rlucas.net: The Next Generation Rotating Header Image


CVSPermissions 0.3 patched to fix grep bug

CVSPermissions is a set of scripts that are called by CVS upon invoking
certain operations, such as commit (wisely, CVS has hooks for just this
purpose).  The scripts check an access control list, and
selectively permit operations based on username.  Unfortunately,
while the scripts come pretty elegantly close to “the simplest thing
that could possibly work,” they use grep without considering its
propensity for matching substrings within a string, so user “lou” will
match the ACL entry for “alouicious.”  The solution is adding ^
and $ around the grep regexes, which I have done in the attached

I haven't heard back from Vivek Venugopalan, the author of
CVSPermissions, about the bug.  So, I am providing CVSPermissions
v 0.3-rlucas-1 with my patches.  GNU GPL applies and AS-IS; I have
tested only on GNU/Linux with CVS 1.12.9 and GNU grep 2.5.1.


Happily, this is an open source success story.  Boy meets slightly
broken but otherwise perfect software, boy fixes software, software
helps boy do work, boy gives software back to the world.  It
brings tears to my eyes.

Update 2005-12-01: Vivek has emailed back and incorporated the changes; get the latest version at: http://www.sanchivi.com/cm/cvspermissions/

INFO: Apache SSL error: You have to perform a *full* server restart when you added or removed a certificate …

Have you seen this spuriously:

Ops, no RSA or DSA server certificate found?!
You have to perform a *full* server restart when you added or removed a certificate and/or key file

in your ssl error log (and of course your Apache didn't successfully start: ps -aux | grep httpd | wc -l is zero…) when you were using

apachectl restart

…or some utility that in turn used that method for restarting apache?  Try substituting

apachectl stop && apachectl start


BUG/WORKAROUND: Class::DBI / Postgres: "Can't delete: Can't bind a reference"

In Class::DBI, there appears to be a problem with the Postgresql driver
and certain kinds of relationships being defined.  It shows up as
a “can't bind a reference” error in the DBIx::Recordset code for

It persists for me with Class::DBI 0.96 and DBIx::Recordset 0.26.

The effect is seen for me when I retrieve a Class::DBI object id # 56
with some has_a relationships defined, and then try immediately 
to delete it.  It bombs out with

Can't delete 56: Can't bind a reference at blah/blah/blah/DBIx:/Recordset blah blah

I can work around this by 1. removing the has_a relationships, or 2.
stringifying the object before deleting it (found this inadvertantly in
writing some debug statements to explore this; very vexing that reading
a property has such a nonorthogonal effect, but I'll hush since I
haven't the time to become a CDBI developer myself).

INFO: Hawing PS12U Printserver CUPS URI for Linux printing

I have a Hawking Printserver, model number PS12U.  I had already set its IP address using the Windows software (it should be noted that you can ARP the printserver from Linux if need be; google for more info).  However, in order to set it up as a printer on my Linux machine, I needed the appropriate URI to feed to lpadmin.  I tried a number of things like ipp://, etc., but finally gave up and used “printconf.”  The proper URI / URL to use, it appears, for addressing the Hawking PS12U is:




Where the IP address in the middle is naturally the one you've set for the Printserver and the “lp1” to “lp3” corresponds to the physical port on the PS12U to which you've connected the printer.

I didn't say it was groundbreaking or an awesome fix, just info that I hadn't been able easily to find.

Migrating to new rlucas.net domain for most blogging

Gentle reader,

This server has gotten so slow,
probably thanks to Philip's blog, that
I have finally decided to put up my own server elsewhere.  Other
reasons are:

  • I can't use vim here to edit my entries.
  • I hate the HTML munging that this blog software uses.
  • Despite
    the PageRank boost of the .harvard.edu domain, I have decided to opt
    for the branding aspect of my long-time username, rlucas, which has
    been the local part of my Internet email address since 1993 or

And so, I am putting on hold this, my
Berkman blog.  I do intend to keep using it for Harvard-specific
things, on occasion, but my technical notes and, newly, my startup and
VC related dispatches, will be found from now on at my rlucas.net blog.

[FIX] Perl DBI / DBD::Pg bind values rely on Perl's automatic numeric/string scalar conversion

Scenario: you are using DBD::Pg to interface with your database (perhaps directly through DBI, or through an abstraction layer like Class::DBI or DBIx::ContextualFetch) when you get an odd result:

DBD::Pg::st execute failed: ERROR: parser: parse error at or near [your string, or the part of your string that doesn't begin with leading digits] at …


DBD::Pg::db selectrow_array failed: ERROR: Attribute “yourstring” not found at …

If you look at the PostgreSQL query log, you'll see that “yourstring” was not properly quoted as a literal in the SQL delivered to the parser.

Since you've either been relying upon your abstraction layer or personally doing the Right Thing and binding your values with the “WHERE thing=? AND otherthing=?” syntax, you're quite confused — this should all be quoted.

The problem is that Perl has flagged that scalar as a numeric value, possibly because you used a numeric operator on it (like > or == instead of gt or eq). The solution is to upgrade to DBD::Pg 1.32 or to explicitly stringify your string as “$yourstring”.

Below is the bug filed with CPAN.

Mac OS X 10.2, Perl 5.6.0, DBD::Pg 1.22, DBI 1.45

Bind values appear to rely upon Perl's automatic numeric/string scalar conversion in order to determine whether or not to quote.

This bug was discussed on

my $dbh = DBI->connect(…); #connect to Postgres; no errors with SQLite
my $scalar = “abc”;
warn “scalar is greater than zero (and now considered numeric)” if $scalar > 0;
warn “dbh->quote(scalar) works ok: ” . $dbh->quote($scalar);
warn “but bind values do not:” . $dbh->selectrow_array(

Using a numeric operator on the scalar makes Perl auto-convert it to a number; this is interpreted by the magic in Pg.xs as rendering the scalar ineligible for quoting.

One solution is to bind those variables that must be text but might have been numberified with “$varname”, thereby stringifying them in the eyes of Perl.

FIX: "Undefined subroutine CGI::dump" crashes a formerly working script.

Possible scenario: you wrote an ancient script using the CGI.pm module by Lincoln Stein, and it ran fine on your old RedHat 6.2 box with Perl 5.00503 and an ancient version of CGI.pm.   However, after reinstalling your script on a newer box with Perl 5.6, or else after upgrading your perl and/or CGI.pm, your script is broken and says

Undefined subroutine CGI::dump

Answer: in version 2.50 of CGI.pm, CGI::dump was changed to CGI::Dump. Try:

perl -pi -e 's/CGI::dump/CGI::Dump/' yourscript.pl


Class::MethodMaker v2 dies with cryptic "Unknown error" in compilation with bad arguments to use / require

If you use Class::MethodMaker and have a subtle error in your

use Class::MethodMaker [ whatever…];

line, such as not quoting a bareword, you can end up with this error:

Unknown error
Compilation failed in require.
BEGIN failed–compilation aborted.

If this happens, scrutinize your “use” lines and especially your C:MM line.If you use Class::MethodMaker and have a subtle error in your

use Class::MethodMaker [ whatever…];

line, such as not quoting a bareword, you can end up with this error:

Unknown error
Compilation failed in require.
BEGIN failed–compilation aborted.

If this happens, scrutinize your “use” lines and especially your C:MM line.

[Gedankenexperiment] I have released EULAVirus 1.0 into the wild.

“I have created a computer virus and released it over the Internet.  It is named “EULAVirus” version 1.0.

“The virus takes the following actions, besides replicating
itself.  It seeds a pseudorandom number generator with a number
based upon the machine's unique characteristics, such that the PRNG
sequence will always be the same for the same machine.  Then,
during a dialog box, wizard, browser window, or other interactive
session (“dialog”) when certain key words and / or pixel combinations
are detected, it takes a “fingerprint” of the dialog based upon certain
characteristics, and uses the PRNG to determine whether to act on that
dialog.  The manner in which this is done ensures that for a given
dialog on a given machine, the same action will always be taken. 
If a dialog box is acted upon, the virus will cause all text to be
scrolled through, and an approval button to be “clicked” (it does so by
interacting with the operating system at a lower level).  This all
takes places nearly instantly, so that any human watching the computer
perform this will be unable to perceive what has occurred, beyond
perhaps a brief flash of the dialog on a slow computer.

“I have deleted all traces of the virus and any of its documentation
from all computers I control, but not before propagating it out to the
Internet.  It is spreading rapidly but it is exceedingly stealthy,
and it is engineered to avoid detection at all costs.  In order to
prevent its detection, I will not say which operating systems it runs
on, nor will I identify specific vectors of transmission.”

Now: can a EULA (end-user license agreement) ever again be considered legally binding?

FIX: SSH or telnet sessions timeout and drop connection on DSL or Cable modem behind NAT router

I use SSH for everything from tunnelling outbound mail in order to avoid port 25 blocks on the freenet providers (such as www.personaltelco.net) to simple terminal sessions.  Also, most all of the time I am hooked up via a DSL or Cable modem with a router in front of it playing NAT tricks to get me to the outside network.  After about an hour (sometimes less) the SSH just hangs; from a Mac OS X terminal session it's just unresponsive and needs to be killed, whereas on PuTTY on Windows, once it realizes the connection is no good it pops up a “Network error: Software caused connection abort” message.  The problem seemed to be worse with DSL from Verizon and Qwest, and seemed to be very mild with AT&T/Comcast cable in Cambridge, 02138 (advice: in Cambridge, you can't go wrong with the Comcast digital cable.  I was getting speeds of (I seem to remember) almost a megabyte per second down and could pull down entire ISOs in minutes; debian net install on an old p233 was disk i/o limited and not network limited by what I could tell.

Happily, the good people at DSL Reports (www.dslreports.com) have put together an FAQ on this subject including some specific configuration options and links to more info:


More on this as I determine if it actually works.

Update: So far, so good; a thunderstorm passing through caused a brief power cycle and that definitely reset the connection, but it seemed to hold otherwise, for example during lunch.  The real test will be leaving terminal sessions overnight.

Update: While looking for info on a superficially related problem, I came across this slashdot thread:


This may also provide some assistance to seekers of info on this topic.  However! importantly, you should also examine the lengthy parenthetical in http://blog.rlucas.net/ancient/info-what-happens-to-ssh-every-21115/ to determine if this is really your problem — the link to a TCP/IP theory page should help you as well.  This caveat is necessary because there are really two opposite problems that both manifest as “dropped ssh terminal sessions:” one, a NAT table on a cable/dsl router could be timing out (which argues for more frequently sending keepalive packets), or two, your connection could be flaking out briefly but coming back up fairly quickly (which argues against sending frequent keepalives).