Sat, 22 Dec 2007

An Amtrak Christmas

Amtrak: It's not just a journey, it's an Adventure

This has certainly been one of my more memorable train journeys. My plan was to take the train from Ann Arbor to Mount Pleasant, IA, which is a couple hours south of where my parents live, instead of flying back to Iowa for Christmas.

The train left Ann Arbor about fifteen minutes late, which, by Amtrak standards, is early. We hadn't even made it to Jackson when one of the cables that connects the cars and supplies them with electricity fell off and was damaged. The train stopped, and after about a half hour of several unsuccessful attempts to get it to stay on (with attendant brief periods of hope when the lights came on for a half- second, only to go right back out) we went the twenty miles to Jackson. There I saw a guy heading towards the back of the train with a hacksaw. This is always a good sign. After about ninety minutes our train and electricity again, and we were on our way.

Things would have been fine, however, the Universe smiled down upon us and the fallout from a freight train derailment that happened yesterday left northwest Indiana with only one track. More waiting ensued, and we finally arrived at Union Station at around 3:00 pm, or an hour after the California Zephyr left for Mount Pleasant and points beyond.

Fortunately, the well-oiled machine that is Amtrak knows how to handle this situation, and I was given money for food and taxi, and they paid for a night at the Inn of Chicago, which is probably the fanciest hotel I've stayed in. I'll be in Iowa tomorrow (Goddess willin' and the creek don't rise). Soon I'll go out wandering about for food. I'm apparently on the Magnificent Mile and close to Navy Pier, so there should be something worth looking at.

I know what the next cover of Late Night Thinking is going to look like:

Posted at: 18:44 | category: /travel | Link

Sun, 09 Dec 2007

k5 Zephyr, Part 1

Fully k5 zephyr has been in various states for the past few years. Recently, gendalia, a former co-worker of mine back at Iowa State has been tasked with pounding on it at work. Last week I loaded the new code in the TPROA realm to assist with doing cross-realm testing.

After some difficulty with getting my kdcs to work with a combination of having a principal with only des-* keys, being able to convert those into a srvtab, and have the kdc be able to find the keys when given a direct v4 tgt request (solved with a combination of pounding on my kdcs like a confused caveman — the kvno on my zephyr/zephyr went from 2 to 25 — and ifdefing out anything that was trying to get k4 credentials) we had something where we could send back and forth.

Interestingly, TPROA -> MENELOS will send auth zephyrs, but everything MENELOS -> TPROA was unauth. I suspect there is some enctype mismatches. But in the process of debugging that, I noticed that braindumps between my two zephyr servers were not working. Yes, my old nemesis, failing brain dumps.

After a couple days of staring at the code and littering it with printfs to simply understand what the hell it is doing, I understood enough of the code to see that the "server" side of the brain dump process wasn't written, so the server would run bdump_send, not actually do anything, and resume sending regular zephyr packets to the other server. This confused it to no end, because it was expecting to get an authentication exchange packet back and was getting regular zephyr packets (which, when it tried to decode them, made it really confused).

After several hours of staring at the "client" side of the code, I made an initial attempt at the "server" side, which did not work at all. After a couple of more hours of staring at the code again (and breaking out gdb, building with debug symbols and getting close to trying to decyper the asn.1 packet that the "server" was getting back and choking on) I realized that I had blindly copied too much code from the "client" side.

So, to write this down so I don't have to re-learn it the next time I have to understand this, this is how the brain-dump works up through the authentication steps:

Server starts up, sends HELLO to all peer servers
Braindump avail, get it here
send krb_ap_req, ask for mutual authentication
read krb_ap_req, does it look good? Okay, send krb_ap_rep
Read krb_ap_rep, good? Excellent

My screwup was to have the server do a krb5_rd_rep when it should have been doing krb_rd_req. Incidentially, if krb_rd_rep spits out Unknown error: 1859794434, it's complaining about an unknown asn.1 field because it's reading the wrong type of packet. So, once I read enough to figure out what should happen in an ap_req/ap_rep exchange and coded it, I had working braindumps.

Posted at: 15:23 | category: /computers/zephyr | Link

Sat, 01 Dec 2007

Late Night Thinking, Issue 0

After several years of thinking I should make one, and a year of stashing away bits of writing, issue 0 (Circumspice) of Late Night Thinking finally exists in physical form. 34 pages of random ramblings about Toronto, Ypsilanti, moving to Michigan, and more about making tea than you probably cared to know. You can find info about it here..

Haiku a Day is still going strong after over two years. I don't know where I was going here — my mind wandered for two minutes wondering how I'd count the number of haikus in the text file I keep them all in without having to manually count them. Anywho, more info at the link.

Posted at: 16:18 | category: /zines | Link