Using the traceback module is straight forward for evident programming mistakes. However, real bugs are context-sensitive and they can hardly be reproduced without the actual data that was processed when an exception was raised. If you can reproduce a specific bug, you can add some logging code in front and inspect the variables the next time the bug is triggered. But if a bug occurs once in a blue moon, you’d be better in logging the data the first time an exception raises.

import traceback

def erroneous_function():
    ham = u"unicode string with umlauts äöü."
    eggs = "binary string with umlauts äöü."
    i = 23
    if i>5:
        raise Exception("it's true!")

try:
    erroneous_function()
except:
    print traceback.format_exc(with_vars=True)

Here’s my solution; an improved Python traceback module the logs variables from the local scope next to the affected code. You can find a working copy in our Mercirual repository (see the below).

Traceback (most recent call last):
 File "test.py", line 16, in <module>
   Local variables:
     erroneous_function = <function erroneous_function at 0x7ff6d82b...
     __builtins__ = <module '__builtin__' (built-in)>
     __file__ = "test.py"
     traceback = <module 'traceback' from '/srv/www/vhosts/dev.teamr...
     __name__ = "__main__"
     __doc__ = None
   erroneous_function()
 File "test.py", line 13, in erroneous_function
   Local variables:
     i = 23
     eggs = "binary string with umlauts \xc3\xa4\xc3\xb6\xc3\xbc."
     ham = u"unicode string with umlauts ???."
   raise Exception("it's true!")
Exception: it's true!

I am not sure if it is the “right” solution as sensitive information might be logged. This might have security implications for some real-world scenarios where webapps report stack traces to the end user (e.g. by using cgitb in production).

Credit: this code was inspired by format_exc_plus by Bryn Keller.

2010-01-28: there’s an active discussion on python-dev.

→ get latest source code
→ visit mercurial repository

Mac OS X Server 10.5 ships with OpenLDAP 2.3. This release supports run-time configuration, which means that the LDAP schemas are stored within the directory server and you cannot simply put your new schema file in /etc/openldap/schema/; you have to convert it to an LDIF file and load this into the directory itself. This can be done during run-time but it breaks replication if you do so. So, instead you have to create a proper old-style config and run a manual conversion to the new run-time config.

To do so, you need to place the new schema file in /etc/openldap/schema/some-new.schema. This directory is copied  to new replicas when you join them, so you won’t break the Apple tool chain. Then, you need to include the new schema file from /etc/openldap/slapd.conf; this has no direct effect but slaptest(1) uses this to re-create the run-time config. Finally, convert the old-style config to a new run-time config using slaptest(1) like “slaptest -f slapd.conf -F slapd.d” and restart slapd:

cd /etc/openldap
cp some-new.schema schema/
cat >> slapd.conf <<HERE
include /etc/openldap/schema/some-new.schema
HERE
mv slapd.d slapd.d_bak
slaptest -f slapd.conf -F slapd.d
launchctl unload /System/Library/LaunchDaemons/org.openldap.slapd.plist
launchctl load /System/Library/LaunchDaemons/org.openldap.slapd.plist

Beware: we are deleting the old run-time config here and create a new one from the static config. If you have changed the config without adopting the old-style config, you might loose modifications. So, check twice if all required schemas are included from slapd.conf. AFAIK, Kerio Mailserver is troublesome here as it is not adding the include lines to slapd.conf. Though, thise procedure is exactly what the Apple tool chain does on replication and I suggest you do it exactly this way. Good luck!

1. is it too slow for real-time communications (that is available on IRC since 1988)?
2. can’t #hashtags contain unicode?
3. is there a length limit for my nickname?
4. can’t I sign on from multiple computers simultanously?
5. does their web page no auto-refresh?
6. is it always over capacity?
7. didn’t they register appropriate country TLDs like .de?
8. have they shut down their Jabber interface?

What’s new this year: there are some off-site hackcenters where people join the congress without being there in-real-life. “those unable to attend the Congress in Berlin [are invited] to celebrate their own Hack Center Experience, watch the streams, participate via twitter or chats, drink Tschunk, cook and have a good time.” This is exactly what some of us are going to do: we will meet at the UUGRN hackerspace on Monday and join the congress events.

Oct 27 2009 go go go!
Oct 17 2009 Everything is OK
Oct 05 2009 The Truth is out there.
Sep 28 2009 arrr!
Sep 18 2009 welcome to the encoding hell
Sep 07 2009 knights of the infinite loop
Aug 24 2009 world domination. fast.
Aug 18 2009 computing sucks.
Aug 13 2009 hacking at random
Jul 31 2009 Happy SysAdminDay 2009!!1
Jul 08 2009 ...
Jun 29 2009 "The tenth sale is a thousand times easier than the second one (the first one doesn't count... beginner's luck)." --Seth Godin
Apr 30 2009 SHA-1: Practical collisions are within resources of a well funded organisation.
Apr 23 2009 "It's a trap!" --Admiral Ackbar
Apr 10 2009 The road to hell is paved with good intentions.
Mar 24 2009 "Damn it!" --Jack Bauer, CTU
Mar 09 2009 "leadership is nature's way of removing morons from the productive flow" --Scott Adams in Dilbert
Mar 02 2009 Some people, when confronted with a problem, think "I know, I'll quote Jamie Zawinski." Now they have two problems.
Feb 26 2009 "The key to performance is elegance, not battalions of special cases." --Jon Bentley and Doug McIlroy
Feb 23 2009 we like monkeys
Feb 20 2009 cloud computing becomes fog when it goes down.
Feb 14 2009 happy 1234567890
Jan 26 2009 time.ctime(1234567890)
Jan 15 2009 to /b/ or not to /b/...
Jan 09 2009 beware of 'import skynet'.
Jan 09 2009 @ack
Dec 31 2008 happy new 1984
Dec 27 2008 nothing to hide
Dec 14 2008 Hail Eris. All hail Discordia.
Dec 10 2008 rip silcnet. all hail sickosnet. > silc -c sickos.org
Nov 19 2008 while True: pass
Nov 06 2008 long live teh king !
Nov 05 2008 remember remember teh 5th of november
Sep 26 2008 for(;P("\n"),R=;P("|"))for(e=C;e=P("_"+(*u++/8)%2))P("|"+(*u/4)%2);
Sep 19 2008 talk like a pirate day
Sep 19 2008 Ahoy there Landlubbers!
Sep 17 2008 0^0 := 1
Jul 11 2008 we're the scene.
Jul 09 2008 that's like knitting a sweater for a dead squirrel
Jul 08 2008 computers suck and i hate them
Jun 23 2008 osascript -e 'tell app "ARDAgent" to do shell script "whoami"'
Jun 17 2008 Linux was fun
May 24 2008 don't forget to bring a towel
May 21 2008 Lost in Hyperspace
May 03 2008 all your base are belong to us
Apr 21 2008 look, it's making friends with the roomba!
Apr 16 2008 The only laws on Internet are assembly and RFCs
Apr 11 2008 inventors of the infinite loop
Mar 19 2008 "the project suffers from lack of directions and frequent infighting between its developers" --Distrowatch.com on Gentoo Linux
Mar 04 2008 "What you see on these screens up here is a fantasy; a computer enhanced hallucination!" --Wargames
Feb 19 2008 a man collecting shoes... it's just not right.
Jan 22 2008 | |  |   |     |        |             |                     |                                  |
Dec 30 2007 pirates are better than ninjas
Dec 27 2007 virtual congress
Dec 21 2007 yankee white
Dec 21 2007 rule 35 of the internet: if it doesn't exist on the internet, it must be created.
Dec 18 2007 "[PHP] takes the worse-is-better approach to dazzling new depths" --Larry Wall
Dec 16 2007 "Strong typing is for people with weak memories." --Tom Van Vleck
Nov 30 2007 beiss mich, kratz mich, gib mir hostnamen!
Nov 26 2007 tuttle-buttle
Nov 23 2007 there's a buffer overflow but i won't disclouse
Nov 22 2007 inventors of the infinite loop
Sep 13 2007 'The Internet makes it so easy to get solutions to most of the problems that it has taken the fun out of it.' --Miguel de Icaza
Sep 03 2007 'Sickos can wreak death and destruction from thousands of miles away!' --Arnold Yabenson, Weekly World News
Jul 23 2007 "History is a set of lies agreed upon" --Napoleon Bonaparte
Jul 19 2007 "Unix is a glorified video game" --Ed Post
Jul 16 2007 "Programs should not attempt special solutions to general problems." --Pike & Kernighan
Jul 09 2007 Hackerbande
Jun 27 2007 Note: There are two BFGs in Hell.
May 18 2007 0xdeadbeef
May 02 2007 09:F9:11:02:9D:74:E3:5B:D8:41:56:C5:63:56:88:C0
Apr 08 2007 "they seem to think that just because no one has ripped them apart means that no one can" --jf on apple security
Mar 26 2007 "I think the fundamental mistake was this adoption of a democratic process" --Ian Murdock on Debian
Mar 14 2007 foo
Jan 08 2007 DEFCON 3
Jan 07 2007 alert. blog.fefe.de is down. switching from DEFCON 3 to DEFCON 2.
Dec 23 2006 Stell dir vor, es ist Congress, und keiner geht hin.
Dec 14 2006 "Screensavers are sort of a poor man's LSD, without the bad trips." --Larry Wall
Dec 06 2006 Ministry of Truth
Dec 06 2006 Into the Box...
Nov 15 2006 if the price matters, you're not a real gamer
Nov 06 2006 The Revolution Will Not Be Televised
Oct 10 2006 tut der router nicht mehr routen musst du booten
Jul 28 2006 Happy System Administrator Appreciation Day!
Jun 01 2006 We have done the impossible and that makes us mighty.
May 31 2006 brilliant but empty
May 17 2006 i wanna say something meaningful
Apr 30 2006 wii
Apr 20 2006 Bridge ahead.  Pay troll.
Apr 09 2006 Beware! The Blob!
Feb 13 2006 "Just because you're paranoid doesn't mean they aren't after you" --Kurt Cobain

→ visit project

First, there is the Web Proxy Autodiscovery Protocol (WPAD), which is used by your web browser when you use “proxy autoconfiguration” – the default setting on many systems. Second, there is a DHCP server for the campsite that does hostname registration in the DNS server. I asked myself what would happen if I could register the name wpad.visitors.har2009.net?

Well, I have done so. And I have setup an appropriate proxy that intercepts all traffic that passes this machine. After 24 hours, there were more than 800 different hosts using this malicious proxy server – and many of them signed up to unencrypted web services like Twitter and others. That’s quite impressive as this are about 20 percent of the visitors! Now I’m wondering what happens if I break up SSL…

I’ve investigated this a little bit and found that it is only port 53/udp that is being affected; doing dns queries over port 53/tcp is working fine. Thus, it looks like they are using some deep packet inspection at their routers as only special dns queries are being dropped. Can someone else confirm this odd behaviour?