Strange Loopiness

The forthcoming Ubuntu release, 7.10, the Gutsy Gibbon, is scheduled for release next month, 10/18. I recently tried installing it, and quickly encountered this bug, reported as fixed yesterday.

Ubuntu had inherited from Debian a problem whereby network interfaces’ names can be inconsistent from one reboot to the next. The installer identified my mobo’s wired network interface as eth1. On rebooting, the OS decided it was eth2, but /etc/network/interfaces had been configured to use the (now non-existent) eth1, hence no network.

In days’ past, I’ve used /etc/iftab to ensure it didn’t recur, but, apparently, as of Gutsy, this approach is deprecated, and the shiny new method is to use udev.

I then spent much time bashing my head against trying to arrange to boot into an encrypted root filesystem within an LVM2 logical volume on an encrypted LUKS partition, similar to this but using yaird to create the boot image. This is something I’ve done in the current Ubuntu release, Feisty. But I ran into a couple of bugs in Gutsy’s yaird package. (The trivial one also existed in Feisty, but I didn’t report it then.)

It’d be nice if Ubuntu offered an encrypted root installation option like Debian Etch, but I’d probably want enough things different from any set of options offered to end up doing it manually anyway.

I’m pretty sure I know how to fix the problem now. But I haven’t had the time to take another crack at it, so my first look has been stalled here.

Maybe when I’m done, I’ll write yet another encrypted root howto.

Posted by Zed at 6:56 AM | Permalink | Comments (0)

Pocahontas had some little webcam she’d gotten a while ago as a promo item for signing up with an ISP. For a while, I’ve had in the back of my mind to use it to build a LavaCan. Because, you know, every home needs a cryptographically secure source of random numbers in hardware. Well, it seems like people were lucky to get this camera working with an allegedly supported OS. This guy heroically analyzed the signal between the PC and the webcam and came up with some sort of picture, but his write-up falls short of providing code.

Oh well. The Weecam’s off to the Alameda County Computer Resource Center, and I’ll give iwrandom a try. (But a webcam in the dark is so much cooler, drat it.)

Posted by Zed at 7:18 AM | Permalink | Comments (0)

It seems that Debian packages and Ruby gems don’t play nicely together. I had apt-get installed rails, and my first attempt to use a rails app (someone else had written) blew up because it had an internal check for a Rails gem of a certain version. Since my Rails hadn’t been installed as a gem at all, it immediately failed.

So far as I can read on the Interwebs, most people facing this install rubygems as root, and do their subsequent gem installs as root, letting them write wherever in the filesystem they like.

That makes me queasy. I don’t want to mix two package systems in the same environment.

So here’s how I installed ruby/rubygems/rails in Ubuntu 7.04, with all gems under /usr/local.

Following the ruby1.8 package’s own instructions for a full Ruby 1.8 distribution:

sudo apt-get install ruby1.8 ruby1.8-dev ri1.8 rdoc1.8 irb1.8 ruby1.8-elisp ruby1.8-examples libdbm-ruby1.8 libgdbm-ruby1.8 libtcltk-ruby1.8 libopenssl-ruby1.8 libreadline-ruby1.8

I assign ownership of /usr/local and everything under it to the admin group, and make /usr/local and its subdirectories group-writable (per Ubuntu’s defaults, my primary login, which I created during installation, is a member of the admin group.)

sudo chown -R root:admin /usr/local 
sudo chmod 775 /usr/local /usr/local/*

I get and install rubygems.

mkdir /usr/local/lib/rubygems
export GEM_HOME=/usr/local/lib/rubygems
cd /usr/local/src
# as of this writing, the latest rubygems from http://rubyforge.org/frs/?group_id=126
wget http://rubyforge.org/frs/download.php/20989/rubygems-0.9.4.tgz
tar xzf rubygems-0.9.4.tgz
cd rubygems-0.9.4
ruby setup.rb config --prefix=/usr/local
ruby setup.rb setup
ruby setup.rb install

I add the following to my .bashrc, but you’ll want them in any environment using gems. With multiple users on a system, you might want to put this in /etc/bash.bashrc.

export GEM_HOME=/usr/local/lib/rubygems
export RUBYLIB=/usr/local/site_ruby/1.8
export RUBYOPT=rubygems
export PATH=$PATH:/usr/local/lib/rubygems/bin

The grand finale:

source .bashrc # or wherever you put them
gem install rails --include-dependencies

It’s that easy!

References:

• Installing Rails and Mongrel on a Shared Host
• Ruby on Rails on Debian
• RubyGems User Guide, Ch. 3

Posted by Zed at 10:22 PM | Permalink | Comments (0)

I enjoyed this take on an Emo Philips joke (found on the Church of Emacs page.)

I asked my email-pal: “UNIX or Windoze?”. He replied “UNIX”. I said “Ah…me too!”.

I asked my email-pal: “Linux or AIX?”. He said “Linux, of course”. I said “Me too”.

I asked him: “Emacs or vi”. He replied “Emacs”. I said “Me too. Small world.”

I asked him: “GNU Emacs or XEmacs?”, and he said “GNU Emacs”. I said “oh, me too.”

I asked him “GNU Emacs 19 or GNU Emacs 20”? and he said “GNU Emacs 19”. I said “oh, me too.”

I asked him, “GNU Emacs 19.29 or GNU Emacs 19.34”, and he replied “GNU Emacs 19.29”. I said “DIE YOU OBSOLETE NOGOOD SOCIALLY MALADJUSTED CELIBATE COMMIE FASCIST DORK!”, and never emailed him again.

Ubuntu Linux 7.04 beta, GNU Emacs 23.0.0.1 alpha, with Xft support. But I’m reformed — any Linux or BSD distro and Emacs flavor is OK by me. (Everyone else can DIE!)

Posted by Zed at 11:25 PM | Permalink | Comments (3)

The default individual entry archive template includes a block of template markup for posting comments… but that block doesn’t support Typekey authorization. You need to boost the markup from the comment preview template.

The text boxes on the edit entry page are tiny little things, because mt-static/styles.css is missing an entry for the full-width class. This can be fixed by putting this in your mt-static/user_styles.css:

Posted by Zed at 8:08 AM | Permalink | Comments (0)

This security professional is so paranoid that Bruce Schneier thought he had to be kidding.

And for Bruce Schneier, SHA-1 is merely a compression algorithm.

Posted by Zed at 6:54 AM | Permalink | Comments (0)

The truth about Lisp:

If you’re good enough to use lisp, you’ll soon be frustrated with lisp. Lisp is not an adequate lisp. By the time my bus had made it two blocks I’d written some simple lisp macros that were so powerful they made lisp completely obsolete and replaced it with a new language. Fortunately, that new language was also called lisp. And i was able to prove, mathematically, that the new lisp i’d created was both far superior to lisp in every conceivable way, but also exactly equivalent to lisp in every possible way. I was very excited by this. But also found it very boring.

Posted by Zed at 6:09 AM | Permalink | Comments (0)

Computing square roots through subtracting half the operand from a magic constant actually works tolerably well.

It brought to my mind the treacherous optimization of grep.

Posted by Zed at 6:37 AM | Permalink | Comments (0)

Keeping your life in subversion is a really good idea I really should implement.

Posted by Zed at 6:48 AM | Permalink | Comments (0)

When I first heard of FIOS, Verizon’s fiber-optic Internet service provision, I was amazed: 15 Mbps downstream and 2 Mbps upstream for $44.95 a month? But the devil’s in the details.

The consumer offers do not permit customers to host any type of server, personal or commercial.

And they block port 80 and inbound port 25, the standard ports for HTTP and SMTP.

Too many things could be accurately termed servers for this to be meaningfully enforced without outraging all of their customers. Allow remote desktop connections in Windows XP Pro, and you’re running a server.

Nearly anything useful you could do with any significant percentage of that upload speed could be described as operating a server. Clearly, they have no intent of enforcing the rule to the letter, or they’d be forbidding a lot of things that most of their customers want.

But it gives them a means of cracking down on anyone daring to actually make use of that upload speed.

This is false advertising + plausible deniability.

Posted by Zed at 6:02 AM | Permalink | Comments (0)

I am scheduled to take Edward Tufte’s Presenting Data and Information one-day class in San Francisco in December.

Envy me.

Here’s a story about two Sun engineers showing a new UI to Tufte.

We were very proud of our user interface and the fact that we had a way to browse 16,000(!!) pages of documentation on a CD-ROM. But browsing the hierarchy felt a little complicated to us. So we asked Tufte to come in and have a look, and were hoping perhaps for a pat on the head or some free advice.

He played with our AnswerBook for about 90 seconds, turned around, and pronounced his review:

“Dr Spock’s Baby Care is a best-selling owner’s manual for the most complicated ‘product’ imaginable — and it only has two levels of headings. You people have 8 levels of hierarchy and I haven’t even stopped counting yet. No wonder you think it’s complicated.”

Oh.

Posted by Zed at 6:05 AM | Permalink | Comments (0)

Is it just me, or is Sqlite3 goofy?

I am the very model of a modern major database,
For gigabytes of information gathered out in userspace.
For banking applications to a website crackers will deface,
You access me from console or spiffy user interface.

My multi-threaded architecture offers you concurrency,
And loads of RAM for caching things reduces query latency.
The data is correctly typed, a fact that I will guarantee,
Each datum has a data type, it’s specified explicitly.

Posted by Zed at 6:44 AM | Permalink

Sumana’s title makes this funnier. If House were a software engineer (the character names are complicated acronyms):

Black sidekick improbably even thicker than the other two and pompous with it: The error message does imply some sort of dynamic linkage.

Me, gravely: Error messages always lie.

Necwfh: So what shall we do?

Me: Double the RAM, update the virus checker, scan the string tables, log the exceptions and put it on a sampling profiler.

Bsietttotapwi: How will this help isolate the problem?

Me: It won’t, you moron. We’ve got 45 minutes to fill. It would be fatal to make a correct diagnosis this early in the episode. And while you’re up, go have a look round the original programmer’s auntie’s holiday cottage in Cornwall. I’ve a feeling we may discover an Important Clue there.

Posted by Zed at 6:37 AM | Permalink | Comments (0)

It can be easy to forget how much I hate Windows.

A couple of weekends ago, I planned to install Ubuntu Edgy Knot 3 on a new hard drive. I’d been mostly planning on leaving off Windows entirely, but I’ll probably want to play Civilization 4 some day — its price is finally dropping, and there have been two patches released. What the heck, thought I, I’ll install Windows.

Windows is fussy about being the first thing on the disk, so I went to install it first. I didn’t take notes on the process, so I may err in some of the details that follow, especially on the exact order of things.

The disk partitioner was crude and unfriendly. There was no solicitation of keyboard preferences beforehand, so I had to operate it in QWERTY rather than my preferred Dvorak. My Windows XP CD is an update SP2 disc, so I had to pop my Windows 2000 CD in and out to prove I was eligible to use the update disc. And type in a long ugly string from the packaging. The installation took a long time, but didn’t require more attention.

Rebooted into Windows. Balloons popped up about having 30 days to activate, and my system may be at risk. Well, actually, I couldn’t activate, and my system was not at risk, because I had no Internet access — it had failed to install a driver for my ethernet hardware — an Intel chip on a 4-year-old Dell server whose motherboard is a clone of an Intel motherboard, so we’re talking cutting-edge esoteric hardware, you understand.

Dug up the driver CD that came with my machine. Installed the ethernet driver. Went to Internet Options and set my home page to update.microsoft.com, the only page I ever want to use IE for, and disabled ActiveX controls everywhere else. Opened IE. It chugged for a while, and then said I needed to update my Windows Update version (to include, among other things, Windows Genuine Validation.) I did so. Had to reboot; did so.

Realized I forgot to take the driver CD out; had to wait for it to boot to that so I could exit gracefully and reboot into Windows. Went back to update. It chugged for about a minute, then said I needed to validate before I could update. Tried to validate. It told me I had to activate before I validated. I activated, crossing my fingers that changing the hard drive (again — I’d done it in the past with Windows installations on this machine) wouldn’t cross the threshold of hardware difference that would require me to talk to Microsoft to make a case that I deserved to install their OS. It didn’t — woo hoo! Then I went back to update. Chugged for a minute again, but then I could finally validate.

Looked through the 60-some-odd updates. Declined to install the one where they’d run a service in the background to check whether my OS was legitimate and pop up warnings if it wasn’t. Installed them. Rebooted.

Then I went about installing all the things I wanted to have some sense of security on a Windows box — firewall, antivirus, Firefox, startup control monitor, the TweakUI powertoy so I could disable autorun on all drives current and future.

Then I installed Edgy.

Had a much better tool to partition the remainder of the drive. Answered some questions about locale, including getting to select Dvorak before I had to do any typing. It recognized my ethernet hardware. Spent a while installing things (a much shorter while than Windows), I rebooted, and there I was.

Yeah, there are some bumps in the road with Linux, usually having to do with using hardware whose use the manufacturers support only with Windows, or using software to handle propietary formats, which tend to come with licenses that preclude a free Linux distribution from installing by default.

But, on balance, I find installation and maintenance of Ubuntu to be easier than Windows.

Posted by Zed at 6:31 AM | Permalink | Comments (0)

If you weren’t there in the late ‘90’s between the rock of Unisys suing people for creating GIFs without a license, and the hard place of MSIE’s then terrible support for PNGs, you probably won’t care. But GIFs are no longer encumbered by patents.

When I was facing this problem, my employer was bought by a huge corporation. Hey, maybe they had a GIF license, and all my troubles would be over! I managed to get the question posed to the legal department of the corporation had a license that allowed us to generate GIFs.

Being the top-notch legal minds of a high-tech corporation, they came back with this answer:

“Well, it depends on the content of the images.”

Posted by Zed at 6:03 AM | Permalink | Comments (0)

Free vs. non-free. But which is which?

So the Mozilla Corporation has asked us [Debian] to stop using the name “Firefox” in our version of Firefox, unless we use the fox on a globe logo. We can’t use the logo because its copyright license is not free. Even if somehow we could do this, they want to vet every patch we apply before we release a package called Firefox containing it.

Posted by Zed at 8:05 AM | Permalink | Comments (0)

For no apparent reason, Ubuntu’s rdesktop package omits a Dvorak keymap. In the notes to myself department, here’s how to fix that.

sudo aptitude install rdesktop<br /> cd /usr/share/rdesktop/keymaps<br /> sudo wget -O en-dv http://rdesktop.cvs.sourceforge.net/*checkout*/rdesktop/rdesktop/keymaps/en-dv?revision=1.1

Posted by Zed at 8:55 AM | Permalink | Comments (2)

This brought me back to my youth.

Posted by Zed at 12:35 AM | Permalink

Conky is way cool — it provides a template for updating info on your screen which can be anything from system monitoring to RSS feeds. I’m making excuses to do more things with my computer just so I can monitor them.

Posted by Zed at 8:37 AM | Permalink | Comments (0)

I’ve been playing around with some new Linux CDs. A while back, I crowed about getting 200 CDs on the cheap. It turns out they were cheap in every sense, and between a third and a half of them turn to coasters when I use them. So I thought I’d start looking at the burned CD’s checksum to verify it. Surely there was some easy way to do that; I just didn’t know what it was.

Turns out: not really.

There’s this mess, requiring a local copy of the .iso:

dd if=/dev/cdrom | head -c `stat --format=%s /ISO/Mandrake/MandrakeLinux-9.2beta1-CD1.i586.iso` | md5sum

and there’s just cmping it — if the CD eofs first, there was a problem.

$ cmp /dev/cdrom /ISO/Mandrake/MandrakeLinux-9.2beta1-CD1.i586.iso
cmp: EOF on /ISO/Mandrake/MandrakeLinux-9.2beta1-CD1.i586.iso

And then maybe none of the above will work on modern high-speed anti-vibration drives.

I did find that reading a CD in one of the high speed anti-vibration CD drives can be a problem — in trying to do the md5sum after burning on such a CD drive using “md5sum /dev/cdroms/cdrom1” I got inconsistent results.

Posted by Zed at 5:03 AM | Permalink | Comments (0)

Well, crap. It arrived. It’s beautiful. It’s broken.

All the complicated stuff works, but plain old wired Ethernet doesn’t. Given that the wireless does work — Edgy Eft Knot 2’s installer gets it right straight off — it’s tempting to ignore the problem. I have wifi at work; I have wifi at home; in how many settings will I have an Ethernet jack and no wifi?

But, dammitall, a wired connection is just too important a contingency. I’m off to warranty hell.

Posted by Zed at 8:06 AM | Permalink | Comments (2)

I’ve written before about lusting after a portable computer. I’ve finally taken the advice of a commenter on the latter entry: last week, I ordered the tiny Fujitsu P1510D after discovering the current price for a refurbished model, and that it works pretty well with Linux.

Naturally, Fujitsu immediately announced its successor, the P70T/V. But I’m not sorry — I wouldn’t have minded the energy savings the Core Solo will probably offer, but that machine will continue to be a lot more expensive, and, for now, it’s a mystery how well Linux would run on it.

It was supposed to arrive today, but there was a delivery screw-up. Should be here tomorrow. You may be able to hear my squeals of glee from where you are.

Posted by Zed at 9:38 PM | Permalink | Comments (0)

For months, I’ve been harboring a secret shame: my wifi network was insecure. Sure, there was the token not broadcasting the SSID, but any old miscreant could have connected to my network, sniffed the traffic, even launched a man-in-the-middle attack.

I tried a couple of times to set up WPA, but, amidst the thousand different conflicting bits of advice I found hither and yon on the web, I never got it to work. Finally, this weekend, I butted my head against the problem until it broke. The most important tips were here and here — I built the latest versions of ndiswrapper and wpa_supplicant and managed to configure them.

One pleasant surprise — though my wireless card is advertised as supporting just WPA, the release notes for the latest driver say:

Added four wireless security methods: WPA-Personal, PS2 (WPA2-Personal), WPA-Enterprise, and RAIUDS [sic] to the Wireless Network Monitor for Windows 2000 and XP.

And, sure enough, even running within ndiswrapper, I got WPA2 to work.

Tune in for further exciting adventures in network administration, as I try to get OpenVPN running on my wifi router.

Posted by Zed at 9:30 PM | Permalink | Comments (0)