Mar 31, 2012

Monitoring system calls on your linux: strace

Today i wanted to see the system calls of one of my processes on my laptop. A nice tool for doing this is strace. On a debian system you can this via
apt-get install strace
If you want to see, what your bash is doing just take the PID of your bash and do in another shell:
schroff@hades:$ strace -p 25551
Process 25551 attached - interrupt to quit
read(0,
Doing a ls results in something like this:
Process 25551 attached - interrupt to quit
read(0, "l", 1)                         = 1
rt_sigprocmask(SIG_BLOCK, [INT], [], 8) = 0
write(2, "l", 1)                        = 1
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8)  = 0
read(0, "s", 1)                         = 1
rt_sigprocmask(SIG_BLOCK, [INT], [], 8) = 0
write(2, "s", 1)                        = 1
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8)  = 0
read(0, "\r", 1)                        = 1
write(2, "\n", 1)                       = 1
rt_sigprocmask(SIG_BLOCK, [INT], [], 8) = 0
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig -icanon -echo ...}) = 0
ioctl(0, SNDCTL_TMR_STOP or TCSETSW, {B38400 opost isig icanon echo ...}) = 0
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigaction(SIGINT, {0x809c7c0, [], 0}, {0x80e2d40, [], 0}, 8) = 0
rt_sigaction(SIGTERM, {SIG_IGN, [], 0}, {SIG_IGN, [], 0}, 8) = 0
rt_sigaction(SIGQUIT, {SIG_IGN, [], 0}, {SIG_IGN, [], 0}, 8) = 0
rt_sigaction(SIGALRM, {0x809c500, [HUP INT ILL TRAP ABRT BUS FPE USR1 SEGV USR2 PIPE ALRM TERM XCPU XFSZ VTALRM SYS], 0}, {0x80e2d40, [], 0}, 8) = 0
rt_sigaction(SIGTSTP, {SIG_IGN, [], 0}, {SIG_IGN, [], 0}, 8) = 0
rt_sigaction(SIGTTOU, {SIG_IGN, [], 0}, {SIG_IGN, [], 0}, 8) = 0
rt_sigaction(SIGTTIN, {SIG_IGN, [], 0}, {SIG_IGN, [], 0}, 8) = 0
rt_sigaction(SIGWINCH, {0x809c310, [], 0}, {0x80e2c20, [], SA_RESTART}, 8) = 0
rt_sigaction(SIGINT, {0x809c7c0, [], 0}, {0x809c7c0, [], 0}, 8) = 0
time(NULL)                              = 1333218356
rt_sigprocmask(SIG_BLOCK, [INT CHLD], [], 8) = 0
pipe([3, 4])                            = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb766f728) = 27965
setpgid(27965, 27965)                   = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
close(3)                                = 0
close(4)                                = 0
ioctl(255, TIOCGPGRP, [25551])          = 0
rt_sigprocmask(SIG_BLOCK, [CHLD TSTP TTIN TTOU], [CHLD], 8) = 0
ioctl(255, TIOCSPGRP, [27965])          = 0
rt_sigprocmask(SIG_SETMASK, [CHLD], NULL, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
waitpid(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], WSTOPPED|WCONTINUED) = 27965
rt_sigprocmask(SIG_BLOCK, [CHLD TSTP TTIN TTOU], [CHLD], 8) = 0
ioctl(255, TIOCSPGRP, [25551])          = 0
rt_sigprocmask(SIG_SETMASK, [CHLD], NULL, 8) = 0
ioctl(255, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(255, TIOCGWINSZ, {ws_row=24, ws_col=80, ws_xpixel=499, ws_ypixel=316}) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
--- SIGCHLD (Child exited) @ 0 (0) ---
waitpid(-1, 0xbfc693fc, WNOHANG|WSTOPPED|WCONTINUED) = -1 ECHILD (No child processes)
sigreturn()                             = ? (mask now [])
rt_sigprocmask(SIG_BLOCK, NULL, [], 8)  = 0
rt_sigaction(SIGINT, {0x809c7c0, [], 0}, {0x809c7c0, [], 0}, 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8)  = 0
write(1, "\33]0;schroff@hades: /tmp\7", 24) = 24
stat64("/home/schroff/.bash_history", {st_mode=S_IFREG|0644, st_size=316074, ...}) = 0
open("/home/schroff/.bash_history", O_WRONLY|O_APPEND|O_LARGEFILE) = 3
write(3, "ls\n", 3)                     = 3
close(3)                                = 0
time(NULL)                              = 1333218356
time(NULL)                              = 1333218356
rt_sigprocmask(SIG_BLOCK, [CHLD TSTP TTIN TTOU], [], 8) = 0
ioctl(255, TIOCSPGRP, [25551])          = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigaction(SIGINT, {0x809c7c0, [], 0}, {0x809c7c0, [], 0}, 8) = 0
rt_sigprocmask(SIG_BLOCK, [INT], [], 8) = 0
ioctl(0, TIOCGWINSZ, {ws_row=24, ws_col=80, ws_xpixel=499, ws_ypixel=316}) = 0
ioctl(0, TIOCSWINSZ, {ws_row=24, ws_col=80, ws_xpixel=499, ws_ypixel=316}) = 0
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(0, SNDCTL_TMR_STOP or TCSETSW, {B38400 opost isig -icanon -echo ...}) = 0
ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig -icanon -echo ...}) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, [INT QUIT ALRM TERM TSTP TTIN TTOU], [], 8) = 0
rt_sigaction(SIGINT, {0x80e2d40, [], 0}, {0x809c7c0, [], 0}, 8) = 0
rt_sigaction(SIGTERM, {0x80e2d40, [], 0}, {SIG_IGN, [], 0}, 8) = 0
rt_sigaction(SIGTERM, {SIG_IGN, [], 0}, {0x80e2d40, [], 0}, 8) = 0
rt_sigaction(SIGQUIT, {0x80e2d40, [], 0}, {SIG_IGN, [], 0}, 8) = 0
rt_sigaction(SIGQUIT, {SIG_IGN, [], 0}, {0x80e2d40, [], 0}, 8) = 0
rt_sigaction(SIGALRM, {0x80e2d40, [], 0}, {0x809c500, [HUP INT ILL TRAP ABRT BUS FPE USR1 SEGV USR2 PIPE ALRM TERM XCPU XFSZ VTALRM SYS], 0}, 8) = 0
rt_sigaction(SIGTSTP, {0x80e2d40, [], 0}, {SIG_IGN, [], 0}, 8) = 0
rt_sigaction(SIGTSTP, {SIG_IGN, [], 0}, {0x80e2d40, [], 0}, 8) = 0
rt_sigaction(SIGTTOU, {0x80e2d40, [], 0}, {SIG_IGN, [], 0}, 8) = 0
rt_sigaction(SIGTTOU, {SIG_IGN, [], 0}, {0x80e2d40, [], 0}, 8) = 0
rt_sigaction(SIGTTIN, {0x80e2d40, [], 0}, {SIG_IGN, [], 0}, 8) = 0
rt_sigaction(SIGTTIN, {SIG_IGN, [], 0}, {0x80e2d40, [], 0}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigaction(SIGWINCH, {0x80e2c20, [], SA_RESTART}, {0x809c310, [], 0}, 8) = 0
rt_sigprocmask(SIG_BLOCK, [INT], [], 8) = 0
write(2, "schroff@hades:$ ", 16)        = 16
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, NULL, [], 8)  = 0
read(0, ^[[B
Ok - a lot of output and not really readable. But with -o you can pipe the output into a file and this you can use for statistics:
schroff@hades:$ cat /tmp/test |awk -F \( '{print $1}'|sort|uniq -c|sort -n
      1 clone
      1 open
      1 pipe
      1 setpgid
      1 --- SIGCHLD
      1 sigreturn
      1 stat64
      2 waitpid
      3 close
      3 time
      4 read
      6 write
     15 ioctl
     24 rt_sigaction
     29 rt_sigprocmask
Ok, it is not clear if this is more helpful, but you can at least see what files are opened by your program very easily:
 open("/foo/bar", O_RDONLY) = -1 ENOENT (No such file or directory)
Or you can detect all signals sent to this program, like shown here:
--- SIGTERM (Terminated) @ 0 (0) ---
read(0,  <unfinished ...>
+++ killed by SIGKILL +++

Mar 18, 2012

Publishing Plots and Charts

Have you ever read an article on a webpage containing some plots and charts and you thought: Wow, really cool work! How did they create this?
Here an example of such a chart type, which i found really impressive:

You can zoom the x-axis by moving the boundaries in the plot at the bottom.
But then i used google docs for some minor spreadsheets. But thiese spreadsheets growed and a chart was needed.
Google doc charts are easy to publish. Just a right mouse click and you get:

Mar 17, 2012

Virtualbox 4.1.10 released

The Changelog for 4.1.10 can be found via this link.
The installation via debian package was not successful:
hades:/tmp# dpkg -i virtualbox-4.1_4.1.10-76795~Debian~squeeze_i386.deb
(Lese Datenbank ... 204701 Dateien und Verzeichnisse sind derzeit installiert.)
Vorbereitung zum Ersetzen von virtualbox-4.1 4.1.4-74291~Debian~lenny (durch virtualbox-4.1_4.1.10-76795~Debian~squeeze_i386.deb) ...
WARNING: All config files need .conf: /etc/modprobe.d/isapnp, it will be ignored in a future release.
Stopping VirtualBox kernel modules:.
Ersatz für virtualbox-4.1 wird entpackt ...
virtualbox-4.1 (4.1.10-76795~Debian~squeeze) wird eingerichtet ...
Neue Version der Konfigurationsdatei /etc/init.d/vboxweb-service wird installiert ...
addgroup: Die Gruppe »vboxusers« existiert bereits als Systemgruppe. Programmende.
WARNING: All config files need .conf: /etc/modprobe.d/isapnp, it will be ignored in a future release.
Stopping VirtualBox kernel modules:.
Uninstalling old VirtualBox DKMS kernel modules:.
Trying to register the VirtualBox kernel modules using DKMS:
Error! Bad return status for module build on kernel: 2.6.37.3 (i686)
Consult the make.log in the build directory
/var/lib/dkms/vboxhost/4.1.10/build/ for more information.

Failed, trying without DKMS ... failed!
Recompiling VirtualBox kernel modules:
Look at /var/log/vbox-install.log to find out what went wrong ... failed!
Trigger für shared-mime-info werden verarbeitet ...
Unknown media type in type 'all/all'
Unknown media type in type 'all/allfiles'
Unknown media type in type 'uri/mms'
Unknown media type in type 'uri/mmst'
Unknown media type in type 'uri/mmsu'
Unknown media type in type 'uri/pnm'
Unknown media type in type 'uri/rtspt'
Unknown media type in type 'uri/rtspu'
Unknown media type in type 'fonts/package'
Unknown media type in type 'interface/x-winamp-skin'
Trigger für desktop-file-utils werden verarbeitet ...
Trigger für gnome-menus werden verarbeitet ...
Trigger für hicolor-icon-theme werden verarbeitet ...
Trigger für python-central werden verarbeitet ...
But at least the gui was runnable:

The error in the logfiles was:
In file included from /var/lib/dkms/vboxhost/4.1.10/build/vboxdrv/include/VBox/types.h:30,
                 from /var/lib/dkms/vboxhost/4.1.10/build/vboxdrv/linux/../SUPDrvInternal.h:35,
                 from /var/lib/dkms/vboxhost/4.1.10/build/vboxdrv/linux/SUPDrv-linux.c:31:
/var/lib/dkms/vboxhost/4.1.10/build/vboxdrv/include/iprt/types.h:213: error: expected specifier-qualifier-list before ‘uint64_t’
/var/lib/dkms/vboxhost/4.1.10/build/vboxdrv/include/iprt/types.h:232: error: expected specifier-qualifier-list before ‘uint64_t’
Anybody some ideas to fix this?
I found some other links like this, but no solutions....

Mar 14, 2012

Firefox Collusion - Cool!

Do you want to see which sites use third-party cookies to track you on the web, you should install the following plugin:

If you ask wikipedia.com for collusion you get:

It is an agreement among firms to divide the market, set prices, or limit production. It can involve "wage fixing, kickbacks, or misrepresenting the independence of the relationship between the colluding parties". In legal terms, all acts affected by collusion are considered void.

After installing this plugin (very nice, because without a restart) you get after browsing around such graph:


You can click on each circle an then you get:

So you can see which sites use third party cookies. Really nice!!!