Older blog entries for gdvieira (starting at number 34)

GTalk TLS Handshake Bug

Since late February I stopped seeing my GTalk friends in my IM client. I use a personal Jabber server (jabberd2) and all its connections to the GTalk servers were being dropped. After some investigation in the web, I found that Google:

  • Uses a buggy TLS implementation.
  • Has activated encryption for s2s connections starting in February.
The end result was that my server could not establish an encrypted connection with GTalk servers. Here is a very informative bug report.

As GTalk connectivity is very important for any open Jabber server, many servers have published workarounds for the problem. Here is a patch for jabberd2. A new release ( of jabberd2 was also made to address the issue.

I have jabberd2 2.2.4 in my server. For some reason, I could not make work because of some problems with the Berkeley DB back end. I ended up applying this patch to 2.2.4 and it fixed the problem. I also created a bug report in the Fedora Bugzilla, so maybe a fixed package will be pushed as an update.

Syndicated 2009-03-04 13:45:51 from Gustavo M. D. Vieira

Fedora 9

The Fedora train never stops! I've just upgraded my machines (including this server) to Fedora 9 and I'm very pleased (as usual) with this new release. The polish of the desktop is fantastic. PackageKit is really simple to use (I love its "queue for backend operations" interface philosophy). NetworkManager has matured. The PulseAudio integration, that bothered me a lot in Fedora 8, seems to be complete (the sound daemon is always started and Ekiga won't crash anymore).

As usual, there are some sore spots. And I seemed to attract a lot of bugs this time. For example, among the most common bugs in F9, I got two: "Synaptics touchpad touching to tap doesn't work" and "Samsung hard disks crash the installer". The last one was a real problem and I ended up upgrading using YUM, which I don't recommend if you have a lot of installed packages and have to suffer ridiculous Brazilian "broadband" speeds.

But it gets better. I was hit by more obscure stuff: While installing Fedora on the university cluster I discovered that Anaconda doesn't work right now with static IPs. I ended up setting a DHCP server just for installing Fedora. Also, due to a rewrite GDM XDMCP support is broken. I must be one of the two guys who still use XDMCP to power an old terminal and share the (relatively) powerful desktop. I worked around it by enabling KDM instead of GDM.

The annoying thing about these bugs is that most of them were found on the beta testing period of F9, and none were corrected for the final release. At least, I don't have to feel guilt for never trying one of the preview releases. ;)

Finally, this isn't a bug proper, but I hope I can help someone with the same problem. If your numeric keypad stops working mysteriously, go to the "Assistive technology" preferences and disable the "Mouse keys". It was enabled magically during the upgrade and took me bit of time to figure it out.

Syndicated 2008-08-25 22:45:23 from Gustavo M. D. Vieira

IPv6 on Fedora (Redux)

A little improvement on my IPv6 setup. I discovered a handy configuration parameter for RADV that makes it unnecessary to update the configuration file in the rare occasion my IP address changes. The improved /etc/radvd.conf looks like this:

interface eth0
        AdvSendAdvert on;
        MinRtrAdvInterval 30;
        MaxRtrAdvInterval 100;
        prefix 0:0:0:1::/64
                AdvOnLink on;
                AdvAutonomous on;
                AdvRouterAddr off;
                Base6to4Interface eth1;


Syndicated 2008-06-24 20:54:12 from Gustavo M. D. Vieira

IPv6 on Fedora

After hearing about the activation of IPv6 (AAAA) records for four of the root DNS servers I got very curious about IPv6 and its current state of adoption. Well, it turns out IPv6 may not be the solutions to all Internet woes but we will have to learn to live with it anyway.

And so I did. Like 99.999% percent of Internet users I don't have a native IPv6 connection, but enabling a IPv6 tunnel on Fedora is very, very easy. I decided for the simplest type of tunnel, called 6to4. This type of tunnel is very convenient as I don't need to register it anywhere nor do I need to ask permission to anyone. It is based on the kindness of people that run 6to4 routers in the IPv4 Internet at the anycast address. Usually people disregard this type of tunnel as being slow, but routing from Brazil to the world is already so slow I found the performance acceptable. Besides, there isn't much yet to do in the current IPv6 Internet.

Enabling a 6to4 tunnel on Fedora is ridiculously simple. First put the following lines in /etc/sysconfig/network:


The last line is only required if you are going to share the IPv6 connection with a local network. The rest of this recipe assumes you are. Now find the configuration file for the interface connected to the Internet. If it is eth1 the file should be /etc/sysconfig/networking/devices/ifcfg-eth1. Put the following lines there:

  IPV6TO4_ROUTING="eth0-:1::1/64 wlan0-:2::1/64"

Once again, the last two lines are only required if you have a local network you want to provide with IPv6 connectivity. If not, remove the extra lines and you are set. Restart the interface and you are connected to the IPv6 Internet! When using 6to4, probably due to the performance concerns, Fedora prefers IPv4 addresses. So, go to a IPv6 only site (like http://www.ipv6.bieringer.de/) to test it. And remember to define a IPv6 firewall. Your current iptables firewall only covers IPv4, use ip6tables to create a IPv6 one.

A nice thing about this setup is that a 6to4 tunnel gives me a whole /48 netblock based on my IPv4 address. So, no NAT in my local IPv6 network! The last two lines lines above allow the networking scripts to control the RADV daemon and to create IPv6 addresses to other interfaces (besides the one you are actually configuring). Just treat the /48 of your 6to4 address as a prefix and create a /64 netblock for each interface. Create a /etc/radvd.conf file with an entry like this for each interface:

interface eth0
        AdvSendAdvert on;
        MinRtrAdvInterval 30;
        MaxRtrAdvInterval 100;
        prefix 2002:XXXX:XXXX:1::/64
                AdvOnLink on;
                AdvAutonomous on;
                AdvRouterAddr off;


Where 2002:XXXX:XXXX is your automatically configured 6to4 adress. Start RADV daemon and the hosts in you internal network should receive an automatically generated address.

For me, the next step would be to do the same to this site and add a little bit more content to the IPv6 Internet. Unfortunately, the Xen kernel used by my VPS provider doesn't support stateful iptables support for IPv6. I though IPv6 support on Linux was a done deal, but this critical functionality was only added about and year ago in kernel 2.6.20. It seems IPv6 may be a bit farther in the future than I expected. But it was surely fun to set it up anyway.

Syndicated 2008-02-25 22:27:45 from Gustavo M. D. Vieira

Fedora 8

I've been running Fedora 8 for the last couple of weeks. If nothing else, using Fedora is a constant source of fun. Always new toys to play with, old bugs fixed, new bugs created. And obviously, new tricks to be learned.

PulseAudio is one of the great features introduced in Fedora 8. I really enjoyed the good work that went into integrating PulseAudio and Fedora. It really is seamless, except for the odd bug in alsa and proprietary applications. Here are two things I discovered regarding pulse audio.

First: PulseAudio shows a simplified but functional interface to control sound, and to support Alsa applications transparently, it appears as the default virtual device hiding you hardware device. Problem is, if the hardware device is muted or has the volume set too low, there is nothing you can do through the PulseAudio interface to make sound work. Obvious as it seems, you have to first enable and adjust the volume of the relevant inputs in the hardware device, and then be able to enjoy PulseAudio. You can use the alsamixer -c [0...7] command, changing the -c argument until you find your hardware device, set it up, and you are ready to go. The good news is that, once it is done, applications (such as Skype) won't be messing with your hardware device as PulseAudio hides it.

Second: to enable the PulseAudio daemon in you GNOME session, you need to go to System|Preferences|Hardware|Sound and enable ESD. That's really stupid, they should have changed the label, but this control really creates an instance of the PulseAudio daemon. If it isn't running, sound won't work. I discovered this because ESD gave me a lot of problems in the past and have been deactivated in my GNOME preferences for a long time. It never occurred to me to enable it to fix Alsa applications that suddenly stopped working. But, again, once you discover that, everything just works.

Syndicated 2008-01-22 00:59:20 from Gustavo M. D. Vieira

Munin and Postfix

One more in the ongoing series "patches that make the world go round". If you happen do use the excellent Munin to monitor your servers and use the Postfix plugins, you may have noticed that Munin 1.2.5 introduced a bug in the postfix_mailstats plugin. The bug report and fix is here.

Remember people: release early, release often!

Syndicated 2007-12-15 16:00:15 from Gustavo M. D. Vieira

OpenSER 1.2.2 PostgreSQL Driver Patch

I run a personal SIP server powered by OpenSER. Actually, calling something a SIP server is a bit of oversimplification as the protocol and actions associated with it are fairly complex (as far as I know, I run a SIP proxy and location server). All this to say that OpenSER uses a relational database to store its data, as do all classy enterprise software out there.

So far, so good, but when it comes to relational databases I like using PostgreSQL instead of the OpenSER default MySQL. Why? Because I know how to use it! Problem is, the last stable release of OpenSER (1.2.2) has a serious bug in the PostgreSQL driver, making it impossible to use. It's a pity no one bothered to do a brown bag release because of this issue. Not being the default database really turns you into a second class citizen. Anyway, the fix is already in the OpenSER SVN, but I will post the patch here, to those that want to stick to the released version.
diff -ru openser-1.2.2-tls.orig/modules/postgres/db_res.c openser-1.2.2-tls/modules/postgres/db_res.c
--- openser-1.2.2-tls.orig/modules/postgres/db_res.c    2007-08-16 11:23:05.000000000 -0300
+++ openser-1.2.2-tls/modules/postgres/db_res.c 2007-11-25 08:23:53.000000000 -0200
@@ -572,6 +572,7 @@
         * If this is not done, a memory leak will happen.
        for (col = 0; col 

The silver lining in this was that it was quite easy to find a solution to this problem. Before OpenSER I used for some time the original SER, and I can tell you, it is almost impossible to find some help on the web. Both because SER is a lousy name to base a Google search :) and because the project isn't quite transparent as a proper open source project should be. So, congratulations to the OpenSER developers! And remember, release early, release often!

Syndicated 2007-11-25 20:03:29 from Gustavo M. D. Vieira

Really Obsolete RPMs

The version of K9Copy packaged by Livna is now newer than the one I maintained, so I'm officially taking it down.

Syndicated 2007-11-25 19:20:41 from Gustavo M. D. Vieira

Obsolete RPMs

Both OpenMSX and K9Copy now have official RPMs for Fedora. OpenMSX is part of the main distribution, just execute yum install openmsx. K9Copy is packaged by Livna, go there and install their repo.

As my version of K9Copy is newer than the one packaged by Livna, I will keep it a bit longer. When Livna catches up, I will remove it from the site. See, I actually like being obsoleted. :)

Syndicated 2007-10-05 20:57:53 from Gustavo M. D. Vieira

Emacs And Cedilla

This one is for the "unlikely bugs" section. If you use the magic combination of Emacs 22, a US keyboard and dead keys in a UTF-8 locale, the combination ' + c will give you ć instead of ç. Of course, this is a bug only if you want ç and not ć, so please forgive my ç-centrism. No offense intended to ć-using languages, whatever they may be. :)

GTK2 had this same bug about 5 years ago, and they solved it by creating the "cedilla" input method, and selecting it according to locale. Guess the Emacs guys will have to go the same route. Meanwhile, a simple workaround is to fire up Emacs in a ISO-8859-1 locale: "$ LC_ALL=pt_BR emacs" and as soon as the program opens up, select "Options|Mule|Set Language Environment|UTF-8". It isn't pretty, but as I use the US keyboard only rarely this works for me.

Syndicated 2007-10-03 17:04:44 from Gustavo M. D. Vieira

25 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!