wrapper around it.

#!/bin/sh
# Script to check if we are on battery power.
# By Gerhard Mack <gmack@innerfire.net>
# Licensed in the public domain.

#scan for any on-line adaptors
acpi -a | grep "on-line" > /dev/null 2>&1 

#Grep will return 0 if it finds a maching line.
if [ "$?" -eq "0" ]; then
	#we are on ac.  Return false and exit
	exit 1 ;
else
	#we are on battery.  Return true and exit ;
	exit 0 ;
fi

Example usage in bash:

onbattery
if [ "$?" -eq "0" ]; then
        # we are on battery so abort before sucking the battery dry
        exit 0;
fi

 

 Posted by at 04:48
Nov 012011
 

So I’ve been messing with EC2 and I’m already annoyed.  I used a Debian image from what looks to be a well known “cloud company” and I’ve already noticed a few things.

1. ext3: in 2011 really?  Why not something more modern like ext4 or xfs?

2.6 Terminals open:  What for?  Who accesses this from console?

3.NFS: I would think this wouldn’t be needed by 80% of the users so why include it on a barebones install?

4. X Font Server: I have not the words.

 

With EC2 you pay based on how much ram you want on your instance so I would think the idea would be to conserve as much memory as possible so why the waste?  I’m going to put some time into making some images I don’t completely hate.

 

 Posted by at 14:09