Musings

For one project I’ve been working on recently, I’ve had recourse to some wonderful online mathematical resources, courtesy of Neil Sloane:

• The Online Encyclopedia of Integer Sequences
• The Catalogue of Lattices

The former, in particular, is the “lava lamp” for the mathematically-inclined. Endlessly fascinating, in a hypnotic sort of way…

Back in January, The Independent published a cartoon which played heavily on the medieval anti-semitic Blood Libel for effect. I thought a side-by-side comparison with a typical cartoon from the Arab Press would make it perfectly clear why Dave Brown’s cartoon was so offensive.

No such luck. The cartoon has just won first prize in the British Political Cartoon Society’s annual competition. What this says about the state of British … umh … political cartooning, is left as an exercise for the reader.

Here’s a fun one: a remote root hole in MacOSX, just in time for Turkey Day. It’s not a “new” vulnerability, in the sense that rogue NetInfo servers were a potential problem way back in NeXTStep days. Now we can add rogue LDAP servers to the list, but the idea is the same. What makes the exploit “new” is the prevalence of MacOSX laptops, and WiFi, which make it far more likely that you’re going to boot up your MacOSX machine in “hostile” environment, where one of these rogue servers might be lurking on the same subnet.

The main philosophical failing in this issue was to explicitly trust information from a network by default. Trusting information from the any network can be a very dangerous matter and especially the hostile realms of IP and the Internet. Ideally, data from the network should only be trusted when the user explicitly says they would like to, or when accepting that data cannot have possibly any destructive repercussions.

…

Usually, no harm can come from accepting data from a DHCP server. One presumes that even if the server isn’t legitimate it won’t cause any unavoidable harm. In the average case, the user will wind up with an IPv4 address that won’t work or some similarly benign difficulty. In the worst case, a malicious DNS server assignment could cause harm through social engineering approaches …

In this case, the netinfod processes accept the authentication server information at face value even though the source is unknown and unverified. This information should be untrusted unless the user has explicitly told the machine otherwise.

The fix, as detailed in the “Workarounds” section of the Advisory is to turn off the automatic binding to a DHCP-provided NetInfo/LDAP server. “Off” shoulda been the default setting from the 'git go.

It is now …

Update (11/26/2003): Apple has posted a Knowledge Base article with the workaround.

I think we got us a theme going…

Remember insecure formmail scripts? How very 1990s, eh?

As if comment spam were not bad enough, MovableType includes, in its default installation, a CGI script called mt-send-entry.cgi which — you guessed it! — can be used to send email anonymously to anyone in the world.

And, no, this is not a merely theoretical issue; it’s being actively exploited by spammers.

Ben Trott has proposed the following patch to address the issue

--- mt-send-entry.cgi.orig      Sun Nov 23 20:21:12 2003
+++ mt-send-entry.cgi   Sun Nov 23 21:23:48 2003
@@ -37,6 +37,8 @@
         die "Missing required parameters\n";
     }
 
+    die "Invalid from or to value"
+       if $to =~ /[\r\n]/ || $from =~ /[\r\n]/;
     my $entry = MT::Entry->load($entry_id)
         or die "Invalid entry ID '$entry_id'";
     my $blog = MT::Blog->load($entry->blog_id);

But that addresses only one of the various ways in which this script can be exploited. Spammers can still send as much email as they want, with arbitrary message body content, to whomever they want, and do so completely anonymously. The only thing they can’t get rid of is the subject line

Subject: [Your Blog Name] Recommendation: Your Entry Title

which serves only to sully your reputation, and the first line of the message body,

Some fake email address has sent you a link!

(The link to your blog entry itself — at the bottom of the message body — is easily omitted, not that anyone will care.)

Unless you feel you absolutely must use this CGI script to allow anonymous visitors to mail arbitrary messages to whomever they please, you’d be much better off simply disabling it. Change the permissions on the offending script to make it inexecutable, or remove it entirely.

Do it now, before your blog is exploited by spammers.

Update (11/26/2003): Ben Trott has posted a message warning the vast majority of MT users, who don’t use this CGI script, to disable/remove it. He’s also posted an improved version (better than the patch above, but still only “spam-resistant”, rather than “spam-proof”) of the script.

Speaking of spam, here’s a site to restore your faith in humanity.

No, I haven’t (yet) received any more since I took action.

But, as predicted, the spammers have become more diversified in their techniques, so it’s time to bring other webloggers up to date.

The spammers appear to be using two techniques currently:

1. Find the URL of a comment-entry script (e.g. mt-comments.cgi) on Google and post a comment directly to that script.
2. Find a weblog entry by following a link from blogdex or daypop or technorati or wherever. Look for a comment-entry form on that page, and submit the form.

My previous article dealt with defeating the first technique. Since writing it, 40 spambots have gotten their URL’s added to my ban-list. At first, they were coming at a rate of 3 or 4 per day, but that has dropped off as my (former) comment-entry script URL’s have slowly disappeared from Google’s index.

The second technique has proven a problem for others. But it hasn’t affected me. I have no idea whether spambots using it have attempted to access my comment form. Why? Because I don’t have a comment-entry form on my individual archive page. You need to follow a link to get to the comment-entry form.

While easy for humans, figuring out which link to follow to reach the comment form adds an extra layer of complexity to the spambots. And it makes them susceptible to “honeypot” forms (“To get your IP Address permanently banned from this site, enter a comment below…”), among other devious things.

I haven’t bothered setting up a honeypot yet. And there are several other tricky techniques I could yet deploy. But those are for a future post. Remember my motto:

Keep your powder dry!

With Bluetooth phones, Bluetooth keyboards and mice, even Bluetooth luggage, we’re bound to see more security advisories of this sort in the future.

Just what I need to worry about: somebody hacking into my phone. Thanks, but I think I’ll hold onto my antiquated, non-Bluetooth, “Rotary-dial” cell phone a little while longer…

We have both Keshav Dasgupta and Scott Thomas visiting from Stanford this week.

Keshav gave a very nice talk about $N=1$ supersymmetric compactifications of Heterotic strong theory with nonzero H-flux. We’re not talking about spacetimes of the form AdS₄$\times$ Calabi-Yau, which have been the subject of much recent interest. Instead, we’re talking about spacetimes of the form $\mathbb{R}^{3,1}\times$ a non-Kahler complex 3-fold. As with other flux compactifications, most — if not all — of the moduli get fixed. Unfortunately, these non-Kahler geometries are very hard to study, and not a lot is known. Keshav et al managed to find a particular example where, through a chain of string dualities, one can actually say quite a bit.

Scott gave two talks, one about his work with Giddings on making blackholes at the LHC. If, in a theory with large extra dimensions, the fundamental Planck scale is quite low (in the TeV range), we might be on the verge of reaching those energies — and creating microscopic blackholes — in the next generation of accelerators. Needless to say, the experimental signature of the production and subsequent evaporation (with a lifetime $\sim 10^{-23}$ sec.) of TeV-scale black holes would be quite dramatic.

Scott, however, put a more pessimistic spin on the subject. As you go to higher center-of-mass energies, the multiplicity of particles in the final state of the evaporation of a microscopic black holes goes up, and the average energy per particle goes down. In the end, all you get is soft junk, which tells you virtually nothing about short distance physics.

Repent! The end of Particle Physics is nigh!

He also talked about some work in progress with Dimopoulos on models of inflation in which the inflaton is a moduli field parameterizing the space of vacua of an $N=1$ supersymmetric gauge theory near an infrared fixed point. If the field has a large anomalous dimension, the inflaton potential can be very flat in the neighbourhood of the CFT point. It sounds like a really neat idea.

Here’s another benefit of the 24 hours spent trying to get sendmail working again after upgrading to Panther.

One of my desperate measures was to download and compile the latest Sendmail 8.13.PreAlpha4. Among the new features of 8.13 is that it comes with Milter support enabled by default.

In the past, I’ve been annoyed by the blizzards of Windoze email viruses collecting in my in-box. This weekend saw a flurry of what looked like a new one.

Seizing the opportunity, I downloaded and installed ClamAV, the open-source virus scanner. It comes with clamav-milter, so that Sendmail can use it to scan incoming email for viruses. What a great package! The virus database is actively maintained, receiving 4 or 5 updates a week, and you can update your local copy daily by executing freshclam as a cron job.

After poking around the mailing list, I decided to go with the latest development version, rather than the rather old “stable” version, ClamAV-0.60. The response to the sundry complaints about the latter was always “that’s fixed in the development version.”

To compile properly, it required a small patch, and linking to the GMP libraries from fink. My script for building the distribution is

#!/bin/sh
autoreconf
CFLAGS="-I/sw/include" LDFLAGS="-L/sw/lib" ./configure --enable-milter
patch -p0 < clamav.patch
make
sudo make install

There was one wee glitch: Sendmail complains if the Unix socket used by the milter is in a group-writable directory. Rather than trying to find another home for it, I decided that it was more secure to patch /etc/rc.cleanup to make /var/run (which gets recreated every time you reboot) mode 755 instead of 775. That’s probably the “right” set of permissions anyway.

Adding

/usr/local/sbin/clamd
/usr/local/sbin/clamav-milter -blo /var/run/clmilter.sock

to the startup sequence in /Library/StartupItems/Sendmail/Sendmail, virus-laden emails are automatically rejected, leaving only a telltale rejection notice

Nov 10 06:51:00 golem clamav-milter[9356]: clamfi_connect: connection from rs25s8.datacenter.cha.cantv.net [200.44.33.9]
Nov 10 06:51:02 golem sm-mta[28469]: hAACp0Ic028469: from=<anliz6@hotmail.com>, size=66483, class=0, nrcpts=1, msgid=<200311101249.hAACnabM006232@rs25s8.datacenter.cha.cantv.net>, proto=ESMTP, daemon=MTA, relay=rs25s8.datacenter.cha.cantv.net [200.44.33.9]
Nov 10 06:51:02 golem clamav-milter[9356]: stream: Worm.Galil.C FOUND
Nov 10 06:51:02 golem clamav-milter[9356]: Intercepted virus from <anliz6@hotmail.com> to <distler@golem.ph.utexas.edu> 
Nov 10 06:51:02 golem sm-mta[28469]: hAACp0Ic028469: Milter: data, reject=550 5.7.1 Virus detected by ClamAV - http://clamav.elektrapro.com
Nov 10 06:51:02 golem sm-mta[28469]: hAACp0Ic028469: to=<distler@golem.ph.utexas.edu>, delay=00:00:01, pri=96483, stat=Virus detected by ClamAV - http://clamav.elektrapro.com

in my mail logs. Works so well, I’ve asked Terry to install ClamAV on our Linux cluster.

I’m as happy as a …

Update (11/15/2003): No sooner did I write this, than a serious security flaw was announced in clamav-milter. Fortunately, upgrading to ClamAV-0.65 fixes the problem.

Update (11/30/2003): The development version (11/22/2003 or later) of clamav-milter finally drops privileges correctly. Neither clamd nor clamav-milter need to run as root. If configured to do so, now they’ll both run as an unprivileged user

1. Create a new user (as root)

   echo "clamav:*:77:77::0:0:Clamd User:/dev/null:/dev/null" | niload -m passwd .
   echo "clamav:*:77:clamav" |niload -m group .

2. Edit your clamav.conf file so that clamd and clamav-milter run as the user “clamav” and put all their files in a directory owned by that user

   PidFile /var/run/clamav/clamd.pid
   LocalSocket /var/run/clamav/clamd.sock
   User clamav

3. The startup code in /Library/StartupItems/Sendmail/Sendmail gets a bit more complicated

   if [ ! -d /var/run/clamav ] ; then
       mkdir /var/run/clamav
   fi
   chown clamav /var/run/clamav
   /usr/local/sbin/clamd
   /usr/local/sbin/clamav-milter -blo /var/run/clamav/clmilter.sock
   

   right before you start up sendmail

While I was doing those endless recompiles, I was very much enjoying reading Aharony et al’s paper on the phase structure of large-N gauge theories.

The idea is to consider a large-N gauge theory at finite temperature and on a finite-volume $S^3$. Working in finite volume introduces a dimensionless parameter, $\gamma=R \Lambda_{QCD}$ which, if it’s small, means that the theory can be studied in perturbation theory. Even though we are in finite volume, at infinite $N$, the theory still has sharp phase transitions.

The free theory is well-known to exhibit string-like behaviour at low temperatures, with a Hagedorn transition at a certain finite temperature, $T_H$. One wants to extend this analysis to the interacting theory and study the phase structure as a function of two parameters, $RT$ and $\gamma$.

The method (pioneered by Sundborg in the $\mathcal{N}=4$ supersymmetric case), is to work in the gauge

where

For small $\gamma$ (in the $\mathcal{N}=4$ case, at weak coupling), the remaining degrees of freedom can be integrated out, leaving a single matrix integral for $\alpha$ or, more properly, for $U=e^{i\alpha}$. The effective action for $U$ can be computed in perturbation theory.

The resulting large-N unitary matrix integral is dominated at low temperatures by a uniform distribution of eigenvalues on the circle. In the free theory, the Hagedorn transition is associated to the longest “wavelength” mode on the circle going unstable. In the high temperature phase, a sinusoidal eigenvalue distribution, vanishing at $\theta=\pi$, dominates. It has long been expected that this Hagedorn transition (at $\gamma=0$) would be connected by a line of phase transitions to the deconfinement transition (at $\gamma=\infty$)

Aharony et al study the corrections to the effective action for $U$ to order $\lambda^2$ ($\lambda=g_{YM}^2 N$ is the 't Hooft coupling). Depending on the sign of a certain coefficient in the effective action (which, in turn, depends on the matter content), the Hagedorn transition is 2^nd order and is followed at a yet-higher temperature by another “Gross-Witten”-type phase transition. Alternatively, with the opposite sign, the theory undergoes a 1^st order phase transition at a temperature somewhat below $T_H$.

Matching this behaviour onto what we believe to be true in infinite volume suggests an intricate structure to the aforementioned phase diagram.

Yesterday morning, I decided to take the plunge and upgrade Golem to Panther.

Things were going fairly swimmingly. The installation takes a long time (it’s 4 CD’s), but that just gave me plenty of time to implement the fixes I’d previously explored in upgrading my iBook.

I was optimistic I’d be done by noon … until I discovered that I couldn’t send mail. Cranking the LogLevel up to 13, I discovered that SMTP-AUTH support was broken somehow.

Sendmail seemed to be trying to access the wrong database file:

Nov  7 22:46:16 localhost sm-mta[9031]: error: safesasl(/etc/sasldb.dir) failed: No such file or directory

— the actual one is named sasldb.db — and I wasn’t getting any allowed authentication methods

Nov  7 22:46:20 localhost sm-mta[9052]: AUTH warning: no mechanisms

I tried everything: rebuilding the SASL database, recompiling the SASL libraries (CyrusSASL version 1.5.17), recompiling sendmail, … I tried using the SASLv2 package from Fink (this latter had a nasty tendency to coredump). Nothing seemed to work.

Eventually, I tried installing Berkeley DB 4.1.25 from SleepyCat Software and recompiling both sendmail and CyrusSASL to link against it.

That managed to get rid of the first error message. But still no Authentication Methods. Finally, I downloaded CyrusSASL 1.5.28, compiled and installed it. Recompiled and reinstalled sendmail, yet again and … it worked!

After 24 hours of tearing my hair out, mail was working again!

Other than that, the upgrade seems to have gone OK.

Let’s see how MySQL is working shall we?

This morning I received the following email

Dear blog owner,

My name is David. I’m developing a blog about spam:

www.blogspam.org

Please visit my site and tell me your opinion. I have collected specific methods to fight this plague in mt (movable type).

Kindest regards.

*Congratulations for your excellent blog.

Yeah, suuure ya are.

Let’s take a look at those headers

From: 	  David - BlogSpam.ORG<david@blogspam.org>
Subject: 	NEW BLOG
Date: 	November 4, 2003 7:32:06 AM CST
To: 	  <distler@golem.ph.utexas.edu><distler@golem.ph.utexas.edu>
Received: 	from ss40.shared.server-system.net (ss40.shared.server-system.net [64.207.168.2]) by golem.ph.utexas.edu (8.12.10/8.12.10) with ESMTP id hA4DwsL1023957 for <distler@golem.ph.utexas.edu>; Tue, 4 Nov 2003 07:58:56 -0600 (CST)
Received: 	from equipo1 (133.Red-81-32-43.pooles.rima-tde.net [81.32.43.133]) (authenticated (0 bits)) by ss40.shared.server-system.net (8.11.6/8.11.6) with ESMTP id hA4DwlA15495 for <distler@golem.ph.utexas.edu>; Tue, 4 Nov 2003 05:58:48 -0800
Message-Id: 	<001101c3a2db$67c977a0$0601a8c0@webconcept.local>
Mime-Version: 	1.0
Content-Type: 	multipart/alternative; boundary="----=_NextPart_000_000E_01C3A2E0.6C4E9850"
X-Priority: 	3
X-Msmail-Priority: 	Normal
X-Mailer: 	Microsoft Outlook Express 5.50.4522.1200
X-Mimeole: 	Produced By Microsoft MimeOLE V5.50.4522.1200

pooles.rima-tde.net is, in my experience, a nest of spammers (I’ve ended up blocking the domain). But the real tip-off is the Message-Id. Head on over to webconcept.com and decide for yourself whether this guy is on the up 'n up.

Did I not give them “about a month”? Dang, they’re a week early!

I upgraded my iBook to Panther this weekend. Once I’ve figured out all the pitfalls, I’ll try upgrading Golem.

I could regale you with tales of Exposé or FastUserSwitching (despite the fact that the wimpy video card on my iBook doesn’t support the cool QuartzExtreme graphics, I have to say the implementation is very nice). Or I could go on about the cool new features of Mail.app or …

But you could read about that kind of stuff countless other places on the web. No, you want to know about how I really spent the weekend. You want to hear the geeky stuff.