Monthly Archives: August 2012

Open source, closed process

I just tried to report a bug to Ubuntu.  Nothing major, just a missing package dependency: aptitude installed libnids-dev for me without installing libpcap-dev.  My configure script then insists that nids.h was not found, whereas it is in fact clearly visible in /usr/include/nids.h.  Turns out the test program fails because nids.h #includes pcap.h, which is not installed.  Whoops!

OK, let’s do the Right Thing for a change: don’t just ignore it, report it.  How do I report a Ubuntu bug?  Aha, it’s at  Search for nids: nope, none of the 16 bugs listed is this one.  OK, time to report a new bug.

This is where the problems go from straightforward to too difficult.  To report a bug, I need to log in to launchpad.  To log in, I need to create an account (it waffles on about OpenID, but it won’t accept my wordpress OpenID as a login).  And to create an account, I need to solve a captcha.  That is, one of those nasty eyesight tests.

I can’t do it.  This one is nastier than ever.

Cycle the thing a few times, they’re all as bad.  Try the audio version, but it’s silent (this is on a ubuntu machine).  Looks like I can’t report a bug! 😮

I look on freenode, find #ubuntu-devel.  Try asking there:

Just trying to report a bug (missing packaging dependency), but I can’t because I can’t even guess the launchpad captcha
any advice?
The bug is, libnids-dev requires pcap-dev as a dependency

After a few minutes silence, start to blog this.  But a few minutes more and someone replies:

first, I think you meant “libpcap-dev” instead of “pcap-dev”;
second, both these packages come unchanged from Debian, so it’s better to report this bug to

Ok, that looks like someone who knows what he’s talking about.  Try a bug report to Debian.  This fortunately turns out to be a much simpler process: their bug reporting site mentions a “reportbug” tool I can install with apt, and which appears to work nicely.

Ubuntu must be effectively in a bubble isolated from the big bad world!

Damned if you do, damned if you don’t

Today’s news: London Metropolitan University loses its license to sponsor foreign students to enter the country.  It seems they’ve been found guilty of substantial abuse of the system, with the implication that they’re taking money from bogus students whose real purpose is immigration.

Whereas London has several well-respected establishments ranging from regular universities to specialist academies, London Metropolitan University isn’t one of them.  I find it entirely plausible that they’re abusing the system, have ignored warnings (even thought they were calling the government’s bluff), and have failed to put their house in order.  It’s also perfectly plausible that it’s a border agency cockup, or elements of both, but for the purposes of this post we’ll discount that possibility.

In view of protests about this coming from academia and elsewhere, perhaps it needs someone to say that this is exactly the right action to take.  The country is far too overcrowded to take unlimited immigration, and the government has to set and police rules to limit it.  But higher education is a highly successful export, and it would be wrong for government to choke it with excessive red tape.  Universities should be free (indeed, encouraged) to recruit genuine students from around the world without onerous restrictions such as quotas.  That means it must be up to each university to take responsibility for the student visas it sponsors.  For the government to police immigration policy without heavy meddling implies it must have the ultimate sanction of withdrawing a license, and it must be prepared to use it.

With a bit of luck, this serves two purposes.  It stops one offender, and fires a warning shot in the direction of anyone else who might be tempted to abuse the system.

The downside to it is collateral damage.  First, the direct effect on genuine foreign students: I hope all innocent victims will be provided for and can get the degree they deserve with minimal disruption!  Second, the effect on other universities, if it causes a loss of confidence amongst foreign prospective applicants.  I suspect the latter may be the biggest worry for many, but it should be alleviated if appropriate arrangements can be made for all existing students.  Except of course, bogus students who are flushed out might seek to spin stories of persecution, and it seems likely some of them might get the ear of the media.

Calling home: fatal?

Was asked if I could help solve a proxying problem this evening.  My provisional diagnosis raises a couple of issues of interest, and it would be good to confirm whether my diagnosis makes sense.  Any Iphone or Android users out there should be able to say whether it’s plausible.

It started with a request: did I have an iphone or ipad, or possibly Mac (the latter in case it was something Apple-specific).  Users have been unable to view pages through the proxy, but we have no detailed explanation beyond “doesn’t work”.  Yes I have a mac, but it’s not here: is this a problem I can go away and look at?  Or, why don’t I fire up Konqueror, the KDE browser that uses the same khtml engine as Apple?  What URL should I try to see if I can reproduce the error?

This is where it gets interesting.  The purpose of the project is to run a reverse proxy, but to test it I had to configure it as forward proxy for Konq and navigate to a test URL.  It all worked fine, but the forward proxy is a test-only setup and blocks all but a selected whitelist of sites.

OK, next tack, can I see what’s happening if I have ssh access to the proxy itself?  Trafficserver’s logs are in squid format (with which I am unfamiliar) and show ERR_CONNECT_FAIL when the errors occur.  Looking that message up, I find it should just mean Trafficserver was unable to contact the origin server.  By about this time it’s also been established that Android clients have the same problem.

Reading the log, I’m guessing the clients having trouble are trying to “phone home”, so to test this I generate a couple of requests using Lynx through the proxy: one to a proxied site, the other to Google.  This confirms my suspicion: the google request (which is blocked) generates precisely the log entry associated with failed requests.  It also helps clarify my reading of the squid-format logs, and confirms that the iphone and android clients’ failed requests are in fact to Google URLs.

So my question to iphone and android users: would a failed call-home request (to Google) throw an error that would prove fatal to a regular page loading from elsewhere?  That seems rather bizarre, though not really more so than Google maps/satnav refusing to work at all without a live data connection.

If that is indeed the problem, it still doesn’t explain why the problem should arise in normal use, when it’s a reverse proxy and the google connection is direct.  Looks like either the problem is in fact on someone else’s network (combined with dumb browser design), or the messages seen in Trafficserver’s logs are a complete red herring and unrelated to the problem.  Hmmm.

Celebrating the Elite

Elitism is a dirty word in the UK today.  Well, at least borderline, though far from universally agreed.  It is fashionable amongst our politically-correct chattering classes to sneer at anything associated with an ‘elite’ – real or imagined.  Fortunately the fanatical extremes of Mao’s China or the world’s theocracies have never prevailed here, but there are certainly people here who’ll think the worse of you for having been to an Ivy League university (you’re privileged, that’s unfair), or for preferring good music to whatever happens to be in “the charts” (you’re a snob).

Now we’ve just held a huge orgy of the ultra-elite, yet somehow that’s OK: most of those same chattering classes are celebrating it.  Dissidents who decline to celebrate may have their own bandwagons (the hype, the barefaced fraud over costs, the disruption to life), but the event’s inherent elitism isn’t one of them.  Somehow, physical prowess and sporting excellence are OK where intellectual prowess and academic excellence are deeply suspect.

Something for everyone: the true spirit of mass participation.

That is, until now.  It seems some killjoy has done a bit of digging, and found that the olympics are elitist after all.  Not for the obvious reasons, but because too many of our successful athletes come from privileged backgrounds.  Worst of all, they went to fee-paying private schools.  It seems olympic success, just like academic success, can be bought by parents for their offspring.  Whoops!

A moment’s thought should tell you that’s blindingly obvious: parents who pay high fees in preference to a free alternative expect something for it, and they’re not entirely mistaken.  Indeed, barriers to entry to many elite sports are inherently much higher than to elite universities: you don’t aspire to something unless you have at least the facilities to practice it!  Among my own cohort, elite universities were an aspiration for some, elite football for others, but olympic sports such as swimming/watersports, anything equestrian, or winter sports were simply unthinkable: they’re not for the likes of us!

Anyway, now that the Olympics are officially elitist, will we start sneering at them as a bastion of privilege, too?  I don’t think that’s likely, but it does look like a riposte for when the forces of Political Correctness want to interfere with our top universities on the grounds that they select on academic criteria.

More interesting would be if it can provoke a debate that’ll eventually highlight the total absurdity of an education policy that allows schools to select pupils (commonly at age 11) on a wide range of different criteria such as sporting or artistic prowess (along with some that are altogether more dubious), but at the same time explicitly forbids selection on academic merit!