CABJ

cabj

on problem solving

– Λογικά συμβαίνει αυτό και δεν παίζει

Πάνω στη δουλειά είμαι φωνακλάς. Τις περισσότερες φορές ίσως αδικαιολόγητα. Υπάρχει όμως ένα πράγμα για το οποίο φωνάζω συνέχεια:

– Μην κάνεις λογικές υποθέσεις!

Έχω παρατηρήσει πως στην διαδικασία επίλυσης προβλημάτων, όταν η πρόταση ξεκινάει με την λέξη “λογικά”, τότε από υπόθεση αυτόματα γίνεται απόδειξη με όλα τα διαθέσιμα στοιχεία να αγνοούνται και όλα τα ενδιάμεσα βήματα να παραλείπονται. Όταν όμως το guesstimation πέσει έξω (και είναι θέμα τεράστιας εμπειρίας να μην πέφτει κανείς έξω) αυτό σημαίνει πως πολύς χρόνος έχει περάσει χωρίς αποτέλεσμα.

Επειδή ονομάζουμε κάτι λογικό, δεν σημαίνει πως είναι κιόλας!

Αντιγράφω από το “Forensic Engineering Investigation“:

There should be a large foundation of evidence and facts at the bottom. These facts then form the basis for analysis according to proven scientific principles. The facts and analysis, taken together, support a small number of conclusions that form the apex of the pyramid.

Conclusions should be directly based on the facts and analysis, and not on other conclusions or hypotheses. If the facts are arranged logically and systematically, the conclusions should be almost self-evident. Conclusions based on other conclusions or hypotheses, that in turn are only based upon a few selected facts and very generalized principles, are a house of cards. When one point is proven wrong, the logical construct collapses.

Αποφύγετε να χρησιμοποιείτε τη λέξη “λογικά” όταν προσπαθείτε να βρείτε τι συμβαίνει:

– Λογικά συμβαίνει το Α επειδή έχω το Β

Προγραμματίζεται το μυαλό σε λανθασμένη πορεία. Αντί το Β να είναι πιθανό αίτιο, μετατρέπεται σε βεβαιότητα. Και αντί να ψάξει κανείς να βρει όλα τα πιθανά αίτια, προσπαθεί να αποδείξει πως το συγκεκριμένο Β προκαλεί το Α, ακόμα κι αν δεν το προκαλεί.

Update 2009/08/05: Έτυχε να διαβάσω το “Strong Inference” [pdf] το οποίο περιέχει αναφορές και από το “The Method of Multiple Working Hypotheses” του T. C. Chamberlin. Αντιγράφω σχετικά:

Chamberlin says our trouble is that when we make a single hypothesis, we become attached to it.

“The moment one has offered an original explanation for a phenomenon which seems satisfactory, that moment affection for his intellectual child springs into existence and as the explanation grows into a definite theory his parental affections cluster about his offspring and it grows more and more dear to him […] There springs up, also, an unconscious pressing of the theory to make it fit the facts to make them fit the theory.”

To avoid this grave danger, the method of multiple hypotheses is urged. It differs from the simple working hypothesis in that it distributes the effort and divides the affections.

Each hypothesis suggests its own criteria, its own means of proof, its own method of developing the truth, and if a group of hypotheses encompass the subject on all sides, the total outcome of means and of methods is full and rich.

Chamberlin thinks the method “leads to certain distinct habits of mind” and is of prime value in education. When faithfully followed for a sufficient time, it develops a mode of thought of its own kind which may be designated the habit of complex thought.

(previous)

#define SYSTEM_ADMINISTRATOR

Έχω περιγράψει μια διαδρομή που μπορεί να ακολουθήσει κανείς για να γίνει system administrator. Πολλές φορές όμως είναι πιο εύκολο να εξηγεί κανείς πως μπορεί να γίνει αυτό παρά να εξηγεί τι είναι. Στο Jargon File για παράδειγμα, ο system administrator ορίζεται ως:

admin: /ad·min΄/n.

Short for ‘administrator’; very commonly used in speech or on-line to refer to the systems person in charge on a computer. Common constructions on this include sysadmin and site admin (emphasizing the administrator’s role as a site contact for email and news) or newsadmin (focusing specifically on news). Compare postmaster, sysop, system mangler.

Αυτός ο ορισμός δεν είναι όμως αρκετός για να απαντήσει στον πατέρα μου την ερώτηση:

– Τελικά παιδί μου εσύ τι δουλειά κάνεις;

Για να φτάσει σε αυτή την ερώτηση έχουν προηγηθεί μια σειρά από άλλες. Η σειρά πάει κάπως έτσι:

– Δηλαδή εσύ γράφεις προγράμματα;
– Ναι, αλλά δεν είναι αυτή η δουλειά μου.
– Φτιάχνεις υπολογιστές; (εννοεί με το κατσαβίδι και όλα)
– Ναι, αλλά δεν είναι αυτή η δουλειά μου.
– Ναι, αλλά τους διορθώνεις.
– Ναι, αλλά δεν είναι η δουλειά μου το service!
– Τελικά παιδί μου εσύ τι δουλειά κάνεις;

Ούτε μπορεί να απαντήσει στη γυναίκα μου την ερώτηση:

– Μα καλά εσύ γιατί δεν μπορείς να έχεις ένα κανονικό ωράριο;

Ούτε φυσικά μπορεί να απαντήσει στην παρατήρηση της ξαδέρφης μου:

– Μα γιατί έχεις το laptop μαζί σου Γιώργο στις διακοπές; Στο Δημόσιο δε δουλεύεις;⁰

Θα μπορούσα φυσικά να απαντάω “Είμαι πιανίστας σε μπουρδέλο“. Δε βοηθάει όμως.

Ο φίλος μου ο Σ. εξήγησε μια φορά στη γυναίκα μου:

– Πες πως είναι πυροσβέστης και στη βάρδιά του δεν έχει πιάσει καμιά φωτιά. Και μετά τη βάρδια πυροσβέστης είναι, οπότε εάν υπάρχει φωτιά και δεν υπάρχει άλλη βάρδια, αυτός πρέπει να τη σβήσει.

Για να εισπράξει την απάντηση:

– Φίλος του δεν είσαι;

Αφού οι παραπάνω προσπάθειες δεν έφεραν αποτέλεσμα, δοκίμασα να δω το πρόβλημα από μια άλλη γωνία:

Τι είναι σύστημα;

Στο “What is a Systems Approach?” περιέχονται μια σειρά από ορισμοί που απαντάνε στο ερώτημα “Τι είναι Σύστημα;”. Για την περίπτωσή μας ο συνδιασμός των παρακάτω δύο δείχνει αρκετός:

A system is a set of variables sufficiently isolated to stay discussable while we discuss it. — W. Ross Ashby.

και:

A system is a representation of an entity as a complex whole open to feedback from its environment.

Και πράγματι τα συστήματα που διαχειριζόματε (εμείς οι system administrators) έχουν πολλές μεταβλητές (εξαρτήσεις εάν θέλετε) και είναι πολύπλοκες οντότητες που αλληλεπιδρούν με το περιβάλλον στο οποίο εντάσσονται (για οποιοδήποτε ορισμό του περιβάλλοντος, π.χ. εταιρικό περιβάλλον και ανάγκες, το Internet, οι ίδιοι οι χρήστες του συστήματος, κ.ο.κ.).

Ακόμα καλύτερα το ίδιο άρθρο μιλάει για “organized complexity” που είναι το ίδιο με αυτό που γράφει ο Tom Limoncelli στο “Time Management for System Administrators“: “I am a system administrator! I manage chaos for a living!”

Στο ίδιο άρθρο όμως υπάρχει ένα διαμάντι:

The responsibility of the systems engineer was the choice of the “technical path” between theory and application in order to create new services; improve the quality of existing services; or lower their cost.

Με το παραπάνω φαίνεται να συμφωνεί και ο θεωρητικός του επαγγέλματος, ο Mark Burgess ο οποίος στο “Analytical Network and System Administration” γράφει:

System administration is about the design, running and maintenance of human-computer systems. Human-computer systems are ‘communities’ of people and machines that collaborate actively to execute a common task¹.
:
System administration is primarily about the technological side of a system: the architecture, construction and optimization of the collaborating parts, but it also occasionally touches on softer factors such as user assistance (help desks), ethical considerations in deploying a system, and the larger implications of its design for others who come into contact with it. System administration deals first and foremost with the system as a whole

Όσο βατοί και βολικοί κι αν φαίνονται οι παραπάνω ορισμοί και περιγραφές, πάσχουν: Είναι απλοί και γίνονται κατανοητοί από ανθρώπους που ήδη ξέρουν τι είναι ένα σύστημα ή τι δουλειά κάνει ένας system administrator, αντιλλαμβάνονται τις απαιτήσεις και την πολυπλοκότητα. Έτσι το ερώτημα παραμένει:

– Εσύ παιδί μου, τι δουλειά κάνεις;

Τελικά ίσως το μόνο που να χρειάζεται είναι κάποιος που πιάνει το χέρι του να κάνει μια παραλλαγή αυτού του διαγράμματος:

sowhatdoyoudo — small talk with a web designer

Γιατί όπως φαίνεται δεν είμαι ο μόνος που δεν μπορεί να απαντήσει απλά και περιεκτικά το ερώτημα.

#include <std/disclaimer.h>

[0]- Οφείλω να ομολογήσω πως η ξαδέρφη διαθέτει εν αγνοία της διορατικότητα μια και ο system administrator στο Δημόσιο κατατάσσεται διακριτά σε μία από δύο κατηγορίες, αυτή και αυτή.

[1] – Όσοι ασχολείστε με τη θεωρία των MIS καλό είναι να διαβάσετε το βιβλίο του Burgess. Αυτό περιέχει όλη την απαιτούμενη θεωρία για αυτό που θέλετε: να φτιάχνετε δηλαδή συστήματα που να δουλεύουν και να δουλεύουν σωστά και αποδοτικά. Όλα τα άλλα βιβλία (π.χ. Turban) είναι για να περνάτε τα μαθήματα. Είμαι ισοπεδωτικός, αλλά έχω τα χιλιόμετρα για να είμαι.

sendmail: implementing a “catch all” address

You may find yourself in a situation where you may need to implement a “catch all” email address, i.e. every email that is directed to your domain regardless whether the user exits or not, not to be rejected but instead directed to a single mailbox. There are various approaches to the problem, and we will see some here:

First, the easy way:

Using FEATURE(`virtusertable’) one can do that in a single line:

@example.com          catch-all@delivery.host.name

You can even exclude some addresses and have email delivered to their own mailbox instead of catch-all:

user1@example.com          user1@delivery.host.name
user2@example.com          user2@delivery.host.name
@example.com                 catch-all@delivery.host.name

The sendmail.mc way:

Normally the above trick which is adequately described in cf/README and the bat book, should be enough. But there may be cases that it is not the solution that you want, or simply because it-is-not-invented-here. For example you may want to redirect to catch-all all email directed to existing users of the system, as opposed to the virtusertable trick which does this unconditionally:

LOCAL_CONFIG
Kuser user -m -a.FOUND

LOCAL_RULE_0
R$- < @ $=w . > $*        $: $(user $1 $) < @ $2 . > $3
R$- . FOUND < @ $=w . > $*          $@ catch-all < @ $2 . > $3

Or, you may want to redirect to the catch-all address all email directed to non-existing users of the system:

MODIFY_MAILER_FLAGS(`LOCAL', `-w')dnl
FEATURE(`local_procmail')dnl
MAILER(`smtp')dnl

LOCAL_CONFIG
Kuser user -m -a.FOUND

LOCAL_RULE_0
R$- < @ $=w . > $*        $(user $1 $)
R$- . FOUND          $#local $: $1
R$-                    $#local $: bit-bucket

In fact (with bit-bucket aliased to /dev/null) the above example silently discards every email not directed to an existing user.

The Phenomenon of Science

Internet Systematics is a blog maintained by Yannis Corovesis (a well known Engineer from the stone ages of the Greek Internet) and is the result of his observations as well as of his participation into the process of building the global Internet over the years.

In his latest post he mentions Turchin‘s book “The Phenomenon of Science” which apparently is out of print. But thanks to the Internet, not out of availability: You can read it from Scribd, or even download it from here.

Dado Cubes

Rule.-

sendmail: when local users are not users of the system – part 2

Continuing from the previous post in this series, let’s see how one can deal with incoming email that must be delivered both to physical users of the system and users not visible via /etc/passwd:

LOCAL_CONFIG
Kuser user -m -a.FOUND

LOCAL_RULE_0
# Unconditionally redirect email to abuse and Postmaster
RPostmaster  < @ $=w . > $*        $: Postmaster  < @example.com. > $3
Rabuse  < @ $=w . > $*        $: abuse  < @example.com. > $3

# Deliver email to yiorgos locally
Ryiorgos  < @ $=w . > $*        $# local $: $1

# Delete email directed to all other users in /etc/passwd
R$-  < @ $=w . > $*        $(user $1 $)
R$- . FOUND        $#local $: bit-bucket

# The following is valid only if sendmail is instructed to not check /etc/passwd.
# This is achieved with MODIFY_MAILER_FLAGS(`LOCAL', `-w')dnl
R$- < @ $=w . > $*        $#custom.local $: $1

What does the above snippet do? The first set of rules accepts all incoming email addressed to Postmaster and abuse and redirects it to Postmaster@example.com and abuse@example.com.

The second set of rules accepts and delivers locally all incoming email addressed to user yiorgos.

The third set deletes all incoming email for all other users listed in /etc/passwd. One may refine that using a (sendmail) class definition and decide to do so for incoming email addressed to users like man, daemon, lp etc. Remember that in Ruleset 0 you cannot call $#discard.

Assuming that you have written a special delivery agent (to save email in a database for example) for “local” users not found in /etc/passwd, the last rule calls that delivery agent for the given username.

Of course if you are in a certain mood of BOFHiness, you can add similar rules that return random error codes to the sender. The expressiveness of sendmail’s modem-noise is unlimited…

(part 1)

sendmail: when local users are not users of the system

Suppose that you are running a sendmail server which is the final delivery server and that the users of the mail system are not physical users on the server (ie. they do not exist in /etc/passwd). What choices do you have in order to accept valid local email?

Use LDAP.
Edit mbdb.c and add a map. You can add your custom map and the relevant hooks to support the external directory of your choice. Read the source on how to do that.
Edit mbdb.c and wrap getpwnam(3). Similar to the above but it may seem easier in some cases, especially if the users are kept in /etc/passwd like file. The first time I saw such a trick was when I was reading TACACS+ code.
Use MAILER(`local’) without the w flag, which means that /etc/passwd is not consulted prior to forking the mail delivery agent. This is accomplished by:
MODIFY_MAILER_FLAGS(`LOCAL’, `-w’)dnl

That way the local mailer and not sendmail decides whether the user exists or not. You have to write your own delivery agent.

Of the above choices I rely heavily on #3 (although I am not using flat files) and lately I used #4. LDAP is always my last choice. I am sure there are other choices though.

(part 2)

HFrom: $>ruleset and some sendmail ranting

Due to a spam burst last night, I was forced to write a ruleset in the spirit of my previous post:

LOCAL_CONFIG:
HFrom: $>BlockFrom

LOCAL_RULESETS
R$* "NEWS Sensation" $*        $#discard $: discard
R$*        $#OK

Again since this is going straight into your .mc file, it is not advised to use this method frequently. Nice five-liner to stop a spam burst, right?

No! As I was applying this filter I thought that although most people think that sendmail‘s most serious trouble is its bug / security track record, its most serious problem is that decision rules on routing and filtering messages come from all over the place: text files like mailertable, virtusertable, genericstable, relay-domains, access, the sendmail.cf rulesets themselves like the example above and more importantly the milters, their defaults and their configuration files (if any).

Say for example that you do not want email directed to abuse@ to be filtered at all. Depending on your rules and how they are written, you may have to upgrade your rulesets, edit access and probably write an exception for every single milter that you are applying. One exception might need to be declared in five different places. Talk about complication and management nightmare! That is why I like running MIMEDefang: It gives me a Perl interpreter and the ability to implement most of the functionality of any other milter I wish to apply. Have I reached that point of being able to run only one milter? No, but I have set this as a goal. MIMEDefang is not my only choice to this path, j-chkmail seems like a good alternative.

However, I am not the only one who manages our global filters, and I want to make it easier for the other admins to add their own global filters in my absence. Oh how much easier it could have been if the libmilter API offered as a return value a variant of SMFIS_ACCEPT that would instruct sendmail to accept the message with no more milters applied to it. Currently SMFIS_ACCEPT instructs the current milter to accept the message. Which is why if you want to write a global whitelist exception, you may have to write it for all milters that are enabled.

Oh well, I think all I want and wish for is to minimize the number of files I have to edit in order to implement a certain policy (or have a tool that can read the policy from one place and edit n-files for me) and a change to the libmilter API (which I do not know whether it is trivial or not). Suggestions to switch to alternatives like Postfix, Qmail or even Exim are outside the scope of this rant. I prefer to take the “Sendmail Theory and Practice” route and write the whole .mc file by hand instead.

HSubject: and rulesets

This is a variation of the bat book‘s subject header checking trick. Assuming that you want to block messages based on the content of the Subject: header of an incoming message, you can place the following rules into your .mc file:

LOCAL_CONFIG
HSubject: $>BlockSubject

The above basically instructs sendmail to call ruleset BlockSubject with the value of the subject. On with the ruleset now:

LOCAL_RULESETS
SBlockSubject
# The next rule is broken in two for readability!
R$* test - block this message $*
        $#error $: "553 message blocked due to Subject: " $&{currHeader}
R$* Your new password $*        $#discard $: discard
R$* Casinoo $*        $#discard $: discard
R$*        $#OK

(You may want to change the $> operator with $>+. Read paragraph 25.5.1 of the fourth edition of the bat book for a discussion on the matter.)

The bat book prefers to put all the unacceptable subjects in an external database file (which is maintained much like aliases and virtusertable). I prefer keeping the list of the unacceptable subjects inside the .mc file for two reasons:

First, keeping them in a file outside the .mc makes the list grow faster. Editing the .mc to add yet another unacceptable subject makes one think whether to do so or not.

Second, although a subject that contains a certain phrase may be considered unacceptable, you might want to make an exception. For example one may decide to block all the Your new password messages except ISP name – Your new password message that your MIS sends to your users when they reset their password. This can easily be maintained in one place in the .mc file and is also self documented ~~modem noise~~ code:

R$* ISP - Your new password $*        $#OK
R$* Your new password $*        $#discard $: discard

Remember, do not copy-paste sendmail.mc code. The LHS and the RHS are tab separated. Copy-pasting converts tabs to spaces and your ruleset will not work.