Tuesday, April 22, 2014
The Computer Is Your Friend, Citizen!
I'm sitting in the Ft. Lauderdale Office of the Corporation, using the Lookout email client when it throws up this obnoxious message that my pasword expires in thirteen days.
Your password will expire in 13 days! Please hurry up and change it now! Now! Change it! CHANGE IT! You don't want to be caught with an expired password two weeks from now? Do you? Then what? You'll be without email, that's what! And guess what? To change your email password requires sending an email! But you can't! Because your password expired! Even though it won't expire for two weeks, I'll remind you every ten minutes to change it, because … well … XXXXXXX CHANGE IT ALREADY!
Okay, so it's not quite that obnoxious, but still, I find it annoying that it'll remind me several times a day that my password will expire. And the thing is—we have a 90-day expiration date for email passwords. Only it's not really 90 days, but 77 days if you don't want to look at the obnoxious “UPDATE ME” message.
Gaaaah!
I used to ignore it until a three days or so when this policy was first mandated, but now, I just give in and change my password when the computer wants me to change my password. I'm not in charge here, the computer is. Or rather, the Lookout server is in charge. Me? I just rotate through the same X passwords because coming up with a new password that meets the minimum standards of:
Minimum of six characters, but a maximum of five characters, all of which must be unique, at least seven of them must be alphabetic in nature, two must be numbers, and at least as many punctuation characters as there are vowels used, unless you used no vowels, then the maximum number must be no greater than the number of numbers used minus upper case characters.
Yeah, I just came up with X passwords that pass muster, wrote them down on a piece of paper (which if I'm caught with by Corporate Security results in no less than five hours spent in front of a “web seminiar” on “Computer Security And You! The Top Ten Things You Must Do To Ensure a Happy And Secure Computer.”
Sigh.
Yes, this bothers me just as much as that little number in the upper corner of the App Store icon on my iPhone, reminding me, taunting me, that I haven't updated in the last twenty minutes.
And here I thought computers were to serve our needs …
Stupid MyPlusFaceSpaceGoogleBook
First it was the death of my Stupid Twitter Trick, and now, three years later, the MyPlusFaceSpaceGoogleBook interface is kaput.
Sigh.
Now to figure out what got borked.
Update a few minutes later
Okay, my server doesn't like the secure certificate that MyPlusFaceSpaceGoogleBook is presenting.
Stupid MyPlusFaceSpaceGoogleBook, part ][
The error I was getting from
libcurl
(which I use to
inform MyPlusFaceSpaceGoogleBook I've updated this
blog) was:
curl_easy_perform(AUTH) = problem with the SSL CA cert (path? access rights?)
Okay, so there is some certificate authority that OpenSSL doesn't like now (probably because of the heartbleed bug which didn't affect my
server since I'm running a pre-heartbleed-bug-enabled version of OpenSSL).
Curious as to where this information was stashed, I ran strace
on
mod_blog
and found a list of certificate authories in
/usr/share/ssl/certs/ca-bundle.crt
(you can tell I'm well
versed in this stuff if I'm resorting to debugging tools to locate this
information).
So it looked like it was time to update that file. Well, seeing how OpenSSL
was written by monkeys (no, really), the current format for
ca-bundle.crt
is now vastly different from the format I'm using
for ca-bundle.crt
, enough to cause this:
CRASH(20409/000): pid=20409 signal='Segmentation fault'
CRASH(20409/001): reason='Address not mapped for object'
CRASH(20409/002): address=0x9
CRASH(20409/003): CS=0073 DS=007B ES=007B FS=0000 GS=0033
CRASH(20409/004): EIP=00BE42BC EFL=00010246 ESP=BFEE7608 EBP=BFEE7628 ESI=08430EB8 EDI=00000000
CRASH(20409/005): EAX=B7F006C0 EBX=00CBBFF4 ECX=00000068 EDX=00000001
CRASH(20409/006): UESP=BFEE7608 TRAPNO=0000000E ERR=00000004
CRASH(20409/007): STACK DUMP
CRASH(20409/008): BFEE7608: 00 00 00 00 00 00 00 00
CRASH(20409/009): BFEE7610: B8 6A 46 08 C0 06 F0 B7 68 00 00 00 F4 B2 19 00
CRASH(20409/010): BFEE7620: C8 6A 42 08 68 00 00 00 58 76 EE BF BC B6 17 00
CRASH(20409/011): BFEE7630: 65 6F 42 08 01 00 00 00 68 00 00 00 B8 0E 43 08
CRASH(20409/012): BFEE7640: B7 6A 46 08 00 00 00 00 57 B6 17 00 F4 B2 19 00
CRASH(20409/013): BFEE7650: C8 6A 42 08 68 F1 42 08 F8 76 EE BF 0D DC 18 00
CRASH(20409/014): BFEE7660: C8 6A 42 08 01 00 00 00 65 6F 42 08 68 00 00 00
CRASH(20409/015): BFEE7670: 14 F3 42 08 00 00 00 00 68 00 00 00 00 00 00 00
CRASH(20409/016): BFEE7680: C8 6A 42 08 C8 6A 42 08 00 00 00 00 00 00 00 00
CRASH(20409/017): BFEE7690: 67 43 57 53 A9 6A 46 08 63 6F 42 08 E4 76 EE BF
CRASH(20409/018): BFEE76A0: A8 76 EE BF 00 00 00 00 2D 21 C5 00 1F 00 00 00
CRASH(20409/019): BFEE76B0: 63 6F 42 08 02 00 00 00 02 00 00 00 D9 47 19 00
CRASH(20409/020): BFEE76C0: 01 00 00 00 01 00 00 00 00 00 00 00 C8 6A 42 08
CRASH(20409/021): BFEE76D0: C4 F2 42 08 01 00 01 00 F8 76 EE BF 28 E1 18 00
CRASH(20409/022): BFEE76E0: 01 00 00 00 68 00 00 00 18 C3 18 00 F4 B2 19 00
CRASH(20409/023): BFEE76F0: 68 F1 42 08 C4 F2 42 08 38 77 EE BF AF ED 18 00
CRASH(20409/024): BFEE7700: 68 F1 42 08 27 77 EE BF
CRASH(20409/025): STACK TRACE
CRASH(20409/026): ./build/boston[0x805d7b8]
CRASH(20409/027): ./build/boston[0x805df94]
CRASH(20409/028): /lib/tls/libc.so.6[0xbb79b0]
CRASH(20409/029): /usr/lib/libcurl.so.3(Curl_client_write+0x70)[0x17b6bc]
CRASH(20409/030): /usr/lib/libcurl.so.3(Curl_readwrite+0x1905)[0x18dc0d]
CRASH(20409/031): /usr/lib/libcurl.so.3(Curl_perform+0x2b3)[0x18edaf]
CRASH(20409/032): /usr/lib/libcurl.so.3(curl_easy_perform+0x3d)[0x18f242]
CRASH(20409/033): ./build/boston(notify_facebook+0x39c)[0x805a000]
CRASH(20409/034): ./build/boston[0x8050745]
CRASH(20409/035): ./build/boston(main_cli+0x1cc)[0x80505f4]
CRASH(20409/036): ./build/boston(main+0x147)[0x805243f]
CRASH(20409/037): /lib/tls/libc.so.6(__libc_start_main+0xd3)[0xba4e93]
CRASH(20409/038): ./build/boston[0x804ce15]
CRASH(20409/039): COMMAND LINE
CRASH(20409/040): ./build/boston
CRASH(20409/041): --config
CRASH(20409/042): XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
CRASH(20409/043): --cmd
CRASH(20409/044): NEW
CRASH(20409/045): --update
CRASH(20409/046): NEW
CRASH(20409/047): --file
CRASH(20409/048): /tmp/e
CRASH(20409/049): ENVIRONMENT
CRASH(20409/050): [redacted]
Woot! Way to go, OpenSSL!
So updating ca-bundle.crt
is a “No go!”
The next option?
curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,0); /* in other words, no validation */
It's not like what I post on the Internet is private. And there are no errors nor crashes. Hopefully, this is enough to fix the issue.
Update a few seconds later
Nope. No error. But no MyPlusFaceSpaceGoogleBook update. Grrrrrr …
Update at 2:06 AM, Wednesday, April 23rd, 2014
Okay, I stupidly removed the code that sent the authenticated token from MyPlusFaceSpaceGoogleBook back to MyPlusFaceSpaceGoodBook. All is right with the world now.