ChaseVenters.org

Modifying Your Sports Car

2012-02-12T21:17:25Z

I want a fast car!

When I was 15 I got a ride in a friend's WS6. In addition to looking great, it was my first experience with a fast car. I was hooked, and for a while I was convinced I'd get myself a WS6 when I turned 16.

At 16, of course, I didn't have tens of thousands of dollars to drop on a new car. I was very fortunate that my parents bought me a used Honda Prelude, and I showed my gratitude by totaling it a month later when I tried to negotiate a turn too quickly in the rain. If there is anything I learned from the Prelude (other than the fact that it really sucks to wreck your new car), it was that I could perform simple maintenance on a car, such as an oil change, in my garage.

16, and my high school years in general, occurred during the rise of the rice-burner in America. Imports outnumbered domestics at my school and every morning and afternoon featured a soundtrack of coffee can exhausts farting in and out of the parking lot. There was a giant pissing match between everybody and everybody else over whose car is faster.

Most of us were just dreamers with no means. I replaced the Prelude with a Nissan 240sx and sat to work modifying it -- that is, dreaming of modifying it. I was going to convert it to a Turbo Silvia. But I didn't have any money.

Fate (and my own stupidity) eventually took hold and I smashed the 240sx too. I ended up in a cheaper 5 spd Nissan Sentra. The biggest "mod" the Sentra ever received was a transplant of a decent custom stereo that was once installed in the 240sx. But as I drove this beater over the years, I swapped two clutches, and practically the whole ignition system. I started to gain real confidence that I knew how to work on cars.

Eventually, as a young adult, I took out a loan and swapped the Sentra for a Mazda Miata. I didn't have a lot of money, but I had some, and I was soon pouring money into modifying the Miata. It seemed like the dream I always had about upgrading a car was finally coming true. I was so excited that I barely noticed when a professional mechanic advised me not to get into heavily modifying my daily driver -- especially if I am not a professional mechanic prepared to keep it running. I ignored this advice again when a friend with a heavily modified 350z explained his regrets at having destroyed the car's reliability.

I suppose I thought that they were part of a "club" that didn't want new members. In reality, they were just ensuring they would eventually get a big "I told you so!"

I'll build a fast car!

I started with a simple tune-up. The car ran a little smoother, but it was no faster.

I added custom seat heaters. They were a nice mod. But it was no faster.

Being a Texas driver, my Miata was often stuck in traffic on hot days. This led to a number of incidents when the car would overheat and require me to switch from comforting A/C to blistering heat. In went my first high-dollar mod, a thousand-dollar aluminum race radiator combined with an oil cooler. I dropped another $400 on a custom fan shroud with two large electric fans. I felt great about my investment, but I still had problems on hot days. And the car was no faster.

Naturally, any fast car should handle very well. The Miata is known for handling well from the factory, and for being very easy to drive, but I decided to supercharge the handling. I bought upgraded anti-roll bars, dropped 2k on a custom coil-over suspension and spent half a grand on 28 replacement suspension bushings from a performance part manufacturer in England.

I installed the coil-overs myself but was not prepared to tackle the massive task of installing bushings alone. I paid a friendly mechanic with a brand new intake for his car (taking another $400 out of my own pocket) and we spent a day doing the bushings with a real lift and hydraulic press. Towards the end of the evening we were both tired, and when he started using the impact wrench to torque down my eccentrics while the wheels were still sagging, I didn't have much energy left to argue the merits of doing the job properly (while the car was resting on its own weight). Although all the bushings were now installed with preloaded stress, the car felt great, and though it didn't accelerate any faster, it probably cornered faster.

Nevermind that broken part, I'll just keep upgrading!

Before the bushings started to fail, the custom lexan fan shroud was cracking. This gentleman's home-built radiator shroud design was not thought out well. In addition to falling apart, the foam used to seal up the shroud around the edges was melting and forming a disgusting goo on the radiator. I should have stopped there and gotten a real fan shroud, but I was too interested in spending money on more fun parts for the car.

By this time it was clear that I wanted a supercharger. After seeing a deal online for $500 off on an MP62 kit, I put it on a credit card and ended up with a pristine, brand new supercharger in a cardboard box in my closet. Installing the supercharger would be a big ordeal and there was a lot of prep work I'd have to do.

I installed an upgraded header and heat wrapping. The car sounded a little better, and it may have been faster (by a very small amount). But I still wasn't ready to install the supercharger.

In order to support the load of the supercharger, I'd need a new performance clutch. I spent the money on a Stage 3 clutch and decided to get a lightweight flywheel to make the engine rev faster while I was at it. $1000 later I was underneath the car, swapping in the new parts. I thought I would go ahead and replace the rear main seal (which wasn't leaking oil) with a new one. Preventative maintenance and all.

Eventually I decided to get smart and run a compression test on the engine. Bad news -- I needed new rings. That was going to be expensive and would further delay my supercharger installation. But no matter, I was making progress towards my dream. I was going to finish building my fast car.

Unfortunately, dreams are often just that. My car was already less reliable than when I started. I needed frequent alignments to keep the lowered car driving correctly. I was going through tires. And before long, I noticed the car was leaking oil -- from the transmission bellhousing. My brand new $1000 clutch setup started to slip, and then slip more. A year after purchase, its warranty already having expired, I still had the supercharger sitting in a box in my closet.

I must have screwed up the rear main seal. I decided that I needed to replace the clutch. This time I paid a professional Miata shop to do the work. $1000 later I had a new clutch and a resurfaced flywheel. The oil leak had destroyed the old clutch and flywheel. At least the pros did it this time. They replaced my rear main seal again. Surely they would do it correctly.

My fan shroud was falling apart even worse than before. The car started making bad noises when I went over bumps and the handling began to degrade. My suspension bushings were beginning to fail, the result of cutting corners in the install procedure. I poured in yet more money to start replacing these parts as they went.

And then I noticed more oil leaking from the bellhousing. I should have twisted the shop's arm to fix the problem. Instead, I waited a year until the damage was already done.

It's just a freaking money pit!

My priorities started changing. The Miata is a fun car but there were new things in my life. I had turntables and a small but growing collection of music software. I started pursuing a more productive hobby.

I decided to hawk the brand new supercharger in my closet. I sold it at a loss.

I still have frame rail reinforcements, and a set of new rear drive gears for a different ratio. I still have top of the line sound deadening material I never installed. If I'm lucky, I'll be able to sell some of those parts at a loss too.

By now I was just trying to keep the car running as a daily driver. The clutch continued to get worse and I had to replace the $150 dry cell battery with another one after it lasted no longer than a standard battery. (The factory Panasonic battery the car came with was in no way worn out when I installed the first dry cell battery. It was just another "upgrade")

On the way home from work one day, a driver in a Tahoe was too busy chatting on his cell phone to notice my Miata in the lane next to him, and so he slammed my car into a guardrail. Both of our insurance companies quickly reminded me that the thousands of dollars of custom work done to the car did nothing to increase its actual value. I knew this before I started modifying the car, but it was still a punch in the gut.

You told me so!

In the end, I caused the Miata enough problems that it actually became slower.

It's true what they say. Modifying a car is an expensive, time consuming proposition. Cars are already depreciating assets; adding custom parts to them makes it even worse.

When cars leave the manufacturer, assuming the vehicle is of reasonable quality, it will have reasonable durability. Virtually everything you do to "customize" beyond the factory specs will negatively impact the longevity. Custom parts break much more often than factory ones, and custom parts often break the factory parts you plug them into.

If I had it all to do over again, I would have upgraded the stereo and installed the seat heaters. I wouldn't have upgraded anything else. I should have just fixed problems when they came up. But like so many things in life, I learned this lesson the hard way.

Migrating from old krb5/NFSv4 to newer krb5/NFSv4

2011-11-11T06:17:08Z

I thought I'd post a quick tip for anyone upgrading a set of clients in a kerberized NFSv4 network. I'm in the process of pushing out CentOS 6 to a cluster currently supported by NFSv4 on CentOS 5 and my standard "setup krb5/nfsv4 client" script didn't leave me with a working client. Instead, I got this error on the NFS server every time I attempted the NFS mount:

gss_kerberos_mech: unsupported algorithm 6

gss_kerberos_mech: unsupported algorithm 23

Some advice pointed out that the keytab might need to be written out without the newer key types, but attempting to limit to des-cbc-crc did not fix the problem.

Instead, I found that the following settings in the [libdefaults] section of /etc/krb5.conf fixed my environment:

[libdefaults]
 # cventers: These overrides are TEMPORARY until we have abandoned CentOS 5
 default_tgs_enctypes = des-cbc-md5 des-cbc-crc arcfour-hmac-md5 arcfour-hmac-exp
 default_tkt_enctypes = des-cbc-md5 des-cbc-crc arcfour-hmac-md5 arcfour-hmac-exp
 permitted_enctypes = des-cbc-md5 des-cbc-crc arcfour-hmac-md5 arcfour-hmac-exp
 allow_weak_crypto = true

qpsmtpd plugins

2011-04-07T00:24:48Z

As part of deploying a new Postfix-and-qpsmtpd based mail architecture at work, I have developed some qpsmtpd plugins and extended its native queue/smtp-forward plugin.

filter/dkimsign: Signs e-mail using Mail::DKIM. There are a other dkimsign plugins out there but I wanted to take a stab at doing one myself.
filter/header_whitelist: Possibly controversial, could break many things if misused. I wanted a way to clean up all the extra garbage version headers, etc added by the multitude of scripts and platforms generating email in our environment. If the mere existence of this plugin doesn't violate RFC2822 or e-mail best practices, certain configurations certainly would. Use with care.
queue/smtp-forward: I have extended the stock plugin to support the Postfix XCLIENT verb. This allows a qpsmtpd to pass information about the client (their IP and HELO, in particular) which Postfix can then use for access control and/or logging. I'll try and submit this back upstream.

You can find the plugins at my GitHub page.

Southwest In-Flight Wifi Review

2010-11-19T02:14:51Z

I just took a Southwest Airlines flight that was wifi enabled. I couldn't resist the temptation to give the wifi a spin.

My review, in a nutshell? It costs $5, it appears to work with (at least) HTTP(S), Outlook, and ssh... but the performance leaves something to be desired.

The Wifi gateway also appears to mangle HTML passing through it in order to display a Southwest airlines banner over the top of the pages. This does provide some function -- it indicates your current altitude and ETA. But they could have included a way to disable the behavior.

The bottom line? It works, and that much is neat. But given the performance limitations (and keep in mind this is just one data point), I doubt its utility for anything but basic surfing. But on a long flight, I don't think books or magazines could make the time pass by with such ease.

VIM Plugin: Makesd/Makecsd

2010-09-24T12:32:50Z

I wanted to share a little VIM plugin I just got done writing, makesd.vim. This plugin is pretty straightforward, and is adapted from a couple of Perl command-line scripts I tend to haul around called makesd and makecsd.

In short, they produce clean looking separators for use inside source code:

:Makesd "Public Interface"
# ========================================================================== #
# ============================ Public Interface ============================ #
# ========================================================================== #

:Makecsd "Public Interface"
/* ======================================================================== */
/* =========================== Public Interface =========================== */
/* ======================================================================== */

It's my first VIM script. VIM scripting is pretty easy -- give it a try!

Brain Damage

2010-09-23T18:35:34Z

Another one for the record books. Once again, the kind folks at Redmond have proven how truly incompetent they are, and why at the end of the day, a power user can only survive on an open source platform.

Microsoft has stripped the ability to save raw e-mail messages from Outlook 2007. Supposedly this capability exists in Outlook Express and/or Windows Mail. But there are mountains of bad advice suggesting that export to those programs, followed by an import, or an export to .txt, is an acceptable alternative. (It isn't, in all cases, the transport headers aren't included. Who knows how else Microsoft is molesting the message).

Commercial solutions exist - one for only $14 (are you kidding me?) and one for over $60 (are you kidding me???)

transocks_ev Patch: DNS, Performance, Reliability, Logging

2010-09-20T23:39:00Z

I've put out a new transocks_ev patch transocks_ev-performance-reliability-dns-logging.patch. transocks_ev is a neat little program by Bernd Holzmueller at tiggersWelt.net that uses the Linux netfilter/iptables stack to intercept outgoing TCP connections and transparently convert them into SOCKS5 proxy connections. It's based on transocks which does the same thing. transocks uses a forking model, while transocks_ev uses libevent to multiplex connections in a single process's event loop.

I'm planning on using these changes to transparently intercept outgoing Postfix SMTP connections on some backend mail servers and to use DNS-based load balancing to fan those connections out across multiple proxy servers/Internet connections.

In addition, I've improved the logging support of transocks_ev, giving it three levels of verbosity with basic statistics collection for the connections. All blocking operations have been converted to non-block (connect(), write(), the new DNS). The code is using libevent bufferevent to manage low level socket access.

libsoup Ignores DNS TTLs

2010-09-19T01:41:03Z

I've been using libsoup to run a small SOAP engine for one of the back-office programs I maintain. We've recently upgraded to a new load-balanced architecture, and we are using DNS-based load balancing to fan these SOAP requests out across our servers.

It only took a few days in production to realize that libsoup was doing something nasty. Prior to any HTTP request, you need to create a SoupSession object. This object manages things like connection pools / keepalive. It contains a GHashTable called hosts, which it uses as a cache of connections to a given hostname.

/* Requires host_lock to be locked */
static SoupSessionHost *
get_host_for_uri (SoupSession *session, SoupURI *uri)
{
    SoupSessionPrivate *priv = SOUP_SESSION_GET_PRIVATE (session);
    SoupSessionHost *host;

    host = g_hash_table_lookup (priv->hosts, uri);
    if (host)
        return host;

    host = soup_session_host_new (session, uri);
    g_hash_table_insert (priv->hosts, host->uri, host);

    return host;
}

Unfortunately, entries in this hash table are never removed or expired unless the SoupSession object itself goes away. This sucks for a few reasons:

DNS TTL values are ignored. Instead, the result of the DNS query is cached forever. Obviously this means that if the record is ever changed, libsoup clients need to be restarted to know about it.
DNS load balancing is broken by libsoup, which will repeatedly connect to the same IP address regardless of whether multiple IPs are included in the response to an A query.
You really wouldn't want to write a robot or some other long lived program that would make lots of connections to lots of different hosts using libsoup, as it stands. Aside from the obvious correctness issues listed above, the hosts hash table will experience unbounded growth. Thankfully all of our connections are to the same small set of URLs and hostnames.

I'm not sure how easy it would be to patch libsoup to behave correctly. As far as I can tell the GResolver that libsoup relies on doesn't even report TTLs.

Given the nature of this bug I can only see a few workarounds:

Set the Host HTTP header yourself, do the DNS query yourself using GResolver, and supply the server's IP address to the SoupURI instead of a hostname. This breaks SSL certificate validation.
Recycle/create the SoupSession per-request. This breaks keepalive/connection pooling and has obvious overhead issues.

Given the nature of how I'm using libsoup, I chose the latter option. YMMV.

asterisk-func_dns: Asterisk 1.4 DNS() dialplan function

2010-09-13T08:07:52Z

I'm doing another small code release. This one is asterisk-func_dns, a dialplan function DNS() to do an explicit DNS query without requiring you to launch an external program. It's an alpha release currently intended for Asterisk 1.4 and only supporting IPv4 / DNS A record types.

I'm using this to implement DNS-based load-balancing for outgoing calls across a series of proxies and internet connections.

In my dialplan, I request the IP addresses of my proxy servers ahead of any attempt to Dial(). This module returns the list of IP addresses published in the record, separated by commas. This allows me to sequentially fork across the proxy servers, and since I don't need to rely on Dial()'s forking support, I can add additional processing in between attempts. Since I obtain the proxy set by looking up a single DNS name, my Asterisk dialer configurations do not have to change if I add more proxy servers to my network, also meaning that those Asterisk dialers will not waste time trying to contact outbound proxy servers that have gone offline for maintenance or due to a failure. Each Asterisk dialer will try every call amongst all the working proxy servers, up to one attempt each, in a random order.

This code could benefit from some obvious todos: forward port to modern Asterisk versions, implementation of the ability to grab other record types like SRV or AAAA, etc. I may address these eventually but at the moment this is "good enough for me". I release this code (under the same Asterisk licensing terms: GPLv2) with the hopes that someone finds it useful.

Christmas Tree Configuration Files

2010-09-09T11:30:00Z

Okay, I'm pleading with developers. I'm very impressed at the number of options and switches that your program exposes via its configuration file(s) / directories / databases. Bonus points for those of you who have managed to extensively document each switch and its default setting with inline comments.

Actually, that strategy even works up to a point. But once your configuration file exceeds a few screens in length you're starting to go off the deep end. Your program's defaults should be minimal, sensible and secure, especially in the case of network daemons.

There are some hideous offenders out there like Asterisk, whose Christmas tree default configuration is often only lightly modified by novice administrators. A default RPM installation of Asterisk on my development virtual machine ships with 63 configuration files -- 7511 lines in total. But I run some perfectly good inbound SIP IVRs with 10 files and 251 lines.

When you throw a huge mess of a default configuration in my face, you leave me with the feeling that I can't even approach your software until I have had the time to digest the security implications of every one of the switches you are exposing.

There are other programs which do it well like OpenVPN. They ship sample configuration files for different configurations, from which you can copy and paste your own configuration files together. This approach is much saner than editing a huge file -- take what you need, leave what you don't.

I advise all system administrators faced with such configuration mountains to grit their teeth and write their own configs from scratch after carefully studying the stock configuration. Turn on and configure only the specific features you need, lightly document your intent with comments, and leave the other garbage out of the configuration files. The more scrolling past heaps of irrelevant comments and settings you must do to scan the configuration file, the less you will be able to focus on the big picture of how your system is set up.

Corosync::CPG

2010-09-08T09:28:12Z

I'm working on releasing a small piece of useful Perl XS module code to the world... Corosync::CPG. This allows you to use the corosync cluster stack's reliable, ordered multicast messaging bus from within Perl.

I have applied for a PAUSE id and plan on submitting this module to CPAN as well. For now, this is a super-early alpha. It works for me, but the POD documentation is incomplete and there is obviously no warranty.

The terms of this release are the same licensing terms as Perl itself (GPL/Artistic).

Ksplice Review

2010-09-08T07:39:56Z

We recently signed up for Ksplice, a service offering live Linux kernel updates. (Yes, live means while the kernel is running.)

Now, the kinds of updates we are talking about are patches to running code intended to apply critical security fixes. Ksplice won't let you upgrade from 2.6.34 to 2.6.35. Nevertheless, for mission critical servers (especially tough ones like database servers, routers and the like), the prospect of not having to reboot to install security updates is a huge win.

LWN looked at Ksplice, for those who are interested in knowing how it works. (Even if you're not a kernel programmer, you can learn so much from watching the kernel programmers at work.)

Ksplice is a young company but has racked up an impressive list of clients. I've found their solution easy to use. Billing and support is straightforward, and they're very friendly people. We've had no problems applying the updates. I would recommend Ksplice to anyone looking to keep their production GNU/Linux systems up to date.

daemontools patches

2010-09-08T07:06:32Z

I've been relying extensively on daemontools to manage services on my production servers for years. There are newer entries into the arena like runit and even upstart which replaces init. I'm not ready to replace daemontools on any of my servers just yet; its simple design is something I've come to depend on.

All that being said, I'm like many of the other users of djb code: small patches here and there make things better. So in that spirit, here are two of my contributions.

daemontools-0.76-readproctitle-clear-on-sigusr1.patch
Causes readproctitle to clear its buffer (reset it to periods) when it receives SIGUSR1. It's useful if you're setting up new services and you need to see if a certain error has really been fixed.

diff -Nru a/admin/daemontools-0.76/src/readproctitle.c b/admin/daemontools-0.76/src/readproctitle.c
--- a/admin/daemontools-0.76/src/readproctitle.c        2001-07-12 11:49:49.000000000 -0500
+++ b/admin/daemontools-0.76/src/readproctitle.c        2010-09-06 16:09:28.000000000 -0500
@@ -1,10 +1,21 @@
+#include 
 #include 
 #include "error.h"

+static char *buf;
+static unsigned int len;
+
+static void
+clear_line(int sig)
+{
+  int i;
+  for (i = 0;i < len;i++) {
+    buf[i] = '.';
+  }
+}
+
 int main(int argc,char **argv)
 {
-  char *buf;
-  unsigned int len;
   int i;
   char ch;

@@ -14,6 +25,8 @@
   while (buf[len]) buf[len++] = '.';
   if (len < 5) _exit(100);

+  signal(SIGUSR1, clear_line);
+
   for (;;)
     switch(read(0,&ch,1)) {
       case 1:

daemontools-0.76-setuidgid-initgroups.patch
Causes setuidgid to initialize the supplementary groups for the user account it is changing to.

diff -Nru a/admin/daemontools-0.76/src/setuidgid.c b/admin/daemontools-0.76/src/setuidgid.c
--- a/admin/daemontools-0.76/src/setuidgid.c    2001-07-12 11:49:49.000000000 -0500
+++ b/admin/daemontools-0.76/src/setuidgid.c    2010-06-22 16:06:05.000000000 -0500
@@ -21,6 +21,8 @@

   if (prot_gid(pw->pw_gid) == -1)
     strerr_die2sys(111,FATAL,"unable to setgid: ");
+  if (initgroups(pw->pw_name, pw->pw_gid))
+    strerr_die2sys(111,FATAL,"unable to initgroup: ");
   if (prot_uid(pw->pw_uid) == -1)
     strerr_die2sys(111,FATAL,"unable to setuid: ");

NSIS Plugin Released: Pwgen

2009-10-09T18:32:41Z

I've been working on an installer for a Windows service using Nullsoft Scriptable Install System. This installer creates a special account to run the service under, but to do so, it has to come up with a random password. NSIS offers a few existing mechanisms for random numbers, but neither are anything but basic PRNGs.

In order to get *good* random passwords, we want the equivalent of /dev/urandom. Microsoft provides the CryptoAPI, which includes the CryptGenRandom() API. I developed a DLL plugin for NSIS called Pwgen that collects entropy from the OS and generates a random password, restricted to the 62-character set of alphanumerics.

You can download pwgen-001 directly from me. I also recommend the official Pwgen plug-in wiki page on the NSIS wiki and the discussion thread on the Winamp NSIS forum.

Nokia Further Open-Sources Qt

2009-01-17T16:33:19Z

Nokia has announced that they are going to add an additional license to the QPL/GPLv2/GPLv3/Commercial lineup: LGPL v2.1. This is excellent news for the toolkit as it will lead to wider adoption (and more improvements to the core toolkit).

I love Qt, because when I'm paid to write software to run on Microsoft Windows, I write that software on Linux, compile it on Linux, test it on Linux, and then the last step is to cross-compile it to Windows and test it inside a kvm virtual machine. I barely have to touch Windows with a 10 foot pole.

I'm not extremely fond of C++, but Qt makes C++ tolerable. The toolkit is quite honestly miles beyond Gtk+, a statement I make having written a Gtk+ app before, a number of glib apps, and being very fond of C. They're now shipping Webkit and an XQuery processor, and your application scan be styled (on the fly) with CSS.