Micro Musings
Rage Against The Rooster

grsecurity RBAC system

A few notes I wrote down about enabling the (very intense) grsecuriy RBAC system on micro.

= 1 =
If you have role_allow_ip defined and you try and "do something" from an IP not in that allowed list - you'll end up in the default role. That can be hard to figure out at first, you know you have a role setup for the user, but you're not ending up in it. That's why.

= 2 =
A subject in a less specific policy with an "i" will override a more specific subject.

This "/" subject:

subject / o {
/bin rxi

will win over this:

subject /bin/bash o {

/bin/bash will use the police…

Building MPD

micro:~/mpd-0.18.7> make distclean ; ./configure -disable-dependency-tracking -enable-libmpdclient -enable-alsa -enable-bzip2 -enable-curl -enable-ao -enable-ffmpeg -enable-flac -enable-httpd-output -enable-id3 -disable-ipv6 -enable-lame-encoder -enable-lsr -enable-mad -enable-mikmod -enable-mms -enable-modplug -enable-mpg123 -enable-pipe-output -enable-recorder-output -enable-shout -enable-vorbis -enable-vorbis-encoder -enable-zzip --prefix=/usr/local/mpd ; make


I removed dnsmasq and installed pdnsd this weekend. It was prompted by changes necessary for beaker, but I moved them onto micro as well for faster lookups at home.

Seems to be working well.

Viber = Android Battery Issue

I figured out what was totally fscked my phone. Making contacts unusable, the CPU was ticking over all the time stealing battery.


I'd ticked "Sync Viber with Contacts" or some bullshit. Unticked that, lo and behold, battery life is awesome. I can get up at 6am and go to bed at 9pm with still 30%.

It used to die around 6pm before, flat. Now it still has 40%

Fuck you, Viber!

Why Did I Unfollow You?

Because you tweeted something about Slater, or any of that other bullshit going on in the Media at the moment.

Morons don't deserve attention.

Chicken Costumes

From: Tim Harman [mailto:tim@muppetz.com]
Sent: Sunday, 10 August 2014 9:37 p.m.
To: Info
Subject: Winning Wheel Question

Hello There!

I have a question which I am hoping you can answer for me.

Tonight my wife and I were discussing what is/isn't allowed when it comes to being
on the "Winning Wheel" segment. The conversation arose because I expressed my
desire to wear a large chicken costume and do nothing but cluck through the whole
segment, if we were so lucky as to win a spot on the segment.

My wife, being the smarter of the two of us, said that there's no way she'd let me
wear a chick…

Dell XPS m1330 with Windows 8.1 - DPC Latency Issues

Finally upgraded my ageing XPS m1330 from Windows XP (32 Bit), which of course worked perfectly, to Windows 8.1 (64 Bit), which of course initially didn't.

The major problem that I encountered was major latency when playing audio. The DPC latency would cause the music to stutter and jerk and basically be unlistenable. A major pain in the arse for someone who likes to listen to streaming audio while they work.

After doing a bit of reading and research, I thought it was the NVIDIA driver that was causing the problem, PowerMizer was flagged as being the culprit. But adding the "correct" fla…

Deep Poem

The most amazing bunch of whiners

Pinnacle of muppets and blow hards

Twitter users really are

HINT read it backwards for the true meaning!


I re-enabled modsecurity, this time with the PCRE JIT.

To do this I had to do the following:

Build the latest version of pcre.
Install it in /usr/local/pcre

Modify the apache startup to use LD_PRELOAD to load the new libpcre.so instead of the standard system one.
I could have overwritten this using ld.so.preload but that's a system-wide changes and I don't know what else I might break, seeing as most other things will be compiled against the old version.

Finally I had to modify the apache2 binary so that it's allowed to create code at runtime (we are doing JIT here, afterall)

paxctl -cm …


We are now connected via fibber hoptic cabrel! So exciting. I must say, torrenting something at 30Mb/s is much nicer than torrenting it at 4Mb/s.

Bye xcache

Zend Opcache seems to work on this later version of Debian.

Performance? Who knows. Who cares, more to the point. What if blog.php took an extra 4ms to render. All hell'd break loose, that's what.

Anyway it works - I found a decent GUI to manage it as well.


An Open Letter To Chorus

Hey Chorus,




Would You? Would you really?

---Original Message---
From: Tim Harman [mailto:tim@muppetz.com]
Sent: Tuesday, 26 November 2013 9:11 p.m.
To: info
Subject: Would you? Would You Really?


Every time I get down your packet of cones from the top shelf of our pantry, I see the little message on the side that says "We'd love to
hear from you" and I always think to myself "Would they? Would they LOVE to hear from me?". Then I make an Icecream, slide the cones back up onto the top shelf and think to myself "I should ask them that one day"

So I guess this me asking "Would you really love to hear from me?"

Look at it from …

You Get What You Pay For

Bought a cheap arse memory stuck for micro. 128GB for $40. Does it work? Hell yes it works. Formatted as FAT32. Format the fucker as EXT4 and you think it works? Hell no. Can't find superblock. Can't find this, can't find that. Error error dead dead fuck you error.

I'm sending it back. I didn't really expect it'd work, but I kinda hoped that maybe it would you know?



Contact me, fuckers: http://www.pin.bbm.com/75c177a3

Micro is back online

Yes we're back online after an extended outage while I moved from Auckland to Napier. I still can't find the bloody memory stick for this thing, so all my what.cd torrents are still offline. I'm going to get ping'd badly soon.

Plus my backups aren't running. Fuck.


You gotta hand it to powershop, they know how to have a good laugh.

They posted this to their Facebook specials page:

Seal up those cracks, the southerly's back, and he's bringing the chill as he's blowing flat tack. But relax Powershoppers, all is not lost, our Wintervention will help you defrost!

Me, being the eternal plonker, posted this in reply:

I quite liked the poem, though I thought it could have made better use of rhyming techniques and maybe had a similie or two. However it was a fine attempt for a Friday afternoon, 3 and 1/2 out of 5 stars.

So as a reply, they posted this!



Find it hard to believe people are really shocked about the whole NSA thing. Really? You've worked in tech for that long and it's a shock?

I've seen enough "extra super privs" commands on routers and the like to realise this isn't new.

I guess it's the shock of it being exposed maybe, but really? This sort of stuff has been happening for years.


Installed Xcache to give it a blast.
So many more options than eaccelerator, but I'm fairly sure that, though it had a burst of life late last year, eaccel seems to be dead again.

Kim Dotcom

I consider people tweeting about Kim DotCom to have the same intelligence as my cheese grater.

Full RELRO for Bitlbee

Took me ages of fucking around to get bitlbee to compile with full RELRO.

In the end I had to hack the makefile.
At line 182 (the line where it gets linked) I had to add the following:

180 $(OUTFILE): $(objects) $(subdirs)
181 @echo '*' Linking $(OUTFILE)
182 @$(CC) $(objects) $(subdirobjs) -march=native -O2 -fstack-protector-all -fpic -pipe -Wl,-z,relro,-z,now -o $(OUTFILE) $(LDFLAGS_BITLBEE) $(LFLAGS) $(EFLAGS)

Paxtest: grsecurity vs vanilla kernel

Vanilla Kernel:

timh@Jumphost-Lab:~$ paxtest blackhat#
PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org>
Released under the GNU Public Licence version 2 or later

Writing output to /home/timh/paxtest.log
It may take a while for the tests to complete
Test results:
PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org>
Released under the GNU Public Licence version 2 or later

Mode: Blackhat
Linux Jumphost-Lab 3.2.0-29-generic #46-Ubuntu SMP Fri Jul 27 17:03:23 UTC 2012 x86_64 x86_64 x…


To be clear - I'm not trying to pick on anyone here. It's just an amazing example of the confusion around UFB.

[24/10 10:44] <USER> @NZ_ISP can you please tell me the CIR on 100/50 business fibre?
[24/10 11:10] <@NZ_ISP> @USER My understanding is that it's 10Mbps down, 2.5Mbps up (that's for your plan). ^CP
[24/10 11:12] <@USER> @NZ_ISP OK. I think the support team are using that as an excuse. Hitting a wall at 35mbit, but they're saying that's OK.
[24/10 11:19] <@NZ_ISP> @USER That's obviously well above CIR, but we want to make sure you're getting as fast a speed as possible too. ^CP

What do I think?

Why this is what I think!

Longest Link to an XKCD Comic

<bartgeek> http://xkcd.com/1077/.

<bartgeek> http://xkcd.com/1077/

<muppet> http://xkcd.com/1077

<Dave-PZ> https://xkcd.com/1077

<CucumberError> http://tinyurl.com/6odx2tk

<Dave-PZ> https://xkcd.com/1077/?iliketosupplyarbitrarygetparameters

<muppet> http://xkcd.com:80/1077/

<Dave-PZ> http://www.xkcd.com/1077/

<muppet> https://www.xkcd.com:443/1077/

<Dave-PZ> https://www.xkcd.com:443/1077/?nowwithallthebellsandwhistles

<muppet> https://xkcd.com:443/1077/../1077/../1077/../1077/../1077/../1077/../1077/?nowwithallthebellsandwhistles

<Dave-PZ> https://xkcd.com:443/1077/../1077/../1077/…

Best Juniper PR

From the 10.4R10 release notes:


A service technician brushed against the front panel of a MX RE card, and the RE powered down. Resulted in outages of customer networks. [PR/703076: This issue has been resolved.]

Sadly they have updated the document.

My Thoughts on Fyx

Everyone's got a comment about Fyx!
Here's mine:

My analogy is that it's like you all work in the pizza business. And you're all discussing a rival pizza company because they've put a blinking LED on their pizza.

Sure, you can't eat it. Or maybe you can? But maybe for a few weeks before everyone goes "You can't eat LEDs, it's not legal!!!"

So you all go on and on and on about the flashing LED on the pizza. Is it legal? Is it not? What happens if you EAT the LED? Will you have to be rushed to hospital? Will you be OK? OMFG!!!! OMG!?!?! Is it LEGAL to put an LED ON A PIZZA? PULL IT OFF!! But…