The Caffeinated Penguin

musings of a crackpot hacker

Encrypted FS-es pushed off until hoary

| March 25, 2005

I got it working, just not nicely. The libpam-mount that comes with Warty (.18 release) doesn't seem to like dm-crypt type stuff.

I figure I'll wait for Hoary and try it again.

Yes, I'm waiting for the official Hoary release. This is intentional. I'm waiting to go through the “novice user” experience of what happens. Ideally, I should just fire up synaptic and a round of upgrades should modify my Warty -> Hoary. If I have to go through the procedure as defined in the upgrade HowTo (basically, update the package list), then I'll probably fill out a bug that it needs to be nicer. (for what that's worth).

It's late people. Night,

Encrypted homedirs revisited

| March 24, 2005

So, I’ve been pondering this more, and it occurs to me that a LOT of stuff breaks:

  • gdm (I had problems with it when my NFS was broken; can’t read some info or something. I presume it would have the same problem too)
  • cron (okay, cron will still work, but if you’re running anything in your homedir, you can’t get to it)
  • public_html directories (you know, the kind that web sites are hosted on)
  • .forward and .vacation files (used by some mail servers)

I’d think that the Macs have the same problem.

Perhaps the better course of action is an encrypted folder that sensitive information is put in to. Of course, this would have to be all the sensitive stuff, like the .firefox and .thunderbird directories, as well as any other sensitive documents and all that crap.

crypto followup

| March 23, 2005

Looks like I'll use dm-crypt + libpam-mount as described here. Of course, this doesn't do dynamic sizes, so all of a sudden my homedir is going to become something like a 10GB file (double what I need).

fiddled with encrypted filesystems

| March 23, 2005

As near as I can tell, a bunch of headway was made on this in 2.6, but it's still not as good as Apple's FileVault. The main hinderance (aside from the fact that Apple makes it really easy), is the lack of being able to resize it automagically on the fly. After all, how hard is it to make homedirs a file which grows until it fills whatever partition it's located on. Anything else is kind of crap.

An alternative might be CFS. I need to look in to it. Basically, it encrypts files in a normal directory and uses a loopback NFS mount to show you the clear text stuff…

WRT-54G firmware

| March 23, 2005

So, I’ve been having a problem with my router. About the time I got DSL, dhcpd started dying. A lot. Like, every day. I don’t know why. So, I figured I’d try some new firmware. Let’s go over the state of replacement firmware.

Criteria:

  • Must do local DNS (so that I can put DNS entries in the router and it is a DNS server)
  • Must work on versions of hardware up to 2.2. (I have two routers – an early 1.x model and a more recent 2.2. The 2.2 is my test mule).
  • Bonus: If it can be a client/bridge, that would be great.

The candidates and results:

  • Sveasoft: This is what I was using. However, he’s stopped releasing free upgrades, which makes me not be interested in running it anymore.
  • Wifi-box: Doesn’t seem to work on the 2.2 hardware.
  • OpenWRT: This is the gentoo of WRT54G distros. It comes with very little and was too much hassle for me to be interested. FYI – It took me 2 hours to get this off the router once it was on, because the nice web based upgrade goes away. I ended up turning boot_wait on and doing a tftp upload.
  • EWRT: No local DNS.
  • HyperWRT: No local DNS.
  • DD-WRT: Perfect! Based on Sveasoft’s GPL-ed releases, and tremendously extended. Very impressive.

Features (besides the required stuff. Oh, and it will be a bridge, too).

  • Create multiple VLANs, one on each port
  • Use a radius server for auth.
  • Afterburner support (hmm, isn’t this supposed to be a GS feature?
  • WDS (repeater/bridging) support
  • Strictly client mode support
  • Firewall can filter cookies, java applets, and activeX controls. (I’m thinking of enabling the last one just to piss off anyone who visits my house using an instrument of the evil empire…).
  • QoS rules: Prioritize by service, netmask, MAC, etc.
  • sshd, telnetd, syslogd, xbox kaid (wtf is this?)
  • It will mount a samba share (and this is useful, how?)
  • Ability to backup config (the older sveasoft I was using didn’t have this.

So, anyway, it’s slick. We’ll see if it fixes my problems.

Mac Mini gets here friday!

Politics, news, wargaming, misc.

| March 22, 2005

Hello all. Just a quickie to keep folks abreast of the bits of my life.

  • Went to Havoc on Saturday. Not bad. Played a modern game and a Korean war game. The Korean war game was wierd; basically, instead of “turns”, you basically got to keep going until your guys missed what they were shooting at, or the enemy successfully shot you (which they can do when they interrupt your turn)
  • I’ve kind of given up on writing my own modern game rules. It’s just too much work. Instead, I figure I’ll take the Warhammer 40,000 core mechanic, and author a rules modification and army lists to allow it to be used in a modern scenario with 20mm figures.
  • In pursuit of the above, I’ve bought some of the Jane’s “recognition guides”, which are basically condensed versions of the various books. These are reasonable (under $20) or so, but the full on books are like $750, which surprised me at being super steep
  • Liz and I have started making our own pizza (pictures below). The premade dough seemed like a good idea, but I think it’s been sitting in the supermarket too long and has formed too much gluten. So, I think we’ll try making our own. It’s not hard to make dough, it’s hard to remember to make it an hour before dinner time.
  • I’ve been listening to this Terri Schiavo thing on the news. I’m not going to comment on whether the husband has a right to pull the plug or not, because I guess I can see the argument both ways. However:
    • Until it’s fully decided, they should be feeding her, because if she dies, and the court case comes out the other way, then it can’t bring her back.
    • Seems like a bad way to die to me. Maybe we should examing euthanizing people?
    • I think the federal government is setting a bad precedent getting involved.
    • Maybe this will force the right to die issue through congress. I’m really tired of court decisions making laws; it’s not supposed to work that way. Abortion law should have been decided by act of congress, not Roe v. Wade. It’s better that way, and is kind of the way it should be.
  • My Mac Mini shipped!
  • My WRT54G is misbehaving (dhcpd keeps dying) so it’s prompted me to look into replacing the Sveasoft firmare it’s running. This is compounded by the fact that the Sveasoft guy has started only releasing it to paying customers. This is within his right, but not very nice. Will keep people updated
  • This .NET stuff is starting to grow on me. It’s like C and Perl kind of mixed together. Highlights:
    • Regexp library is quite good.
    • Passing variables by reference, or designating output variables is a lot more formal now, which is good; cuts down on mistakes
    Of course, it’s not 100% good:
    • MS’s IDE still sucks. Granted, it sucks less than VS 6, but it still is pretty bad. The indenting is screwed up and the MDI is crap
    • It’s really object-oriented. Like REALLY. Like, when doing an enumeration, and you’ve declared some variable as that enumerated type, you still need to do variable = type.value in assignments. I understand why, but it takes some getting used to
Monday Pizza

Monday night Pizza

Tuesday Pizza

Tuesday night (tonight) Pizza

User icon, recipes, snow, kitties

| March 12, 2005

After much nag^H^H^H suggestion from Liz, I have updated my user icon with a more recent photo. Older, paler, and less hair (both up top and on the face). What the hell; Patrick Stewart is dead sexy, so all I need to do is lose the paunch and I'll be able to “make it so” with the best of them.

I've also gone through my recipes. These used to be cards done in WordPerfect. I've converted them to US Letter sized pages in OpenOffice (using the wpd2sxw conversion utility and a bit of reformatting). All are done at a size 14 font (easier to read from a distance while cooking, you know). For the curious, this large size works because I keep my recipes in plastic sleeves in a three ring binder (thanks to Alton Brown for the suggestion. Oh, and people should buy his books; they're quite good. Think “food hacker” technical manual. The cookbook even has a roadmap to the various edible parts of animals! Of course, none of them unseat The Joy Of Cooking as the quintissential American cookbook, but, I digress). Anyway, the binder makes sense – most of my recipes are gotten from the internet and printed off on my printer. Just toss them in the binder and you're good. Plus, the plastic keeps errant splashes from the recipe. But, without further ado, here they are, as a zip file of pdf's of all of them (for all those winders people).

http://www.mattcaron.net/lj_images/recipes.zip

As far as I know, these are all public domain recipes. Most were collected by my mother over the years and transcribed by me when I went to college and raided her recipe box. The rest were given to me by friends or are modified versions of recipes I found online and revised.

Snow Snow, for the snow deprived. Yes, it was almost white out. Kitties What kitties do on a snowy day: sleep. (Come to think of it, that’s what they do every day). They’re awake because I walked in. But, they were sleeping together in the bed. It was cute.

IPSec is up

| March 11, 2005

https://www.ubuntulinux.org/wiki/IPSecHowTo

And I converted all the old ones howtos to MoinMoin markup stuff (reading that there manual thingy about how to add Wiki pages correctly).

Note that this doesn't handle automatic keying. When I get done with other stuff (loopback encrypted fs's, maybe a Wiki page on using dar for backup, stuff like that), I might give it a whirl.

However, for now, it's Ice Cream (Ben and Jerry's NY Super Fudge Chunk) and book (Cold Zero, about an FBI Hostage Rescue Team sniper) time.

Take care all.

Verizon DSL and Linux

| March 11, 2005

(For the curious, I post this stuff because Google indexes it so people can actually find it)

  • The kit they sent me came with a Westell 2200 modem. Yours may be different and your mileage may vary
  • For starters, I booted the modem directly connected to my laptop running Linux. My machine got an IP, but nothing interesting happened after that. So, I booted into Windows to run their install CD. (It runs in OSX as well).
  • The install CD is slick, you just have to stop it before it installs all the extra software you don’t need. Basically, the “account setup” is all you care about.
  • The accound setup does 3 things:
    1. Sets up an account with Verizon’s DSL servers (for PPPoE authentication)
    2. Sets up the router to send that account info for PPPoE authentication
    3. Sets up the router to use that same account info for the router’s administrative account
    Now, the last 2 can be done without Windows, but I don’t know of a way to do the first without Verizon’s help. Come to think of it, I don’t know the default username/password for the router, though Google probably knows the answer.
  • Anyway, once that was done, the laptop could connect to the world. So, I plugged it in to my wireless router.
  • Perhaps it’s time for a network topology diagram. Or, maybe because I want to play with Dia again… Okay, so xfig is still better than Dia, but here is a diagram: My Network
  • Okay, so by default, the modem boots up on an IP of 192.168.1.1. This caused a problem, because that’s the IP of one of my machines. So, I switched my network over to 192.168.0.xxx. In hindsight, this was a silly idea – I should have just changed the Westell router’s IP. But, it was late, and I was being dumb.
  • Overall, the DSL seems much faster, especially upstream. The bandwidth is technically less, but the latency is also less, so it feels faster.
  • One problem that I had to remedy was that I think the DSL router is a little overloaded. By default, DNS queries are bounced through the Linksys router, then the Westell router, then to Verizon’s servers. This was taking an ungodly long time, and was somewhat unreliable. So, I turned off DNS on the Westell router and set the Linksys router to use the Verizon servers and pass them to DHCP clients.
  • I also configured the Westell router to pass it’s public IP through to the Linksys router, so that I can get to it from the world – or at least, I was supposed to when I thought it was a static IP. However, it changed last night, so my guess is that the customer service people are dumb and it’s not really a static IP

Star Trek, Cheese, Apple, and the future

| March 11, 2005

  • I was watching original Star Trek. It’s amazing how many alien worlds look like southern California
  • I would have to rate cheese as one of the most impressive human inventions/disoveries. It’s so wonderful, versatile, and varied.
  • Apple has won the latest round in a battle to get information as to whom leaked info to apple rumor sites. Here’s my two cents on the issue:
    • Bloggers blur the line on who is a journalist and who isn’t. The US has a long tradition of amateur hobbyists changing things, so it bothers me that the judge ignored the question as to whether bloggers were journalists or not. However, I don’t blame him – that’s a hot potato I wouldn’t touch.
    • Journalists should be protected from having to disclose Whistleblower sources, perhaps even by law. However, that is not the case here – these were employees who violated their NDA’s by disclosing information about unreleased products. This is not a safety/whistleblower type issue; it is someone wo did something they shouldn’t, and the journalists should give up their sources or go to jail for contempt. Apple should fire the people nad be done with it.
  • I’m really against this whole movement to play God. People are creations of the divine being, and it is not for us to monkey with His design. Whatever humanity is, that is what it shall remain. It is not for us to change that.

    And as you pick your jaw off the floor, feel reassured that I was just making a point. Think I meant the above logic to apply to genetic engineering? Think again. Some hundreds of years ago, this logic was applied to studies of anatomy, surgery and biology. This is why the Arab world had such marvels as “surgery” and “hygene” and the Christian world had varied ailments such as the plague. Looking at it from the present, we think the idea of performing surgery being against God is ridiculous. Did it ever occur to the various anti-genetic engineering people that the above logic is equally silly now? One cannot stop science: someone will always do it. By making it illegal, all you do is drive it underground. By leaving it legal, there is at least a modicum of transparency and control.