Category: Tech

Posted on

Palm T|X Security: Counterproductive

The other day, I was looking through the preferences on my Palm T|X, and I found out that I could enable “Intrusion Protection”. I set it so that it would destroy all data on the TX if I failed to enter my password 25 times. That seemed like enough grace period that I wouldn’t accidentally destroy my data, even if I mis-typed the password several times.

The next day, I let my three-year-old play “Bombel”, and draw on the “Note Pad”. Several minutes later, I noticed that she was pushing buttons willy-nilly at the password screen.

“Oh!”, I thought, “That’s not good.” She was well on her way to exceeding the 25-password attempts and wiping out my data. I knew I could get it back with a hot-sync, but I didn’t want to resort to that.

Palm “intrusion detection” became counterproductive when placed in the hands of a child.

—-

I also tried the Palm TX feature to “Encrypt data when locked”. First, I tried using [AES](http://en.wikipedia.org/wiki/Advanced_Encryption_Standard) encryption, since it would likely be “stronger” than the default of [RC4](http://en.wikipedia.org/wiki/RC4). AES was unusable — it took minutes to encrypt and decrypt my calendar and address databases. RC4 was barely usable, taking ten seconds or so to encrypt and decrypt my calendar. When I whip out my Palm, I want access to my data immediately, so I disabled encryption.

—-

I’ve chosen convenience over confidentiality for the data on my Palm TX, because I felt that the price to pay for confidentiality was too high. I’m not sure that it’s the right decision. I might feel differently if the Palm is lost or stolen. And so might some of the contacts in the address book. I would re-evaluate my decision if I were required to notify those contacts in the case of a lost Palm.

Posted on

Fedora 11 and Virtualization (KVM)

I’ve recently upgraded another computer from Fedora 9 to Fedora 11, and I’ve decided to try the built-in [KVM](http://en.wikipedia.org/wiki/Kernel-based_Virtual_Machine) (i.e. Applications -> System Tools -> [Virtual Machine Manager](http://virt-manager.et.redhat.com/)). I wanted a virtual machine that had bridged mode networking, but it wasn’t available by default. To get it as an option, I disabled SELinux (not sure if it was necessary), followed [some special instructions](http://wiki.libvirt.org/page/Networking#Fedora.2FRHEL_Bridging) to setup a bridged interface, and restarted my network and libvirtd.

Now I’ve got a working guest OS inside of KVM, and I like it. The guest OS feels snappy and responsive.

Update: KVM and the accompanying tools aren’t as mature as VirtualBox or VMWare. E.g. I didn’t see how to get my USB flash drive to be recognized by a KVM guest OS. At one point, I tried to use VirtualBox at the same time as KVM. VirtualBox told me I needed to disable the KVM kernel module before using VirtualBox.

Posted on

Switched from digitalspace to justhost

I’ve been running my website on digitalspace.net hosting for years. Then they sold out to jumpline, and my ability to push changes to my website via ‘[rsync](http://www.samba.org/rsync/)’ disappeared, and was never restored. Although I still had ssh shell access, the account was seriously limited. It was probably a good security decision on their part, but I missed having wget, tar, gunzip, chmod, and other essential utilities that I used when upgrading my blogging software. It became tedious, at best, to maintain my website.

I’ve finally switched to hosting through http://www.justhost.com and the transition has taken more time than I wanted. As a father of four dear children, I feel the time pinch. Migrating wordpress has been more tedious than expected. And then there’s email — that was a pain to switch as well. At one point, I even considered abandoning my website and switching my blog to a site like blogger.com. But I stuck with it.

Jumpline support has been good to work with, and I’m pleased with my ssh shell access. I get the power of a typical linux shell with my favorite utilities: rsync, tar, etc.

Posted on

My impressions of Fedora 11

Here’s my take on installing Fedora 11, which was released June 9, 2009. I chose not to do an upgrade as I often do. Instead, I did backup, followed by a fresh install, preserving my /home partition, but wiping out the other partitions. Then I used [`meld`](http://meld.sourceforge.net/) to restore my configuration files in /etc — such as ssh server keys, printer settings and file system mounts. I found that I had to use the kernel boot option `nomodeset` in order to avoid system lockups. Overall, I’ve been pleased with my Fedora 11 experience, despite the bumps.

Fedora 11 useful resources:

– [Release Notes](http://docs.fedoraproject.org/release-notes/f11/en-US/)
– [Common Bugs](http://fedoraproject.org/wiki/Common_F11_bugs), with workarounds.
– [Fedora Guide](http://www.fedoraguide.info/), explaining how to configure a Fedora system.

Pre-install:

– `cp -a /etc /home/backup/etc`
– `cp -a /root /home/backup/etc`
– backup /home
– booted the LiveCD to make sure it would detect my hardware and run

Install

– I decided to preserve my partition layout, which isn’t the default option upon fresh install
– Didn’t delete my `/home` partition.
– Reformatted all other partitions, with “/” as ext4

Post-install:

– Had to enable eth0 in NetworkManager, and make “enabled” the default.
– `yum install -y meld nautilus-actions nautilus-open-terminal vim-X11 zsh screen mc rdesktop`
– `meld /home/backup/etc /etc`
– Restored /etc/ssh settings
– Restored /etc/cups printer settings
– Checked /etc/fstab differences
– Installed [NX Server](http://www.nomachine.com/)

Pleasurable:

– Bootup is very pleasant, and seems faster. 30 seconds boot. 17 seconds login. 14 second shutdown. This is on an AMD Athlon 2400 Mhz Sempron with an ATI video card.
– Artwork is top notch (backgrounds on login screen and default wallpaper)

Pain points:

– Unavailable extensions for Thunderbird 3.0
— Enigmail
– Unavailable extensions for Firefox 3.5
— Aardvark
— QuickProxy
– Computer locked up every few hours until I added `nomodeset` to my kernel settings in /etc/grub.conf.

Posted on

Gnome Slideshow Screensaver Sanity, Take 2

Last year, I wrote about how to achieve [Gnome Slideshow Screensaver Sanity](http://jaredrobinson.com/blog/?p=106). I’ve recently upgraded to Fedora 11, and I noticed that GLSlideshow isn’t installed by default (maybe it never was), and I wondered if I could alter the settings for gnome slideshow. By default, it uses pictures out of the $HOME/Pictures folder, and there’s no way in the user interface to change that location, which can be frustrating. Here’s how I worked around it. Note the use of the `–location` option, and that I changed my `Name=` setting.

– `cp /usr/share/applications/screensavers/personal-slideshow.desktop ~/.local/share/applications/my-slideshow.desktop`
– `gedit ~/.local/share/applications/my-slideshow.desktop`


[Desktop Entry]
Encoding=UTF-8
Name=Custom Photos
Exec=/usr/libexec/gnome-screensaver/slideshow --location=/home/images/Photos
TryExec=/usr/libexec/gnome-screensaver/slideshow
StartupNotify=false
Terminal=false
Type=Application
Categories=GNOME;Screensaver;
OnlyShowIn=GNOME;

Go into the screensaver preferences (System -> Preferences -> Screensaver), and select “Custom Photos”. There’s no way to customize the duration to display each photo, but at least I don’t have to settle for Gnome’s default location.

Posted on

Backup that laptop!

Recently, a relative called and said her laptop wouldn’t boot. She wondered whether I could help. I asked if she had a backup. “No” was her answer.

I booted into linux (using [Knoppix](http://www.knoppix.net/) from a bootable CD) and attempted to back up her Windows account to an external USB hard drive. As I worked with the laptop, I discovered it was shutting itself off. On my second attempt, I managed to make a successful backup.

I tried running the system restore, but it would fail at random intervals. Next, I booted into the [System Rescue CD](http://www.sysresccd.org/) and ran the memory test. It shut at random intervals during each memory test. I figured it couldn’t be the hard drive that was at fault, but that the hard drive had probably gotten corrupted from the computer powering off suddenly.

My relative took her laptop to Geek Squad to see if they could diagnose the problem. They ran the system restore, and it succeeded. They didn’t do any further troubleshooting. They charged her $50.00 without solving the root problem. It continued to shut off at random intervals.

A colleague of mine looked at the computer, and found that the heat sink on the CPU was clogged with dust. Most likely, the CPU was getting too hot and powering off. He removed the dust buildup, and from then on, the laptop seemed to work well. I was able to restore the files, and my relative was much happier.

And she bought an external USB hard drive to do future backups. Good thinking.

I use [Mozy](http://mozy.com/) for automated, regular backups of my most important files. It’s not a complete solution for my whole hard drive, but it’s far better than nothing, and it only costs $5.00 a month. For linux, I need a similar solution. It turns out that there is one: [spideroak](https://spideroak.com). It runs on Windows, Mac and Linux. And it can synchronize files between several computers.

Posted on

Article: Election Fraud in Kentucky

Bruce Schneier summarizes the first documented case of election fraud using new electronic voting machines in his article [Election Fraud in Kentucky](http://www.schneier.com/blog/archives/2009/03/election_fraud.html):

> Five Clay County officials, including the circuit court judge, the county clerk, and election officers were arrested Thursday after they were indicted on federal charges accusing them of using corrupt tactics to obtain political power and personal gain.

They used a low-tech social engineering trick to commit their crime.

Posted on

Bypassing the I.T. security fortress

On the back of my mind for the past few years, I’ve been thinking about how I.T. security becomes less meaningful as time goes on. The use of digital cameras isn’t usually allowed, yet a company isn’t (usually) going to boot out an employee for having a cell phone with a digital camera — or even using it to take a snapshot of a diagram that will be placed on a corporate wiki. The use of USB thumb drives for transferring and storing corporate data is perceived as a risk, but often, it’s a practical way of getting one’s job done. Remember network firewalls? They’re still in place, but they’re increasingly meaningless. They certainly don’t keep out viruses and trojan horses. And with the increasing prevalence of wireless networking, there’s even less incentive for people to play by the I.T. security rules. Dan Kaminsky [expresses these thoughts better than I have](http://www.doxpara.com/?p=1245)
:

> … every restriction, every alteration [I.T. makes] in people’s day to day business, carries with it a risk that users will abandon the corporate network entirely, going “off-grid” in search of a more open and more useful operating environment. You might scoff, and think people would get fired for this stuff, but you know what people really get fired for? Missing their numbers.

> Its never been easier to get away with going off-grid. Widespread availability of WiMax and 3G networks mean there’s an alternate, unmonitored high speed network available at every desk.

Kaminsky [goes on](http://www.doxpara.com/?p=1245) to discuss some of the ramifications of these ongoing changes, including “the Cloud” (e.g. Google docs) and the security of corporate data.

Posted on

jvisualvm: A free Java memory and CPU profiler

I needed to profile a Java application, and since we had a JProfiler floating license, I used it. JProfiler works well, although it’s pricey. I was googling for other Java profiling tools, and [stackoverflow.com](http://stackoverflow.com/search?q=visualvm) made mention of [jvisualvm](https://visualvm.dev.java.net/), which comes bundled with JDK 6 release 7. I noticed that on my Fedora 10 box, the java-1.6.0-openjdk package includes jvisualvm. None of my coworkers had heard of it.

JProfiler introduces a significant performance penalty into the code it profiles, whereas other tools including jvisualvm and YourKit have a much lower impact. I’m going to give jvisualvm a try, once I get the target environment set up properly with the new JDK.

UPDATE: jvisualvm won’t profile remote applications like JProfiler can. jvisualvm is not quite as easy to use, and I haven’t figured out how to get stack traces on the CPU and memory hot spots. Overall, I like the tool.

UPDATE 2: jvisualvm can be configured to give a stack trace of memory hot spots. I’ve learned that performance between the Java 1.5 and 1.6 jvms can be very different. I’ve learned that I can run ‘kill -3 ‘ to print a stack trace of my running java processes. It’s helped me to narrow down bottlenecks in an application when the profiler wasn’t granular enough.

Posted on

The future of Gnome Apps: JavaScript?

There’s an interesting article called “[Building desktop Linux
applications with JavaScript](http://arstechnica.com/articles/paedia/javascript-gtk-bindings.ars?bub)” By Ryan Paul, January 19, 2009.

I didn’t immediately understand the vision. Don’t we already have
Python, Ruby, Java, C++ and Perl bindings for Gnome? Yes, we do. So why
would we add JavaScript to the mix? Or any other scripting language?

The best way to think about it is Firefox plugins, like Greasemonkey,
that actually modify the web browser to give you a new experience.
Firefox extensions are written in JavaScript. JavaScript has hooks into
the application (Firefox) to manipulate it.

Gnome hackers want to do the same thing for Gnome. Not only could you
write Gnome application in JavaScript, you could extend a Gnome
application using JavaScript, no matter what language it was written in.

Another way to think about it is this: When most people think of Java,
they don’t think of the language. They think of the platform — the
libraries that are shipped with the language (networking, database
connectivity, etc.). The same is true for Python, Perl, and Ruby.

The goal is to us an embeddable language to tweak the Gnome platform,
not to use a platform (like Java, Python or Perl) to tweak Gnome. When
they embed a language into Gnome, application developers will use the
Gnome platform way of doing networking, instead of doing it the Java
library way. They will use the Gnome way of opening file picker, not the
Java library way. They will use the Gnome way of doing HTTP, not the
Python or the Java or the Perl way.