ARM Unwinding

Recently, I’ve been writing some C++ ARM code and been checking the output of GCC.  After writing a bit of code I found that the ELF suddenly had a load of extra symbols and the .ARM.extab section was created.  I did a lot of Googling around and no one had a good explanation, so I thought I’d write up my experience.

What is the problem?

I had a bit of code like this:

template<typename T>
class TypeWrapper
{
  public:
    TypeWrapper(const T& object) :
        m_object(object)
    { }

    ~TypeWrapper()
    { }

  private:
    T m_object;
};

using Type = TypeWrapper<char>;

namespace {
    Type a = 1;
}

The problem occurred because each of these three parts were in separate parts of the source. When they’re put together like this it’s much easier to see the problem, but is not exactly clear still.
With the ~TypeWrapper() in the code all of the results described at the start of this post occur. Removing the destructor drops them.

Diagnosing the issue

It took me a while to narrow it down to the destructor… Mostly by deleting every function in the class and adding them back one by one. It sounds easy, but the example above is far simpler than the case I had. After finding it was the destructor I tried every attribute I could think of, noexcept(true), noexcept(false), throws(). I found the -fno-unwind-tables and -fno-asynchronous-unwind-tables flags for GCC and tried them for compiling the objects and for the linker.
Finally, I came across a linker flag which provided some insight into the issue, -Wl,-trace,-debug. Using this flag I found that when the destructor is explicitly defined it outputs the following extra lines at the link stage:

libstdc++.a(atexit_arm.o)
libgcc.a(unwind-arm.o)
libgcc.a(libunwind.o)
libgcc.a(pr-support.o)

Now it looks like the atexit_arm object is pulling in the unwind-arm etc. That’s a good start, it’s because we’re calling atexit, but I haven’t called that function anywhere, simply declared an empty destructor…

Why is atexit being linked?

So if you’re looking at the block of code above you might be able to see the issue much faster than when it was spread across a 5000 line code base. However with the code block above we can see the problem if we understand how C++ works.
The problem occurs because we have a static constructed type. Before a static type is used for the first time it must be constructed and the compiler ensures that this occurs. It also ensures that the static variable is deconstructed before the program terminates. In order to do this GCC uses the atexit function to call the destructor.
An interesting side-note here is that having no destructor acts differently to having a default destructor. What I mean by that is that the following are not considered the same for the purposes of static classes:

class Class
{
  public:
    ~Class() = default;
};
class Class
{ };

In the first case, the explicit definition of the default destructor makes GCC create the atexit call when a static instance of the class is created.

So, what can I do about it?

Well, the most obvious thing is to simply not make a static variable of a class type that has a destructor. In fact, not having static variables is generally considered a good thing especially if you want to perform any kind of unit testing.

But I REALLY need to because <insert excuse here>… Well, I’m not sure I should really tell you this, but you’re an adult (probably) so do with it what you will. Just remember, you’re using a hack that might not work forever and you can probably re-factor your code so you don’t need it.

The solution lies with what symbols atexit is pulling in. For some reason, which I’ve not bothered to look into for the reasoning in the previous paragraph, this function pulls in the symbol __aeabi_unwind_cpp_pr0 which pulls in all the unwinding stuff. So, if we provide that symbol ourselves, then it won’t be pulled in from libunwind. Add the following to one of your translation units with a big comment explaining why you’re being a very naughty software engineer:

extern "C" void __aeabi_unwind_cpp_pr0(){}

Hold on a minute, I don’t have a static instance!

So you reached the end of the post and didn’t find what you were after, sad times 😞. You have a destructor causing the exact same issues, but atexit isn’t there. Well don’t be gloomy… I bet you have a virtual destructor. Yep, the exact same issue occurs there too, but for a slightly different reason.
If we look back at our linker trace earlier, we see del_op.o being pulled in if we use a virtual destructor.

class Class
{
  public:
    virtual ~Class() = default;
};
libstdc++.a(del_op.o)
libgcc.a(unwind-arm.o)
libgcc.a(libunwind.o)
libgcc.a(pr-support.o)

The same symptom, different reason. It can be fixed in exactly the same way as previously, but it’s still just a big hack. There’s got to be a better way to fix it. Well, not that I can see… but there is a less compiler/library specific way to fix it: don’t have a virtual destructor.
That’s all well and good I hear you say, but I need to clean up my class! Yes, you do… just do it manually instead. Every time your class instance goes out of scope make sure you call a virtual method that cleans up the class, just as if you had a destructor. This is incredibly error prone however, so do so at your peril.
Your class has static resources though with non-virtual destructors. How can they be cleaned up? Simply call their destructors directly, C++ permits you to do so. If you do it more than once though you could have an issue, so make sure the class that does so can only ever be destroyed through its base pointer, otherwise the code might end up with a double destruction.

Summary

GCC pulls in symbols at unexpected times for seemingly no good reason. You can work around this by structuring your code better in the case of static instances. However, with virtual destructors you’re a bit stuffed and have to resort to weird hacks.

Java Flash communications over XMLSocket

I’ve recently been working on a Java server which will communicate with a Flash frontend. When I started I wanted to use embedded Flash socket code, because I’m more comfortable with Java. Hence I decided to use the XMLSocket protocol. Along the way I’ve found many limitations for this protocol (such as the lack of SSL support), never-the-less I implemented a server side.

The format is and XML file followed by a 0 byte. Unfortunately, there seem to be no pre-written Java classes to read such files. Therefore I wrote one, and decided it’s had enough testing to publish to the world. It’s not amazing, but I physically can’t see any other way to optimise it without losing functionality somewhere. It uses JDOM (it’s all I know), although could probably be easily ported to another Java XML framework.

Anyway here is the code, enjoy it… Improvements welcome and encouraged!

package sockets;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.StringReader;
import java.net.InetAddress;
import java.net.Socket;
import java.net.SocketException;
import java.net.SocketTimeoutException;
import org.jdom.Document;
import org.jdom.JDOMException;
import org.jdom.input.SAXBuilder;
import org.jdom.output.XMLOutputter;

/**
 *
 * @author chris
 */
public class XMLSocket {

    /** Maximum read length so we can't be attacked by memory usage - 10KB */
    private final static int MAX_READ_LENGTH = 10240;

    /** The socket which will be written to/read from */
    private final Socket socket;
    /** The buffer which is read into */
    private byte buffer[];
    /** The XML read so far */
    private String xml;
    /** Whether to discard until the next NULL byte */
    private boolean discard;
    /** The ammount if bytes left in the buffer */
    private int bufferRead;
    /** The InputSteam of the socket to write to */
    private InputStream in;
    /** The OutputStream of the socket to read from */
    private OutputStream out;

    /**
     * Initialise a reader and writer for XML with 0 characters between
     * XML documents. This is a Java implementation of the Flash XMLSocket.
     * @param s The socket which should be read from/written to
     * @throws java.io.IOException If there is a problem opening the input or output streams
     */
    public XMLSocket(Socket s) throws IOException {
        socket = s;
        xml = null;
        discard = false;
        in = s.getInputStream();
        out = s.getOutputStream();
        buffer = new byte[1024];
        bufferRead = 0;
    }

    /**
     * Returns whether the socket is closed
     * @return true is the socket is closed
     */
    public boolean isClosed() {
        return socket.isClosed();
    }

    /**
     * Search a byte array for the first index of a specfic element
     * @param array The array to search for element
     * @param element The element to search for
     * @param length The maximum number of elements to search (1 indexed)
     * @return The index of the element or -1 if does not exist
     */
    private int indexOf(byte array[], byte element, int length) {
        if (length > array.length)
        length = array.length;
        for (int i = 0; i < length; i++) {
            if (array[i] == element) return i;
        }
        return -1;
    }
    
    /**
     * Reads from the socket the next XML data. Each packet of data should
     * be seperated by a 0 character. Will return null if the data between 0
     * characters is longer than MAX_READ_LENGTH, but the socket will continue
     * to search for the next 0. This should not cause a memory issue, but
     * could result in a DoS attack.
     *
     * @param blocking Time to block for waiting for a document (0 is infinity, < 100 will cause the system not to loop)
     * @param readLength Length (in kb packets) to try to read before closing the connection (0 is inifinity)
     * @return Null if there was a problem reading or the next read was too large
     * @throws java.io.IOException If there is a problem reading from the socket
     * @throws org.jdom.JDOMException If there is a problem with the XML read
     */
    public synchronized Document readXML(int blocking, int readLength) throws IOException, JDOMException {
        if (in == null) return null;
        try {
            socket.setSoTimeout(blocking);
        } catch (SocketException e) {
            // Cannot set blocking time... should not risk blocking
            return null;
        }
        // Number of reads from the socket
        int reads = 0;
        // Do a pre-read to test socket
        if (bufferRead == 0) {
            try {
                int r = in.read();
                if (r == -1) {
                    // Socket closed
                    throw new IOException();
                }
                buffer[0] = (byte)r;
                bufferRead = 1;
            } catch (SocketTimeoutException e) {
                return null;
            }
        }
        int zeroIndex = -1;
        while (zeroIndex == -1) {
            zeroIndex = indexOf(buffer, (byte)0, bufferRead);
            if (zeroIndex == -1) {
                // EOF not found, read more
                if (xml != null && xml.length() >= MAX_READ_LENGTH) {
                    // Max read length, ignore input
                    xml = null;
                    discard = true;
                }

                if (discard == true) {
                    // We're discarding due to data size, do some throttling
                    // to limit effect of DoS attacks
                    try {
                        // Is this the optimal sleep for 1k of data each loop?
                        Thread.sleep(50);
                    } catch (Exception e) {
                        // Only throttling, not bothered about exceptions
                    }
                } else {
                    if (xml == null) {
                        xml = new String(buffer, 0, bufferRead);
                    } else {
                        xml += new String(buffer, 0, bufferRead);
                    }
                    bufferRead = 0;
                }

                // After the first read subsequent ones should complete faster
                if (reads == 1) {
                    if (blocking > 0 && blocking < 100) {
                        return null;
                    } else {
                        try {
                            socket.setSoTimeout(100);
                        } catch (SocketException e) {
                            // Cannot set blocking time... should not risk blocking
                            return null;
                        }
                    }
                }
                try {
                    bufferRead = in.read(buffer, 0, buffer.length);
                } catch (SocketTimeoutException e) {
                    bufferRead = -1;
                }
                if (bufferRead == -1) {
                    bufferRead = 0;
                    return null;
                }
                reads++;
                if (readLength-- == 0) {
                    // The maximum read length has been reached, close the socket
                    // and return null
                    close();
                    return null;
                }
                if (reads == 32) {
                    // Taken too many reads of junk
                    close();
                    return null;
                }
            } else {
                if (discard == false && zeroIndex > 0) {
                    xml += new String(buffer, 0, zeroIndex - 1);
                }
                bufferRead -= zeroIndex + 1;
                if (bufferRead <= 0) {
                    bufferRead = 0;
                } else {
                    System.arraycopy(buffer, zeroIndex + 1, buffer, 0, bufferRead);
                }

                if (discard == false) {
                    xml = xml.trim();
                }
            }
        }

        // If we got this far the read data is in xml, or discard is true
        if (discard == true || xml == null) {
            // The last read was too large. This could still be ok.
            return null;
        } else {
            // Set xml to NULL first incase there is an exception thrown
            String temp = xml;
            xml = null;
            return new SAXBuilder().build(new StringReader(temp));
        }
    }

    /**
     * Write XML document to socket followed by a 0 character.
     * @param d XML Document to write to the socket
     * @return The document converted to bytes to send, this can be used to
     * speed multiple sends, null if the connection failed
     */
    public byte[] writeXML(Document d) {
        if (out == null) return null;
        byte[] x = checkNullTermination(new XMLOutputter().outputString(d).getBytes());
        if (writeXML(x)) {
            return x;
        } else {
            return null;
        }
    }

    /**
     * Checks that the byte array terminates with a null, if not it adds one
     * @param xml The byte array to check
     * @return A definately NULL terminated byte array based on the input
     */
    private byte[] checkNullTermination(byte xml[]) {
        byte send[];
        // If there is a usless character at the end, we can use it
        // for the 0 byte rather than wasting memory/CPU time.
        if (xml[xml.length - 1] == '\n' || xml[xml.length - 1] == 0) {
            xml[xml.length - 1] = 0;
            send = xml;
        } else {
            send = new byte[xml.length + 1];
            System.arraycopy(xml, 0, send, 0, xml.length);
            send[xml.length] = 0;
        }
        return send;
    }

    /**
     * Write XML document to socket followed by a 0 character.
     * @param xml The XML represented in a sendable form
     * @return true if written successfully, false otherwise
     */
    public boolean writeXML(byte[] xml) {
        if (out == null) return false;
        try {
            xml = checkNullTermination(xml);
            synchronized(socket) {
                out.write(xml);
                out.flush();
            }
            return true;
        } catch (IOException e) {
            return false;
        }
    }

    /**
     * Close input part of the socket
     */
    public void closeInput() {
        try {
            in.close();
        } catch (Exception e) {}
        in = null;
        buffer = null;
    }

    /**
     * Close output part of the socket
     */
    public void closeOutput() {
        try {
            out.close();
        } catch (Exception e) {}
        out = null;
    }

    /**
     * Close the socket and all I/O
     */
    public void close() {
        closeInput();
        closeOutput();
        try {
            socket.close();
        } catch (Exception e) {}
    }

    /**
     * Returns the InetAddress of the remote connected server
     * @return The InetAddress of the remote connected server
     */
    public InetAddress getInetAddress() {
        return socket.getInetAddress();
    }

}

Songbird and Screensavers

So I got DAAP working on Songbird using Firefly (mt-daapd) from home to uni (Thanks to Matt for finding these).

Then I wanted to be able to control Songbird easily so I went about configuring my keyboard shortcuts. I decided that I wanted Songbird to pause when I lock the machine, then automatically play when it is unlocked. There are a few issues with just changing your lock command to a script which does this, notably the fact that xlock is non-blocking due to gnome-screensaver running as a daemon. Also if you use the command line extension to songbird to play/pause it you can end up playing a song when you lock it if it is paused before hand. There is also the issue of opening songbird when it is not running in order to pause it… I overcame these problems with the following (probably not optimised) script. Note, you’ll need to change the location to your location of songbird.

#!/bin/bash

if [ “`ps aux | grep -v grep | grep songbird`” != “” ]
then
/data/private/cxs548/Songbird/songbird -status
if [ “`cat /tmp/Songbird/status.txt`” == “playing” -o “`cat /tmp/Songbird/status.txt`” == “buffering” ]
then
/data/private/cxs548/Songbird/songbird -pause
xlock
while [ “`gnome-screensaver-command -q`” != “The screensaver is inactive” ]; do sleep 1; done
/data/private/cxs548/Songbird/songbird -play
else
xlock
fi

else
xlock
fi

For this to work you will need the command line plugin (http://addons.songbirdnest.com/addon/1381) for songbird and my addition to it which creates a status.txt file in the temp directory. I wanted to print it to stdout but printing from an extension will output to stdout of the parent Songbird process which isn’t very useful. My addition should be placed in the services.js file (found at ~/.songbird2/<PROFILE>/extensions/commandline@geekshadow.com/components/service.js) just under all the other “if (cmdLine.handleFlag…)” lines:

if (cmdLine.handleFlag(“status”, false)) {
var file = Components.classes[“@mozilla.org/file/local;1”].createInstance(Components.interfaces.nsILocalFile);
file.initWithPath(“/tmp/Songbird/status.txt”);
if (file.exists() == false) {
file.create(Components.interfaces.nsIFile.NORMAL_FILE_TYPE, 420);
}
var stream = Components.classes[“@mozilla.org/network/file-output-stream;1”].createInstance(Components.interfaces.nsIFileOutputStream);
stream.init(file, 0x02 | 0x08 | 0x20, 0666, 0);

var content;
var status = gMM.status;
switch (status.state) {
case status.STATUS_PLAYING:
content = “playing”;
break;
case status.STATUS_PAUSED:
content = “paused”;
break;
case status.STATUS_STOPPED:
content = “stopped”;
break;
case status.STATUS_BUFFERING:
content = “buffering”;
break;
default:
content = “unknown”;
break;
}
stream.write(content, content.length);
stream.close();
cmdLine.preventDefault = true;
}

Idiotic Outlook

Central IT services once again are useless with their choice of software and as such our use of Exchange server and Outlook has caused much important email to go wandering. It took the input of Zeyn to tell me that although I have “all” of my central email forwarded to the department, this did not include anything sent from within the university as this would get redirected to my adf email address and therefore end up in an unchecked and unloved Microsoft inbox.

After finding all my missing email from months back and having to make rushed decisions about things I had months to contemplate I decided to try and sort out the forwarding debacle. Central support were about as useful as their software and therefore I took it upon myself. I researched OWA and found that I could set rules. I tried to do this, but it is only supported on the “enhanced version” which only runs on IE6 or above! This made this worse as I then had to try and find a Windows machine and battle with the never-before-configured IE7. Finally I made the rule, with a very unintuitive interface, and hey-presto it *might* work. Since I am not in the central university I can’t actually send myself an email to try it out since all external mail was being forwarded anyway.

So we might know at some indefinite time in the future if it has worked, or not because I may not get sent another email through that route, and if I were I may not know.

Windows 7 – Those Microsoft Arses

Microsoft are “giving away” Windows 7 to people. On the whole a good business strategy, but terrible for all those poor people who think it would be a good idea to “upgrade” for “free” (as in beer).

For starters, Microsoft will just be using you as slave labour to find all the bugs so they don’t need to pay internal testers as they should do. The benefit of which will be for their commercial product, and not something you will be able to use indefinitely for your time and frustration. Then after they’ve had their fill of you the product will be released and your “free” license will be revoked, forcing every user to stump up full retail price otherwise format their system in order to go back since we are all aware that “downgrading” is not allowed.

If you do insist on installing Windows (at all) or even Windows 7, please make sure it’s not on a machine which you value your data on, otherwise you will be charged a nice fee to retrieve it in a years time.

Asus EeeTop PC

So everyone knows about the Asus EeePC Laptop, but I found out today that they now have a range of Eee products. There is the notorious laptop, a desktop tower-esk device and most interestingly the Top which is iMac-like working on the idea of everything in a single box, but with Asus they have added a touch screen to it. It seems the device has been around since December, but I did not know about it until today.

Information is available at: http://uk.asus.com/products.aspx?l1=24&l2=169&l3=0&l4=0&model=2290&modelmenu=1 but I’ve so far only seen the touchscreen working in Windows XP, so I’m not sure of the other capabilities of it. There are some nice swishy gestures you can use with Asus’s custom software on Windows, but presumably this is just done in software and is nothing to do with the hardware. I am slightly dubious of the power of the device as it only has an Intel Atom N270 (1.6GHz) and the graphics looked as though the 3D was lagging even with their custom software. Although the 26dB operation seems brilliant since I like silent things, but my far more powerful iMac is barely audible even when the processor is being hammered.

There is included a 802.11n wireless device though which makes it an ideal device to shove in a corner of the house where you want a computer for basic tasks but without consuming too much power or needing ethernet wires trailing over the floor.

The touch screen is single touch only which means that there will be no fancy gestures to zoom or such like as have been implemented on many modern devices, notably the iPod Touch/iPhone.

After some research it seems that fixes are dripping into the Linux Kernel for the hardware, but I would not recommend buying one just yet. The backlight on the display should be working about now on Ubuntu according to the bug report, but I would not guarantee it until the next release. As for the touch screen it seems to be working fine using the evtouch driver.

New iPod Shuffle

Apple have released the new iPod Shuffle today, which I found out by complete fluke. It seems to have some very clever technology, but then I realised it was just semi-clever engineering.

The new iPod Shuffle http://www.apple.com/uk/ipodshuffle/features.html has got a Voice Over feature where it can speak to you about what track is currently playing, and also which playlist you’re listening to. That’s very good, and I was impressed that they managed to get the software onto the tiny little thing, but then the guided video went on to mention that the voice changes dependant on the machine you sync it with. All the voice overs sounded great until they showed you what it was like when sync’d with Windows and then I heard Microsoft Sam. It seems to me that all they do is render the names of the tracks and playlists on the computer and store them in the database when syncing the iPod. This is not so impressive.

However, I notice that they have a new remote which uses the same style connection as the iPod Touch and iPhone for their headsets, but this remote has a volume control on it. This is an interesting development because that’s what really annoys me about my iPod Touch remote, the fact I can’t change the volume without getting the iPod out of my pocket. I’m hoping this is a backwards-compatible technology and that someone like Griffin will release a remote with it on that allows me to use decent headphones which does rip my ears to shreds.

The long-awaited Postfix setup details

Right… I’ve been meaning to put these details up for a long time now, but I’ve got some free time (well made some) and am going to put it up for future reference.

The system allows for every kind of service via SMTP. It has capability of remote relaying (incoming and outgoing), relaying certain users on a domain to another MTA, hosting user, forwarding users, forwarding entire domains, multiple administrators, mail graphs, and probably some more I’ve forgotten. Also implemented is spam and virus checking along with dkim and dk.

First off I’m running Ubuntu (but any deb-based distro should be the same). Hopefully I’ve remembered all the packages I installed, if not please do correct this later.

sudo apt-get install courier-imap-ssl courier-pop-ssl courier-authlib-mysql postfix-mysql mailgraph dkim-filter dk-filter clamav-daemon clamav-freshclam spamassassin mysql-server amavisd-new libapache2-mod-php5 php5-mysql

That should be enough to pull all the dependencies anyway. Don’t worry if certain things don’t start up (like spamassassin) that’s because we will use them through the API rather than through a socket.

You should be sure to set your mysql root password (mysqladmin -u root password “newpassword”).

Then we need to setup the mysql tables. This is nice and easy, just download tables.conf and run “mysql -u root -p < tables.conf". Then we need to setup the postifx user and password in MySQL so open up the MySQL command line "mysql -u root -p" and type "GRANT SELECT ON mail_database.* TO postfix@localhost IDENTIFIED BY 'POSTFIX_PASSWORD'; GRANT SELECT, INSERT, DELETE, UPDATE ON mail_database.* TO mailadmin@localhost IDENTIFIED BY 'mail_adminpassw0rd';" (you might want to change POSTFIX_PASSWORD, but you will need to change it in the postfix files later (many times!). Then to set up postfix... To do this just wipe out your /etc/postfix/ and overwrite with the contents of postfix.tar.gz (“tar -xzvf postfix.tar.gz”). You need to edit a couple of things in these files, first of all if you changed POSTFIX_PASSWORD earlier you need to change it in anything that has mysql in its name and sasl/smtp.conf for user SMTP authentication. You should also add any hosts you wish to relay for in hosts.conf, this can either be an IP or a full hostname (DNS name). I’m not 100% sure if this is required, but I did it anyway: any relaying host IP is appended to my_networks in master.cf at the bottom. sh.list should have IPs of relaying hosts in it too for the domain keys implementation. You should then make sure you set the permissions correctly “sudo chown -R root:root /etc/postfix/”. In the domainkeys directory you need to create an RSA key pair in public.key and private.key. This is easy enough just run “sudo openssl genrsa -out /etc/postfix/domainkeys/private.key 768; sudo openssl rsa -in /etc/postfix/domainkeys/private.key -out /etc/postfix/domainkeys/public.key -pubout -outform PEM; sudo chmod 400 /etc/postfix/domainkeys/private.key”. Putting your public key in your DNS record is required next, but this is up to you.

Next you need to set up your domainkeys, just put dkim-filter.conf into your /etc/ directory, replacing your dkim-filter.conf and add all the domains you want to sign to the Domain line in it. Then you need to alter your /etc/default/dk-filter so it reads:

DAEMON_OPTS=”-l”
SOCKET=”inet:8892@localhost”

and your /etc/default/dkim-filter so it reads:

DAEMON_OPTS=”-l”
SOCKET=”inet:8891@localhost”

Now to setup your spam and virus filtering. Just open up (“sudo nano /etc/amavis/conf.d/15-content_filter_mode”) and uncomment the four lines which say bypass on them a lot. I did a few changes to 20-debian_defaults as well because I wanted more things to just black-hole than bounce, but that’s not necessary, so is undocumented. The man pages are rather good if you’re interested in doing that. Finally I added the following to /etc/amavis/conf.d/50-user:

$DO_SYSLOG = 1;
$log_level = 0;
$sa_tag_level_deflt = -999;
$sa_tag2_level_deflt = 4.5;
$sa_kill_level_deflt = 10;

Now to move onto courier. This is much easier. Extract courier.tar.gz into /etc/courier/ overwriting everything there. Then edit /etc/courier/authmysqlrc to change POSTFIX_PASSWORD to whatever you had it set as above. Then run the following to setup the SSL certificates. Make sure the CommonName is set to your server hostname.

cd /etc/courier/
sudo openssl genrsa -out mail.key
sudo chmod 400 mail.key
openssl req -new -nodes -key mail.key -out mail.csr

Now visit CAcert.org and send them your mail.csr. They will send you back a signed certificate, you need to save this as /etc/courier/mail.crt, then finish running the rest:

sudo cat mail.key mail.crt > /etc/courier/imapd.pem
sudo openssl gendh >> /etc/courier/imapd.pem
sudo cp /etc/courier/imapd.pem /etc/courier/pop3d.pem

That’s everything other than the admin console now… So for that we need to create a host, apache does this for us on install, so that was easy 🙂 Now just extract admin.tar.gz to /var/www/ and we’re done.

Now to restart all the services….

sudo /etc/init.d/apache2 restart
sudo /etc/init.d/courier-authdaemon restart
sudo /etc/init.d/courier-imap-ssl restart
sudo /etc/init.d/courier-imap restart
sudo /etc/init.d/courier-pop3-ssl restart
sudo /etc/init.d/courier-pop3 restart
sudo /etc/init.d/amavis restart
sudo /etc/init.d/postfix restart
sudo /etc/init.d/dk-filter restart
sudo /etc/init.d/dkim-filter restart

To configure you need to visit http://localhost/ in your browser. The default username is ‘admin’ and the default password is ‘password’, make sure you change this.

Service Reward Elicitation

The main issue when it comes to automatically determining whether or not to provide information to a service is what benefit it will have to the user. Currently there seems as if there is no definition language for this, and this is understandable due to the high complexity of the type of reward and levels of reward which may be provided. Another major factor as to why this language is difficult to implement is that it should be boolean, not scalar in its values otherwise definition of each continuous number would be required otherwise the system would not be fair and open to exploitation by services which wish to gain the information by “bending” the figures to suit.

The system I hope to develop to elicit these details to a system in order to provide automated sharing protocols will hopefully extend or be of similar kind to XDI in order for the adaptation of service and identity providers to be easier and therefore useful.

Vodafone

Last Wednesday I went to visit my partial sponsors of my PhD, Vodafone. I went to meet my industrial supervisor and try to tell them what it was I’ve been working on for the last three months. The journey down was fine until I hit Junction 9 of the M40 and had to queue for 30 minutes, next time I think I will get the train. Driving is 1h30m and the train is 2h, but with a queue like that it it really isn’t any different, and is much less hassle.

I had a very enjoyable time and spoke with many people there, and had fun talking about what it was like working at Vodafone with a masters student who was working there called Tom. After explaining what I had been doing it was suggested that I ought to look at working on a wider problem using distributed identity management. This is just an abstraction of my previous model where the user information is shared to an advertiser, in this case the advertisers turn into service providers which not only want to know things about you, but they also have information about you which has been gathered and they are able to share it with each other using your over-arching profile.

Obviously a user wouldn’t want services arbitrarily sharing personal information about themselves with each other, so the identity provider sits in the middle and determines what the information flow should be. The provider is able to perform this by analysing abstract user preferences provided and determining what the user will get out of providing this information to the service. There will be three outcomes from the analysis, either share the information, obfuscate the information or confirm with the user, which has the options to share, obfuscate or deny information. This user decision is then stored for future decisions (i.e. extend the users preferences). This system could be implemented by advertisers and therefore can be used as I was originally considering, but can also be extended for more useful user services.