Navigating the Tianocore UEFI Shell

Just in case you end up getting dropped to the UEFI shell when attempting to start a Windows guest domain with KVM/QEMU/Tianocore, I thought I might post a little shot from Alex Williams’ extremely helpful series (to which I’ve already linked in my Windows VM + PCI Passthrough instructions):

I’m not sure why I got dropped in there since the VM has been working without issue for a while, but I’ll update the post if I figure out the cause.

Update:  Looks like it was due to an upgrade for the Tianocore firmware.

Posted in Information Technology | Tagged , , , , , | Leave a comment

The Apparent Correlation Between Race and IQ

Look, there seems to be one.  Deal with it.

I can’t get over the fact that these people opposed to merely observing an apparent correlation between race and IQ seem to be victims of their own inability to understand the simple fact that odious ends are not warranted by such observations.

Per the article, for example; if it is true that Hispanic people have, on average, a lower IQ than white people, that does not justify screening immigrants for IQ.  What the hell is that?  We don’t give people IQ tests before they’re permitted to be Americans.  There’s no justification for choosing characteristics such as IQ (or strength, or weight, or height…) to be requirements for citizenship in America.  What, are we going to give these tests to all children born in America, as well, and deport any who fail to meet the standard?

Such a measure has nothing to do with the correlation between race and IQ at all.  Its worthiness of implementation has nothing to do with that correlation.

It would probably actually be better for America if people had this data shoved into their faces so the population at large would have to grow up and figure out the simple fact that people aren’t to be discriminated against because of such attributes.  People would have to realize that a morally upright person who seeks what is good despite a low IQ is far more valuable than a morally despicable person who makes use of a high IQ to do wrong.  And who would you rather have as a neighbor?

Humans covered this subject matter forever ago.  Socrates whomped Thrasymachus, proving that might does not make right, and that applies to physical as well as intellectual might.  You don’t get to abuse others because you’re stronger than they are, and you don’t get to abuse others because you’re smarter than they are.

Unless I’m missing something extremely obvious, this stuff is so simple, it’s just pathetic.  If we can’t realize that we must respectfully coexist despite even important, consequential distinctions in our qualities, we’re going to be eugenicist, totalitarian asshats in no time flat.

The worst of it all is that these people arguing against investigation into correlations between race and IQ are basically agreeing with the racists they despise in some critical fashion.  They’re saying, in effect, that we must avert our eyes, for if we see the facts we think we will see, then we’ll have to admit the racists are right.

And that’s some bull shit, right there.  A real difference in qualities such as IQ or strength among races does not mean we get to segregate the races.  The American ideal of meritocracy has been remediated so that it applies equally to all races and sexes, as it should have from the beginning.  And it should be further refined, in my opinion, to be more aligned with a moral meritocracy, at that.  I am tired of watching hard-working blue collar people forced to live with a pittance because their labor, still absolutely necessary for the success of America, is less valued by virtue of some sort of unreasonable worship for intelligence in this country.  There was a time when I worked an extremely labor-intensive warehouse job, and I think back on this from my comfortable white collar office often, especially when I observe laziness or incompetence among other white collar workers who nonetheless earn far more than honest, unbelievably hard-working blue collar laborers.

So far from banning research into IQ differences among human beings, we should allow the recognition of IQ differences and our moral obligations to one another to provoke us to better our condition.  I disagree with the author of the above-linked article suggesting a ban on such research, for its use is not in the end of the racist, but rather the end of those who want to better our society; principally, we should focus on ensuring that the horrendous income inequality plaguing this nation is addressed.  We neither need, nor should we desire, that positions more easily reached by those bearing natural advantages should offer the outrageously superior access to wealth currently featured in our society.  Everywhere we should endeavor to equally reward honest effort.

If you don’t win the genetic lottery and you wind up starting the game with a lower IQ than others, well then you’re playing the game of life on hard mode.  That is to be respected, and your successes are that much more valuable for it.  And even though it wasn’t that great of a movie overall, my favorite part of Alien 3, by far, was Francis Aaron’s character, called “85” mockingly by those around him who learned of his IQ from his personnel file.  His courage and moral fortitude was indispensable, and his work ethic allowed him to overcome that particular genetic disadvantage.

Next up: people argue we should stop investigating a correlation between genetic disorders and disability.  ‘Cause I mean, if there is such a correlation, we’ll just have to kick all people with genetic disorders out of America, right?

Ugh.

P.S.  White people aren’t the ultimate winners of the IQ genetic lottery; that seems to be those of Asian or Jewish descent.  So that’s always fun to point out to wrongheaded white supremacists, too.

Posted in Politics | Leave a comment

The Crux of Modern PC Sophistry: The False Equivocation of Violence and Speech

As most people are aware, there has been a recent (within the past few years) surge on American college campuses in the creation of and request for “safe spaces” in which certain topics of discussion are verboten and dissent of certain forms is prohibited.

These “safe spaces” accompany “trigger warnings” and “de-platforming” among neo-PC tactics designed to quash opinions which are considered not only disagreeable or wrong, but downright violent.

This attempt to expand the concept of violence to include the expression of opinions which one may even contend can lead to irrational acts of actual violence (e.g. a speech which condemns homosexuality as immoral could be drawn upon as justification by individuals who would stalk, assault, or even murder homosexuals) is, itself, dangerous.  It is simply not true that speech is violent; violence refers to the use of physical force against someone or something.  This is a distinction which has long been held as important by civilized society, referenced in even the old adage “sticks and stones may break my bones, but words will never hurt me.”  It is a mark of maturity to recognize the distinction between violence and speech, and to give wide opportunity for the latter and narrow permission for the former.

Of course, there is such a thing as hurtful speech.  It is a different kind of hurt from physical violence, but it can cause mental anguish nonetheless, and this is important.  It is immoral to groundlessly insult others.  It is immoral to harass others.  It is to behave in the manner of undisciplined children and it should be called out for being what it is.  We of a civilized society ought not to sit idly by while others act in such a way.

But, seemingly dissatisfied with the extent of opposition to this behavior afforded by reason, the modern PC movement rests, perhaps primarily, on an attempt to falsely equivocate between violence and unpalatable speech.  Just take a look at the following crucial excerpt from the recent faculty letter written in response to the University of Chicago’s letter to the incoming class of 2020 which informs the class, in part:

Our commitment to academic freedom means that we do not support so called ‘trigger warnings,’ we do not cancel invited speakers because their topics might prove controversial, and we do not condone the creation of intellectual ‘safe spaces’ where individuals can retreat from ideas and perspectives at odds with their own.

This is a strike back at exactly what has been discussed above: de-platforming, safe spaces, and trigger warnings.  Now take a look at the following crucial excerpt from the recent faculty letter written in response to that letter:

The history of “safe spaces” goes back to gay, civil rights, and feminist efforts of the mid–20th century to create places protected from quite real forces of violence and intimidation. They also served as incubators of new ideas away from the censure of the very authorities threatened by these movements. It would be naïve to think that the University of Chicago is immune from social problems. Yet the administration confusingly disconnects “safe spaces” it supports (see the list of mentoring services on the College’s own website) from “intellectual safe spaces” that it does not, as if issues of power and vulnerability stop at the classroom door.

In this excerpt, the faculty plainly and falsely equate the actual violence and intimidation (using the threat of violence) against black Americans during the Civil Rights movement of the 1960s and the “issues of power and vulnerability” within a college classroom.

This may seem to be frivolous nit-picking when the discussion is honed down to a single example, but it is representative of a large scale problem.  Just Googling about in today’s news will quickly skim examples for anyone curious to see them.  This false equivocation is pervading modern discussion, often injected by means of reference to some actual immoral behavior (see the examples link above) in order to quell dissent.  Who would want to argue a technical point when a person has committed suicide in a desperate attempt to escape humiliating harassment?  Who would want to defend the harassers from allegations of violence?

But the technical point is important.  The truth is important.  And the truth does not fail to satisfy, for though its recognition brings clarity which prevents error, it does not exonerate the immoral.  Though they are not guilty of violence, those who coerce suicide through harassment are despicable.  We need no false equivocation to understand this.  Though we must treat them differently from those who are violent, those who berate and insult others remain guilty of their immorality.

Losing sight of this distinction, we are now at a risk in our culture of turning to serious error.  For, if these are genuinely equivalent issues, the violent opposition faced by black Civil Rights activists of the 1960s and the trials and tribulations of modern college classroom discussion, then one is forced to accept that one who believes, for example, that homosexuality is immoral, is doing the same thing as committing violence against homosexuals by even respectfully expressing this belief.  This is the premise on which the neo-PC movement relies for its arguments in favor of so-called “safe spaces” and “trigger warnings.”  Beyond the usual consideration for others which is required of those participating in civil discussions (e.g. one shall not harass, nor insult, nor berate an interlocutor, particularly in discussions revolving around the morality of such an interlocutor’s life), the neo-PC wants to argue that beliefs which run against a certain subset of decisions or behaviors which have been declared off-limits by the neo-PC must not be expressed, lest this constitute an act of violence.

If this false equivalence is accepted, then of course it is equally as legitimate to prohibit a person from speaking to an audience as it is to prohibit a person from physically assaulting that audience.  This is how the neo-PC is attempting to force agreement with their often obviously wrongheaded ideals.  They have abandoned the use of reason, for such a path will not lead them to their intended destination; it will not free them from their duty to entertain, and even endure, dissent and critique, so they instead move to categorize all who disagree with them as violent aggressors from whom they must be protected.

It is difficult to argue against the neo-PC crowd and simultaneously lead them from their confusion.  This group has a serious slave mentality about them where victimhood is prized above all as an unassailable platform from which to hold any number of opinions with which others are compelled to agree.  Sometimes people who have endured actual victimhood at the hands of abusers or violent criminals find their homes within this group and, misled though they are, the issue is made murkier by their genuine suffering.  “You can’t tell me my trauma doesn’t matter,” they will scream.  “You can’t tell me how I ought to feel,” will be hurled at every opportunity.

But, of course, the fact is that people can overvalue things.  They can place unwarranted emphasis on things.  Their feelings can be wrong.  Their opinions can be wrong.  Their opinions about their feelings can be wrong.  And those who are actual victims do not triumph over their aggressors by living the rest of their lives cowering at anything which threatens to remind them of their past.  It is not easy to overcome legitimate hardship or come to terms with one’s own deficiencies, particularly when one is put in a particularly strenuous situation, but an answer to this difficulty the neo-PC has not.

And mankind has already treaded this ground.  It has long been established that there is an important distinction between objectivity and subjectivity, and it is the personal responsibility of every person to recognize and bring the latter into alignment with the former where necessary.  My subjective inclinations are no basis for the condemnation or oppression of others who disagree with them.  My personal hardship and sensitivities do not make microaggressors out of those around me.  To live together harmoniously and productively, we have to become capable of understanding how to reconcile our emotions and other often arational, or even irrational, inclinations with objective facts.

And this is what the neo-PC is fighting.  They want an impossible world in which they are free from critique (which they fear as much as violence), for they have established by fiat the areas of their lives for which critique is off-limits.  They do not see that, even were they to be granted permission to continue with their misguided venture, they would eventually collide with one another as their rising numbers would make the incompatibility of their irrational dictates less easily ignored.  We are all subject to objective reasoning not because our subjectivity is without value, but because, at the very least, its incommensurability with reason threatens unsustainable discord.  A civilized society simply cannot exist on the basis of governance with subjective whim for its basis.

We all have our struggles with civilization; at times, it seems it is everywhere a conspiracy against the individual.  But a studious and curious mind is compelled to admit of its benefits and the capabilities bestowed upon us which, in its absence, would be impossible to come by.  And it is only because of these invaluable consequences of civilized society that discussion of this neo-PC phenomenon is possible at all.  Its defeat is necessary to sustain the systems which provide the very opportunity for its entertainment.

Posted in Politics | Leave a comment

A Flawed Politician vs. a Career Charlatan

You may have noticed that trump has given a little more (accidental? Maybe he just doesn’t care at all?) insight into his practices.  He’s admitted the reason that he’s not making a statement regarding an obvious falsehood which he has promoted for many, many years, that Obama is an illegitimate President on account of not having been born in the US (and possibly being a Muslim; egad!).  That is, he wants to “keep the suspense going.”

If you saw my last post about this national embarrassment, you will recall that I mentioned his book in which he admits to a strategy of “truthful hyperbole” (which is perhaps more accurately rendered: “plausibly-deniable hyperbole”).

It is clear enough that trump has spent a lifetime managing his success in this manner; he is a con-man.  He tells people what they want to hear in order to manipulate them into making the incorrect decision to trust him.  He has admitted this in his book, and here he is admitting to withholding the truth in order to keep people in a more easily manipulated state of suspense.

Now, this isn’t, of course, unheard of in modern politics.  The Clinton campaign assuredly acts similarly.  However, what we have here is a choice between a candidate in whom we have absolutely no demonstration (much less assurance) of substance behind the manipulation.  In fact, we have evidence that he has failed repeatedly upon gaining the improperly-placed trust of his past business partners.  We know by his own admission that he does not read, much less on issues of national or international import, and that he considers himself to be his best consultant.

Sadly, after decades of political disputes between candidates threatening the disastrous outcomes looming at the hands of their opponents, I’m afraid we’ve lost the capacity as a nation to recognize a genuine threat.  Even when the very party that nominates a candidate is fractured to an unprecedented degree over support for him, with those who do not support him making it clear that they are in agreement with his opponents that he is an entirely incompetent, unacceptable choice for the leader of the free world, the country remains largely divided over standard party lines.

Additionally, we have received some valuable information about HRC from the leaked emails of Colin Powell.  Here is a respectable man whose honest behind-the-scenes opinions have been given to us, and they are:

  1. Trump is a national disgrace, wholly unfit for the office of President of the United States.
  2. HRC is a hard-working, respectable person who nonetheless ruins and/or damages situations with a sort of greedy arrogance.
    1. Also, Benghazi was a stupid witch hunt
    2. Also, the email scandal was/is legit to the extent that HRC was intentionally circumventing department regulations in the same way that Colin Powell did before her.

All of this seems to me to line up well with what we (should) have already surmised, as well.  The fact that we have an intelligent insider’s opinion on these matters which seems entirely in line with the available facts should strongly support the conclusion that the only rational choice before Americans in this election is HRC.

It is not fun to have to choose a candidate with serious and known flaws, but her competence and hard work seems unquestioned, and though she may arrogantly stumble on occasion, the former characteristics are of extreme importance when faced with an opposing choice that, by every single account, lacks them entirely.

I really, really hope America doesn’t make the obviously wrong choice this time around.  It is hard to imagine that the consequences of such a failure will not be severely bad for the country.

Posted in Politics | Leave a comment

Compiling and Installing mod_wsgi 4.5.6 on RHEL/CentOS 6

Just a quick note in addition to the troubleshooting post I provided;

When compiling mod_wsgi from source (which is Graham Dumpleton’s serious recommendation), you may choose to compile the module with a different version of Python than that which is included with the RHEL/CentOS operating system.  The reason you would do this is that mod_wsgi needs to be compiled with the version of Python that is used by the program you intend to support with the module (e.g. you cannot run a Python 3.5 program with a WSGI module compiled with Python 2.7).  This is especially common with RHEL/CentOS since Python 2.7 is what the OS is based on, and we’re all the way up to Python 3.5 now, with a lot of superiority over the old major version 2.

So, if you have to do that, you’re going to need to perform the compilation by directing the system to the Python library to be used in compiling the module.  If that Python library is not in the standard LD_RUN_PATH (likely if it’s not in /usr, but /opt, as in my case), you’ll need to do this:

 $ wget https://github.com/GrahamDumpleton/mod_wsgi/releases/tag/4.5.6
 $ tar xf 4.5.6.tar && cd 4.5.6
 $ ./configure --with-python=/opt/anaconda3/bin/python3.5
 $ LD_RUN_PATH=/opt/anaconda3/lib make
 $ sudo make install

You can tell you need to do that if you find the WSGI module refuses to load, providing the following error message in /var/log/httpd/error_log:

httpd: Syntax error on line 222 of /etc/httpd/conf/httpd.conf: 
Syntax error on line 1 of /etc/httpd/conf.d/wsgi.conf: Cannot load /etc/httpd/modules/mod_wsgi.so into server: libpython3.5.m.so.1.0: cannot open shared object file: No such file or directory

And then you investigate the module’s linked libraries like so:

# ldd /etc/httpd/modules/mod_wsgi.so
        linux-vdso.so.1 =>  (0x00007fff08704000)
        libpython3.5m.so.1.0 => not found
        libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f96abbfc000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00007f96ab9f8000)
        libutil.so.1 => /lib64/libutil.so.1 (0x00007f96ab7f5000)
        librt.so.1 => /lib64/librt.so.1 (0x00007f96ab5ec000)
        libm.so.6 => /lib64/libm.so.6 (0x00007f96ab368000)
        libc.so.6 => /lib64/libc.so.6 (0x00007f96aafd4000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f96ac05d000)

That “not found” bit is a problem; what you will see after you compile with the LD_RUN_PATH specification above is this:

# ldd /etc/httpd/modules/mod_wsgi.so
        linux-vdso.so.1 =>  (0x00007fffff9f7000)
        libpython3.5m.so.1.0 => /opt/anaconda3/lib/libpython3.5m.so.1.0 (0x00007f6b55b00000)
        libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f6b558d7000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00007f6b556d3000)
        libutil.so.1 => /lib64/libutil.so.1 (0x00007f6b554d0000)
        librt.so.1 => /lib64/librt.so.1 (0x00007f6b552c7000)
        libm.so.6 => /lib64/libm.so.6 (0x00007f6b55043000)
        libc.so.6 => /lib64/libc.so.6 (0x00007f6b54caf000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f6b56228000)

So that’s that.

Posted in Information Technology | Tagged , , , , | Leave a comment

Troubleshooting Apache httpd and mod_wsgi with Anaconda Python 3.5 on RHEL/CentOS 6

Man, I have spent many hours over the last few days figuring out why, exactly, I am having so much trouble getting mod_wsgi to do so much as present a simple test application.  The issues I have encountered have seemed downright unavoidable for a reasonably secure implementation, but I’m sure I’m doing something really obvious and stupid for a system administrator more well versed in httpd and the module than I.

Nonetheless, I thought I might post these issues up here and the solutions I found.  If you happen to be such a superior system administrator and you could kindly educate me regarding my failures as described below (since I’m sure there are superior solutions to be had), please do!

System Configuration
  • RHEL 6.8
  • httpd 2.2
  • mod_wsgi 4.5.6 compiled with:
  • anaconda 4.1.1 (Python 3.5)

I’m using Red Hat Enterprise Linux 6.8 (fully up to date) with the standard httpd package delivered and supported for that distribution (so httpd 2.2).  I compiled mod_wsgi from source, so I’m using the latest and greatest (4.5.6) and I performed that compilation using Python 3.5 through Continuum.io’s Anaconda software (not my choice; seems like an ok service they provide, though).

Initial Trouble

When I tried to start the httpd daemon using the init script and Upstart service command provided by RHEL, the attempt failed and I found in /var/log/httpd/error_log (after increasing to info level verbosity):

Could not find platform independent libraries <prefix>
Could not find platform dependent libraries <exec_prefix>
Consider setting $PYTHONHOME to <prefix>[:<exec_prefix>]
[info] mod_wsgi (pid=3786): Python home /opt/anaconda3.
[info] mod_wsgi (pid=3786): Initializing Python.
[info] mod_wsgi (pid=3787): Starting process 'sampleapp' with uid=48, gid=48 and threads=15.
[info] mod_wsgi (pid=3787): Python home /opt/anaconda3.
[info] mod_wsgi (pid=3787): Initializing Python.
Fatal Python error: Py_Initialize: Unable to get the locale encoding
ImportError: No module named 'encodings'

And so it begins…

Solution 1: Directing Apache to the Anaconda Python Resources

Though it appears from the log and from the documentation on mod_wsgi that I was correctly establishing the configuration directive necessary to point httpd to the correct location for Python resources, the error seems pretty clearly indicative of a failure in that respect.  After using every damn WSGI directive (WSGIPythonHome, WSGIPythonPath, WSGIDaemonProcess with the python-home or python-path options…) which seemed plausibly related, all to no avail, I changed tactics.

I ruled out permission and SELinux issues through a variety of standard means.  I tried running Apache as root without SELinux enabled just to make sure this couldn’t possibly be the problem.  Just to be 100% sure and confirm for myself my own rudimentary assessment capabilities, I even `chmod -R 777`’d /opt/anaconda3 (not before taking a backup of it which I then restored after the test, of course).  It was clear that httpd could access the files and do whatever it pleased with them; for some reason, despite seeming to acknowledge clear direction, even, it just refused to find them.

So I decided I’d just have to stack trace httpd and see what, exactly, is going on.  In doing so, I noticed that the httpd daemon would seem to successfully locate the /opt/anaconda3 directory (as expected).  In performing the initial module load, it would successfully open the necessary Python libraries.

open("/opt/anaconda3/lib/libpython3.5m.so.1.0", O_RDONLY) = 5

w00t.  No issues so far.

However, despite the fact that mod_wsgi logs an info event indicating that it has properly recognized the WSGIPythonHome directive I am providing (which is accurate; it is equivalent with the sys.prefix variable, as the documentation indicates it should be), the startup process invariably devolves into searching what appears to be a default series of locations for the Python resources (/usr, for example).

From the stack trace (my user name converted to “myusername”):

stat("/sbin/python3", 0x7fffa0fba600)   = -1 ENOENT (No such file or directory)
stat("/bin/python3", 0x7fffa0fba600)    = -1 ENOENT (No such file or directory)
stat("/usr/sbin/python3", 0x7fffa0fba600) = -1 ENOENT (No such file or directory)
stat("/usr/bin/python3", 0x7fffa0fba600) = -1 ENOENT (No such file or directory)
readlink("", 0x7fffa0fa5520, 4096)      = -1 ENOENT (No such file or directory)
open("pyvenv.cfg", O_RDONLY)            = -1 ENOENT (No such file or directory)
open("pyvenv.cfg", O_RDONLY)            = -1 ENOENT (No such file or directory)
stat("Modules/Setup", 0x7fffa0fa64a0)   = -1 ENOENT (No such file or directory)
getcwd("/home/myusername", 4096)         = 16
stat("/home/myusername/lib/python3.5/os.py", 0x7fffa0fa64a0) = -1 ENOENT (No such file or directory)
stat("/home/myusername/lib/python3.5/os.pyc", 0x7fffa0fa63d0) = -1 ENOENT (No such file or directory)
stat("/home/myusername/lib/python3.5/os.py", 0x7fffa0fa64a0) = -1 ENOENT (No such file or directory)
stat("/home/myusername/lib/python3.5/os.pyc", 0x7fffa0fa63d0) = -1 ENOENT (No such file or directory)
stat("/home/lib/python3.5/os.py", 0x7fffa0fa64a0) = -1 ENOENT (No such file or directory)
stat("/home/lib/python3.5/os.pyc", 0x7fffa0fa63d0) = -1 ENOENT (No such file or directory)
stat("/home/ilan/minonda/envs/_build/lib/python3.5/os.py", 0x7fffa0fa63d0) = -1 ENOENT (No such file or directory)
stat("/home/ilan/minonda/envs/_build/lib/python3.5/os.pyc", 0x7fffa0fa6320) = -1 ENOENT (No such file or directory)
write(2, "Could not find platform independ"..., 55) = 55
stat("pybuilddir.txt", 0x7fffa0fa1440)  = -1 ENOENT (No such file or directory)
getcwd("/home/myusername", 4096)         = 16
stat("/home/myusername/lib/python3.5/lib-dynload", 0x7fffa0fa5520) = -1 ENOENT (No such file or directory)
stat("/home/myusername/lib/python3.5/lib-dynload", 0x7fffa0fa5520) = -1 ENOENT (No such file or directory)
stat("/home/lib/python3.5/lib-dynload", 0x7fffa0fa5520) = -1 ENOENT (No such file or directory)
stat("/home/ilan/minonda/envs/_build/lib/python3.5/lib-dynload", 0x7fffa0fa5520) = -1 ENOENT (No such file or directory)
write(2, "Could not find platform dependen"..., 58) = 58
write(2, "Consider setting $PYTHONHOME to "..., 57) = 57

If you’ll note, the search becomes so desperate, in fact, that it includes some weird searches to subdirectories and resources in the non-existant /home/ilan directory, which looks like it must be somehow inadvertently included information on behalf of the designer of Anaconda, as I found a forum post signed “ilan” from him, it seems.

Eventually, the search process fails and httpd proclaims its inability to locate the resources.

I noticed, however, as you may have noticed as well, that the search pattern being run by httpd/mod_wsgi looks like it includes an attempt to locate Python resources using the current working directory.  So… I changed my current working directory to /opt/anaconda3 and, voila, if I start the httpd process from within the Python Home location, it works! GLORY! IT WORKS!

But… I can’t exactly change the httpd default working directory to solve this problem; that’s crazy.  However, you also might have noticed in my stack trace that one of the steps Apache was conducting in searching for the Python resources consisted of attempts to read a pyvenv.cfg file in the current working directory.

I managed to look up the simple syntax for such a file, and it is something like this:

home = /opt/anaconda3
include-system-site-packages = true
version = 3.5.2

In fact, it is exactly like that in my case. If I place it in the root of the file tree (/pyvenv.cfg). That actually fixes the problem.

Amazing. I don’t know why this is required. I intend to ask Mr. Graham Dumpleton who seems to be quite helpful and active in troubleshooting end users’ issues for his module.

Solution 2: The Dumpleton-Provided Test WSGI Script Fails to Run with Python 3.5

Once the httpd process was up and running successfully with mod_wsgi, I hurriedly tested the situation with Graham’s test file. Unfortunately, I was met with failure:  a 500 Internal Server error in the browser, and this:

[error] [client 192.168.1.18] TypeError: sequence of byte string values expected, value of type str found

It appears the problem is that, using Python 3, the WSGI application must return a byte string output value, so one can make use of this test script for Python 3, instead:

def application(environ, start_response):

    status = '200 OK'
    output = b'Hello World!'

    response_headers = [('Content-type', 'text/plain'),
                        ('Content-Length', str(len(output)))]

    start_response(status, response_headers)
 
    return [output]

Thank you, Interwebs!

Solution 3: Fixing CFUNCTYPE Memory Errors

So then, I tried to execute my client’s actual Python module, and I got this:

[Sat Sep 03 12:58:52 2016] [error] [client 192.168.1.18] mod_wsgi (pid=44501): Target WSGI script '/var/www/wsgi-scripts/scriptname.wsgi' cannot be loaded as Python module.
[Sat Sep 03 12:58:52 2016] [error] [client 192.168.1.18] mod_wsgi (pid=44501): Exception occurred processing WSGI script '/var/www/wsgi-scripts/scriptname.wsgi'.
[Sat Sep 03 12:58:52 2016] [error] [client 192.168.1.18] Traceback (most recent call last):
...
[Sat Sep 03 12:58:52 2016] [error] [client 192.168.1.18]   File "/opt/anaconda3/lib/python3.5/site-packages/pandas/__init__.py", line 13, in <module>
[Sat Sep 03 12:58:52 2016] [error] [client 192.168.1.18]     __import__(dependency)
[Sat Sep 03 12:58:52 2016] [error] [client 192.168.1.18]   File "/opt/anaconda3/lib/python3.5/site-packages/numpy/__init__.py", line 111, in <module>
[Sat Sep 03 12:58:52 2016] [error] [client 192.168.1.18]     import ctypes
[Sat Sep 03 12:58:52 2016] [error] [client 192.168.1.18]   File "/opt/anaconda3/lib/python3.5/ctypes/__init__.py", line 537, in <module>
[Sat Sep 03 12:58:52 2016] [error] [client 192.168.1.18]     _reset_cache()
[Sat Sep 03 12:58:52 2016] [error] [client 192.168.1.18]   File "/opt/anaconda3/lib/python3.5/ctypes/__init__.py", line 276, in _reset_cache
[Sat Sep 03 12:58:52 2016] [error] [client 192.168.1.18]     CFUNCTYPE(c_int)(lambda: None)
[Sat Sep 03 12:58:52 2016] [error] [client 192.168.1.18] MemoryError

As it turns out, ctypes attempts to execute code within the /tmp directory, and SELinux (as well as other common security policies such as those involving mounting /tmp with noexec) prevent that from occurring. Fixing those relevant issues resolved that matter.

The SELinux Boolean in question here is httpd_tmp_exec.  By default, it is disabled, preventing httpd from executing code in /tmp, and this can be changed with `setsebool -P httpd_tmp_exec 1`.  I don’t do that lightly, since that’s a great security feature for httpd, but in this case, it seems necessary.

That’s All For Now

I hope it prevents someone else out there from spending many hours on the issue.  I intend to chase this down further with the mod_wsgi developer, as I wrote above.  If I get a response and figure this out, I’ll certainly update the post.

Posted in Information Technology | Tagged , , , , , | Leave a comment

Fedora 24 NFSv4 Clients Spontaneously Mount Previously-Working Shares as Nobody:Nobody!

A Bug Report is Already In:  https://bugzilla.redhat.com/show_bug.cgi?id=1372136

The Quick Fix Up Front:  executing sudo dnf downgrade libnfsidmap suffices to resolve the matter until the new package version is out with the fix.

Man, that was annoying.  I’m glad people are already on it, and it looks like a patch is on its way out, but it took me a good four hours to figure out what had happened.  In my defense, the first two were spent from 11:00 PM to 1:00 AM and I was in no mood or condition to be methodical and smart when I booted into my beautiful Fedora 24 VM (which depends on an NFSv4-mounted home directory) and found GNOME’s audio controls failing to appear because pulseaudio failed to start properly.

This was particularly unfortunate timing since I was, at that point, just shutting down my Windows 7 VM after troubleshooting its own audio problems which I believed to be caused by a combination of the difficulty with which one controls Windows-connected audio monitors (my HDMI-connected Sony Amp is being missed in favor of the Samsung TV to which it, in turn, is connected, and therefore Windows only wants to output 2 channel sound to my Amp) and some lingering driver-based issues for the VM (which I think I can resolve by installing my motherboard-specific drivers for Windows, given that the Windows VM is using, via IOMMU-facilitated PCI Passthrough, a PCI device from the motherboard).

So I was most displeased to boot up my reliable, perfect Fedora 24 VM and find…spontaneous audio problems.

It turns out, however, that I rather quickly discovered that my NFSv4-mounted home directory was now mounted as nobody:nobody!

GAH.

I had just run updates on the clients and the server, but both my Fedora 24 systems were failing in the same manner (‘natch) despite an OpenBSD system retaining its NFSv4 client sanity.  I initially suspected an update operation to be at fault, but my faith in the stability of Fedora got the better of me and I didn’t really consider an NFS client bug to be too likely.  I overlooked the obvious culprit in my quick scan of my last dnf operation in which I updated 28 packages, one of which was, of course, the libnfsidmap package, whose name makes it an obvious candidate for causing this issue.

After ratcheting up verbosity on my FreeBSD system’s nfsuserd daemon and watching correct UID and GID assignments roll through despite continued mounts on my clients as nobody:nobody, I returned to my client system and executed nfsidmap -d and saw:

error: /lib64/libnfsidmap.so.0: undefined symbol: __dn_expand

This convinced me I might actually be seeing a bona fide bug and brought me back to my initial investigation of the update history where I found that libnfsidmap had just been updated to version 0.26-5.rc4.fc24.  I downgraded, saw my problem fixed, and then a quick Google of that package revealed the link to the bugzilla report I provide above.

Free Open Source Software!  It’s amazing, and it’s wonderful, but it does require you to remember your fundamentals when faced with operating issues.  A more methodical approach to my issue in which I placed heavier emphasis on the obvious recent system changes (package updates) as the potential culprit would’ve saved me a few hours, I imagine.

Posted in Information Technology | Tagged , , | Leave a comment