date:20180301

Upgrade to Debian stretch (stable) breaks my unique token

2018-03-01 Thread Vincent Veyron

Hi all,

I'm using the code below in a PerlResponseHandler; it generates a unique token 
for the request, if _token_id is not already present in the request's 
arguments. It's been working for months, and broke after my upgrade to stretch 
a week ago. I added a couple Data::Dumper calls to see what is going on; 

As you can see, _token_id is being reused across different requests, and across 
different apache children, even though it's absent from the request's arguments.

To add insult to injury, this is happening on my production machine (kimsufi 
server) but not on the backup server (online)

Any idea what might cause this?


Code :

$content .= edit_entry( $r, \%args ) ;

sub edit_entry {

my ( $r, $args ) = @_ ;

use Data::Dumper;
warn Dumper($args);

$args->{_token_id} ||= join "", map 
+(0..9,"a".."z","A".."Z")[rand(10+26*2)], 1..32 ;   
 

warn '_token_id -> ' . $args->{_token_id} ;
warn 'pid -> ' . $$;



}


Logs :

$VAR1 = {
  'mois' => '02',
  'id_entry' => '17734',
  'open_journal' => 'Fournisseurs'
};
_token_id -> DzM5x0uvFcykvtGXEkhgeqhp5ZD48jLn at 
/home/lib/Compta/Base/Handler/entry.pm line 164.
pid -> 21313 at /home/lib/Compta/Base/Handler/entry.pm line 165.
$VAR1 = {
  'mois' => '02',
  'id_entry' => '17734',
  'open_journal' => 'Fournisseurs'
};
_token_id -> DzM5x0uvFcykvtGXEkhgeqhp5ZD48jLn at 
/home/lib/Compta/Base/Handler/entry.pm line 164.
pid -> 21314 at /home/lib/Compta/Base/Handler/entry.pm line 165.



Installation:

# dpkg -l apache2*
Souhait=inconnU/Installé/suppRimé/Purgé/H=à garder
| 
État=Non/Installé/fichier-Config/dépaqUeté/échec-conFig/H=semi-installé/W=attend-traitement-déclenchements
|/ Err?=(aucune)/besoin Réinstallation (État,Err: majuscule=mauvais)
||/ Nom  Version   Architecture  Description
+++--=-=-==
ii  apache2  2.4.25-3+deb9u3   amd64 Apache HTTP 
Server
un  apache2-api-20120211 (aucune 
description n'est disponible)
ii  apache2-bin  2.4.25-3+deb9u3   amd64 Apache HTTP 
Server (modules and other binary files)
ii  apache2-data 2.4.25-3+deb9u3   all   Apache HTTP 
Server (common files)
un  apache2-doc  (aucune 
description n'est disponible)
un  apache2-suexec-custom(aucune 
description n'est disponible)
un  apache2-suexec-pristine  (aucune 
description n'est disponible)
ii  apache2-utils2.4.25-3+deb9u3   amd64 Apache HTTP 
Server (utility programs for web servers)
un  apache2.2-bin(aucune 
description n'est disponible)
un  apache2.2-common (aucune 
description n'est disponible)

# dpkg -l libapach*
Souhait=inconnU/Installé/suppRimé/Purgé/H=à garder
| 
État=Non/Installé/fichier-Config/dépaqUeté/échec-conFig/H=semi-installé/W=attend-traitement-déclenchements
|/ Err?=(aucune)/besoin Réinstallation (État,Err: majuscule=mauvais)
||/ Nom  Version   Architecture  Description
+++--=-=-==
ii  libapache-dbi-perl   1.12-1all   interface 
connecting apache server to database via per
un  libapache-mod-perl   (aucune 
description n'est disponible)
ii  libapache-session-perl   1.93-2all   modules for 
keeping persistent user data across HTTP r
ii  libapache2-mod-apreq22.13-5+b1 amd64 generic Apache 
request library - Apache module
un  libapache2-mod-passenger (aucune 
description n'est disponible)
ii  libapache2-mod-perl2 2.0.10-2  amd64 Integration of 
perl with the Apache2 web server
un  libapache2-reload-perl   (aucune 
description n'est disponible)
ii  libapache2-request-perl  2.13-5+b1 amd64 generic Apache 
request library - Perl modules
root@kimsufi_1:/home/vincent# 





-- 
Bien à vous, Vincent Veyron 

https://marica.fr/
Logiciel de gestion des sinistres assurances, des dossiers contentieux et des 
contrats pour le service juridique

Re: Upgrade to Debian stretch (stable) breaks my unique token

2018-03-01 Thread John Dunlap

Have you tried this in your Apache config?
PerlChildInitHandler "sub { srand }"

Citation:
http://blogs.perl.org/users/brian_phillips/2010/06/when-rand-isnt-random.html

On Thu, Mar 1, 2018 at 1:55 PM, Vincent Veyron  wrote:

> Hi all,
>
> I'm using the code below in a PerlResponseHandler; it generates a unique
> token for the request, if _token_id is not already present in the request's
> arguments. It's been working for months, and broke after my upgrade to
> stretch a week ago. I added a couple Data::Dumper calls to see what is
> going on;
>
> As you can see, _token_id is being reused across different requests, and
> across different apache children, even though it's absent from the
> request's arguments.
>
> To add insult to injury, this is happening on my production machine
> (kimsufi server) but not on the backup server (online)
>
> Any idea what might cause this?
>
>
> Code :
>
> $content .= edit_entry( $r, \%args ) ;
>
> sub edit_entry {
>
> my ( $r, $args ) = @_ ;
>
> use Data::Dumper;
> warn Dumper($args);
>
> $args->{_token_id} ||= join "", map 
> +(0..9,"a".."z","A".."Z")[rand(10+26*2)],
> 1..32 ;
>
> warn '_token_id -> ' . $args->{_token_id} ;
> warn 'pid -> ' . $$;
>
> 
>
> }
>
>
> Logs :
>
> $VAR1 = {
>   'mois' => '02',
>   'id_entry' => '17734',
>   'open_journal' => 'Fournisseurs'
> };
> _token_id -> DzM5x0uvFcykvtGXEkhgeqhp5ZD48jLn at
> /home/lib/Compta/Base/Handler/entry.pm line 164.
> pid -> 21313 at /home/lib/Compta/Base/Handler/entry.pm line 165.
> $VAR1 = {
>   'mois' => '02',
>   'id_entry' => '17734',
>   'open_journal' => 'Fournisseurs'
> };
> _token_id -> DzM5x0uvFcykvtGXEkhgeqhp5ZD48jLn at
> /home/lib/Compta/Base/Handler/entry.pm line 164.
> pid -> 21314 at /home/lib/Compta/Base/Handler/entry.pm line 165.
>
>
>
> Installation:
>
> # dpkg -l apache2*
> Souhait=inconnU/Installé/suppRimé/Purgé/H=à garder
> | État=Non/Installé/fichier-Config/dépaqUeté/échec-conFig/
> H=semi-installé/W=attend-traitement-déclenchements
> |/ Err?=(aucune)/besoin Réinstallation (État,Err: majuscule=mauvais)
> ||/ Nom  Version   Architecture
> Description
> +++--=-=
> -==
> ii  apache2  2.4.25-3+deb9u3   amd64 Apache
> HTTP Server
> un  apache2-api-20120211 (aucune
> description n'est disponible)
> ii  apache2-bin  2.4.25-3+deb9u3   amd64 Apache
> HTTP Server (modules and other binary files)
> ii  apache2-data 2.4.25-3+deb9u3   all   Apache
> HTTP Server (common files)
> un  apache2-doc  (aucune
> description n'est disponible)
> un  apache2-suexec-custom(aucune
> description n'est disponible)
> un  apache2-suexec-pristine  (aucune
> description n'est disponible)
> ii  apache2-utils2.4.25-3+deb9u3   amd64 Apache
> HTTP Server (utility programs for web servers)
> un  apache2.2-bin(aucune
> description n'est disponible)
> un  apache2.2-common (aucune
> description n'est disponible)
>
> # dpkg -l libapach*
> Souhait=inconnU/Installé/suppRimé/Purgé/H=à garder
> | État=Non/Installé/fichier-Config/dépaqUeté/échec-conFig/
> H=semi-installé/W=attend-traitement-déclenchements
> |/ Err?=(aucune)/besoin Réinstallation (État,Err: majuscule=mauvais)
> ||/ Nom  Version   Architecture
> Description
> +++--=-=
> -==
> ii  libapache-dbi-perl   1.12-1all   interface
> connecting apache server to database via per
> un  libapache-mod-perl   (aucune
> description n'est disponible)
> ii  libapache-session-perl   1.93-2all   modules
> for keeping persistent user data across HTTP r
> ii  libapache2-mod-apreq22.13-5+b1 amd64 generic
> Apache request library - Apache module
> un  libapache2-mod-passenger (aucune
> description n'est disponible)
> ii  libapache2-mod-perl2 2.0.10-2  amd64
>  Integration of perl with the Apache2 web server
> un  libapache2-reload-perl   (aucune
> description n'est disponible)
> ii  libapache2-request-perl  2.13-5+b1 amd64 generic
> Apache request library - Perl modules
> root@kimsufi_1:/home/vincent#
>
>
>
>
>
> --
> Bien à vous, Vincent Veyron
>
> https://marica.fr/
> Logiciel de gestion des sinistres assurances, des dossiers contentieux et
> des contrats pour le service juridique
>



-- 
John Dunlap
*CTO | Lariat *

*Direct:*
*j...@lariat.co *

*Customer Service:*
877.268.6667

Re: Upgrade to Debian stretch (stable) breaks my unique token

2018-03-01 Thread Vincent Veyron

On Thu, 1 Mar 2018 14:26:25 -0500
John Dunlap  wrote:

> Have you tried this in your Apache config?
> PerlChildInitHandler "sub { srand }"
> 
> Citation:
> http://blogs.perl.org/users/brian_phillips/2010/06/when-rand-isnt-random.html
> 

Yes, that does the trick, good find. Strange that it worked fine up to now, and 
suddenly not at all.

Thank you for the helpful answer, as always, John.

Now, if you happen to know why this _had_ to surface during a demo [:-(


-- 
Bien à vous, Vincent Veyron 

https://compta.libremen.com
Logiciel libre de comptabilité générale en partie double

Re: Upgrade to Debian stretch (stable) breaks my unique token

2018-03-01 Thread Michael A. Capone


On 03/01/2018 02:30 PM, Vincent Veyron wrote:


Now, if you happen to know why this _had_ to surface during a demo [:-(


The University of Nottingham, School of Mathematical Sciences, published 
a highly technical paper explaining this phenomenon.  Hope this helps:  :-)


https://www.maths.nottingham.ac.uk/personal/ibf/some.html

Re: Upgrade to Debian stretch (stable) breaks my unique token

2018-03-01 Thread Russell Lundberg

“Demos fall over” is a universal truth. 

Glad a fix was found!

Sent from my iPhone

> On Mar 1, 2018, at 17:00, Michael A. Capone  
> wrote:
> 
>> On 03/01/2018 02:30 PM, Vincent Veyron wrote:
>> 
>> Now, if you happen to know why this _had_ to surface during a demo [:-(
> 
> The University of Nottingham, School of Mathematical Sciences, published a 
> highly technical paper explaining this phenomenon.  Hope this helps:  :-)
> 
> https://www.maths.nottingham.ac.uk/personal/ibf/some.html

Re: Upgrade to Debian stretch (stable) breaks my unique token

2018-03-01 Thread John Dunlap

I'm glad that fixed your problem!

I'm not sure why now and not then or why one machine and not another.
However, as this has to do with parallelism, I am wondering if you're using
different MPM's on each installation.

I've had my share of errors thrown during demos. It's not a good feeling.
You have my sympathy. :(

Cheers!
John

On Mar 1, 2018 5:30 PM, "Vincent Veyron"  wrote:

> On Thu, 1 Mar 2018 14:26:25 -0500
> John Dunlap  wrote:
>
> > Have you tried this in your Apache config?
> > PerlChildInitHandler "sub { srand }"
> >
> > Citation:
> > http://blogs.perl.org/users/brian_phillips/2010/06/when-
> rand-isnt-random.html
> >
>
> Yes, that does the trick, good find. Strange that it worked fine up to
> now, and suddenly not at all.
>
> Thank you for the helpful answer, as always, John.
>
> Now, if you happen to know why this _had_ to surface during a demo [:-(
>
>
> --
> Bien à vous, Vincent Veyron
>
> https://compta.libremen.com
> Logiciel libre de comptabilité générale en partie double
>

Re: Upgrade to Debian stretch (stable) breaks my unique token

2018-03-01 Thread demerphq

On 2 Mar 2018 03:26, "John Dunlap"  wrote:

Have you tried this in your Apache config?
PerlChildInitHandler "sub { srand }"

Citation: http://blogs.perl.org/users/brian_phillips/2010/
06/when-rand-isnt-random.html

On Thu, Mar 1, 2018 at 1:55 PM, Vincent Veyron  wrote:

> Hi all,
>
> I'm using the code below in a PerlResponseHandler; it generates a unique
> token for the request, if _token_id is not already present in the request's
> arguments. It's been working for months, and broke after my upgrade to
> stretch a week ago. I added a couple Data::Dumper calls to see what is
> going on;
>
> As you can see, _token_id is being reused across different requests, and
> across different apache children, even though it's absent from the
> request's arguments.
>
> To add insult to injury, this is happening on my production machine
> (kimsufi server) but not on the backup server (online)
>
> Any idea what might cause this?
>

Just to add context, perl has a flag that says whether srand was called or
not, and rand automatically calls srand if this flag has not been set.

If this flag is not set prefork the end result is that each process gets
their RNG state independetly initialized in the child processes. On the
other hand if it is set prefork then each child ends up with identical
state for the random number generator.

When you upgraded some of your modules probably changed and something
started calling rand prefork.


>
> Code :
>
> $content .= edit_entry( $r, \%args ) ;
>
> sub edit_entry {
>
> my ( $r, $args ) = @_ ;
>
> use Data::Dumper;
> warn Dumper($args);
>
> $args->{_token_id} ||= join "", map 
> +(0..9,"a".."z","A".."Z")[rand(10+26*2)],
> 1..32 ;



> warn '_token_id -> ' . $args->{_token_id} ;
> warn 'pid -> ' . $$;
>
> 
>
> }
>
>
> Logs :
>
> $VAR1 = {
>   'mois' => '02',
>   'id_entry' => '17734',
>   'open_journal' => 'Fournisseurs'
> };
> _token_id -> DzM5x0uvFcykvtGXEkhgeqhp5ZD48jLn at
> /home/lib/Compta/Base/Handler/entry.pm line 164.
> pid -> 21313 at /home/lib/Compta/Base/Handler/entry.pm line 165.
> $VAR1 = {
>   'mois' => '02',
>   'id_entry' => '17734',
>   'open_journal' => 'Fournisseurs'
> };
> _token_id -> DzM5x0uvFcykvtGXEkhgeqhp5ZD48jLn at
> /home/lib/Compta/Base/Handler/entry.pm line 164.
> pid -> 21314 at /home/lib/Compta/Base/Handler/entry.pm line 165.
>
>
>
> Installation:
>
> # dpkg -l apache2*
> Souhait=inconnU/Installé/suppRimé/Purgé/H=à garder
> | État=Non/Installé/fichier-Config/dépaqUeté/échec-conFig/H=
> semi-installé/W=attend-traitement-déclenchements
> |/ Err?=(aucune)/besoin Réinstallation (État,Err: majuscule=mauvais)
> ||/ Nom  Version   Architecture
> Description
> +++--=-=
> -==
> ii  apache2  2.4.25-3+deb9u3   amd64 Apache
> HTTP Server
> un  apache2-api-20120211 (aucune
> description n'est disponible)
> ii  apache2-bin  2.4.25-3+deb9u3   amd64 Apache
> HTTP Server (modules and other binary files)
> ii  apache2-data 2.4.25-3+deb9u3   all   Apache
> HTTP Server (common files)
> un  apache2-doc  (aucune
> description n'est disponible)
> un  apache2-suexec-custom(aucune
> description n'est disponible)
> un  apache2-suexec-pristine  (aucune
> description n'est disponible)
> ii  apache2-utils2.4.25-3+deb9u3   amd64 Apache
> HTTP Server (utility programs for web servers)
> un  apache2.2-bin(aucune
> description n'est disponible)
> un  apache2.2-common (aucune
> description n'est disponible)
>
> # dpkg -l libapach*
> Souhait=inconnU/Installé/suppRimé/Purgé/H=à garder
> | État=Non/Installé/fichier-Config/dépaqUeté/échec-conFig/H=
> semi-installé/W=attend-traitement-déclenchements
> |/ Err?=(aucune)/besoin Réinstallation (État,Err: majuscule=mauvais)
> ||/ Nom  Version   Architecture
> Description
> +++--=-=
> -==
> ii  libapache-dbi-perl   1.12-1all   interface
> connecting apache server to database via per
> un  libapache-mod-perl   (aucune
> description n'est disponible)
> ii  libapache-session-perl   1.93-2all   modules
> for keeping persistent user data across HTTP r
> ii  libapache2-mod-apreq22.13-5+b1 amd64 generic
> Apache request library - Apache module
> un  libapache2-mod-passenger (aucune
> description n'est disponible)
> ii  libapache2-mod-perl2 2.0.10-2  amd64
>  Integration of perl with the Apache2 web server
> un  libap

Upgrade to Debian stretch (stable) breaks my unique token

Re: Upgrade to Debian stretch (stable) breaks my unique token

Re: Upgrade to Debian stretch (stable) breaks my unique token

Re: Upgrade to Debian stretch (stable) breaks my unique token

Re: Upgrade to Debian stretch (stable) breaks my unique token

Re: Upgrade to Debian stretch (stable) breaks my unique token

Re: Upgrade to Debian stretch (stable) breaks my unique token

7 matches

Site Navigation

Mail list logo

Footer information