Planet Linux Australia

Syndicate content
Planet Linux Australia -
Updated: 1 hour 8 min ago

Matt Palmer: Moving forward with an SSL Co-op

Wed, 2014-06-25 10:26

Since first posting my idea for an SSL co-op a couple of weeks ago, I’ve gotten some positive feedback from people, and further thinking and research has convinced me that it is feasible to at least attempt it.

As a result, I’d like to announce the public unveiling of The SSL Co-op. It is intended to be a commercial, not-for-profit1 organisation that issues widely-trusted certificates to members, for their use or for resale. Eventually, I’d like the co-op to be a root CA in its own right, with its certificate trusted by all the browsers and other X.509-using applications out there, but that isn’t something that’s achievable immediately.

At this stage, the co-op hasn’t been formed, and I’m looking for expressions of interest from individuals and organisations who would be interested in becoming members. If you fit that description, I’d really appreciate it if you could fill out a short survey so I can get a better idea of what sort of scale the co-op will be operating at initially.

This is the first step towards an interesting future, where there is more choice of provider for online identity verification. Exciting times.

  1. Despite a lot of misunderstanding to the contrary, “commercial, not-for-profit” is not a contradiction. “Commercial” means “doing things for money”, and “not-for-profit” means “not returning a dividend to investors”. In the case of the SSL co-op, it will be providing services to members on a cost-recovery basis, and any excess funds left over from that will be re-invested in the co-op to improve the services provided to members.

Lev Lafayette: ACIP Review of Innovation Patent System: No Software Patents!

Tue, 2014-06-24 21:29

The final report of the ACIP (Australian government Advisory Panel on Intellectual Property) review of the Innovation Patent System came out today.

The good news is that ACIP have recommended that "no method, process or system shall be patentable".


Selections from the Report follow. I note that they referred to several of the examples were included in the LUV submission.

read more

David Rowe: Energy Equivalents of a Krispy Kreme Factory

Tue, 2014-06-24 19:29

My 15 year old son is rather excited at the prospect of Adelaide’s first Krispy Kreme factory. This factory will be pumping out 5,000 donuts an hour.

Now a donut contains about 1000 kJ of energy. This is chemical energy, in the form as fat and sugars and carbohydrates. Our bodies are designed to “burn” this chemical energy and use it to run our bodies. If we don’t need any more energy when we consume to donut, then some of it the excess will be stored as fat. Energy can come in different forms, such as electricity, mechanical, or potential energy.

Energy is measured in Joules (J), lots of energy in kilojoules (kJ), or megajoules (MJ). Power is the rate we use (or produce) energy. If I use 1 J/s in my LED torch, that is 1 Watt (W). My electric car uses 5 kW when I cruise along at 60 km/hr. So 5,000 J/s is moving from my batteries to the electric motor of the car.

The average human uses 8700 kJ per day. That means we need to injest roughly 8700 kJ of energy, and our body uses about the same amount of energy. This energy runs our body, and gives us some energy for moving about. There are 24(60)(60) seconds in a day. So the power consumption of the average human (energy/second) is 8,700,000J/(24(60)(60))=100W. about the same as a large incandescent light bulb.

So as we know the energy in a donut, and the rate at which the donuts are produced, we can measure the Power Output of the Krispy Creme factory. Then compare that to all sorts of other power producers and users in our lives.

Here are a few energy equivalents (spreadsheet):


A related analysis is Fuel Consumption of a Pedestrian Crossing.

Andrew Pollock: [life] Day 146: A unexpected Zoe-free day, and lots of startup stuff as a result

Tue, 2014-06-24 19:25

Zoe apparently coughed all night last night, so Sarah decided to keep her home from Kindergarten today. We had a bit of a chat this afternoon about whether or not it could be asthma, and have set up a shared diary to keep track of her symptoms for a while.

I got stuck into my real estate course today, and finished off the final bit of assessment that has been dogging me for one module, and completed another module and its assessment, and am half way through the next module after that.

Smudge had her annual check up from the vet. Dr Anthony came out this time, and he was really lovely. He spent about 45 minutes here, and gave Smudge a very thorough examination and a vaccination. I'm really impressed by their service. It beats trying to wrangle a cat in the car to the vet. It was too bad that Zoe wasn't here this afternoon, because I thought she would have enjoyed watching.

I also finally managed to get some traction talking to Origin Energy about getting the building's hot water heater replaced, so hopefully cold showers in the morning will soon be a thing of the past. The state sales manager for retrofits came out and talked to me and looked at the plant and is going to send through a proposal soon.

I've moved my fortnightly evening yoga class to Tuesdays to better fit in with Anshu's amateur theatre schedule, so I'm looking forward to topping off a productive day with a good yoga session.

Michael Fox: First post for new personal site

Tue, 2014-06-24 17:26

I’ve decided to delegate my long running domain into a personal site for my family and I. The content moving forward against this site will be non technology.

Technology related posts have been moved to my alternative domain, which in the longer term will make sense why I have done this change.


Brendan Scott: brendanscott

Tue, 2014-06-24 11:29

They say there is no evidence one way or the other about the usefulness of the innovation patent system.  Seem a little annoyed that so many people said to remove software patents.

Details here.

David Rowe: HF Modem Frequency Offset Estimation

Tue, 2014-06-24 07:29

One of my goals for 2014 is to make FreeDV work as well as SSB on HF radio channels. Recently I have been working on improvements to the frame sync algorithms used in the FDMDV modem. I would like to move from a “hard” sync decision to a “soft” one, such that the demod can track through fades. Often during a fade our signal is still there, so it’s better to wait around a bit than go off trying to find a new one. There is a trade off between remaining “in sync” and tracking through a fade and syncing up quickly when a new FreeDV signal appears.

Frame sync relies on the coarse frequency offset estimation algorithm, that works out the centre frequency of the modem signal is in the receivers passband. The nominal centre frequency is 1500 Hz. An offset of 100 Hz would mean the centre frequency is actually 1600 Hz. We need to know the offset within a few Hz for the demod to work properly. If we don’t get the frequency offset right, the demodulator outputs garbage, so no decoded speech. If the frequency offset estimation jumps about, the decoded speech will stop and start.

Frequency Offset Estimation in Action

The frequency offset estimation algorithm works by multiplying (mixing) the incoming signal with a noise free copy of the expected BPSK pilot signal. We then take the FFT of the resulting signal, and peak pick. On a good day, this will have a peak corresponding to the frequency offset. We then usually apply some post processing logic to correct the inevitable errors.

Here it is in action for a 0dB SNR AWGN channel with a -50Hz frequency offset. It’s a weak signal. First a spectrogram of the signal at the input of the demodulator, then a spectrogram of the output of the mixer (note -50Hz line), then a plot of four frequency offset estimates. The x axis in all plots is time, one frame is 20ms, 50 frames 1 second.

The four frequency offset lines “foff_xxx” above show firstly the “raw” output from peak picking the FFT, then the output from three different post processing algorithms. While all but the foff_thresh line look OK here, in practice they all have there pros and cons, none are completely reliable.

Here are the same plots on the nasty HF fading channel. You can see gaps in the pilot just under 1500Hz, which leads to the “dotted” -50Hz line on the mixer output spectrogram. The raw frequency offset estimate is all over the place, although it does get cleaned up by the post processors. Note the foff_state and foff_thresh plots take a long time to lock up, e.g. foff_thresh doesn’t jump to -50Hz until quite late in the simulation, and foff_state takes more than 1 second (50 frames).

Automated Tests

I’ve written a Unit Test (UT) in Octave called fdmdv_ut_freq_est.m that can perform automated tests of various channel conditions:

Test 3: 30 Seconds in HF multipath channel at 0dB-ish SNR

  Channel EbNo SNR(calc) SNR(meas) SD(Hz) Hits Hits(%) Result

    AWGN  3.00  0.78      1.18     22.00   200  100.00  PASS


Test 3: 30 Seconds in HF multipath channel at 0dB-ish SNR

  Channel EbNo SNR(calc) SNR(meas) SD(Hz) Hits Hits(%) Result

      HF  3.00  0.78      1.71     87.36   188  94.00  FAIL

The UT also generates the plots above to help me debug the frequency offset estimation algorithm.

Mesh Plots

I discovered that mesh plots were an interesting alternative to spectrograms for plotting signals in 3 dimensions such as time, frequency, and amplitude. On Octave, the mouse can be used to rotate the view of the mesh plot to view it from different angles. Here are some animated videos generated by Octave that illustrate the effect.

The first video is the modem spectrum, with a SNR of 10dB, in an AWGN channel. You can see the central “fin” which is the high energy BPSK pilot. Looks like a toaster! Note the slope from 0 to about 10 frames as the filter memories in the modem “fill up” from the all-zero state at start up.

The second video is the output of the frequency offset estimation mixer. Note the “blade” along the -50Hz line. This is the peak we are looking for.

The third video shows the mess the HF fading channel makes of the modem signal. Deep notches appear, and also some peaks, higher than the signal in the AWGN channel. I wonder if these peaks (short regions of high SNR) they can be used? As the mesh is rotated so it is flat, we get a form of the 2D-colourmap spectrogram.

This command line was used to generate the animations from the PNGs generated by Octave:

david@bear:~/tmp/codec2-dev/octave$ mencoder mf://*.png -mf w=640:h=480:fps=5:type=png -ovc lavc -lavcopts vcodec=mpeg4:mbd=2:trell -oac copy -o freq_est.mp4


I’m not quite happy with the frequency offset estimation algorithm. It still occasionally fails when the BPSK pilot is wiped out completely by a fade. Not quite what I want for the HF channel. Now that I’ve written it up here, I will take a break while I work on the SM1000 code, and come back to frequency offset estimation later.

I’d also like to try FreeDV with no frequency offset estimation. In a way, it’s just another algorithm that can go wrong in fading channels. Without it, the operator would need to tune the receiver to within say 10% of the symbols rate, e.g. 0.1(Rs) = 0.1(50) = 5Hz. But many SSB operators do that anyway. If a higher symbol rate was used, say Rs=200Hz, it’s +/- 20Hz. If we disable frequency offset estimation, we could lose the pilot, saving 1.2dB of SNR, 150Hz of bandwidth, and reducing Peak to Average Power Ratio (PAPR). It could also be a switch-able option, manually disabled by the operator for low SNR channels.

Andrew Pollock: [life] Day 145: Kindergarten, random stuff and looking after Charlie

Mon, 2014-06-23 22:25

Zoe woke up a bit early this morning at 5:38am. We snuggled in bed for a while, but I don't think there was any more sleep.

She's been coughing constantly since yesterday, and I took her to school in the car to keep her out of the cold air. I debated whether to send her at all, but she was in good spirits, and we had to bring Charlie home after Kindergarten.

I had a call with the Family Relationship Centre at 9:30am, and so I mostly faffed around until that happened, and then felt pretty listless afterwards, so I didn't get a whole lot of anything significant done today. I did pull together some numbers needed to file what I expect to be my last FBAR. That is one thing I will most definitely not miss about having any connection with the US.

I'd offered to help out Charlie's parents, Odette and Julian, while their daughter with cystic fibrosis was in hospital for treatment, by picking up Charlie after Kindergarten. Today was a day they took me up on the offer, so Charlie came home with us. I keep thinking of Charlie bit my finger.

He was fine with the whole thing, despite not having really had much to do with me prior to today. The most complicated part of the whole thing was trying to get his car seat into my car. He seemed quite excited to be coming home with Zoe. I might need my shotgun sooner than I thought.

I was a bit unsure of how to entertain a boy, but he was pretty easy going. He was happy to pat Smudge and follow Zoe around. They were pretty quiet in her room, and when I looked in on them, they were sitting on the bed together and Charlie was watching Zoe play a game on her tablet.

They did a bit of painting together, and then I busted out the Kinetic Sand, which hasn't seen any use for months, and that kept them occupied for a good amount of time. They watched a little bit of TV and then Julian arrived to pick him up. It was all pretty easy really.

I managed to get Zoe a doctor's appointment that dovetailed nicely with the afternoon's schedule, so we headed over to see him. He said her chest sounded clear. For the last couple of doctor's visits there's been a lot of talk about asthma, given I had it as a child. He prescribed her a Flixotide inhaler. It's just so hard to tell if it's asthma, or a post-nasal drip-related cough that's hanging around. I'm a bit paranoid about letting an untreated cough go for too long lest it wind up being bronchitis.

Since we were already out in the car, I dropped Zoe around to Sarah's place.

David Rowe: Email to an Anti-Vaxer

Mon, 2014-06-23 12:30

I recently had an email conversation with an anti-vaxer. I enjoy critical thinking exercises like this, and thought my response might be useful to publish.

The anti-vaxers key points (I’ve paraphrased here as it was a private email) where:

“An Australian TV program A Current Affair (ACA) screened a segment around a family who was awarded a $10M settlement after their baby had a serious adverse reaction to a vaccination. The ACA article claimed 200 other similar cases, and that a cover up by professionals was involved. The Anti-vaxer knows Doctors, Nurses, and Microbiologists who share the same anti-vaxer views, and considers the list of ingredients in vaccines to be horrible.”

Here is my response:

I researched the case you mentioned and there is indeed evidence (Link) that the poor child sustained brain damage as a result of that vaccination procedure. It’s food for thought:

  1. If true, that’s 1 serious adverse affect out of perhaps 10M vaccinations in this country (my guess) last year. I understand there are often adverse but minor reactions (e.g. fever). It also appears the authorities dropped the ball on that vaccine. However it has been noticed, and corrected. That’s why I love science.

    When was the last time an anti-vaxer said “Oh, you know what – I was wrong”.

  2. Mumps (alone) very badly hurts 2 children out of 1000 (Ref).
  3. If you get in a car your risk of death is 5 in 100,000 per year (Ref). So when your drive to your anti-vaxer meeting you have a 500 times greater risk of stone cold death than a possible risk of injury from vaccination.
  4. “A Current Affair” is not known for reputable science journalism. That doesn’t mean their claims are not true, but it would be prudent to look further rather than accept a tabloid TV story just because it fits your world view. Do you have any evidence for the claims of the other 200 cases? If it’s truly a criminal cover up involving harm to a child, are the Police investigating? Why not?
  5. Dr/Nurses having an opinion is called an “argument from authority”. Their view has some validity, and is a good source of a hypothesis (i.e. an untested idea or theory). But it doesn’t prevail over evidence. It’s not a fact – merely an opinion. The gold standard for evidence is peer reviewed journal papers. If you really want to know – go Google a few of them. I was surprised to find the medical ones quite easy to read.
  6. There are horrible substances in nature (like animal faeces spread on my vegetables to fertilise them, or nasty bacteria in milk). Doesn’t make vegetables bad for me. Oh wait.
  7. However it’s a lot of work to read up on all this, and we seem to get one health “risk” shoved at us after another from friends (“They say…….”), Facebook, and the media.

    So I have a very quick test I use to filter claims. Do you personally know anyone who has sustained any permanent damage from a vaccine? Ever been to a funeral where some one has died from a vaccine?

    David’s very simple test of what’s really a health risk and what’s not – “who do you know who has died from this?”. I know many people have died in a car accident, or from suicide, heart disease, old age, and cancer. So they are real risks for me.

  8. These graphs from the CDC say it all. Infectious disease. Nailed. Deaths halved. Life spans doubled. IFL vaccinations and anti-biotics!

    - David

Sridhar Dhanapalan: Twitter posts: 2014-06-16 to 2014-06-22

Mon, 2014-06-23 00:27

Glen Turner: RaspberryPi: moving between development and production Linux kernels

Sun, 2014-06-22 18:54

To move to the latest development kernel say:

raspberrypi$ sudo rpi-update

rpi-update will load a kernel from If you know the commit you can pass that as a parameter to load a specific kernel.

To move back to a production kernel say:

raspberrypi$ sudo apt-get install --reinstall libraspberrypi-bin libraspberrypi-dev libraspberrypi-doc libraspberrypi0 raspberrypi-bootloader

Matt Palmer: Key Transition Statements: Worthless?

Sun, 2014-06-22 17:26

Ten days ago, I blogged about (finally) generating a GPG key transition statement. As the title of this post suggests, I have received zero signatures. Have other people had any success with transition statements? Perhaps it’s time to hit up Debian developers I know one-by-one…

To the IRCz!

David Rowe: Fixed Point Goertzal Tone Detector

Sat, 2014-06-21 23:29

This post is a tutorial on fixed point DSP, where I provide a detailed worked example of porting a Goertzal algorithm based tone decoder from float to fixed point.

My post on Fixed Point Scaling is consistently popular. I think that’s because there just isn’t much information out there on fixed point DSP. In particular, step by step instructions on how to convert a floating point DSP algorithm into fixed point. How to engineer it. Systematically.

This weekend I’ve been working with Matt (VK5ZM) who is building a CTSS tone decoder board for FM repeaters. Matt is using the efficient, but difficult to spell Goertzal algorithm.

The Goertzal algorithm computes a 1 point Discrete Fourier Transform (DFT). You can ask it to take a look at a time domain signal (e.g. a sine wave in noise), and it will work out how much power is at a certain frequency. For Matt’s application, he will tune it to the CTSS frequency, and it will return a big number if energy is present at that frequency. Apply a threshold and you have a tone decoder.

Matt would like to run it on a little AVR micro-controller, so it must be in fixed point. Which is were the fun begins.

Here is the step by step fixed point port of the Goertzal from float to fixed point, in working C source code form. Each step runs, and the results can be compared. Lots of notes in the source, including the simple algebra I use to engineer the conversion.

I dumped the variable s into a text file and plotted it using Octave in order to determine the maximum value and work out suitable scaling for the fixed point version of s.

octave:6> load s.txt

octave:7> plot(s)

octave:8> max(s)

ans =  8.6974e+05

octave:10> log2(max(s))

ans =  19.730

Hmm, it looks like an unstable oscillator (i.e. keeps growing), and would need more magnitude bits bits if N or AMP was larger. Lets call it 20 bits of magnitude, add 1 for a little headroom, and one for the sign bit so that makes a suitable fixed point format Q22.10. If you are not familiar with the Q format, please see this post on Fixed Point Scaling.

Look at the scaling for the input signal x[n]. We immediately right shift discarding 6 magnitude bits. The maximum value of x[n] is 512 (9 magnitude bits) so the algorithm works just fine with the input sine wave quantised to just 3 magnitude bits! My reasoning for this is that we are trying to detect a frequency, and frequency information can be conveyed by just the sign bit (0 magnitude bits). For example a frequency counter works with just a zero crossing detector. Or Frequency Modulation (FM) – which uses non-linear amplifiers in both the transmitter and receiver that discard the magnitude information.

Beer and Original Thinking

I came up with this algebraic approach to fixed point during a 3-pint lunch when I was working at DSpace about 10 years ago. I was stuck on fixed point DSP issues that morning and the beer helped shift me off the “rail road tracks” and generate some original ideas. Well original to me at least, I’m sure other people are using similar techniques. Unfortunately when I staggered back from lunch I couldn’t think straight enough to code that day!

Automated Testing

To explore the frequency response we wrote an Octave script pgoertzal.m. You can see a sweep from 0 to 250 Hz (typical CTSS tone range), and a close up of the area around the 91.5Hz tone we designed the detector for. You can see that the float and fixed point versions are very close. The red line is the mask for valid tone detection.

The C simulation has a bunch of automated tests. Test1 compares the various steps in the fixed point port. Test2 performs the frequency sweeps that we plot with pgoertzal.m, and Test3 evaluates various points around the red tone detector mask above, to make sure tone is (or is not detected):

david@bear:~/Desktop/goertzal$ gcc goertzal.c -o goertzal -Wall -lm && ./goertzal

Test 1:

  ideal.: 3.865471e+10

  float.: 3.865059e+10   PASS

  step 1: 3.865059e+10   PASS

  step 2: 3.795299e+10   PASS

  step 3: 3.794384e+10   PASS


Test 2:

  p: 3.719829e+10 e: 3.859250e+10 expect: 1  we got: 1  PASS

  p: 9.067479e+09 e: 9.671114e+09 expect: 1  we got: 1  PASS

  p: 5.038281e+09 e: 3.859631e+10 expect: 1  we got: 1  PASS

  p: 4.822790e+09 e: 3.854798e+10 expect: 1  we got: 1  PASS

  p: 3.700040e+08 e: 3.860324e+10 expect: 0  we got: 0  PASS

  p: 3.825746e+08 e: 3.852967e+10 expect: 0  we got: 0  PASS

Fixing my HP8656 Signal Generator

While I was working on the fixed point code Matt was kindly working on my HP8656 signal generator. This had developed a fault that was popping my house circuit breakers every time I plugged it in! Matt traced the fault to a short in the input mains filter that was an integral part of the IEC power connector. He bypassed the faulty filter and the sig gen burst back into life! Thanks Matt! Now I will be able to work on the simple (uC-based) SDR radio ideas I have.

The inside of the HP8656 is really a lovely example of engineering. It sports a bunch of DIL (non surface mount) chips, including both 8085 and 6502 CPUs, lots of semi-rigid coax, copper fingers everywhere, programmable attenuators, and a linear power supply. It must have been a joy to be an engineer at HP back in the day.

Glen Turner: Using conserver to control serial consoles in Fedora 20 (heisenbug)

Sat, 2014-06-21 10:40

At some point logging into a bastion host to run Minicom becomes tiring. You really want a console server so you can access the serial console from your workstation. The prime candidate in Linux is conserver. Unfortunately the instructions to set it up are quite obscure, so this posting demonstrates conserver on Fedora 20.

Installing conserver

Conserver ships as two packages: conserver-client, to be installed on every machine which want to use the console server; and conserver, the console server itself, to be installed on the serving machine.

client$ sudo yum install conserver-client server$ sudo yum install conserver conserver-client Server configuration: system aspects

Edit /etc/hosts.allow to permit and restrict access to conserver. This example allows global access:

conserver: ALL

Add a group to control access to the serial consoles. This example uses "conserverin":

server$ sudo groupadd -r conserverin

Add each user you want to be able to use the serial consoles to that group:

server$ sudo usermod -a -G conserverin vk5tu

Add a PAM module to allow conserver to check passwords. Add a file /etc/pam.d/conserver containing:

#%PAM-1.0 session optional force revoke auth required auth required auth required item=user sense=deny file=/etc/security/conserver/blacklist.conf onerr=succeed auth include password-auth account required account include password-auth session required session include password-auth Server configuration: Conserver aspects

Now for the main event, the configuration of the conserver daemon itself.

Tell conserver to use PAM for password authentication by having /etc/conserver.passwd consist solely of:


The remaining configuration is in /etc/ The configuration phrases are documented in man manual page

We will configure two serial consoles: for /dev/ttyrouter and /dev/ttyswitch. A previous posting [1] discusses setting up symlinks for serial devices so we don't hardcode possibly-changing port numbers. These devices are RS-232 serial consoles with all control and handshake lines present and correct, as discussed in previous postings [2], [3] about RS-232 cabling. These days serial consoles typically run at 9 600bps, 8 data bits, no parity, 1 stop bit-time, although there is a trend towards running at the fastest speed supported by the UART, typically 115 200bps.

Firstly, let's set the scene:

config * { autocomplete no; # Prompt for userid and password. defaultaccess allowed; sslrequired yes; } group congroup { users @conserverin; }

Secondly, let's define a RS-232 device with typical serial terminal settings:

break 1 { # \z is RS-232 break signal. string "\z"; } default condefault { baud 9600; # Only one allowable type of break, the RS-232 break. break 1; breaklist 1; # A serial TTY in /dev type device; master localhost; motd "Press Ctrl+E c . to exit"; # No XON/XOFF handshaing, CTS/RTS handshaking, send SIGHUP on loss of DCD, # drop all control lines until someone wants to use the terminal. options !ixon, !ixoff, crtscts, hupcl, ondemand; parity none; # Copy bytes from console exactly. protocol raw; rw congroup; # Log connections, disconnections and use of break. timestamp a b; }

Finally, let's configure each serial console:

console router { include condefault; device /dev/ttyrouter; } console switch { include condefault; device /dev/ttyswitch; }

Conserver has one very nice feature. It can record console traffic which appears when no one is logged in. So if you have a test farm for testing embedded devices then conserver can catch any console output, such as a kernel crash. This "options" line will do the job:

default condefault { … options !ixon, !ixoff, crtscts, hupcl, unloved, reinitoncc; … } Client configuration

On each client, including on the server, add a configuration file /etc/ containing:

config * { master; sslrequired yes; }

If you want to be fancy you can set the XTerm heading to show which serial system has been connected to:

terminal xterm-256color { attach "^[]0;U@C^G"; attachsubst U=us,C=cs; } terminal xterm { attach "^[]0;U@C^G"; attachsubst U=us,C=cs; } Client use

From a machine with an installed client say console name, such as:

client$ console router Enter's password: uJLOG7Z79zk0ivAehipZhuZ6 [Enter `^Ec?' for help] [-- MOTD -- Press Ctrl+E c . to exit] Router> Server configuration: further features

This conserver configuration uses SSL with temporary certificates. It is a much better idea to set up your own certificate authority and issue server and client keys. Then you can allow global network access to conserver whilst still controlling which clients can connect. Clients also have the reassurance that the correct server has been connected to, prior to prompting users for their name and password.

Rusty Russell: Alternate Blog for my Pettycoin Work

Sat, 2014-06-21 10:28

I decided to use github for pettycoin, and tested out their blogging integration (summary: it’s not very integrated, but once set up, Jekyll is nice).  I’m keeping a blow-by-blow development blog over there.

TasLUG: Launceston June Meeting

Sat, 2014-06-21 00:25
G'day all

For this month's Launceston meeting, Phil will be giving us an introduction to NAS4Free, a BSD licenced fork/continuation of FreeNAS.


Saturday 28th June

Royal Oak


As usual, some of us will be meeting for lunch beforehand at 1:00pm.

Hope to see you there!

Google Maps Link

NAS4Free Website


Gov Hack 2014: June 11-13th (Hobart venue)

OpenStack 4th Birthday: June 17th (RSVP here: )

Next Launceston meeting: 2:00pm July 26th (Topic TBC)

Glen Turner: Attach a serial terminal to Fedora 20 (heisenbug)

Sat, 2014-06-21 00:08

Sometimes we want to connect a serial terminal -- think a laptop pretending to be a DEC VT100 -- to a machine running Linux.

Note that this is the same technology as used for a serial console, but the intent is very different. A serial console is a serial terminal which sees the console messages and can have elevated privileges. A machine can only have one console. Because console messages can't be buffered for long, the serial console does not typically run flow control or obey modem status lines. All these factors make ports configured as serial consoles unsatisfactory for use as a general-purpose serial terminal.

This posting is about creating an effective serial terminal. As might have existed on a UNIX minicomputer of twenty years ago.


Get the cabling correct. If you get the status signals wrong then if you forget to logout you (or worse still, someone else) can connect back into an old running session.

To interconnect two IBM PC/AT DTE connectors (as you might find on the rear of a desktop computer, on a laptop, or on a USB/RS-232 dongle) you want a RS-232 cross-over cable wired like this:

DCD (in) 1 ---+-------------------- 4 DTR (out) DSR (in) 6 ---+ RxD (in) 2 ------------------------ 3 TxD (out) TxD (out) 3 ------------------------ 2 RxD (in) DTR (out) 4 --------------------+--- 1 DCD (in) +--- 6 DSR (in) Gnd 5 ------------------------ 5 Gnd RTS (out) 7 ------------------------ 8 CTS (in) CTS (in) 8 ------------------------ 7 RTS (out) RI 9 ---nc nc--- 9 RI

Connecting Gnd to Gnd, Tx to Rx, Rx to Tx is pretty obvious. Connecting the handshaking lines CTS to RTS, RTS to CTS is a little less obvious, but simple enough. The Data Terminal Ready output has to assert both the Data Set Ready input (which indicates that all the other lines have a valid signal) and the Data Carrier Detect input (which indicates that the line has a connected call). The Ring Indicator is a bit of an oddity (it's only on Intel UARTs) and as the signal follows the ring tone of an incoming call it's next to useless as a status line for anything but an acoustic coupler modem.

When we start a terminal emulator it will assert DTR and that will let the other computer know that there are valid signals (via DSR) and there is a connected call (via DCD).

When we use the terminal emulator TxD and RxD will exchange data. If there is too much data to be buffered then the host will deassert RTS, this will be see as a deasserted CTS at the sender, and it will stop sending until CTS is asserted once more. This flow control allows a huge cut-and-paste without loss of data, which is something you don't miss until it doesn't work.

When we exit the terminal emulator it will drop DTR, that will drop DSR and DCD at the host, and any logged-in session will be cleared down. If you restart the terminal emulator you will see another login prompt, not an in-progress session.

If you make the cabling yourself, then save yourself some pain and buy some pin-type RS-232 backshells and a pin crimper rather than the solder-type RS-232 backshells. You should ideally use shielded cable, but UTP will work fine for a few metres.

See this previous posting about using RS-232/RJ-45 backshells and UTP structured cabling.

init system and getty

The UNIX tradition is that the init system starts a process named getty ("get tty") which waits upon a connection to /dev/ttyS0, or whichever device is connected to the terminal. There is one getty listening per idle terminal. The getty prints /etc/issue, asks the user's name, and then calls login to ask for the user's password. If the password is good then login starts the sh ("shell") user interface. When the user exits sh then the call on /dev/ttyS0 is cleared down (by dropping DTR for a few seconds) and a new getty is started to wait for the next connection. Alternatively, if the shell is running and the serial terminal disappears (DCD drops) then the device sends a SIGHUP ("hang up") to the process which has the device open -- that is, sh -- to end its session.

Configure the init system to start a getty to listen for a incoming call. The procedure is is well described in a systemd blog. Copy the prototypical service file to the machine-specific directory:

$ sudo cp /usr/lib/systemd/system/serial-getty\@.service /etc/systemd/system/serial-getty\@ttyS0.service

Then edit /etc/systemd/system/serial-getty@ttyS0.service to make agetty behave well. Use the modem status lines (DSR, DTR, DCD), flow control (RTS, CTS) and a fixed speed:

ExecStart=-/sbin/agetty --8bits --flow-control -L=never ttyS0 9600

Then add the file into the systemd boot procedure:

$ sudo ln -s /etc/systemd/system/serial-getty\@ttyS0.service /etc/systemd/system/ $ sudo systemctl daemon-reload $ sudo systemctl start serial-getty\@ttyS0.service

Check your work:

$ systemctl status -l serial-getty@ttyS0.service serial-getty@ttyS0.service - Serial Getty on ttyS0 Loaded: loaded (/etc/systemd/system/serial-getty@ttyS0.service; enabled) Active: active (running) since Fri 2014-06-20 22:41:09 CST; 52min ago Docs: man:agetty(8) man:systemd-getty-generator(8) Main PID: 896 (agetty) CGroup: /system.slice/system-serial\x2dgetty.slice/serial-getty@ttyS0.service └─896 /sbin/agetty --8bits --flow-control -L=never ttyS0 9600 Jun 20 22:41:09 systemd[1]: Started Serial Getty on ttyS0

Note that neither agetty nor systemd place a lock file into /var/lock/lockdev/, which is a little disappointing.

Russell Coker: Expectations of Skill and Time

Fri, 2014-06-20 21:27

On many occasions I’ve seen discussions about the background knowledge that people are expected to have to contribute to FOSS projects. Often the background knowledge is quite different from the core skills related to their contributions (EG documentation mark-up skills required for coding work or knowledge of code required for writing documentation). One argument in favor of requiring such skills is of the form “anyone who’s good at one aspect of the project can learn skills for the other areas”. Another is of the form “anyone who has time to contribute in one area has time to learn all the other areas, anyone who doesn’t want to learn is being lazy”.

I think it’s reasonable that someone who is considering donating their time to a project would want to start doing something productive immediately. If someone has to spend many hours learning how things work before contributing anything of value they may decide that it’s not a good use of their time – or just not fun. Also if the project is structured to require a lot of background knowledge then that will increase the amount of time that long-term contributors spend teaching newbies which is another way of sucking productive energy out of a project.

I don’t think it’s lazy to want to avoid learning unusual tools before starting a project. Firstly there is the issue of wanting to make productive use of your time. If you have a day for FOSS contributions and you can choose between spending 6 hours learning an environment for one project or 1 hour for another project then there’s a choice of 2 hours or 7 hours of productive work. Someone who has the luxury of being able to spend several days a month on FOSS projects might think it’s lazy to want to make effective use of 1 day, but there are a lot of people out there who are really busy and can only spend a few days a YEAR contributing, spending half a day learning an obscure development environment or documentation system can take a significant amount of someone’s yearly time for such work. To make things even worse some of the best programmers are the ones who have little free time.

For documentation MediaWiki (the software behind Wikipedia and has a lot going for it. While it’s arguable that it’s not the best Wiki software out there (many people have wanted to argue this with me even though I don’t care) it’s obvious that MediaWiki is the most widely used Wiki software. If you have documentation stored in MediaWiki then most people who have any exposure to the IT industry, the FOSS community, or the Internet in general will already have experience using it. Also Wikipedia serves as a large example of what can be done with MediaWiki, there have been more than a few occasions when I have looked at Wikipedia for examples of how to layout text. Some people might think I’m lazy for never reading the MediaWiki documentation, but again I’ve got lots of other things to do and don’t want to spend a lot of time learning about MediaWiki instead of doing more useful things like creating content.

Project source code should be as consistent as possible. While large projects may have lots of modules and dependencies it’s best to try and keep them all in one place. If your project depends on libraries of code from other sources then it’s helpful to distribute copies of those libraries from the same location as the project source – particularly when the project depends on development versions of libraries. Then if there’s any mismatch between versions of libraries it will be a clear unambiguous bug that can be reported or fixed instead of being an issue that requires checks of what versions everyone is using.

One thing we should aim for in FOSS projects is to get the “long tail” of contributions. If someone spends a day fixing bugs in a dozen projects to get their own system working as desired then it would be good if they could submit patches without excessive effort at the same time.

This doesn’t just apply to FOSS development, it also applies to a large extent to any collaborative project on the Internet. For example if I was to start a Wiki for fans of a sci-fi series wikia would be the first option I’d consider because most potential contributors know it.

Proprietary Software Development

I’ve seen all the same problems when developing proprietary software. The difference is that money and morale is wasted instead of contributions. Often in commercial projects managers choose products that have a good feature list without considering whether all their staff need to be retrained. Programmers can usually train themselves so it’s often a hidden cost, the training is paid for in lost development time (both directly in time spent learning and indirectly when people make mistakes).

One significant advantage of using free software on Windows is that programmers can play with it on their own. For example I’ve never done a fresh installation of SourceSafe or ClearCase, but if I was going to work on a project that involved Git or Subversion on Windows then I could play with it and learn without risking disruption to the rest of the team. If commercial software is to be used then being common and relatively cheap is a significant advantage. MS SourceSafe offers significant benefits over most version control software on Windows simply because the vast majority of Windows developers have already used it and because it’s cheap and easy to setup a test instance if necessary.

I don’t care about the success or failure of proprietary software projects in general (I only care when I’m paid to care). I also don’t expect that people read my blog with the aim of getting advice on running successful proprietary software development projects. This section is merely to illustrate the general nature of such wasted effort on collaborative projects – and I should put my observations of failing proprietary software development projects to use.


Some Debian Developers are having a discussion about such things at the moment. That discussion inspired me to write this post. But I’m mostly writing about my experience over the course of 20+ years working in the IT industry and contributing to FOSS projects – not in a direct response to the Debian discussion (most of which I haven’t yet read).

Related posts:

  1. Expectations and Fandom Russ Allbery has written about the hostile reactions of sci-fi...
  2. It’s Election Time Again Linux People and Voting Chris Samuel (a member of LUV...
  3. CPU time use from WordPress Javascript Currently I have some significant problems with Javascript CPU use...

Andrew Pollock: [life] Day 142: Kinderballet, lunch out and some bike riding practice

Fri, 2014-06-20 21:26

Today was a really nice day. Just the right amount of "full".

Sarah dropped Zoe around in the morning, and after a bit of TV, we headed over to Kinderballet. The dance school that also uses the facilities was having exams today, so we were relegated downstairs to a smaller room. There was no adjacent kitchen for all the parents to sit in, so we all had to just congregate outside in the drizzle.

I struck up a conversation with (I keep wanting to write "another") a mother. She had a teenage son from a previous marriage, and it was interesting to hear about her experiences with shared care. The time went pretty quickly chatting with her.

After Kinderballet, we went home. I had to make a couple of lengthy phone calls, and Zoe was really patient and entertained herself on her tablet while she waited for me.

Then we headed down to Oxford Street to meet my friends Brett and Rosemary for lunch. I brought the tablet with us to keep Zoe entertained. Again, she was really good all through lunch. Initially, she didn't want her lunch and was more interested in my "breakfast for lunch" plate, but after she had sampled all of mine (she really liked dipping her chips in my hollandaise sauce), she ate a bit of hers as well. I don't normally cook her steak at home, so I think the steak was a bit of a novelty for her.

The service was so bad that I couldn't bring myself to spend any more money there and get some cake to share, but Zoe has a mind like a steel trap, particularly when it comes to dessert (she is her father's daughter), so we went to Max Brenner, since I had mentioned cake.

That took us through to about 2pm, and the weather cleared up to reveal a pretty nice day, so I thought some practise riding the bike was in order to burn off some of the calories.

We got home, and discovered that the Ergo Performance that I'd lent my sister had arrived in the mail. She wasn't using it any more, and I wanted to see if Zoe could still fit in on my back for while we're in the US, in case she gets tired.

Turns out she does still fit in it, and is good for another 3 kg or so before she's too heavy for it. She also thought it was huge fun to be strapped onto my back, and so I had her strapped onto me while we loaded up the car with her bike, and I talked to the guy who had come out to service the building's hot water heater.

We really need to make use of the Minnippi Parklands more often. The place is a beautiful oasis, and the perfect spot for learning to ride a bike. The bike path is long, straight, flat and not too busy, so we did quite a few runs back and forth. Zoe didn't fall over once, and I think if we can do this a few more times she should get her confidence up.

After that, we headed back home, and I got dinner on. Bath time and bedtime ran a bit early, but that was okay. I'm thinking we might go back to Minnippi again tomorrow after swim class.

Andrew Pollock: [life] Day 141: Sports Day and not a lot else

Fri, 2014-06-20 21:26

I started the day off with a yoga class. I was pretty tired from staying up too late watching the State of Origin last night, so I wasn't as into it as usual.

I had a rushed morning to try and get over to Sarah's to pick up Zoe, and skipped breakfast until we got back, and then we biked over to Kindergarten for their Sports Day.

As we pulled out of the garage, it started drizzling, but Zoe was adamant that we go by bike, so I stuck with it. Fortunately it didn't do any more than drizzle on the way, and Zoe had enough layers on that she didn't seem to notice.

The Sports Day was pretty much just the neighbouring State School inviting the Kindergarten kids to join in as well. There was all the kids from the second half of the week plus whatever kids showed up from the first half of the week. It drizzled on and off throughout.

As they were marshaling the kids for their race, Zoe announced she needed to go to the toilet, so I bolted back to the Kindergarten with her. Fortunately she didn't miss her race.

More annoyingly, I forgot to charge my SLR last night, and the small amount of juice left in the battery wasn't enough, and the camera gave up before Zoe's race. So I have a few photos of random Kindergarten kids running, but not Zoe.

After that, we biked home again. It had stopped raining, fortunately.

It was a pretty grey and miserable day though, and I didn't really have anything in particular planned. After lunch, I thought I'd see if I could find a copy of How to train your dragon, since the new movie is out now, and I was thinking we could go see it tomorrow if the weather remained lousy.

Blockbuster over at Cannon Hill had a copy, so we drove over there and I rented it. We made some popcorn and watched it together. I didn't realise the movie was rated PG until we started watching it, but it wasn't too bad. Only slightly worse than The Incredibles. The dialog may have been a bit over Zoe's head for parts, but she enjoyed it nevertheless. Now that I know the sequel is PG, I'm unsure about taking Zoe to see it. I'll have to do some research.

Zoe wanted to do a bit of craft after the movie, so we did that, and then Sarah arrived to pick her up.