Category Archives: Tech

HTC Vivid with Ice Cream Sandwich

Posted on by

A few weeks ago, I was able to borrow an HTC Vivid. I upgraded it to the latest version of Android: Ice Cream Sandwich. My overall verdict is that I like it, almost as much as iOS 5. Android is more polished than ever before.

Here’s what I like about the HTC Vivid ICS experience:

  1. Bluetooth keyboard support. Android ICS is the first release that supports my bluetooth keyboard, and that’s a killer feature for me. The GMail app is the worst when using the keyboard, because the keyboard suggestions pop up over the top of what I’m typing, which is very annoying. The other apps, including ColorNote, pop up suggestions just above the words that I type.
  2. Smoother Dropbox integration. Apps integrate with it far more easily by sharing files on the filesystem. This means that it’s much easier to keep my password database synced between computers than on my iPod Touch — I don’t have to think about it.
  3. One device instead of three. The Vivid has the functions of my iPod Touch, my Sansa Clip (FM Radio and Ogg Vorbis support), and phone. It’s easier to carry around one device and charge one device instead of three. On the other hand, it has to be charged more frequently than my iPod and my feature phone. The Sansa Clip is better for exercising because it’s so lightweight.
  4. Faster web experience, especially with web pages utilizing heavy JavaScript.
  5. Better web experience. The larger screen makes it easier to read web pages, books and email. Apple’s browser zooms in and out on the correct regions much better using double tap than does Android’s browser. It’s more convenient to watch YouTube videos on a larger screen and a faster CPU.
  6. Much nicer camera than the iPod Touch.
  7. Power usage stats, per application. The screen uses the most power by a wide margin.
  8. Network usage metering and control per app.
Here’s what I like better about iPod Touch:
  1. Apps are all on the desktop by default, instead of buried.
  2. No data plan.
  3. Easier to use apps. Most apps that can be found for both devices are easier to use on iOS than on Android, and they usually have more features on iOS.
  4. Better email app than Google’s Gmail app on Android. The Gmail app is too busy, and I haven’t figured out how to mark messages as unread.
  5. I find the iOS keyboard easier to work with.

When CTRL-C in gdb shuts down a program insted of interrupting it

Posted on by

According to The Linux Programming Interface, a well-behaved multi-threaded UNIX program should use sigwait() or sigwaitinfo() instead of signal() or sigaction(). A linux-only program could even use signalfd().

Unfortunately, Linux/UNIX programs using sigwait() are hard to interrupt in the debugger. Instead of interrupting the program, it terminates the program. How does one work around this problem? See my answer on stackoverflow.

 

C++ initializer lists

Posted on by

One of the cool new features in C++ is initializer lists. Here’s an example from Wikipedia:

struct Object { float first; int second; };

Object scalar = {0.43f, 10}; // One Object, with first=0.43f and second=10 Object anArray[] = {{13.4f, 3}, {43.28f, 29}, {5.934f, 17}}; // An array of three Objects

There’s another example over at stackoverflow.

IBM has published the useful C++0x feature support in GCC 4.5.

Autojump: Faster than ‘cd’

Posted on by

Here’s a cool tool: autojump, written by Joel Schaerer (thanks, Joel). I spend much of my day as a programmer navigating around in the linux filesystem. Built-in tools like ‘pushd’ and ‘popd’ are nice, as are subprocesses — e.g. 

 (cd ~/Download && wget http://somewhere.com/path/to/file)
… and when it finishes downloading, I’m still in the directory I was in before the download was started.

Now there’s autojump to add in to the mix. After I ‘cd’ to various directories, later, I can type ‘j Down’ to cd to my Downloads directory. Very convenient. I just wish it were built into every distribution of linux.

Linux tty auditing

Posted on by

Since RHEL 5.4, and in recent Fedora releases, it’s possible to audit what users type at their tty (command prompt), thanks to the work of Steve Grubb, a RedHat employee.

Edit /etc/pam.d/system-auth and append the following, but not both: 

session required pam_tty_audit.so disable=* enable=root
session required pam_tty_audit.so enable=*
Wait for users to log in and type into a terminal. Later, to see audited tty input, run: 
aureport --tty
When a user logs in, the pam module tells the kernel to enable tty auditing for a process and its children. All tty input is logged, but it may not be incredibly easy to read (it includes backspaces, control characters, etc.). I’m unclear as to when and how often the kernel flushes out accumulated tty input to the audit log. The records are identified with a type of TTY in /var/log/audit/audit.log.

In addition to tty auditing, RedHat patched their bash shell so that it neatly audits each and every command line it executes, with a record type of USER_TTY. It’s prettier to read than raw tty auditing — and it’s easy for a user to bypass by using a shell that doesn’t send its commands to the Linux audit system, like zsh, or a custom-built unpatched bash. Maybe that’s why “aureport –tty” doesn’t show USER_TTY records.

The Linux auditing system is powerful. It’s possible to write rules that watch for modification to certain files, or that log the use of certain system calls. See the “audit.rules” manpage for more information.

Pitfalls of verifying signed jar files

Posted on by

In the Java world, it’s possible to digitally sign a jar file using ‘keytool’ to generate or import a digital signature, and ‘jarsigner’ to do the signing. What isn’t so obvious is that when we use ‘jarsigner’ to verify a signed jar, it doesn’t verify that we trust the signature that signed the file. It simply tells us whether the contents were signed by a public key that was included with the jar file.

Surprisingly, there’s no option to tell jarsigner to check for trusted signatures.

In code, we can use java.util.jar.JarFile to check the validity of a jar file. By default, the constructor to JarFile says we want to check the validity. Code must then iterate through each entry in the JarFile and seek to the end of each input stream, otherwise, the integrity isn’t checked. In other words, the java.util.jar.JarFile doesn’t give us the integrity checking with a simple method call such as isValid(), and it doesn’t give us an easy way to check that we trust the signature that the entries were signed with.

Anyone, anywhere, can create their own certificate, and sign a jar file — so if we want to establish trust for a signed jar, we get to do extra work. On stackoverflow.com, Jarek Przygódzki linked to code that shows how to check for trusted signatures.

I wonder why establishing trust for a signed jar isn’t easier. Could it be that signed jar files originated in the bygone era when we ran Java applets in our web browsers? Did web browsers use their certificate authority database to verify some level of trust for the signature contained in a jar file?

Verifying trust is a delicate issue, as demonstrated by the recently hacked certificate authorities including Diginotar and Comodo. Perhaps it’s a good thing that Java’s libraries and command line tools don’t make it deceptively simple to check jar files based on certificates trusted by Certificate Authorities.

Still, I wish the documentation for jarsigner and JarFile would shed more light on the limits of their default verification. I’d call it “hash checking” or “integrity checking based on hashing”.

 

Easy updates with iOS and Linux vs bomardment from Windows

Posted on by

When I want to check email on my iPod Touch, I simply unlock it, load the email application, and read messages. What a joy. The tool works and works for me. It is my servant, instead of me being its servant.

Compare that to my corporate Windows Laptop. I open the lid and unlock it, wait for corporate anti-virus (I think) to chew through the I/O on my machine for several minutes. Then I can read my email using the unimpressive and slow Lotus Notes (I’d rather be using Thunderbird, Outlook, or speedy mutt).

Or compare to my home Windows Laptop. I open the lid, log in, and am bombarded with requests from several programs to install updates. I just want to check my email, not be attacked with annoying “update me!” windows. I see one from Thunderbird, another from Adobe Flash, another from Mozy and another from Firefox. By the time I’ve upgraded, sometimes I’ve forgotten what I wanted to accomplish in the first place.

Apple has it right with updates for the iPod Touch: They stay out of my way until I want to bother with them, and then they’re all manged together.

Linux has it right: A single package manager updates everything, in one shot, including from third parties.

I’ll continue to use Windows. There are other benefits, even though third-party updates are annoying.

The dog ate my grub.conf; unwanted LVM indirection

Posted on by

In September, I updated packages on my Fedora 14 machine using ‘yum’ (Yellowdog Updater Modified), and rebooted. I was greeted with an unfriendly grub prompt. Boot was broken, and I didn’t know why.

Normally when I want to rescue a Linux system, I use the Fedora install DVD’s rescue mode. Unfortunately, my DVD drive stopped working just after the warranty expired. So I booted using a Linux-on-a-USB image that I carry around with me.

I planned on replicating the rescue mode experience by manually mounting the partitions in /mnt/sysimage, then chroot, and then run ‘grub-install’ to fix things. And that’s what I did, except for a few snags.

The first snag is that I had installed Fedora with default partitioning options (something I rarely do), and it had helpfully used LVM to configure my disk drive. LVM adds a layer of indirection, so I had to figure out how to mount an LVM volume instead of a disk partition. As a general rule, I never use LVM on desktop or laptop machines because I don’t like the additional complexity, especially when I’m trying to mount a drive to recover data.

The next snag is that Linux uses UUIDs for hard disks these days, instead of helpful, human-readable labels. In the good old days, Linux distributions would label the root partition, the home partition, and others. But not when I let the installer work its default magic. So, I had to figure out which volume contained my root partition, my boot partition, and so forth.

Once I mounted my partitions properly, I was ready to “chroot /mnt/sysimage”, and after I did, I ran “grub-install”. No luck. This was the third snag.

I realized that /boot/grub/grub.conf was empty. And grub-install doesn’t fix the problem — it can’t populate information that is completely missing, like knowing what disk UUID to use for the root partition.

“No problem,” I thought, “I’ll just restore from backup…”. Except, I didn’t have a backup. As a general rule, I back up /var, /home and /etc, but not /boot. Now I know better.

Surely, I thought, there should be a copy of grub.conf that the package updates had left around. But there wasn’t.

Such a critical file, and there was no automated backup. No “restore point”. No way to recreate it from data in /etc. What an oversight!

This is the first time I can remember having had an update eat my grub.conf file, and I’ve been running Linux since before distributions switched to grub as a boot loader. On the other hand, maybe I jumped to to an incorrect conclusion — it’s possible that the updates didn’t eat my grub.conf. Regardless, grub.conf was empty and my system wouldn’t boot.

It seems to me that something this important should have been designed with more resilence.

There were two ways to fix it, as far as I could see. One is upgrade from Fedora 14 to Fedora 14 (thus preserving my data). The second is to recreate grub.conf by hand, and for that, I needed an example — a template. I used the one at http://forums.fedoraforum.org/showthread.php?t=227358. My boot up screen isn’t as pretty as it once was, but it is functional.

Lastly, I made copy of /boot/grub/grub.conf. Now where did I put it?…