Older blog entries for etbe (starting at number 959)

The Security Benefits of Automation

Some Random WTFs

The Daily WTF is an educational and amusing site that recounts anecdotes about failed computer projects. One of their stories titled “Remotely Incompetent” concerns someone who breaks networking on a server and is then granted administrative access to someone else’s server by the Data Center staff [1]!

In one of the discussions about that I saw people make various claims about Data Center security, such as claiming that having their own locked room helps. My experience indicates that such things don’t do much good, I have often been granted access to server rooms without appropriate checks.

My experience is that security guards on site generally don’t directly do any good. I once had a guard hold a door for me when I was removing a server from a DC without even bothering to ask for ID! On another occasion in the Netherlands I had a security guard who didn’t speak English unlock the wrong server room for me, I used hand gestures to inform him that I needed access to the room with the big computers and he gave me the access I needed! It seems that the benefit of security guards is solely based on scaring people who don’t have the confidence needed to bluff their way in. Preventing children from thieving is a good thing,

On another occasion I showed ID and signed in for access to a DC owned by my employer and I used my security key to go through a locked door with a sign that promised many bad consequences if I failed to lock the door behind me. Then I discovered that the back door was wide open for the benefit of some electricians who were working in the building. Presumably the electricians who had no security training were expected to act as ad-hoc security guards if someone tried to enter through the back door – presumably they would not have been good at it.

When a company uses part of their own office for a server room then many of these problems disappear. But a common issue in such ad-hoc DCs is the lack of planning and procedures, I have lost count of the number of times I’ve seen doors (and even windows) propped open to allow ventilation because there were too many servers for the air-conditioning to cope. The most ironic example of this is the company that had a walk-in safe (think of a small bank vault with concrete walls and thick solid steel door) used for storing servers but with it’s door propped open to allow cooling. The advantage of a serious hosting company is that they will have procedures for cooling etc and will be very unlikely to do strange and silly things.

Having a locked room in a DC makes some sense, but if security guards have the master keys and are allowed to use them then it might not do much good. The one time I locked my keys in such a room I had a guard let me in without verifying my ID or the claim that there were actually keys locked in the room. Presumably anyone could just claim to have forgotten their keys and get the door unlocked – just like a cheap hotel.

Locking a rack sounds like a good idea, but the racks I’ve seen have had locks which are quite easy to pick. On the one occasion when I had to pick a lock on a rack (due to keys being too difficult to manage for the relevant people) the security guards didn’t investigate, so either the security cameras were not supervised or they just didn’t care about people picking locks in a shared server room. Also if you allow people to do things freely in a shared server room they could install devices to monitor network traffic.

A locked cage in a server room should work well. In the one case where I worked for a company that used such a cage I found it to mostly work well – apart from the few weeks when the lock was broken.

One company that I worked for had scales before the door between a server room and the car-park to prevent people from stealing heavy servers. Of course that wouldn’t stop people stealing hard drives full of data which is worth more than the servers! Also an over-weight colleague had to have the scales disabled for him (as they were based on absolute mass not unexpected changes in an individual’s mass) which presumably means that any skinny employee could steal a 2RU server and still be below the mass threshold.

How to Solve some of these Problems

Computers are subject to all manner of security problems. But they tend not to do arbitrary things for no apparent reason and they will never give in to someone who is charming, attractive, or aggressive – unlike humans.

I have servers running on Hetzner, Linode, and the Rackspace Cloud. I am always concerned about possible security compromises. But I am not worried about someone climbing in a window of a server room or convincing a security guard to let them in through the door. All three of those hosting companies have the vast majority of interactions automated. I can change many aspects of the servers without involving ANY human interaction. Out of the three of those companies I have had some human interaction with Hetzner (who provide managed servers) when a hard drive needed to be replaced – obviously replacing a disk in the wrong server would have been a significant system integrity issue even though everyone would be running RAID-1 and if Hetzner improperly disposed of the broken disk then there could be security issues – but this is an unlikely mistake in the face of a rare occurrence. With Linode and the Rackspace Cloud (and the previous Slicehost hosting that was purchased by Rackspace) the most common interactions I have with employees of those companies are when my clients don’t pay their bills on time – and that’s an administrative not a technical issue. When I do have to contact the support people about a technical issue it’s usually something that’s not immediately connected to the virtual server (EG a loss of routing to the DC).

It seems most likely that there are a fairly small number of people who are allowed in the DCs for companies like Hetzner, Linode, and Rackspace. Those people would probably be recognised by the security guards and their work would be restricted to replacing failing hardware and not involve granting access requests. There are some unusual requests that they can process (EG one of my clients recently transferred a virtual server between business units) but even in those cases the administrative software controls who gets access. This is much better than just handing hardware access to what seems to be the correct physical server to a client.

If you have software running a few computers and operating correctly then you can probably scale it up to run thousands of computers and have it still work correctly. But if you have a team of people controlling access requests and want to scale it up significantly then there are huge problems in hiring skilled people and training them correctly. There is a real risk of security flaws in such administrative software, if someone managed to exploit the automated management system for one of those three companies then they could probably gain access to the private data of any of their customers. But the risk of this seems a lot less than the risk of general incompetence among humans who perform routine and boring tasks which have the potential for great errors.

Related posts:

  1. The Security Benefits of Being Unimportant A recent news item is the “hacking” of the Yahoo...
  2. Security Lessons from a Ferry On Saturday I traveled from Victoria to Tasmania via the...
  3. Public Security Cameras There is ongoing debate about the issue of security cameras,...

Syndicated 2012-03-30 12:42:29 from etbe - Russell Cokeretbe - Russell Coker

Cheap NAS Devices Suck

There are some really good Network Attached Storage (NAS) devices on the market. NetApp is one company that is known for making good products [1]. The advantage of a NAS is that you have a device with NVRAM for write-back caching, a filesystem that supports all the necessary features for best performance (NetApp developed their own filesystem WAFL to provide the features they needed), and a set of quality hardware that has been tested and certified to work together.

If you want a cheap NAS then you end up with something running Linux with GPL filesystems. This isn’t a bad thing as such, but some of the best performance and data integrity features are available in ZFS (which isn’t GPL) and BTRFS (which isn’t ready for production use). Not to mention WAFL which has been providing ZFS/BTRFS type features for more than a decade.

A cheap NAS will generally be sold without disks as this is the best way to keep costs down. Selling with disks either means selling lots of different variations (which means it can’t be sold off the shelf) or selling packages that don’t quite suit some customers (thus causing people to buy the device and replace the disks which means extra costs). This means that the vendors can’t provide the guarantees about disk quality and suitability that NetApp can provide.

One major problem with a NAS is that you typically can’t get shell access. Commands such as “rm -rf” and “cp -rl” which are typically rather quick when performed locally can take ages when run over NFS. Also commands such as “grep -R” which can perform reasonably well over NFS will always perform better when run locally. Also tasks such as compiling big programs which require good disk speed as well as some CPU time can be run locally if you have a file server system that also has local accounts (IE a typical multi-user Unix server configuration), but a dedicated NAS will prevent that.

I have never used a NetApp device due to my clients deciding (sometimes correctly and sometimes incorrectly IMHO) that they are too expensive. But when considering what my clients do the down-sides of lacking local code execution on a NetApp would be more than compensated in many cases by the significant performance and reliability advantages that they offer (see my post about the reliability issues in standard RAID implementations [2]).

A server class system (with ECC RAM as a minimum criteria) running RAID-6 can be a fairly decent file server. That requires hardware RAID with NVRAM for the write-back cache for decent write performance, but when write performance isn’t required software RAID does the job quite well. A Dell tower system will typically hold at least 4 disks which means 6TB of RAID-6 storage and is quite cheap – it can be under $2000. also such a system can be easily expanded with extra Ethernet ports etc. NetApp doesn’t sell products directly and doesn’t list prices, but they do have some adverts for products being “under $7500“. That’s not really cheap but not THAT expensive when you consider the features.

A hidden cost in running a NAS is having someone perform sysadmin work on it. For a relatively expensive device that offers significant features such as a NetApp Filer this expense probably isn’t too great. But for a device that does what any PC running Linux can do it’s noteworthy that more training or experimenting time is required.

There are some special cases where small and cheap NAS appliances really make sense, such as the Apple Time Capsule for home network backups. But apart from that I don’t think that cheap NAS appliances make sense. It seems that cheap NAS devices provide the biggest down-sides of expensive NAS devices (in terms of lacking local access and having a different administration interface to servers) while also having the biggest down-sides of PC servers (lacking the advanced features of WAFL and performance of a NetApp).

Earlier today I started a process of reorganising some backups which included backups to a cheap NAS. I have been very unimpressed by the time taken to copy and rm files over NFS. I’m sure that the job would have been completed hours ago if I had local root access to the NAS.

Related posts:

  1. big and cheap USB flash devices It’s often the case with technology that serious changes occur...
  2. Insider Threats and Small Storage Devices Danny Angus writes about the potential threat posed by small...
  3. Some RAID Issues I just read an interesting paper titled An Analysis of...

Syndicated 2012-03-23 13:29:21 from etbe - Russell Cokeretbe - Russell Coker

Links March 2012

Washington’s Blog has an informative summary of recent articles about corporate psychopaths [1]. Including the fact that some banks deliberately hire psychopaths.

Anu Partanen wrote an insightful article for The Atlantic about the difference between Finnish and American education systems [2]. It seems that Finland has achieved great educational success by aiming for equality with no private schools and giving the teachers and principals enough responsibility to do the job properly.

Ramona Pierson gave an interesting TED talk about how she recovered from being run over by a drunk driver with the help of the residents of a senior citizens home [3].

Quyen Nguyen gave a very interesting TED talk about the use of fluorescent dyes in cancer surgery [4]. They can make cancer glow one color and nerves glow with a different color which makes it a much easier task to remove ALL the cancer without cutting the smaller nerves.

James Fallows wrote an interesting article for The Atlantic about the experience of having his wife’s Gmail account cracked [5]. She stored EVERYTHING in her Gmail account so this was a lot worse for her than for the typical Geek who doesn’t use such accounts for storing much. James describes what the attacker did, how they did it, and what needed to be done to recover. When running a mail server it’s worth considering what you would do to help a user who was attacked in that way.

Charles Stross has written an interesting blog post trying to predict some future psychological and social changes [6].

Matthew Wright of Beyond Zero Emissions has written an informative article about how solar panels on home roofs save everyone money [7].

Mikko Hypponen gave an interesting TED talk about different types of online attack and how they can affect us [8]. Among other things he describes how online attacks can result in people dying.

Scott Rickard gave an interesting TED talk about using maths to create SONAR pings without repitition and also the worst music ever created [9]. I found it entertaining to watch Michael Lindel (the director of chamber music for the New York Symphony) play the music, he obviously didn’t enjoy that performance.

Sheena Iyengar gave an interesting TED talk about the way people make choices [10]. It’s useful for anyone who is going to prepare a set of options for someone else to choose from.

ASD Aid is a project that uses Lego to encourage kids on the Autism Spectrum to socialise [11]. They have training manuals for using Lego in therapy. Unfortunately they have not been supported by the Lego corporation.

Bilal Bomani gave an interesting and informative TED talk about NASA research into renewable aviation fuel [12]. The most interesting thing to me was the way that they were aiming for a sustainable lifecycle that didn’t use resources that coule be used for food and which required minimal input once it was started.

Alain de Botton gave an interesting TED talk about Atheism 2.0 [13]. He suggests that we adopt some ideas from religious organisations including lectures (sermons), celebrations, and rituals. It’s interesting to think of a technology conference as a pilgrimage.

Homaro Cantu and Ben Roche from Moto restaurant in Chicago gave an interesting talk about some of the unusual foods that they have produced [14]. If I visit the US again I will try and go to Chicago to eat there!

Related posts:

  1. Links March 2009 Cory Doctorow has written a column for The Guardian titled...
  2. Links February 2012 Sociological Images has an interesting article about the attempts to...
  3. Links January 2012 Cops in Tennessee routinely steal cash from citizens [1]. They...

Syndicated 2012-03-22 01:44:51 from etbe - Russell Cokeretbe - Russell Coker

An Introduction to Android

I gave a brief introductory talk about Android at this month’s LUV meeting. Here are the slides with a brief description. All the screen-shots were made on a Samsung Galaxy S running Cyanogenmod version 7.1 [1] (Android version 2.3.7). With that build of Cyanogenmod you can press the power button for about 1.5 seconds to get a menu which gives an option to take a screen shot.

The aim of the talk was to give an overview of what Android can do. I also gave some random commentary about Android such as explaining why it doesn’t make a good phone.

Most of the pictures in this post have links to the Android applications in question.

Essential and Important Apps

picture of root shell access running df

I started by explaining why having root access to your system is really important, including the issue of backing up an Android phone [2]. Cyanogenmod includes a terminal program which allows you to run “su -“. Running a shell as root isn’t generally that useful, what you really want is to be able to run programs such as Titanium Backup which can only work properly if given root access. When you run an OS that allows root access you can run “su -” at a terminal prompt and you can also have an application use a GUI to request root access.

I recommend rooting and modding an Android phone immediately after buying it. However that takes some time which is somewhat equivalent to money and is a significant hidden cost to purchasing an Android phone.

picture of 3g watchdog bandwidth monitor

The business models of telephone companies seem to involve hidding users for unexpected fees and extra fees for excess bandwidth can be really expensive. 3G Watchdog is one app that can monitor bandwidth and disable data transfers if too much is used. Onavo is an alternative that allows tracking data use on a per-application basis, but it only runs on Android 2.3.x while 3G Watchdog works on Android 2.1.

Official EBay app searching for Samsung Android phones

EBay has an official app which is handy for searching for items. So far I’ve only used it to get price estimates and have used a PC for buying.

K9 viewing my SE Linux mailing list email

K9 seems to be the best MUA for Android. The MUA that ships with Android 2.1 isn’t nearly as good and K9 is good enough that I didn’t even bother testing the MUA from Cyanogenmod. The above picture shows a list of mail in my SE Linux folder.

graph by opticron grapher

The Opticron Grapher is a good graphing calculator. I won’t claim it’s the best because I didn’t seriously test such programs, but for the basic tests I’ve done it has worked well.

Google map of LUV location

The Google Maps client comes with every Android system, the above shows the location of the LUV meeting.

Open Street Map location of the LUV meeting

Osmand is an Android client for the Open Street Map project. Here is the web site for the Open Street Map project [3]. One significant advantage of OSM over the Google Maps is that OSM is free, the data is all contributed by users – like Wikipedia. Another significant advantage is that you can download as much data as you need to your phone, for example the entire dataset for Australia is about 200M. Storing 200M of data on your phone is no big deal when you consider the availability of phones with more than 16G of storage and the ability to use a map when offline is a real benefit.

So far I’ve used Osmand while waiting for a train at an underground station and I plan to use it to track my progress the next time I’m on a cruise.

serval mesh networking and VOIP

Serval is a mesh networking application for Android that supports VOIP phone calls and distributing messages and files. It’s designed to be used in disaster areas, but there are lots of other potential uses of the technology. The Serval Project blog has an article about the presentation they gave at LCA 2012 [4].

periodic table
details about Titanium

Periodic Droid is my favorite Periodic Table viewing program.

tomfusion Au Weather forecast app

The Tomfusion AU Weather forecast app seemed to be better than the one from the BoM last time I checked. It’s probably the best weather app for Australia.

screen-shot of LUV web site
LUV web site zoomed in

The Opera Mini browser is often faster than other browsers because it uses a compressing proxy run by Opera. It’s not so good for privacy though…

LUV page on Wikipedia

I have been using Wapedia for browsing Wikipedia. Since giving the talk I discovered the Official Wikipedia browser from the Wikimedia foundation [5] which is a better fit for my needs and I’ve uninstalled Wapedia.

As an aside modern phones have 16G of storage or more and could easily have a copy of the entire English text of Wikipedia on internal storage. It would be good if someone like Jason King (who is known for work on stand-alone DVD images for Wikipedia) was to write an Android program to do this.

Handy Apps

Androsensor showing GPS, accelleration, and light intensity
Androsensor showing magnetic field, orientation, and battery

Androsensor is a program to display output from most (all?) of the sensors on your phone. The results aren’t as accurate as one would hope, for example Earth’s gravity is 9.81m/s^2 – not the 10.26m/s^2 my phone registered. But they are a useful indication.

picture of Coke can, scanning the barcode
Google search on Coke can barcode
QR Code lookup of Facebook page

The Zxing Barcode scanner is one of many programs that will scan barcodes with the camera in an Android phone. It can launch a Google search on a product code or open a URL from a
QR Code. The above pictures show it scanning a Coke can (the can and other background was displayed on the full screen before the screen capture program activated), doing a Google search on the can barcode, and looking up a QR code that was on an advertisment outside the LUV venue.

picture from the bridge of the Dawn Princess in Tauranga NZ

Cruise Cams allows you to download pictures from cruise ships. Some cruise ships have several cameras on different parts of the ship uploading pictures regularly so that people around the world can see what’s happening.

list of geo-caches near the park where I prepared most of my notes

The c:geo opensource program allows you to get information on Geocaches and see a compass or map showing the location. This program has been getting an increasing number of features to do everything you might want to do related to Geocaching. The above picture shows some caches that are close to where I made the screen-shot, in a park a couple of Km from the meeting location.

picture of Google Sky Map in the direction of Andromeda

The Google Sky map uses augmented reality techniques to display stars in the direction that your phone is pointing along with their names and the names of the constellations.

Marine Traffic showing ships near me
Marine Traffic showing the Pacific Sun highlighted on a Google Map
Marine Traffic showing details of the Pacific Sun
Photos of the Pacific sun taken by fans and shown by Marine Traffic

The Marine Traffic program shows the locations of ships as well as lots of information about them. The above pictures show me discovering that the Pacific Sun was nearby, viewing it’s location on Google Maps, seeing the details, and then viewing fan pictures.

The developer’s web site allows viewing all the same data without an Android phone [6]. Anyone can join the project by buying an Automatic Identification System (AIS) receiver and configuring a PC to take data from AIS and send it to the MarineTraffic.com servers. As an aside they seem to be missing coverage in western Victoria, so it would be good if someone near Apollo Bay or Warrnambool could install an AIS receiver and help out.

Satellite map from Satellite AR

Satellite AR uses augmented reality to show the location of satellites and other things in spare. Unfortunately the screen capture process turned off the camera as I had a sign advertising fast food positioned in an amusing location in the background.

Shipmate overview of Dawn Princess
Shipmate map of Dawn Princess

Shipmate publishes a set of programs giving information on cruise ships, they have one program for each cruise line. Above is the program for the Princess cruise line, the above pictures give information on the Dawn Princess. Unfortunately the program wasn’t usable without net access when I tried to use it on a cruise ship.

Games

Air Attack HD game, clone of 1942

Air Attack HD is an entertaining game that demonstrates the capability of Android phones to run action games. Like many Android games it has a free version and paid versions if you want more.

picture of Angry Birds

Angry Birds is one of the most well known games for touch-screen devices. It has also spawned a huge line of merchandise.

Labyrinth Lite
Labyrinth Lite from a different angle

Labyrinth Lite is one of the many Android games based on the old mechanical game where you tilt a toy to roll a ball-bearing through a maze. It’s free and is better than most of the free games in that genre.

Minecraft Pocket Edtion

Minecraft Pocket Edition allows you to play Minecraft on your phone. The demo version doesn’t allow saving the game, you have to buy the game for about $5 if you want to do that. It also lacked the full features of the game last time I checked, it didn’t have monsters.

Paradise Island overview
Paradise Island details of Bungalow

Paradise Island is one of many business simulation games for Android. It’s more playable than most and has very detailed graphics, but the down-side is that it’s a memory hog and will crash if you don’t have enough RAM. It’s one of the games that are free to download but encourage you to pay money to level up, for some players it’s probably a very expensive game.

Tower Raiders 2, Pratt was eaten by a Grue

Tower Raiders 2 is one of the better tower defense games for Android.

Related posts:

  1. Choosing an Android Phone My phone contract ends in a few months, so I’m...
  2. Galaxy S vs Xperia X10 and Android Network Access Galaxy S Review I’ve just been given an indefinite loan...
  3. Standardising Android Don Marti wrote an amusing post about the lack of...

Syndicated 2012-03-20 03:48:49 from etbe - Russell Cokeretbe - Russell Coker

Long Term Adverts

I’ve just seen a mailing list post from someone who needs an ancient printer to work with their old software. As the printer is no longer manufactured and changing the software is expensive this puts them in a difficult situation – which can be profitable for someone who happens to own an ancient printer that still works. This sort of thing is not uncommon at all.

Ebay is a nice auction and online store site but it doesn’t cater for long term personal adverts. I’ve got a lot of old computer equipment that I keep because it might be useful at some time and it’s a shame to throw away working equipment. I’d like to be able to list that stuff on a sale site and have the adverts stay online for years just in case someone wants to pay a decent amount of money for it. If there was such a site I would also list all the systems in my test network, I can test software just as well with different hardware if someone wants to pay decent money for what I’ve currently got.

Storage space is pretty cheap and searching for keywords isn’t that difficult either. The cost of running an online personal sale site for items that sell every few years isn’t going to be much greater than running one that sells items after 10 days. But the profit in many cases will be a lot greater, an old printer that sells for $10 on Ebay could go for $200 or more if the seller could wait for a buyer who had some enterprise software that absolutely depended on that particular printer.

Does anyone know of such an online sale site? If not does anyone want to start one?

Related posts:

  1. Dear Magazines – Please Publish Your Adverts Online When reading a magazine I often see an advert for...
  2. Friends and Adverts For some time I have been running Google Adsense adverts...
  3. Used Car Prices There is an interesting article in The Age about the...

Syndicated 2012-03-19 02:24:35 from etbe - Russell Cokeretbe - Russell Coker

Airtasker – Outsourcing Small Jobs

Airtasker.com is a new company that is dedicated to outsourcing small jobs [1]. It’s still in a “beta” phase and has no way of making money – the worker is paid directly by the employer and there’s no facility for either of them to pay Airtasker, I would really like to know what the business model will be before considering whether to use it. It also doesn’t seem to operate outside of Sydney which seems quite strange, how hard can it be to have separate Google maps instances for each city in Australia?

The jobs that are advertised seem to be mostly household repair tasks and from the member list it appears that some people who already run small service businesses are trying to use Airtasker to get more work. There are also a lot of delivery tasks such as buying something from a shop and delivering it and driving a car from Melbourne to Sydney (good for someone who wants a subsidised interstate holiday). But there are some unusual tasks such as pretending to be someone’s girlfriend to make his mother stop nagging him.

It will be interesting to see whether this takes off. One thing that I might use it for is delivering computer equipment in the CBD. Some of my clients have no good parking near their office so I end up carrying computer gear from a tram stop or an inconvenient parking spot to their office. I’d rather have someone paid to do at least half the work in carrying the gear and the rates that are being discussed on Airtasker are well within the range that my clients would be happy to pay.

Related posts:

  1. outsourcing – bad for corporations but good for the world There is ongoing discussion about whether outsourcing is good or...
  2. Fragmenting Information about Jobs A comment on my previous post about my Linux Jobs...
  3. IT Jobs and Working Conditions Mark Glossop has written about the best designs for offices...

Syndicated 2012-03-13 12:31:39 from etbe - Russell Cokeretbe - Russell Coker

USB Flash Storage

For some years I have had my Internet gateway/firewall system in a cupboard in my bedroom. While I don’t mind some computer noise (I’ve slept near a server for most of the last 22 years) it’s good to have it as quiet as possible so getting rid of the hard drive is desirable.

I considered buying an IDE flash drive, but I’d like to continue my trend of not paying for hardware so I chose to use some USB flash devices that HP was giving away at a seminar (thanks HP – as an aside the P3 system is an old Compaq Desktop system). So I’ve got one 4G USB device for root and one for Squid.

For the past few months I’ve had /var/spool/squid be a USB flash device. I considered using RAID-0 for that filesystem because the computer is a P3 and only has USB 1.2 and thus a maximum theoretical transfer rate of 1.5MB/s and a maximum real-world rate of about 1MB/s. But my ADSL connection doesn’t seem able to sustain much more than 1MB/s and Squid doesn’t write data synchronously so in all my tests the USB speed hasn’t affected HTTP performance.

One issue that has delayed my move to all USB is the difficulty of booting as the P3 system in question doesn’t support booting from USB. I considered creating a boot CD that loads the kernel from the USB device, but that seemed a little painful and also relies on the CD-ROM drive working – which isn’t a great idea for a system that runs 24*7 in a dusty cupboard. I ended up using GRUB on the IDE hard drive to load the kernel and initrd and then mount a USB device as root, this seems to work and the command “hdparm -S6 /dev/sda” in /etc/rc.local makes the hard drive go to sleep once the system is booted.

The only technical parts of the process were putting in the UUIDs of the filesystems in /etc/fstab (because I can’t be sure which USB device will be found first) and creating a new initramfs with modules for USB storage listed in /etc/initramfs-tools/modules so that a USB device could be the root filesystem.

The firewall system is now a bit quieter and based on my last tests of hard drive power use will probably dissipate about 5-7W less heat. The next thing to do is wait and see if it keeps running or falls over. ;)

Related posts:

  1. flash for main storage I was in a discussion about flash on a closed...
  2. Flash Storage and Servers In the comments on my post about the Dell PowerEdge...
  3. IDE DMA and Flash I’ve just been working with a Flash device used as...

Syndicated 2012-03-11 11:58:27 from etbe - Russell Cokeretbe - Russell Coker

SE Linux Status in Debian 2012-03

I have just finished updating the user-space SE Linux code in Debian/Unstable to the version released on 2012-02-16. There were some changes to the build system from upstream which combined with the new Debian multi-arch support involved a fair bit of work for me. While I was at it I converted more of them to the new Quilt format to make it easier to send patches upstream. In the past I have been a bit slack about sending patches upstream, my aim for the next upstream release of user-space is to have at least half of my patches included upstream – this will make things easier for everyone.

Recently Mika Pflüger and Laurent Bigonville have started work on Debian SE Linux, they have done some good work converting the refpolicy source (which is used to build selinux-policy-default) to Quilt. Now it will be a lot easier to send policy patches upstream and porting them to newer versions of the upstream refpolicy.

Now the next significant thing that I want to do is to get systemd working correctly with SE Linux. But first I have to get it working correctly wit cryptsetup.

Related posts:

  1. SE Linux Status in Debian 2011-10 Debian/Unstable Development deb http://www.coker.com.au wheezy selinux The above APT sources.list...
  2. SE Linux Status in Debian 2012-01 Since my last SE Linux in Debian status report [1]...
  3. Debian SE Linux Status At the moment I’ve got more time to work on...

Syndicated 2012-03-06 06:44:33 from etbe - Russell Cokeretbe - Russell Coker

LUV Hardware Library

What is it?

Last month I started what I am calling the LUV Hardware Library. It’s a briefcase full of computer parts that are free to LUV members which I plan to bring to all LUV meetings [1]. The issue is that there is a lot of hardware which has no great value to people and is often excess to requirements but which is still somewhat expensive or difficult to obtain and thus transferring it from the people who don’t need it to people who do provides a significant benefit to the recipient but no real cost to the donor.

Currently my briefcase has a range of different types of DIMM, some PCI cards, some assorted cables, a laptop SATA disk, and a bunch of other random things. Most of the stuff has been in my spare parts pile for a year or two, but some of it has been donated by other people.

What we Need

The next thing we need is more packaging, anti-static bags for RAM and PCI cards, sealable bags for screws, and some way of storing motherboard batteries.

In terms of hardware that can be donated one thing that would be really useful is SATA disks. I’m sure that there are lots of people who have upgraded the storage of their computer and kept the old drive with no real chance of using it. But there are lots of people who need such disks, for example I’ve been giving away a bunch of P4 systems which lack disks and are not cabled for IDE disks – a supply of SATA disks would make them a lot more usable.

Also any other random electronic stuff is of interest, including non-Linux things such as mobile phones (but only if not network locked).

If you have something that’s big or heavy to donate then contact me via email first.

Other Options

Computerbank does great work in rebuilding old PCs and selling them cheaply to worthy people [2], but most of the spare hardware I get is below the minimum specs that they will accept. I’m not planning to compete with Computerbank in any way, I just want to provide a useful service to LUV members who want to upgrade their PC for free.

I encourage other people to do the same at other LUG meetings!

Related posts:

  1. Donating old Hardware On a recent visit to my local e-waste disposal place...
  2. Giving Away Hardware For the last few years I have been actively seeking...
  3. Shelf-life of Hardware Recently I’ve been having some problems with hardware dying. Having...

Syndicated 2012-03-05 10:33:13 from etbe - Russell Coker

Links February 2012

Sociological Images has an interesting article about the attempts to apply the word “Camping” to OWS and framing the issues [1].

Lester Macgurdy wrote an insightful article about “the snake”, a new technique for OWS protesters to beat riot police [2].

Ron Barassi suggests that “Australia Day” be celebrated on the 27th of May to commemorate the day in 1967 when the Australian constitution was amended to not be racist [3]. The current “Australia Day” is often referred to as “Invasion Day”. IMHO Ron deserves another “Best and Fairest” award.

Stefon Harris gave an entertaining TED talk about improv Jazz music titled “There Are No Mistakes on the Bandstand” [4]. It seems that his concepts can apply to some extent to many collaborative projects.

John Robb wrote an interesting article about the future of drone (UAV) warfare [5]. He suggests that having one person control each drone is a temporary thing and that the future is to have a cloud of cheap autonomous drones taking strategic control from one person. His comparison of Starcraft players to future drone fighters is interesting.

The OWS movement is branching out into other related areas, OccupyYourHomes.org is one of the latest ones [6]. When banks try to forclose on homes without good cause the OWS people are protesting.

Cory Doctorow wrote an important article for The Guardian about corporations using the Youtube ContentID system to pirate works that other people have uploaded [7].

Matt Taibbi’s description of Goldman Sachs as “a great vampire squid wrapped around the face of humanity, relentlessly jamming its blood funnel into anything that smells like money” will never die [8]. It has spawned many other creative descriptions of the evil and greed of Goldman Sachs and even Lloyd Blankfein of Goldman Sachs describes his company as having “burned down the Reichstag, shot the Archduke Ferdinand and fired on Fort Sumter” – he was trying to use satire, but I don’t think that Goldman Sachs people would act differently to Fritz Thyssen.

Keith Packard wrote an interesting article about the Calypso CalDAV system which he uses with Android [9]. He makes lots of good points about how to improve calendaring and contacts on Android, unfortunately I lack time to fiddle with such things at the moment so I’ll stick with Google in spite of the risks.

Asheesh Laroia wrote a great article about the problems with short (32bit) GPG keys [10]. It seems that creating keys with matching ID numbers isn’t particularly difficult and that GPG doesn’t handle them as well as we would like giving the possibility of at best annoying DoS attacks and at worse security problems due to using the wrong key.

Sociological Images has an interesting article about when game show audiences are trustworthy [11]. It seems that French people don’t want an undeserving person to win so they will intentionally advocate the wrong answer if the contestant should know it.

Paul Wayper gave a great lecture titled “SE Linux for Everyone” [12]. He covers the basics of SE Linux in a user-friendly way and explains some simple solutions to common problems which don’t involve compromising system security.

Paul Tassi wrote an insightful article for Forbes about piracy [13]. His conclusion is that the media companies should make it cheaper and easier to be a customer and not spend insane amounts of money on low quality products.

The Reid Report has an interesting article about Ron Paul’s racism [14]. Ron Paul is generally well regarded outside the US because he wants the US government to stop meddling in the affairs of other countries, but while he’s less bad than other US politicians in terms of foreign policy that doesn’t make him a good person.

Anonymous hacked some mailboxes belonging to a neo-Nazi group and found links to Ron Paul [15]. I’ve always been suspicious of the way Ron Paul wanted to avoid anti-racism legislation on supposed Libertarian principles.

The Reid Report has an interesting summary of Ron Paul news plus some criticism of Glenn Greenwald and others who associate with him [16].

Related posts:

  1. Links February 2011 Australia’s Department of Finance has mandated that the MS-Office document...
  2. Links January 2012 Cops in Tennessee routinely steal cash from citizens [1]. They...
  3. Links February 2009 Michael Anissimov writes about the theft of computers from the...

Syndicated 2012-02-15 15:19:51 from etbe - Russell Coker

950 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!