Posted on

F10

So, I’ve been a user of Debian (and lately Ubuntu) since around 2001, with RedHat, Mandrake, and Slackware being in use before then. Debian was like a revelation: ‘apt’ is how package management should be! I still have my server running Debian stable, but I thought I’d try putting Fedora 10 on my laptop this go-round to see how it compares to Ubuntu. All the marketing hype about Ubuntu being mere aggregators of others’ hard work had something to do with that as well. Besides, yum has been around for years now so surely it is as good as apt by now.

Here are my thoughts: I still find yum a little clunky for a few things; maybe that’s just my expertise in apt speaking. LVM was the first thing to go — it wasn’t hard to do from the graphical installer. The much hailed boot graphics stuff only worked with vesafb for me since they dropped the modesetting code for Intel from the kernel. I had to overhaul the installkernel script to properly update grub and not bother with an initrd, since I hate them. Finally, all configuration seems to be HAL driven now, which just means putting more random undocumented crap into huge XML files in /etc to get your touchpad working. Lovely, I’m sure Ubuntu is busy adopting that mess. On the plus side, a nice looking gnome setup with reasonable defaults. On the whole, Fedora 10 is a solid release, though it will still take some time to get it configured to my liking. Perhaps by then I’ll give openSuse a spin.

Posted on

Old code

The projects section of my webpage got a few tweaks last night. Namely, I resurrected the rigid body simulator back to more-or-less compiling state (what a pile of crap code!) and put it back on the internets. The i-collide library may need a few Makefile tweaks to run on anything newer than RedHat 4. I ran it last night, then I realized GL-over-remote-X wasn’t working on Windows. So much for that. It’s super fast on modern hardware though.

Posted on

Backups revisited

I spent most of last weekend doing home IT tasks. That involved upgrading my main desktop machine from Pentium III to an Athlon XP. Welcome to 7 years ago! But most of the work was spent reorganizing my data and coming up with a better backup regime.

Now that hard drives are so cheap, and we now rent a storage space, spending $1/GB-month for off-site network backup is just not worth it any more. Also, with my off-site backup, I was only keeping a single full backup, which is not terribly useful if a few weeks elapse before you notice something is missing. So, I have been playing around with incremental backups using rsync and hard links, similar to the way Apple’s time machine supposedly works. Then I stumbled across ‘gibak,’ a set of shell scripts that use the git version control system as the backup tool.

In the end, I went with my own dozen-liner script to use git and metastore, with rsync/cifs to collect the stuff in windowsland for backup in separate repositories. A cron job does a daily commit and push from the checked-out repo in my home directory. So far, the result is pretty nice. If I screw something up, a ‘git reset’ gets me back to any earlier date. It also solves a minor annoyance with keeping files in sync across multiple machines: both can use a clone of the git repo and then syncing is as easy as a push from one and a pull to the other. I can rotate portable hard drives to the storage area to solve the ‘apartment burning down’ scenario, though I’m admittedly vulnerable to the ‘global thermonuclear war’ scenario.

I’ve already used this scheme to rebuild a machine’s home dir and it worked flawlessly. Hopefully the same will hold when I move my laptop from Ubuntu 8.04 to Fedora 10. Anyway, this should keep me satisfied until btrfs is everywhere and I can just use filesystem snapshots.

Posted on

Hacking, the good kind

I could write about the election here, but citizen905 already summed it up pretty well. So instead, here’s what I’ve been breaking in the Linux kernel lately:

  • My final patch count for 2.6.27 was 14, I think. Enough, anyway, that I can stop counting and just deal with all the work I’ve created for myself.
  • I added myself to MAINTAINERS for ath5k, which felt like a pretty ridiculous notoriety grab, but Nick asked me to do so twice, so there.
  • I have some fixes for ath5k for 2.6.28, nothing major but an oops should be fixed, and a WARN_ON removed. The oops fix, incidentally, had an obvious bug despite 3 sign-offs. I suck.
  • Also committed but to-be-reverted for suckiness is a patch to remove beaconing in STA mode. Turns out ath9k, from which I stole this idea, was just busted. The new plan is to use the beacon miss interrupt; until then, your wireless card has to wake up the CPU about 100 times a second.
  • For 2.6.29, I have added hardware encryption to ath5k and hopefully will get some time to hack on the suspend/resume support for mac80211. Then I have some omfs patches I’ve been sitting on for months.

Posted on

Hacked

So my wife received a spam from herself. At first I thought it was one of those spams where the “From:” was forged to be the same as the recipient, but a closer look revealed that it was actually from her hotmail to her yahoo account and to another dozen of her friends. Uh-oh.

So what happened? Was this a cross-site request forgery (CSRF) attack? She wasn’t logged into hotmail at the time that the email was sent. However, that doesn’t necessarily mean anything: there have been various CSRF attacks where the account is backdoored to send mail elsewhere, and a subsequent password reminder request could then give the attacker the goods. Or her session could have still been active even though the tab was long gone.

Was it spyware? Windows Defender didn’t find any, and we run XP apps in unprivileged user mode (which is a huge PITA, but that’s another story). It probably was not a dictionary attack, since her password is reasonably strong. It could be the case that her password was simply stolen, possibly from another site where the password was reused.

I’m late to the party, but I imagine CSRF and related attacks are still very under-appreciated at the moment, and that’s particularly worrisome with all of the Web 2.0 applications about. Hotmail should know the score, but who knows. As my mind mulls over the possibilities of such a bug in gmail, and the fact that I have three sessions open in it from various computers at the moment, I’m glad I have nothing of value in my gmail account and still use my own domain with mutt for official email. Stories like this one will only become more common. What if your confidential documents, stored on Google Docs, get surreptitiously emailed to everyone you’ve ever done business with?

So, I guess the moral is: get thee a password generator, and remember to log out of webmail!

Posted on

Open, sorta

I’m glad to see that the not-so-openness of Android is finally getting some press. As someone whose code is included in the phones’ firmware (though surely compiled out, heh), I very much agree with Harald Welte in the first linked article. And that guy bluest on lifehacker sure has really smart comments.

Oh well. I’ll wait for someone to hack it.

Posted on

Breakout

Breakout You haven’t played breakout until you’ve played it in all its low-resolution glory on the side of a building. Which is exactly what my wife, my brother-in-law, and I did in Toronto while we were visiting for Canadian Thanksgiving. The installation was part of project blinkenlights by the Chaos Computer Club. Every window in the city hall building had a lamp that would turn on or off to form a giant pixelated screen. You would call a number on a cell phone to start a game, then use the keypad to move the paddle around. Each game would last a minute, or in my case, the 10 secs it took to lose. Very neat!

(I think in this image, the ball is in the lower left corner and the dot above the paddle on the right is just an artifact. But I could be wrong — it could just be me losing, again.)

Posted on

SYSRQ on MacBook

Lately I’ve really needed SysRq in situations where /proc/sysrq-trigger just doesn’t do the job, and my MacBook is missing lots of crusty old XT-era keys. Finally, I know how to do this! 

/* includes and error handling omitted for brevity... */
#define USAGE_CODE 0x070044 /* USB hid for F11 */

int main() 
{
int codes[2];
int fd = open("/dev/input/by-id/usb-Apple_Computer_Apple_"
"Internal_Keyboard_._Trackpad-event-kbd", O_NONBLOCK);

codes[0] = USAGE_CODE;
codes[1] = KEY_SYSRQ;  /* from linux/input.h */
ioctl(fd, EVIOCSKEYCODE, codes);
}

Awesome. Supposedly, a tool called keyfuzz is also efficacious.

Posted on

Guitars


Guitars
Originally uploaded by bluesterror

To add a little space to our cozy apartment, I put up a couple of guitar wall hangers over the weekend and put the cases in storage (don’t tell our leasing office). It looks pretty cool, though I do think the guitars want 8 or 9 more friends. I just hope this isn’t the start of the inevitable transition from guitar-as-instrument to guitar-as-display-item.