Planet Linux Australia

Syndicate content
Planet Linux Australia - http://planet.linux.org.au
Updated: 52 min 48 sec ago

David Rowe: JackPair – Secure Phone Calls using Codec 2

5 hours 51 min ago

I’ve just found out about a new Kickstarter for JackPair, a device that enables secure phone calls over a mobile phone. It uses Codec 2.

Over the past 12 months I have been approached by a couple of groups interested in building a similar product (but not JackPair). These groups asked me to develop a modem that could pass data through a cell phone voice codec. Given I know modems and codecs it was a good fit. Quite a challenge too, to get 1200 – 2400 bit/s through a voice codec. To both groups I said I would only do the job if it was open source, and it never went any further.

I feel a product like this must be open source, in order to audit it and know it is really secure. So the software should be GPL and the hardware open. An end user must be able to (re)flash from blank silicon using their own trusted firmware. The paranoid could even do this every time they use it. Or solder their own device from scratch. That’s where I’m heading with my open source radio work – make the radio hardware trivial, and the software open and capable of running on commodity CPU.

The SM1000 has the hardware to build a JackPair type product, e.g Codec 2, DSP capability, microphone and speaker amps, and line audio interfaces. It would need a different firmware load (modem, crypto). The SM1000 is open hardware, so a good starting point.

Clearly the JackPair is a product whose time has come. I support this sort of project (secure telephony for everybody) as I feel my governments response to terrorism as more of a concern than terrorism itself. Good to see it happening, and nice to see Codec 2 helping make the world a better place.

Glen Turner: Centrelink's PLAID broken

7 hours 18 min ago

Jean Paul Degabriele, Victoria Fehr, Marc Fischlin, Tommaso Gagliardoni, Felix Günther, Giorgia Azzurra Marson, Arno Mittelbach, Kenneth G. Paterson. Unpicking PLAID. A cryptographic analysis of an ISO-standards-track authentication protocol.

Upon public release in 2009 PLAID was claimed to have been the subject of three years' cryptanalysis by the then Defence Signals Directorate. With that in mind the sections at the end of the paper about misuse of CBC are more concerning than the exploitation of shrill keys.

Matthew Oliver: Identically partition disks.. the easy way!

10 hours 55 min ago

Was just looking into a software RAID howto.. for no reason really, but kinda glad I did! When you set up software raid you want to make sure all disks are partitioned the same, right. so check this out:

3. Create partitions on /dev/sda identical to the partitions on /dev/sdb:

sfdisk -d /dev/sdb | sfdisk /dev/sda

That’s a much easier way

This gem is thanks to: http://www.howtoforge.com/how-to-create-a-raid1-setup-on-an-existing-centos-redhat-6.0-system

Matthew Oliver: NTLM Authentication in Squid using Winbind.

10 hours 55 min ago

Some old windows servers require authentication through the old NTLM protocol, luckily with the help from squid, samba and winbind we can do this under Linux.

Some URLs a much of this information was gathered from are:

  • http://wiki.squid-cache.org/ConfigExamples/Authenticate/NtlmCentOS5
  • http://wiki.squid-cache.org/ConfigExamples/Authenticate/Ntlm

HOW TO

In order to authenticate through winbind we will be using that and samba to connect to a windows domain, so you will need to have a domain and the details for it or all this will be for naught. I’ll use some fake credentials for this post.

Required Packages

Let’s install all the required packages:



yum install squid krb5-workstation samba-common ntp samba-winbind authconfig

NTP (Network Time Protocol)

Kerberos and windbind can be a little thingy about date and time, so its a good idea to use NTP for your network, I’ll assume your domain controller (DC) will be also your NTP server in which case lets set it up.

Comment out any lines that begin with server and create only one that points to your Active Directory PDC.



# vim /etc/ntp.conf

server pdc.test.lan

Now add it to the default runlevels and start it.



chkconfig ntpd on

/etc/init.d/ntpd start

Samba, Winbind and Kerberos

We will the use the authconfig package/command we installed earlier to configure Samba, Winbind and perform the join in one step, this makes things _SO_ much

easier!!!

NOTE: If you don’t have DNS set up then you will need to add the DC to your hosts file, and it is important to use the name the DC machine knows itself as in AD.



authconfig --enableshadow --enablemd5 --passalgo=md5 --krb5kdc=pdc.test.lan \

--krb5realm=TEST.LAN --smbservers=pdc.test.lan --smbworkgroup=TESTLAN \

--enablewinbind --enablewinbindauth --smbsecurity=ads --smbrealm=TEST.LAN \

--smbidmapuid="16777216-33554431" --smbidmapgid="16777216-33554431" --winbindseparator="+" \

--winbindtemplateshell="/bin/false" --enablewinbindusedefaultdomain --disablewinbindoffline \

--winbindjoin=administrator --disablewins --disablecache --enablelocauthorize --updateall

NOTE: Replace pdc.test.lan with that of your FQDN of your DC server, TESTLAN with your domain, TEST.LAN with the full name of the domain/realm, and make sure you set ‘–winbindjoin’ with a domain admin.

If that succeeds lets test it:



# wbinfo -u

# wbinfo -g



If you are able to enumerate your Active Directory Groups and Users, everything is working.

Next lets test that we can authenticate with winbind:



# wbinfo -a



E.G:



# wbinfo -a testuser

Enter testuser's password:

plaintext password authentication succeeded

Enter testuser's password:

challenge/response password authentication succeeded

Great, we have been added to the domain, so now we can setup squid for NTLM authentication.

SQUID Configuration

Squid comes with its own ntlm authentication binary (/usr/lib64/squid/ntlm_smb_lm_auth) which uses winbind, but as of Samba 3.x, samba bundle their own which is the recommended binary to use (according to the squid and samba projects). So the binary we use comes from the samba-winbind package we installed earlier:



/usr/bin/ntlm_auth

Add the following configuration elements to the squid.conf to enable NTLM authentication:



#NTLM

auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp

auth_param ntlm children 5

auth_param ntlm keep_alive on

acl ntlm proxy_auth REQUIRED

http_access allow ntlm



NOTE: The above is allowing anyone access as long as they authenticate themselves via NTLM, you could use further acl's to restrict this more.

The ntlm_auth binary has other switches that might be of use, such as restricting users by group membership:



auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of=EXAMPLE+ADGROUP

Before we are complete there is one more thing we need to do, for squid to be allowed to use winbind, the squid user (which was created when the squid package was installed) needs to be a member of a wbpriv group:



gpasswd -a squid wbpriv

IMPORTANT!

NTLM authentication WILL FAIL if you have "cache_effective_group squid" set, if you do then remove it! As this overrides the effective group and squid then isn't seen as part of the 'wbpriv' group which breaks authentication!!!

/IMPORTANT!

Add squid to the runlevels and start it:



# chkconfig squid on

# /etc/init.d/squid start

Trouble shooting

Make sure you open the port in iptables, if squid is listening on 3128 then:



# iptables -I INPUT 1 -p tcp --dport 3128 -j ACCEPT

# /etc/init.d/iptables save

NOTE: The '/etc/init.d/iptables save' command saves the current running configuration so the new rule will be applied on reboot.

Happy squid-ing.

Matthew Oliver: Reverse proxy using squid + Redirection

10 hours 55 min ago

Squid – Reverse Proxy

In computer networks, a reverse proxy is a type of proxy server that retrieves resources on behalf of a client from one or more servers. These resources are then returned to the client as though it originated from the reverse proxy itself. While a forward proxy is usually situated between the client application (such as a web browser) and the server(s) hosting the desired resources, a reverse proxy is usually situated closer to the server(s) and will only return a configured set of resources.

See: http://en.wikipedia.org/wiki/Reverse_proxy

Configuration

Squid should already be installed, if not then install it:



yum install squid

Then we edit squid config:



vim /etc/squid/squid.conf

Add we add the following to the top of the file:



http_port 80 vhost

https_port 443 cert=/etc/squid/localhost.crt key=/etc/squid/localhost.key vhost

cache_effective_user squid

cache_effective_group squid

cache_peer 1.2.3.4 parent 80 0 no-query originserver login=PASS name=site1-http

cache_peer 1.2.3.5 parent 443 0 no-query originserver login=PASS ssl sslflags=DONT_VERIFY_PEER name=site2-ssl

cache_peer_domain site1-http site1.example.lan

cache_peer_domain site2-ssl site2.anotherexample.lan

acl bad_requests urlpath_regex -i cmd.exe \/bin\/sh \/bin\/bash default\.ida?XXX insert update delete select

http_access deny bad_requests

Now I’ll walk us through the above configuration.



http_port 80 vhost

https_port 443 cert=/etc/squid/localhost.crt key=/etc/squid/localhost.key vhost

This sets the http and https ports squid is listening on. Note the cert options for https, we can get squid to use https up to the proxy and unencrytped link to the last hop if we want.. which is cool. If for some reason the server doesn’t support https.



cache_effective_user squid

cache_effective_group squid



Set the effective user and group for squid.. this may not be required, but doesn’t hurt.



cache_peer 1.2.3.4 parent 80 0 no-query originserver name=site1-http

cache_peer 1.2.3.5 parent 443 0 no-query originserver ssl sslflags=DONT_VERIFY_PEER name=site2-ssl

cache_peer_domain site1-http site1.example.lan

cache_peer_domain site2-ssl site2.anotherexample.lan

This is the magic, the first two lines, tell squid which peer to reverse proxy for and what port to use. Note if you use ssl the ‘sslflags=DONT_VERIFY_PEER’ is useful otherwise if your using a self signed cert you’ll have certificate errors.

IMPORTANT: If you want to allow http authentication (auth handled by the web server, such as htaccess) then you need to add ‘login=PASS’ otherwise squid will try and authenticate to squid rather than the http server.

The last two lines, reference the first two and tell squid the domains to listen to, so if someone connects to squid looking for that domain it knows where to go/cache.



acl bad_requests urlpath_regex -i cmd.exe \/bin\/sh \/bin\/bash default\.ida?XXX insert update delete select

http_access deny bad_requests



NOTE: The acl line has been cut over two lines, this should be on one. There should be the ACL line and the http_access line.

These lines set up some bad requests to which we deny access to, this is to help prevent SQL injection, and other hack attempts, etc.

That’s it, after a (re)start to squid you it will be reverse proxying the domains.

Redirect to SSL

We had a requirement to automatically redirect to https if someone came in on http. Squid allows redirecting through a variety of ways, you can write a redirect script at get squid to use it, but there is a simpler way, using all squid internals and acls.

Add the following to the entries added in the last section:



acl port80 myport 80

acl site1 dstdomain site1.example.lan

http_access deny port80 site1

deny_info https://site1.example.lan/ site1

acl site2 dstdomain site2.anotherexample.lan

http_access deny port80 site2

deny_info https://site2.anotherexample.lan/ site2

We create an acl for the squids port 80 and then one for the domain we want to redirect. We then use "http_access deny" to cause squid to deny access to that domain coming in on port 80 (http). This causes a deny which is caught by the deny_info which redirects it to https.

The order used of the acl's in the http_access and the deny_info is important. Squid only remembers the last acl used by a http_access command and will look for a corresponding deny_info matched to that acl. So make sure the last acl matches the acl used in the deny_info statement!

NOTE: See http://www.squid-cache.org/Doc/config/deny_info/

Appendix

The following is the configuration all put together now.

Reverse proxy + redirection:



http_port 80 vhost

https_port 443 cert=/etc/squid/localhost.crt key=/etc/squid/localhost.key vhost

cache_effective_user squid

cache_effective_group squid

cache_peer 1.2.3.4 parent 80 0 no-query originserver login=PASS name=site1-http

cache_peer 1.2.3.5 parent 443 0 no-query originserver login=PASS ssl sslflags=DONT_VERIFY_PEER name=site2-ssl

cache_peer_domain site1-http site1.example.lan

cache_peer_domain site2-ssl site2.anotherexample.lan

acl bad_requests urlpath_regex -i cmd.exe \/bin\/sh \/bin\/bash default\.ida?XXX insert update delete select

http_access deny bad_requests

acl port80 myport 80

acl site1 dstdomain site1.example.lan

http_access deny port80 site1

deny_info https://site1.example.lan/ site1

acl site2 dstdomain site2.anotherexample.lan

http_access deny port80 site2

deny_info https://site2.anotherexample.lan/ site2

Matthew Oliver: Posfix – Making sense of delays in mail

10 hours 55 min ago

The maillog

The maillog is easy enough to follow, but when you understand what all the delay and delays numbers mean then this may help really understand what is going on!

A standard email entry in postfix looks like:



Jan 10 10:00:00 testmtr postfix/smtp[20123]: 34A1B160852B: to=, relay=mx1.example.lan[1.2.3.4]:25, delay=0.49, delays=0.2/0/0.04/0.25, dsn=2.0.0, status=sent

Pretty straight forward: date, email identifier in the mailq (34A1B160852B), recipient, which server the email is being sent to (relay). It is the delay and delays I’d like to talk about.

Delay and Delays

If we take a look at the example email from above:



Jan 10 10:00:00 testmtr postfix/smtp[20123]: 34A1B160852B: to=, relay=mx1.example.lan[1.2.3.4]:25, delay=0.49, delays=0.2/0/0.04/0.25, dsn=2.0.0, status=sent

The delay parameter (delay=0.49) is fairly self explanatory, it is the total amount of time this email (34A1B160852B) has been on this server. But what is the delays parameter all about?



delays=0.2/0/0.04/0.25



NOTE: Numbers smaller than 0.01 seconds are truncated to 0, to reduce the noise level in the logfile.

You might have guessed it is a break down of the total delay, but what do each number represent?

Well from the release notes we get:



delays=a/b/c/d:

a=time before queue manager, including message transmission;

b=time in queue manager;

c=connection setup time including DNS, HELO and TLS;

d=message transmission time.

There for looking at our example:

  • a (0.2): The time before getting to the queue manager, so the time it took to be transmitted onto the mail server and into postfix.
  • b (0): The time in queue manager, so this email didn’t hit the queues, so it was emailed straight away.
  • c (0.04): The time it took to set up a connection with the destination mail relay.
  • d (0.25): The time it took to transmit the email to the destination mail relay.

However if the email is deferred, then when the email is attempted to be sent again:



Jan 10 10:00:00 testmtr postfix/smtp[20123]: 34A1B160852B: to=, relay=mx1.example.lan[1.2.3.4]:25, delay=82, delays=0.25/0/0.5/81, dsn=4.4.2, status=deferred (lost connection with mx1.example.lan[1.2.3.4] while sending end of data -- message may be sent more than once)

Jan 10 testmtr postfix/smtp[20123]: 34A1B160852B: to=, relay=mx1.example.lan[1.2.3.4]:25, delay=1092, delays=1091/0.2/0.8/0.25, dsn=2.0.0, status=sent

This time the first entry shows how long it took before the destination mail relay took to time out and close the connection:



delays=0.25/0/0.5/81

Therefore: 81 seconds.

The email was deferred then about 15 minutes later (1009 seconds [delays - <total delay from last attempt> ]) another attempt is made.

This time the delay is a lot larger, as the total time this email has spent on the server is a lot longer.

delay=1092, delays=1091/0.2/0.8/0.25



What is interesting though is the value of ‘a’ is now 1091, which means when an email is resent the ‘a’ value in the breakdown also includes the amount of time this email has currently spend on the system (before this attempt).

So there you go, those delays values are rather interesting and can really help solve where bottlenecks lie on your system. In the above case we obviously had some problem communicating to the destination mail relay, but worked the second time, so isn’t a problem with our system… or so I’d like to think.

Matthew Oliver: Use xmllint and vim to format xml documents

10 hours 55 min ago

If you want vim to nicely format an XML file (and a xena file in this example, 2nd line) then add this to your ~/.vimrc file:

" Format *.xml and *.xena files by sending them to xmllint

au FileType xml exe ":silent 1,$!xmllint --format --recover - 2>/dev/null"

au FileType xena exe ":silent 1,$!xmllint --format --recover - 2>/dev/null"



This uses the xmllint command to format the xml file.. useful on xml docs that aren’t formatted in the file.

Matthew Oliver: Debian 6 GNU/KFreeBSD Grub problems on VirtualBox

10 hours 55 min ago

Debian 6 was released the other day, with this release they not only released a Linux kernel version but they now support a FreeBSD version as well!

So I decided to install it under VirtualBox and check it out…

The install process went smoothly until I got to the end when it was installing and setting up grub2. It installed ok on the MBR but got an error in the installer while trying to set it up. I jumped into the console to take a look around.

I started off trying to run the update-grub command which fails silently (checking $? shows the return code of 1). On closer inspection I noticed the command created an incomplete grub config named /boot/grub/grub.cfg.new

So all we need to do is finish off this config file. So jump back into the installer and select continue without boot loader, this will pop up a message about what you must set the root partition as when you do set up a boot loader, so take note of it.. mine was /dev/ad0s5.

OK, with that info we can finish off our config file. Firstly lets rename the incomplete one:

cp /boot/grub/grub.cfg.new /boot/grub/grub.cfg

Now my /boot/grub/grub.cfg ended like:

### BEGIN /etc/grub.d/10_kfreebsd ###

menuentry 'Debian GNU/kFreeBSD, with kFreeBSD 8.1-1-amd64' --class debian --class gnu-kfreebsd --class gnu --class os {

insmod part_msdos

insmod ext2



set root='(hd0,1)'

search --no-floppy --fs-uuid --set dac05f8a-2746-4feb-a29d-31baea1ce751

echo 'Loading kernel of FreeBSD 8.1-1-amd64 ...'

kfreebsd /kfreebsd-8.1-1-amd64.gz

So I needed to add the following to finish it off (note this I’ll repeat that last part):

### BEGIN /etc/grub.d/10_kfreebsd ###

menuentry 'Debian GNU/kFreeBSD, with kFreeBSD 8.1-1-amd64' --class debian --class gnu-kfreebsd --class gnu --class os {

insmod part_msdos

insmod ext2

insmod ufs2



set root='(hd0,1)'

search --no-floppy --fs-uuid --set dac05f8a-2746-4feb-a29d-31baea1ce751

echo 'Loading kernel of FreeBSD 8.1-1-amd64 ...'

kfreebsd /kfreebsd-8.1-1-amd64.gz

set kFreeBSD.vfs.root.mountfrom=ufs:/dev/ad0s5

set kFreeBSD.vfs.root.mountfrom.options=rw

}

Note: My root filesytem was UFS, thus the ‘ufs:/dev/ad0s5′ in the mountfrom option.

That’s it, you Debian GNU/kFreeBSD should now boot successfully

Russell Coker: Links October 2014

14 hours 56 min ago

The Verge has an interesting article about Tim Cook (Apple CEO) coming out [1]. Tim says “if hearing that the CEO of Apple is gay can help someone struggling to come to terms with who he or she is, or bring comfort to anyone who feels alone, or inspire people to insist on their equality, then it’s worth the trade-off with my own privacy”.

Graydon2 wrote an insightful article about the right-wing libertarian sock-puppets of silicon valley [2].

George Monbiot wrote an insightful article for The Guardian about the way that double-speak facilitates killing people [3]. He is correct that the media should hold government accountable for such use of language instead of perpetuating it.

Anne Thériault wrote an insightful article for Vice about the presumption of innocence and sex crimes [4].

Dr Nerdlove wrote an interesting article about Gamergate as the “extinction burst” of “gamer culture” [5], we can only hope.

Shweta Narayan wrote an insightful article about Category Structure and Oppression [6]. I can’t summarise it because it’s a complex concept, read the article.

Some Debian users who don’t like Systemd have started a “Debian Fork” project [7], which so far just has a web site and nothing else. I expect that they will never write any code. But it would be good if they did, they would learn about how an OS works and maybe they wouldn’t disagree so much with the people who have experience in developing system software.

A GamerGate terrorist in Utah forces Anita Sarkeesian to cancel a lecture [8]. I expect that the reaction will be different when (not if) an Islamic group tries to get a lecture cancelled in a similar manner.

Model View Culture has an insightful article by Erika Lynn Abigail about Autistics in Silicon Valley [9].

Katie McDonough wrote an interesting article for Salon about Ed Champion and what to do about men who abuse women [10]. It’s worth reading that while thinking about the FOSS community…

Related posts:

  1. Links September 2014 Matt Palmer wrote a short but informative post about enabling...
  2. Links July 2014 Dave Johnson wrote an interesting article for Salon about companies...
  3. Links August 2014 Matt Palmer wrote a good overview of DNSSEC [1]. Sociological...

Russell Coker: Samsung Galaxy Note 3

15 hours 55 min ago

In June last year I bought a Samsung Galaxy Note 2 [1]. Generally I was very happy with that phone, one problem I had is that less than a year after purchasing it the Ingress menus burned into the screen [2].

2 weeks ago I bought a new Galaxy Note 3. One of the reasons for getting it is the higher resolution screen, I never realised the benefits of a 1920*1080 screen on a phone until my wife got a Nexus 5 [3]. I had been idly considering a Galaxy Note 4, but $1000 is a lot of money to pay for a phone and I’m not sure that a 2560*1440 screen will offer much benefit in that size. Also the Note 3 and Note 4 both have 3G of RAM, as some applications use more RAM when you have a higher resolution screen the Note 4 will effectively have less usable RAM than the Note 3.

My first laptop cost me $3,800 in 1998, that’s probably more than $6,000 in today’s money. The benefits that I receive now from an Android phone are in many ways greater than I received from that laptop and that laptop was definitely good value for money for me. If the cheapest Android phone cost $6,000 then I’d pay that, but given that the Note 3 is only $550 (including postage) there’s no reason for me to buy something more expensive.

Another reason for getting a new phone is the limited storage space in the Note 2. 16G of internal storage is a limit when you have some big games installed. Also the recent Android update which prevented apps from writing to the SD card meant that it was no longer convenient to put TV shows on my SD card. 32G of internal storage in the Note 3 allows me to fit everything I want (including the music video collection I downloaded with youtube-dl). The Note 2 has 16G of internal storage and an 8G SD card (that I couldn’t fully use due to Android limitations) while the Note 3 has 32G (the 64G version wasn’t on sale at any of the cheap online stores). Also the Note 3 supports an SD card which will be good for my music video collection at some future time, this is a significant benefit over the Nexus 5.

In the past I’ve written about Android service life and concluded that storage is the main issue [4]. So it is a bit unfortunate that I couldn’t get a phone with 64G of storage at a reasonable price. But the upside is that getting a cheaper phone allows me to buy another one sooner and give the old phone to a relative who has less demanding requirements.

In the past I wrote about the warranty support for my wife’s Nexus 5 [5]. I should have followed up on that before, 3 days after that post we received a replacement phone. One good thing that Google does is to reserve money on a credit card to buy the new phone and then send you the new phone before you send the old one back. So if the customer doesn’t end up sending the broken phone they just get billed for the new phone, that avoids excessive delays in getting a replacement phone. So overall the process of Google warranty support is really good, if 2 products are equal in other ways then it would be best to buy from Google to get that level of support.

I considered getting a Nexus 5 as the hardware is reasonably good (not the greatest but quite good enough) and the price is also reasonably good. But one thing I really hate is the way they do the buttons. Having the home button appear on the main part of the display is really annoying. I much prefer the Samsung approach of having a hardware button for home and touch-screen buttons outside the viewable area for settings and back. Also the stylus on the Note devices is convenient on occasion.

The Note 3 has a fake-leather back. The concept of making fake leather is tacky, I believe that it’s much better to make honest plastic that doesn’t pretend to be something that it isn’t. However the texture of the back improves the grip. Also the fake stitches around the edge help with the grip too. It’s tacky but utilitarian.

The Note 3 is slightly smaller and lighter than the Note 2. This is a good technical achievement, but I’d rather they just gave it a bigger battery.

Update USB 3

One thing I initially forgot to mention is that the Note 3 has USB 3. This means that it has a larger socket which is less convenient when you try and plug it in at night. USB 3 seems unlikely to provide any benefit for me as I’ve never had any of my other phones transfer data at rates more than about 5MB/s. If the Note 3 happens to have storage that can handle speeds greater than the 32MB/s a typical USB 2 storage device can handle then I’m still not going to gain much benefit. USB 2 speeds would allow me to transfer the entire contents of a Note 3 in less than 20 minutes (if I needed to copy the entire storage contents). I can’t imagine myself having a real-world benefit from that.

The larger socket means more fumbling when charging my phone at night and it also means that the Note 3 cable can’t be used in any other phone I own. In a year or two my wife will have a phone with USB 3 support and that cable can be used for charging 2 phones. But at the moment the USB 3 cable isn’t useful as I don’t need to have a phone charger that can only charge one phone.

Conclusion

The Note 3 basically does everything I expected of it. It’s just like the Note 2 but a bit faster and with more storage. I’m happy with it.

Related posts:

  1. Samsung Galaxy Note 2 A few weeks ago I bought a new Samsung Galaxy...
  2. Samsung Galaxy S3 First Review with Power Case My new Samsung Galaxy S3 arrived a couple of days...
  3. Samsung Galaxy Camera – a Quick Review I recently had a chance to briefly play with the...

Ben Martin: Terry 2.0 includes ROS!

Fri, 2014-10-31 19:27
What started as a little tinker around the edges has resulted in many parts of Terry being updated. The Intel j1900 motherboard is now mounted in the middle of the largest square structure, and SSD is mounted (the OCZ black drive at the bottom), yet another battery is mounted which is a large external laptop supply, the Kinect is now mounted on the pan and tilt mechanism along with the 1080p webcam that was previously there. The BeagleBone Black is moved to its own piece of channel and a breadboard is sunk into the main 2nd top level channel.





I haven't cabled up the j1900 yet. On the SSD is Ubuntu and ROS including a working DSLAM (strangely some fun and games getting that to compile and then to not segv right away).



I used 3 Actobotics Beams, one IIRC is a 7.7 incher and two shorter ones. The long beam actually lines on for the right side of the motherboard that you see in the image. The beam is attached with nylon bolts and has a 6.6mm standoff between the motherboard and the beam to avoid any undesired electrical shorts. With the two shorter beams on the left side of the motherboard it is rather securely attached to Terry now. The little channel you see on the right side up a little from the bottom is there for the 7.7 inch beam to attach to (behind the motherboard) and there is a shorter beam on this side to secure the floating end of the channel to the base channel.







The alloy structure at the top of the pan and tilt now has a Kinect attached. I used a wall mount plastic adaptor which with great luck and convenience the nut traps lined up to the actobotics holes. I have offset the channel like you see so that the center of gravity is closer to directly above the pan and tilt. Perhaps I will have to add some springs to help the tilt servo when it moves the Kinect back too far from the centre point. I am also considering a counter balance weight below the tilt which would also work to try to stabilize the Kinect at the position shown.







I was originally planning to put some gripper on the front of Terry. But now I'm thinking about using the relatively clean back channel to attach a threaded rod and stepper motor so that the gripper can have access to the ground and also table top. Obviously the cameras would have to rotate 180 degrees to be able to see what the gripper was up to. Also for floor pickups the tilt might have to be able to handle a reasonable downward "look" without being too hard on the servo.



There were also some other tweaks. A 6 volt regulator is now inlined into a servo extension cable and the regulator is itself bolted to some of the channel. Nice cooling, and it means that the other end of that servo extension can take something like 7-15v and it will give the servo the 6v it wants. That is actually using the same battery pack as the drive wheels (8xAA).



One thing that might be handy for others who find this post, the BeagleBone Black Case from sparkfun attaches to Actobotics channel fairly easily. I used two cheesehead m3 nylocks and had to force them into the enclosure. The nylocks lined up to the Actobotics channel and so the attachment was very simple. You'll want a "3 big hole" or more bit of channel to attach the enclosure to. I attached it to a 3 bit holer and then attaced that channel to the top of Terry with a few threaded standoffs. Simplifies attach and remove should that ever be desired.



I know I need slip rings for the two USB cameras up top. And for the tilt servo as well. I can't use a USB hub up top because both the USB devices can fairly well saturate a USB 2.0 bus. I use the hardware encoded mjpeg from the webcam which helps bandwidth, but I'm going to give an entire USB 2.0 bus to the Kinect.



linux.conf.au News: Keynote Speaker - Professor Eben Moglen

Fri, 2014-10-31 13:27

The LCA 2015 team is honoured to announce our first Keynote speaker - Professor Eben Moglen, Executive Director of the Software Freedom Law Center and professor of Law and Legal History at Columbia University Law School.

Professor Moglen's presentation is scheduled for 09:00 am Tuesday, 13 January 2015

Professor Moglen has represented many of the world's leading free software developers. He earned his PhD in History and his law degree at Yale University during what he sometimes calls his “long, dark period” in New Haven.

After law school he clerked for Judge Edward Weinfeld of the United States District Court in New York City and for Justice Thurgood Marshall of the United States Supreme Court. He has taught at Columbia Law School since 1987 and has held visiting appointments at Harvard University, Tel Aviv University and the University of Virginia.

In 2003 he was given the Electronic Frontier Foundation's Pioneer Award for efforts on behalf of freedom in the electronic society.

We are especially grateful to Michael Davies for his efforts in bringing Professor Moglen to LCA 2015 in Auckland for us - thank you Michael!

The LCA 2015 Auckland Team

Jan Schmidt: 2014 GStreamer Conference

Fri, 2014-10-31 00:26

I’ve been home from Europe over a week, after heading to Germany for the annual GStreamer conference and Linuxcon Europe.

We had a really great turnout for the GStreamer conference this year

as well as an amazing schedule of talks. All the talks were recorded by Ubicast, who got all the videos edited and uploaded in record time. The whole conference is available for viewing at http://gstconf.ubicast.tv/channels/#gstreamer-conference-2014

I gave one of the last talks of the schedule – about my current work adding support for describing and handling stereoscopic (3D) video. That support should land upstream sometime in the next month or two, so more on that in a bit.

There were too many great talks to mention them individually, but I was excited by 3 strong themes across the talks:

  • WebRTC/HTML5/Web Streaming support
  • Improving performance and reducing resource usage
  • Building better development and debugging tools

I’m looking forward to us collectively making progress on all those things and more in the upcoming year.

Andrew Pollock: [life] Day 274: Errands, friends old and new, and swim class

Thu, 2014-10-30 22:25

In researching ways to try and help Zoe sleep for longer, I learned that there's basically two triggers for waking up in the morning: light and heat. Because Queenslanders hate daylight saving, the sun gets up ridiculously early in summer. Because Queensland is hot, it also gets very hot pretty early. Our bedrooms are on the eastern side of the apartment to boot.

I already have nice blackout curtains, and I had pelmets installed last summer to try and reduce the light leakage around the curtains. I also had reflective window film put on our bedroom windows last summer in an effort to reduce the morning heat when the sun rose, but I don't think it's made a massive difference to a closed up bedroom. I think Zoe woke up at about 5:40am this morning. I'm not sure what the room temperature was, because the Twine in her room decided not to log it this morning. Air conditioning is the next thing to try.

After breakfast, we ran a few errands, culminating at a trip to the carwash for babyccino. After that, we headed over to Toowong to pick up Geneal, who was a friend of my biological mother that I've kept in loose contact since I've been an adult. We went over to the Toowong Bowls Club for lunch, and had a nice catch up.

The Toowong Bowls Club has a rather disturbing line on the wall showing the height of the 2011 floods. It's probably taller than my raised arm from the ground level of the building.

After lunch, and dropping Geneal home, we headed over for a play date at the home of Chloe, who will be starting Prep next year at Zoe's school. I met Chloe's Mum, Kelley, at the P&C meeting I went to earlier in the year, and then proceeded to continue to bump into her at numerous school-related things ever since. She's been a good person to know, having an older daughter at the school as well, and has given me lots of advice.

Zoe and Chloe got along really well, and Chloe seems like a nice kid. After the play date, we walked to school to collect Chloe's older sister, and then to swim class. We were early, but Zoe was happy to hang out.

I am just so loving the vibe I'm getting about the school, and really loving the school community itself. I'm really looking forward to the next seven years here.

After swim class, we walked back to Chloe's house to retrieve the car, and say goodbye to Chloe, and headed home. It was another nice full, but not too full day.

Linux Users of Victoria (LUV) Announce: LUV Main November 2014 Meeting: Raspberry Pi update + systemd

Thu, 2014-10-30 12:30
Start: Nov 5 2014 19:00 End: Nov 5 2014 21:00 Start: Nov 5 2014 19:00 End: Nov 5 2014 21:00 Location: 

The Buzzard Lecture Theatre. Evan Burge Building, Trinity College, Melbourne University Main Campus, Parkville.

Link:  http://luv.asn.au/meetings/map

Please note that the November meeting is on Wednesday night rather than Tuesday night due to the Melbourne Cup.

Alec Clews, Raspberry Pi update

Russell Coker, systemd

The Buzzard Lecture Theatre, Evan Burge Building, Trinity College Main Campus Parkville Melways Map: 2B C5

Notes: Trinity College's Main Campus is located off Royal Parade. The Evan Burge Building is located near the Tennis Courts. See our Map of Trinity College. Additional maps of Trinity and the surrounding area (including its relation to the city) can be found at http://www.trinity.unimelb.edu.au/about/location/map

Parking can be found along or near Royal Parade, Grattan Street, Swanston Street and College Crescent. Parking within Trinity College is unfortunately only available to staff.

For those coming via Public Transport, the number 19 tram (North Coburg - City) passes by the main entrance of Trinity College (Get off at Morrah St, Stop 12). This tram departs from the Elizabeth Street tram terminus (Flinders Street end) and goes past Melbourne Central Timetables can be found on-line at:

http://www.metlinkmelbourne.com.au/route/view/725

Before and/or after each meeting those who are interested are welcome to join other members for dinner. We are open to suggestions for a good place to eat near our venue. Maria's on Peel Street in North Melbourne is currently the most popular place to eat after meetings.

LUV would like to acknowledge Red Hat for their help in obtaining the Buzzard Lecture Theatre venue and VPAC for hosting, and BENK Open Systems for their financial support of the Beginners Workshops

Linux Users of Victoria Inc., is an incorporated association, registration number A0040056C.

November 5, 2014 - 19:00

read more

Stewart Smith: New libeatmydata release: 105

Thu, 2014-10-30 10:27

Over on the project page and on launchpad you can now download libeatmydata 105.

This release fixes a couple of bugs that came in via the Debian project, including a rather interesting one about some binaries not running .so ctors to properly init libeatmydata and the code path in the libeatmydata open() not really dealing with being called first in this situation.

Enjoy!

linux.conf.au News: Speaker Feature: Meg Howie, Joshua Hesketh

Thu, 2014-10-30 08:28
Meg Howie Ask Away: Staking Out the Stakeholders

11:35am Friday 16th January 2015

Meg is a designer and thinker whose practice spans graphic, interactive, film, service and performance design. She is currently undertaking a Master of Design at Massey University and her research explores the influence of open source culture and participatory democracy on civic engagement. Meg’s work is deeply social, and draws from human-centred design, behavioural psychology and collaborative modes of working.

For more information on Meg and her presentation, see here. You can follow her as @howiemeg and don’t forget to mention #LCA2015.



Joshua Hesketh Who is Linux Australia?

3:40pm Thursday 15th January 2015

Joshua is a software developer for Rackspace Australia working on upstream OpenStack. He works from his home in Hobart, Tasmania. Joshua is currently President of Linux Australia, previously the co-chair for PyCon Australia and a key organiser for linux.conf.au. He has an interest in robotics having recently completed a degree in mechatronic engineering. Josh is an active contributor to the openstack-infra and nova projects.

For more information on Josh and his presentation, see here.

Andrew Pollock: [life] Day 273: Kindergarten, more startup stuff, and another Prep day

Wed, 2014-10-29 22:25

I had another busy day today. I've well and truly falled off the running wagon, which I really need to fix rather urgently. I would have liked to have gone for a run this morning, but it didn't happen.

I started off with a chiropractic adjustment, and then a bit of random cooking to use up some perishables, before the cleaners arrived.

While the cleaners were here, I managed to knock over another unit of my real estate course, which I was pretty stoked about. I'll try and get it in the mail tomorrow, and that's the last one from the first half of the course done.

I grabbed a massage, and then headed over to pick up Zoe early from Kindergarten to take her to school for another Prep introduction session. I really like Zoe's school. This year for the first time they're running a four week program where the kids can come for a couple of hours.

Today it was fine and gross motor skills. They divided the group in half, and Zoe's half did fine motor skills first. The kids rotated through three different stations, which all had three or four activities each. Zoe did pretty well with these.

Then the groups swapped over, and we returned to the hall where we started, to do some gross motor skills. I would have thought this would have been right up Zoe's alley, since a lot of it was similar to TumbleTastics, but she was very clingy, and they kept rotating between stations faster than she got warmed up to the activity.

She was a bit overwhelmed in the larger group setting in general. Hopefully next week with a bit of preparation before we come (and no Kindergarten) she'll do better.

After we got home, I showed Zoe a balloon full of water that I'd put in the freezer. She had a great time smashing it on the balcony. I'll have to do that again.

It's a hot night tonight, I hope Zoe sleeps okay. It was definitely time to bust out the fan.

Lev Lafayette: Training and Education in High Performance Computing for eReseachers

Wed, 2014-10-29 11:29

"Big data" requires processing. Processing requires HPC. Increased processing results in increased research output. Research organisations that do not increase HPC usage will fall behind. HPC requires either 'dumb down the interface or skill up the user'. Making "user friendly" interfaces may not be the right path to take as HPC use will always have a minimum level of complexity. Training courses that use andragogical technqiues correlate with increased HPC use.

Presentation to eResearch Australasia, Melbourne, October 28, 2014

linux.conf.au News: Speaker Feature: Christoph Lameter, Brandon Philips

Wed, 2014-10-29 08:28
Christoph Lameter SL[AUO]B:Kernel memory allocator design and philosophy

12:15pm Friday 16th January 2015

Christoph specializes in High Performance Computing and High Frequency Trading technologies. As an operating system designer and kernel developer he has been developing memory management technologies for Linux to enhance performance and reduce latencies. He is fond of new technologies and new ways of thinking that disrupt existing industries and causes new development communities to emerge.

For more information on Christoph and his presentation, see here. You can follow him as @qant and don’t forget to mention #LCA2015.



Brandon Philips CoreOS: An introduction

11:35 am Friday 16th January 2015

Brandon Philips is helping to build modern Linux server infrastructure at CoreOS. Prior to CoreOS, he worked at Rackspace hacking on cloud monitoring and was a Linux kernel developer at SUSE. In addition to his work at CoreOS, Brandon sits on Docker's governance board and is one of the top contributors to Docker. As a graduate of Oregon State's Open Source Lab he is passionate about open source technologies.

Brandon has also been a speaker at many conferences including Open Source Bridge 2012 and Open Source Conference 2012.

For more information on Brandon and his presentation, see here. You can follow him as @BrandonPhilips and don’t forget to mention #LCA2015.