Posted on

Backups revisited

I spent most of last weekend doing home IT tasks. That involved upgrading my main desktop machine from Pentium III to an Athlon XP. Welcome to 7 years ago! But most of the work was spent reorganizing my data and coming up with a better backup regime.

Now that hard drives are so cheap, and we now rent a storage space, spending $1/GB-month for off-site network backup is just not worth it any more. Also, with my off-site backup, I was only keeping a single full backup, which is not terribly useful if a few weeks elapse before you notice something is missing. So, I have been playing around with incremental backups using rsync and hard links, similar to the way Apple’s time machine supposedly works. Then I stumbled across ‘gibak,’ a set of shell scripts that use the git version control system as the backup tool.

In the end, I went with my own dozen-liner script to use git and metastore, with rsync/cifs to collect the stuff in windowsland for backup in separate repositories. A cron job does a daily commit and push from the checked-out repo in my home directory. So far, the result is pretty nice. If I screw something up, a ‘git reset’ gets me back to any earlier date. It also solves a minor annoyance with keeping files in sync across multiple machines: both can use a clone of the git repo and then syncing is as easy as a push from one and a pull to the other. I can rotate portable hard drives to the storage area to solve the ‘apartment burning down’ scenario, though I’m admittedly vulnerable to the ‘global thermonuclear war’ scenario.

I’ve already used this scheme to rebuild a machine’s home dir and it worked flawlessly. Hopefully the same will hold when I move my laptop from Ubuntu 8.04 to Fedora 10. Anyway, this should keep me satisfied until btrfs is everywhere and I can just use filesystem snapshots.

Posted on

Hacking, the good kind

I could write about the election here, but citizen905 already summed it up pretty well. So instead, here’s what I’ve been breaking in the Linux kernel lately:

  • My final patch count for 2.6.27 was 14, I think. Enough, anyway, that I can stop counting and just deal with all the work I’ve created for myself.
  • I added myself to MAINTAINERS for ath5k, which felt like a pretty ridiculous notoriety grab, but Nick asked me to do so twice, so there.
  • I have some fixes for ath5k for 2.6.28, nothing major but an oops should be fixed, and a WARN_ON removed. The oops fix, incidentally, had an obvious bug despite 3 sign-offs. I suck.
  • Also committed but to-be-reverted for suckiness is a patch to remove beaconing in STA mode. Turns out ath9k, from which I stole this idea, was just busted. The new plan is to use the beacon miss interrupt; until then, your wireless card has to wake up the CPU about 100 times a second.
  • For 2.6.29, I have added hardware encryption to ath5k and hopefully will get some time to hack on the suspend/resume support for mac80211. Then I have some omfs patches I’ve been sitting on for months.

Posted on

Hacked

So my wife received a spam from herself. At first I thought it was one of those spams where the “From:” was forged to be the same as the recipient, but a closer look revealed that it was actually from her hotmail to her yahoo account and to another dozen of her friends. Uh-oh.

So what happened? Was this a cross-site request forgery (CSRF) attack? She wasn’t logged into hotmail at the time that the email was sent. However, that doesn’t necessarily mean anything: there have been various CSRF attacks where the account is backdoored to send mail elsewhere, and a subsequent password reminder request could then give the attacker the goods. Or her session could have still been active even though the tab was long gone.

Was it spyware? Windows Defender didn’t find any, and we run XP apps in unprivileged user mode (which is a huge PITA, but that’s another story). It probably was not a dictionary attack, since her password is reasonably strong. It could be the case that her password was simply stolen, possibly from another site where the password was reused.

I’m late to the party, but I imagine CSRF and related attacks are still very under-appreciated at the moment, and that’s particularly worrisome with all of the Web 2.0 applications about. Hotmail should know the score, but who knows. As my mind mulls over the possibilities of such a bug in gmail, and the fact that I have three sessions open in it from various computers at the moment, I’m glad I have nothing of value in my gmail account and still use my own domain with mutt for official email. Stories like this one will only become more common. What if your confidential documents, stored on Google Docs, get surreptitiously emailed to everyone you’ve ever done business with?

So, I guess the moral is: get thee a password generator, and remember to log out of webmail!

Posted on

Open, sorta

I’m glad to see that the not-so-openness of Android is finally getting some press. As someone whose code is included in the phones’ firmware (though surely compiled out, heh), I very much agree with Harald Welte in the first linked article. And that guy bluest on lifehacker sure has really smart comments.

Oh well. I’ll wait for someone to hack it.

Posted on

Breakout

Breakout You haven’t played breakout until you’ve played it in all its low-resolution glory on the side of a building. Which is exactly what my wife, my brother-in-law, and I did in Toronto while we were visiting for Canadian Thanksgiving. The installation was part of project blinkenlights by the Chaos Computer Club. Every window in the city hall building had a lamp that would turn on or off to form a giant pixelated screen. You would call a number on a cell phone to start a game, then use the keypad to move the paddle around. Each game would last a minute, or in my case, the 10 secs it took to lose. Very neat!

(I think in this image, the ball is in the lower left corner and the dot above the paddle on the right is just an artifact. But I could be wrong — it could just be me losing, again.)

Posted on

SYSRQ on MacBook

Lately I’ve really needed SysRq in situations where /proc/sysrq-trigger just doesn’t do the job, and my MacBook is missing lots of crusty old XT-era keys. Finally, I know how to do this! 

/* includes and error handling omitted for brevity... */
#define USAGE_CODE 0x070044 /* USB hid for F11 */

int main() 
{
int codes[2];
int fd = open("/dev/input/by-id/usb-Apple_Computer_Apple_"
"Internal_Keyboard_._Trackpad-event-kbd", O_NONBLOCK);

codes[0] = USAGE_CODE;
codes[1] = KEY_SYSRQ;  /* from linux/input.h */
ioctl(fd, EVIOCSKEYCODE, codes);
}

Awesome. Supposedly, a tool called keyfuzz is also efficacious.

Posted on

Guitars


Guitars
Originally uploaded by bluesterror

To add a little space to our cozy apartment, I put up a couple of guitar wall hangers over the weekend and put the cases in storage (don’t tell our leasing office). It looks pretty cool, though I do think the guitars want 8 or 9 more friends. I just hope this isn’t the start of the inevitable transition from guitar-as-instrument to guitar-as-display-item.

Posted on

Old soldiers

I had the good fortune to attend a free DC ACM-sponsored lecture by Tony Hoare last week. Hoare is the inventor of quicksort as well as the man behind two of my favorite Computing-related quotes:

Premature optimization is the root of all evil. (via Knuth)

There are two ways of constructing a software design: one way is to make it so simple there are obviously no deficiencies and the other way is to make it so complicated that there are no obvious deficiencies.

He gave a fairly dry talk on the importance of program correctness and how CS-the-science hopes to eventually figure out proof methods and tools that will some day help CS-the-discipline. But, he notes, we’re still a long way off.

I’m still not a member, but good things are coming out of the local ACM chapter. This is the same series that brought Brian Kernighan earlier in the year. Next month there is a black tie affair with Bjarne Stroustrup as the keynote.

Posted on

OSS, I has it

I just sat in on a conference call as a representative (by default, since no one else called in) of the Linux ath5k community, with Atheros, makers of my MacBook’s wireless ethernet card. Atheros have really done a 180 for supporting the community, first by releasing ath9k, then by releasing the source to their previously-closed HAL last week. Thanks to that, 6 patches have already gone out fixing various problems. BTW, conference calls are just as pointless in the OSS community as they are in real life. But at least I did learn that it is pronounced “uh-THERE-ose”, not “ATH-er-ose.”

Buy laptops with Atheros wireless cards!

Posted on

Divested

As of last Thursday, I’m no longer a land owner, so you guys are on your own with that whole voting thing.