Planet Linux Australia

Syndicate content
Planet Linux Australia - http://planet.linux.org.au
Updated: 4 min 27 sec ago

Francois Marier: Upgrading Lenovo ThinkPad BIOS under Linux

Sun, 2015-02-01 14:31

The Lenovo support site offers downloadable BIOS updates that can be run either from Windows or from a bootable CD.

Here's how to convert the bootable CD ISO images under Linux in order to update the BIOS from a USB stick.

Checking the BIOS version

Before upgrading your BIOS, you may want to look up which version of the BIOS you are currently running. To do this, install the dmidecode package:

apt-get install dmidecode

then run:

dmidecode

or alternatively, look at the following file:

cat /sys/devices/virtual/dmi/id/bios_version Updating the BIOS using a USB stick

To update without using a bootable CD, install the genisoimage package:

apt-get install genisoimage

then use geteltorito to convert the ISO you got from Lenovo:

geteltorito -o bios.img gluj19us.iso

Insert a USB stick you're willing to erase entirely and then copy the image onto it (replacing sdX with the correct device name, not partition name, for the USB stick):

dd if=bios.img of=/dev/sdX

then restart and boot from the USB stick by pressing Enter, then F12 when you see the Lenovo logo.

Michael Still: Cooleman and Arawang Trigs

Sun, 2015-02-01 11:28
Doug and I went out to walk Doug's dog at short notice yesterday evening, and managed to sneak in two trigs while we were at it. A nice walk, although it took longer than I expected it to, with our average speed only being about 3.5 kilometers an hour. I wonder how much of that was the two peaks to climb, versus the puppy in tow.



Along the way we found this super cool telegraph line, which appears to still have an active Telstra service on it. I wonder if we'll one day see fiber strung on these telegraph poles?



                       



Interactive map for this route.



Tags for this post: blog pictures 20150131-cooleman_and_arawang photo canberra western_creek bushwalk trig_point urban_trig

Related posts: Harcourt and Rogers Trigs; A quick walk to Tuggeranong Trig; Big Monks; A walk around Mount Stranger; Forster trig; Two trigs and a first attempt at finding Westlake



Comment

Jonathan Adamczewski: What is -1u?

Sun, 2015-02-01 09:27

In C++, what exactly is -1u?

It doesn’t seem like it should be difficult to answer — it’s only three characters: -, 1, and u. And, knowing a little bit about C++, it seems like that’ll be (-1) negative one with that u making ((-1)u) an unsigned int. Right?

To be more specific, on an architecture where int is a 32 bit type, and negative numbers are represented using two’s complement (i.e. just about all of them), negative one has the binary value 11111111111111111111111111111111. And converting that to unsigned int should … still be those same thirty two ones. Shouldn’t it?

I can test that hypothesis! Here’s a program that will answer the question once and for all:

#include <stdio.h> #include <type_traits> int main() { static_assert(std::is_unsigned<decltype(-1u)>::value, "actually not unsigned"); printf("-1u is %zu bytes, with the value %#08x\n ", sizeof -1u, -1u); }

Compile and run it like this:

g++ -std=c++11 minus_one_u.cpp -o minus_one_u && minus_one_u

If I do that, I see the following output:

-1u is 4 bytes, with the value 0xffffffff

I’m using -std=c++11 to be able to use std::is_unsigned, decltype and static_assert which combine to assure me that (-1u) is actually unsigned as the program wouldn’t have compiled if that wasn’t the case. And the output shows the result I had hoped for: it’s a four byte value, containing 0xffffffff (which is the same as that string of thirty two ones I was looking for).

I have now proven that -1u means “convert -1 to an unsigned int.” Yay me!

Not so much.

It just so happened that I was reading about integer literals in a recent draft of the ISO C++ standard. Here’s the part of the standard that describes the format of decimal integer literals:

2.14.2 Integer literals

1 An integer literal is a sequence of digits that has no period or exponent part, with optional separating single quotes that are ignored when determining its value. An integer literal may have a prefix that specifies its base and a suffix that specifies its type. The lexically first digit of the sequence of digits is the most significant. A decimal integer literal (base ten) begins with a digit other than 0 and consists of a sequence of decimal digits.

Can you see where it describes negative integer literals?

I can’t see where it describes negative integer literals.

Oh.

I though -1u was ((-1)u). I was wrong. Integer literals do not work that way.

Obviously -1u didn’t just stop producing an unsigned int with the value 0xffffffff (the program proved it!!1), but the reason it has that value is not the reason I thought.

So, what is -1u?

The standard says that 1u is an integer literal. So now I need to work out exactly what that - is doing. What does it mean to negate 1u? Back to the standard I go.

5.3.1 Unary operators

8 The operand of the unary – operator shall have arithmetic or unscoped enumeration type and the result is the negation of its operand. Integral promotion is performed on integral or enumeration operands. The negative of an unsigned quantity is computed by subtracting its value from 2n, where n is the number of bits in the promoted operand. The type of the result is the type of the promoted operand.

I feel like I’m getting closer to some real answers.

So there’s a numerical operation to apply to this thing. But first, this:

Integral promotion is performed on integral or enumeration operands.

Believe me when I tell you that this section changes nothing and you should skip it.

I have an integral operand (1u), so integral promotion must be performed. Here is the part of the standard that deals with that:

4.5 Integral promotions

1 A prvalue of an integer type other than bool, char16_t, char32_t, or wchar_t whose integer conversion rank (4.13) is less than the rank of int can be converted to a prvalue of type int if int can represent all the values of the source type; otherwise, the source prvalue can be converted to a prvalue of type unsigned int.

I’m going to cut a corner here: integer literals are prvalues, but I couldn’t find a place in the standard that explicitly declares this to be the case. It does seem pretty clear from 3.10 that they can’t be anything else. This page gives a good rundown on C++ value categories, and does state that integer literals are prvalues, so let’s go with that.

If 1u is a prvalue, and its type is unsigned int, I can collapse the standard text a little:

4.5 Integral promotions (prvalue edition)

A value of an integer type whose integer conversion rank (4.13) is less than the rank of int …

and I’m going to stop right there. Conversion rank what now? To 4.13!

4.13 Integer conversion rank

1 Every integer type has an integer conversion rank defined as follows:

Then a list of ten different rules, including this one:

— The rank of any unsigned integer type shall equal the rank of the corresponding signed integer type.

Without knowing more about conversion ranks, this rule gives me enough information to determine what 4.5 means for unsigned int values: unsigned int has the same rank as int. So I can rewrite 4.5 one more time like this:

4.5 Integral promotions (unsigned int edition)

1 [This space intentionally left blank]

Integral promotion of an unsigned int value doesn’t change a thing.

Where was I?

Now I can rewrite 5.3.1 with the knowledge that 1u requires no integral promotion:

5.3.1 Unary operators (unsigned int operand edition)

8 The [result of] the unary – operator … is the negation of its operand. The negative of an unsigned quantity is computed by subtracting its value from 2n, where n is the number of bits in the promoted operand. The type of the result is the type of the operand.

And, at long last, I get to do the negating. For an unsigned value that means:

[subtract] its value from 2n, where n is the number of bits in the promoted operand.

My unsigned int has 32 bits, so that would be 232 – 1. Which in hexadecimal looks something like this:

0x100000000 - 0x000000001 0x0ffffffff

But that leading zero I’ve left on the result goes away because

The type of the result is the type of the (promoted) operand.

And I am now certain that I know how -1u becomes an unsigned int with the value 0xffffffff. In fact, it’s not even dependent on having a platform that uses two’s complement  — nothing in the conversion relies on that.

But… when could this possibly ever matter?

For -1u? I don’t see this ever causing actual problems. There are situations that arise from the way that C++ integer literals are defined that can cause surprises (i.e. bugs) for the unsuspecting programmer.

There is a particular case described in the documentation for Visual C++ compiler warning C4146, but I think the rationale for that warning is wrong (or, at least, imprecise), but not because of something I’ve covered in this article. As I’ve already written far too many words about these three characters, I’ll keep that discussion for some time in the future.

Andrew Pollock: [life] Zoe's first week of school

Sun, 2015-02-01 09:25

By all accounts, I think Zoe had a great first week at school.

On Tuesday morning, I met Zoe and Sarah at school for her drop off. Zoe didn't seem anxious, in fact I thought all the kids seemed pretty calm. I'd say that Kindergarten and day care has meant that school isn't the first time kids go through one of these transitions any more.

We weren't the last parents out of the classroom, so I'm not sure how things went after we left, but Zoe was only a little clingy as we walked out, and sat down on the floor with the other kids in front of the teacher without any problems. I wasn't aware of anyone crying.

The P&C were running a "parents' cafe" afterwards, so we used this an opportunity to meet some other parents, and chat with the principal. I'm still really loving the community feel of this school.

After that, I walked back home, and checked my PO box. I received my certificates for completing my real estate licensing course, which was a great addition to the day. The first Thermomix I've sold arrived too, so now I have to deliver it to my customer.

After school, I met Zoe and Sarah at the Hawthorne Garage for a muffin, with Megan and Laura. Tanya came with Eva and Layla as well. All the girls had had a good day, and it was nice to be able to talk about their day.

Wednesday's drop off apparently went well. I walked to school to pick her up in the afternoon. She didn't see me waiting for her, so I got to watch her pack her bag up, and bring it into the classroom. She looks so big in her uniform and doing school kid stuff. We had a nice walk home together, talking about her day.

On Thursday, I thought I'd let her try out the after school care program that she's enrolled in for 30 minutes before I had to take her to her swim class, so she could get used to it before I start back at work.

I got there just as they were handing out fruit and crackers to everyone, so I let her have her fruit while I had a chat with the outside school hours care program coordinator, and then we went to swim class.

Friday was a big day. Zoe had a class in the library, a music class, and then a PE class in the pool. I'd always wondered how they'd wrangle 27 Prep-aged kids for a swim class, and I got to find out. They needed about 6 parent helpers. Four in the pool, and two on the pool deck. We also had to help get all the kids changed. I volunteered to get in the pool, since I was available. There was also the PE teacher and three teaching assistants in the pool. It was quite a production line getting the kids there and into the pool. They had defined "shoe areas" for the class currently in the pool and the class arriving, and everyone had to de-shoe and get appropriately attired for swimming while the previous class got out and dried off. We'd been told to send our kids to school in their swimsuits under their uniforms, so that made things a bit easier.

The first class was just to assess everyone's abilities so they can then group them in smaller groups accordingly.

After the class, Zoe apparently caused a minor scare by locking herself into a cubicle to get changed (they were apparently supposed to get changed in the open area). She emerged, changed, all by herself, but they had been concerned they she might have locked herself in there. I thought that was pretty funny, given she's been using toilet cubicles for at least a year.

I walked back home after that, and then walked back in the afternoon to pick her up. It's really nice that we're a walkable distance from the school. To cap the week off, Zoe got the "Star of the Week" award for her number recognition.

Overall, aside from Zoe being a bit grumpy and ratty at the end of the day, Zoe's been going really well. I think next week, with a full 5 days, will be interesting, as will the following few weeks once she realises that this is the new routine.

Chris Smart: Playing with Ubuntu Touch on Nexus 4

Sat, 2015-01-31 23:29

I figured it was time to re-visit Ubuntu Touch on my Nexus 4 and see how it was going.

I was already running stock Lollipop and just kicked up the Ubuntu 14.10 GNOME live image under KVM on my Korora 21 laptop and passed the USB device through.

Following the instructions was really easy to get it going. Actually it was just one command and I was soon booting into Ubuntu, so that was quite impressive.

It booted up and asked me the usual things, connected to Wifi, etc. The interface is still the same as it was last time I checked, unsurprisingly, however it seems to work much better now. The animations are smooth and it’s quite clean looking. The Apps screen is easy to follow and you can easily filter by app group.

Apps



Obviously things work slightly different to Android, for example I didn’t know how to close or switch apps. I found that quite frustrating until I accidentally kept swiping in from the right edge and a familiar looking sort of album cover of apps appeared. That let me switch to by clicking and close apps by swiping away (vertically, similar to iOS). You can also switch using a swipe from the left, which is like Unity I guess. I found that less useful as favourites are also in there and no differentiation between open or not. It sometimes also seemed get in the way though, like at the lock screen when you swipe to activate the pin screen; sometimes the quick draw would stay and sometimes it would flick you back to the lock screen, when you really wanted to just go to the pin. Anyway in terms of managing apps, the right swipe was more useful to me.

Switching apps

My thumb kept going for the non-existent home button, but after a few minutes I got used to swiping from the edges (which was sometimes hit and miss) so I don’t think that’s a major hurdle long-term. I noticed occasionally apps jumped around when swiping, but once I realised how to switch back that wasn’t a problem, just strange. The other thing I miss is a back button. I assume the design is similar to iOS where the apps have the back capability and show it at the top of the app, but I like Android’s implementation much more. It’s very powerful and works kind of like a browser back button. There were some times when (in Gmail for example) I went somewhere like a tab that didn’t let me get back from. So not having a back button would take some getting used to, I think.

Unlock swipe and quick draw

I liked how it did the privacy thing like iOS, asking for permissions when apps were opened. Clock, for example, wanted access to my location. I’d like to see that extended more vastly to all apps and be very well supported, it’s one of my major gripes with Android and partly why I normally run Cyanogenmod.

Device support and things like screen rotation was very responsive and the re-drawing of the screen very clean. I didn’t get many messages but the notification bar looks quite good, easy to use and the swipe left and right to select different settings like location, wifi, etc isn’t bad.

I added a Google account and it synchronised my contacts down and overall that worked OK. The Gmail app did try to re-direct me to the Android calendar app though Google Plus also redirected me to the browser and I had to re-log in, which was a pain with two-factor. Both side effects of using web apps I expect. So a bit of work to be done on the service integration side I feel, but it works at least.

The one thing I didn’t test, and I don’t even know if it works yet, was the “docking” to convert it into a full-blown Ubuntu desktop.

Overall, I think I could get used to the interface and perhaps even use it as my daily phone, if it wasn’t for one thing; it’s still quite slow. Apps take around 3-4 seconds to load, even after you’ve just closed and re-opened them, and that’s frustrating for an Android user who’s used to snappy response times. Once they are loaded though, they work quite well. I’m guessing there’s still some kind of debug going on, if so it would be cool if the stable image was stripped of debug and left that to the devel images.

Overall, really quite impressive how far the phone experience has come. Kudos to Canonical and the Ubuntu Touch team!

Clinton Roy: clintonroy

Sat, 2015-01-31 14:28

Work.

Got the pyconau15 landing page done, a small yay.

Working on slides for the lca debrief tomorrow.



Filed under: Uncategorized

Donna Benjamin: How does Drupal use these different terms? Route, Path, URL, URI, Link, Menu item

Sat, 2015-01-31 12:27
Tuesday, February 10, 2015 - 23:05

update: republishing with some notes from  Peter Wolanin , who has been working directly on the issues that caused me dive in here in the first place. Many thanks Peter for the clarifications and corrections!

Sometimes, diving in to try and help work on something in an open source project can leave you feeling stupid, lost and confused. Generally, you'll find you are not alone. Sharing the problem, and the solution when you find it, can be helpful to build your own understanding, but also might help others too. So, just in case I'm not the only one feeling lost and confused about why the path / route / link issue in Drupal is so complex, I thought I'd share some of my confusion and a little ray of light that might help unravel this tangle of related terminology.

In the Drupalverse, we use IRC to connect with each other.  So I popped into channel and asked:

Can someone describe how drupal uses these terms? route, path, url, uri, link, menu item - or point me to a reference?

Angela Byron generously responded with a rough outline of definitions, which I've fleshed out a bit below with some references.

Route

"this URL goes to this PHP code, and can only be accessed by these kind of people."

As far as I can tell, this is a relatively new concept for Drupal with routing and controllers, replacing the hook-menu system we had previously. Here's a couple of references that might be helpful if you want to build a deeper understanding.

update: Peter Wolanin wrote to say

In D6 & D7 the menu system was the routing system. "this is a relatively new concept for Drupal" is not correct. We re-wrote things in terms of Symfony classes, but the basic concepts are actually the same. In Drupal 7 the data is stored in the {menu_router} table, in D8 it's been moved to just {router}. The big different in D8 vs D7 is that a single path may match more than one route name. In D7 a path is identical to the route name, so there cannot be more than one.

URL

Uniform Resource Locator eg. "https://www.drupal.org/community" It's generally the address we use to find content on the web.

URI

Uniform Resource Identifier is often confused with URL because it's so similar. See the URI wikipedia page for more information. I'm not sure if or how Drupal distinguishes between the use of URIs, URLs and URNs (Uniform Resource Names), but let's save that yak to shave on another day.

The Build a module team made a video that describes the difference between a URL and a URI

What the difference is between a URI and a URL (a Drupal how-to)

update: Peter adds

Recent patches landing in core have adopted a URI field for storage for the Link Field, so you will (in the database at least) now start to see URIs like entity:node/5 and user-path:/blog Path

The path is like a pathway to find content eg. admin/content but because it can be an alias, it may not actually represent the location of a file on disk, which helps lead to some of the complexity under the hood in Drupal, and the confusion about when to use http://example.com/blog/yakshaving, /blog/yakshaving, or node/5

update: Peter notes

The Path section should mention at least the idea of "base path" - the prefix including the subdirectory that needs to be adding to an "internal path" to make a relative URL. It would also be worth noting that by adopting the new routing system we are trying to remove, as much as possible, use of or reference to the internal path in favor of routes when referring to a Drupal page.

and

the base path will usually just be a "/" unless Drupal is installed in a subdirectory. Link

<a href="/foo">foo</a> - This one seems pretty straightforward - it's the HTML markup used to point to a URI or path.

Menu item

A link in a menu - which could be pointing to a route, path or URI.

update: and final note

The term "menu item" here is wrong. It should be "menu link". In D6 & D7 a "menu item" is the thing that's been replaced by a "route object" in D8. However, I will acknowledge that in D6 and D7 there is a lot of code that may use variables or comments referring to a menu link as a menu item - this is generally a reflection of logic carried forward from D5 where they were actually the same thing.

Hope that helps you, it certainly helps me to lay it all out like this. And, just in case you're wondering how I fell down this rabbit hole, this relates to a series of critical issues holding up the release of Drupal 8.  If you can help, please get involved  or buy a ticket in my chook raffle to help fund the Drupal 8 Accelerate initiative.

Peter Hardy: Rostok 3D Printer Build

Fri, 2015-01-30 00:25

I’ve put off starting a 3D printer for a long time, mostly because I couldn’t think of anything particularly useful to do with it. But over the past year or so I’ve run off a few parts, and the list of things I’d like to have has gotten longer. So for my birthday a couple weeks ago, in a fit of delinquent irresponsibility I pulled the trigger on a Rostok Mini delta printer kit from 3d Printer Czar. Took just over a week from order to the delivery arriving, and it’s been taking up most of my free time since Tuesday afternoon.

Part 1: mechanical build

I managed to complete the basic mechanical build in 3–4 hours in one evening. The directions online are a little rough in parts, but mostly pretty thorough. The kit includes most tools needed, which was nice. But a hex key for the M8 bolts on the top belt bearings was missing, and my hands were very glad to have decent-sized pliers.

First minor issue I had was with bolting things to the printed parts. It’s important not to over-tighten these — I managed to crack one part slightly along the print grain tightening it a little too much. I’m not too concerned about it because it has other bolts nearby to take up the strain, but I was much more cautious after that one.

Second was with the two printed parts attached to the hotend. One seemed to warp slightly inserting the hotend, leaving the end tilted slightly to one side. Not really a showstopper, and worst case I’d be able to print a replacement part, possibly with a slightly wider insert for the hotend..

I only had one major problem after the build was finished. The build instructions don’t place anywhere near enough emphasis on how important it is to make sure the carbon fibre delta arms are the same length. Following the directions to the letter I eyeballed the rods to make sure they were about the same length, cut strips from a leftover screw baggie, wrapped them around the lead screws on my u-joints, and jammed them in to the ends of my rods. That left me with a central effector platform that was visibly a few degrees off level. And shortly afterwards I discovered that the rods were also pretty fragile — the u-joints liable to pull out of the rods with too much force.

I suppose this could be improved by packing the lead screws with thicker plastic, and then I’d be able to match the lengths of the rods more carefully by screwing the u-joints in and out. But decided to scrap that idea, and go with a more permanent solution. I’d build a jig to hold the rods in place and glue them.

Part 2: fixing the arms

Yesterday I unscrewed the arms and measured the rods more carefully. Found a good 1.5mm difference between the shortest and longest arms, which in hindsight is pretty ridiculous. With the effector plate in my hand though I was able to realise that the bolts holding it together were still barely finger-tight. Tightening them up held the whole structure together properly and straightened up the hotend nicely.

Building a jig to hold my arms while they were glued was simple enough. I took the length of the longest arm, added 34mm for the two Traxxas 5349 u-joints (they’re 22mm long and 10mm wide, so it seemed logical that the centre of the hole would be 17mm from the end), and an extra mm for luck. From there one could probably bang a couple of nails in to a block of wood and use that to make a series of arms the same length, but I started to overengineer a little. Starting with LibreCAD I quickly drew up a block with six pairs of screw holes the right distance (uh, 187mm for my arms).

This evening I wandered down to Robots and Dinosaurs, a pretty great maker space in Sydney, and used the laser cutter to cut a chunk of 8mm acrylic to shape. Then added longish bolts and fixed them in place to make my jig. Filed the insides of the carbon fibre rods a little, then used extra strong, slow setting Araldite epoxy to glue the u-joints to the rods. Placed the joints on to the rods, fixed them down with another set of nuts, and then looped rubber bands over the ends to make sure everything stayed together.

I gave the glue a few hours to set, then took the arms off and tested them all on the same pair of bolts to make sure I hadn’t done anything too stupid. Not sure why, because I don’t know what I’d do if the arms were different lengths at this point. But they all slid over the bolts with the same amount of play, so I’m pretty confident I’ve got them accurate enough, and right now I’m pretty pleased with how well it worked.

So, next is to leave the arms overnight to fully cure. Tomorrow I’ll reassemble everything then get back to work on the wiring and electronics.

Ben Martin: libferris on osx

Thu, 2015-01-29 23:43
So libferris is now compiled and installed thanks to some of my handy work on Portfiles and macports doing the heavy lifting. I've put the Portfile into the distribution for many of the repositories; ferrisloki, ferrisstreams, stldb4, ferris, fampp2. And moved the source control over to the github -- https://github.com/monkeyiq/ferris



It's still a bit of a bumpy compile for ferris itself. Using clang instead of gcc, using the different stdc++ lib, the lack of some API calls on osx relative to Linux and the assumptions I'd made that IPC, advising the kernel on IO patterns, memory mapping and again advising on page patterns, would all be available APIs and contants. I have a patch from the compile which I need to feedback into the main libferris repo, making sure it still works fine on Linux too.



So now I can dig into xml files from the command line on osx too. I have to test out the more advanced stuff and the web services. The later use some of the 'Q' magic dust, qjson, qoauth, qtnetwork et al so they should be fairly robust after the port.



I should also update the primary file:// handler in libferris to use some of the osx apis for file monitoring etc to be a friendlier citizen on that platform. But going from no ferris on osx to some ferris is a great first move. A bundle would be the ultimate goal, /Applications/Ferris install in a single drag and drop.



Clinton Roy: clintonroy

Thu, 2015-01-29 21:28

Work. How is it not Friday yet?

Another day, another late leave time after another late finding bug.

I’ve started updating the pycon 2015 landing page, will get that finished for the weekend.



Filed under: diary

Clinton Roy: clintonroy

Thu, 2015-01-29 21:28

Work.

Spent a fair chunk of today dealing with the ghost CVE. Although our upstream provided updates, do to the somewhat unique way our machines are installed and configured, the upgrade wasn’t a piece of cake. There’s something about doing security patches that drain all the energy out of me to boot.

I did end up booking some accommodation for my Melbourne trip, centrally located to everyone I want to see.



Filed under: diary

Clinton Roy: clintonroy

Thu, 2015-01-29 21:28

Back to work day.

Not much to report.

I did start a twitter account for Humbug, BrisbaneUnix. yay? :)

I also booked flights for a lightning Melbourne trip, call it a birthday present to myself.



Filed under: diary

David Rowe: SM1000 Part 10 – First Over the Air Tests

Thu, 2015-01-29 17:29

Last night I visited Matt, VK5ZM, with a SM1000 Beta. He configured the SM1000 to interface to his IC706 using the CN12 connector patch socket. This allowed an RJ45 cable from the SM1000 to connect to the RJ45 mic/audio connector on the IC706. A few level adjustments and he was using FreeDV to talk to Andy, VK5AKH on 40m! It all went very smoothly.

Here is Matt in action, using the SM1000 in the hand-held mic configuration. He also tried a Heilsound headset, which also worked well.

Here is the audio received by Andy:

I was monitoring Matt’s FreeDV signal using FT817 and FreeDV on a laptop. I did notice a slope to the spectrum, and a cross shape to the scatter diagram (screenshot below). This suggests some of the carriers are at a lower level than others. This is bad news as these carriers will hit the noise floor sooner, causing bit errors and poor speech quality. I really need to look into this carefully, testing a selection of radios with a carefully crafted test signal to measure the tx transmit spectrum slope and flatness. This may explain why people running Flex Radios and SDRs get consistently good performance with FreeDV.

SM1000 Progress Update

Since the last post Rick has been doing some fine work on the enclosure. My beta PCB works well so we are happy with the electronics and firmware. Once we have checked the next revision of the enclosure we plan to start manufacturing the Beta units after the Chinese New Year holiday. I’ll start taking pre-orders shortly.

BlueHackers: Rat Park drug experiment cartoon – Stuart McMillen comics

Thu, 2015-01-29 14:02

http://www.stuartmcmillen.com/comics_en/rat-park/





Comic about a classic experiment into drug addiction science: Rat Park.

Would rats choose to take drugs if given a stimulating environment and company?

Read and learn.

Stuart McMillen is an awesome Australian based young artist.

Russell Coker: SE Linux Play Machine Over Tor

Wed, 2015-01-28 19:26

I work on SE Linux to improve security for all computer users. I think that my work has gone reasonably well in that regard in terms of directly improving security of computers and helping developers find and fix certain types of security flaws in apps. But a large part of the security problems we have at the moment are related to subversion of Internet infrastructure. The Tor project is a significant step towards addressing such problems. So to achieve my goals in improving computer security I have to support the Tor project. So I decided to put my latest SE Linux Play Machine online as a Tor hidden service. There is no real need for it to be hidden (for the record it’s in my bedroom), but it’s a learning experience for me and for everyone who logs in.

A Play Machine is what I call a system with root as the guest account with only SE Linux to restrict access.

Running a Hidden Service

A Hidden Service in TOR is just a cryptographically protected address that forwards to a regular TCP port. It’s not difficult to setup and the Tor project has good documentation [1]. For Debian the file to edit is /etc/tor/torrc.

I added the following 3 lines to my torrc to create a hidden service for SSH. I forwarded port 80 for test purposes because web browsers are easier to configure for SOCKS proxying than ssh.

HiddenServiceDir /var/lib/tor/hidden_service/

HiddenServicePort 22 192.168.0.2:22

HiddenServicePort 80 192.168.0.2:22

Generally when setting up a hidden service you want to avoid using an IP address that gives anything away. So it’s a good idea to run a hidden service on a virtual machine that is well isolated from any public network. My Play machine is hidden in that manner not for secrecy but to prevent it being used for attacking other systems.

SSH over Tor

Howtoforge has a good article on setting up SSH with Tor [2]. That has everything you need for setting up Tor for a regular ssh connection, but the tor-resolve program only works for connecting to services on the public Internet. By design the .onion addresses used by Hidden Services have no mapping to anything that reswemble IP addresses and tor-resolve breaks it. I believe that the fact that tor-resolve breaks thins in this situation is a bug, I have filed Debian bug report #776454 requesting that tor-resolve allow such things to just work [3].

Host *.onion

ProxyCommand connect -5 -S localhost:9050 %h %p

I use the above ssh configuration (which can go in ~/.ssh/config or /etc/ssh/ssh_config) to tell the ssh client how to deal with .onion addresses. I also had to install the connect-proxy package which provides the connect program.

ssh root@zp7zwyd5t3aju57m.onion

The authenticity of host ‘zp7zwyd5t3aju57m.onion ()

ECDSA key fingerprint is 3c:17:2f:7b:e2:f6:c0:c2:66:f5:c9:ab:4e:02:45:74.

Are you sure you want to continue connecting (yes/no)?

I now get the above message when I connect, the ssh developers have dealt with connecting via a proxy that doesn’t have an IP address.

Also see the general information page about my Play Machine, that information page has the root password [4].

Related posts:

  1. Trust and My SE Linux Play Machine When discussing the machine there are two common comments I...
  2. New SE Linux Play Machine Online After over a year I have finally got a SE...
  3. Play Machine Online Again I have returned from the US and my SE Linux...

Francois Marier: Using unattended-upgrades on Rackspace's Debian and Ubuntu servers

Tue, 2015-01-27 21:47

I install the unattended-upgrades package on almost all of my Debian and Ubuntu servers in order to ensure that security updates are automatically applied. It works quite well except that I still need to login manually to upgrade my Rackspace servers whenever a new rackspace-monitoring-agent is released because it comes from a separate repository that's not covered by unattended-upgrades.

It turns out that unattended-upgrades can be configured to automatically upgrade packages outside of the standard security repositories but it's not very well documented and the few relevant answers you can find online are still using the old whitelist syntax.

Initial setup

The first thing to do is to install the package if it's not already done:

apt-get install unattended-upgrades

and to answer yes to the automatic stable update question.

If you don't see the question (because your debconf threshold is too low -- change it with dpkg-reconfigure debconf), you can always trigger the question manually:

dpkg-reconfigure -plow unattended-upgrades

Once you've got that installed, the configuration file you need to look at is /etc/apt/apt.conf.d/50unattended-upgrades.

Whitelist matching criteria

Looking at the unattended-upgrades source code, I found the list of things that can be used to match on in the whitelist:

  • origin (shortcut: o)
  • label (shortcut: l)
  • archive (shortcut: a)
  • suite (which is the same as archive)
  • component (shortcut: c)
  • site (no shortcut)

You can find the value for each of these fields in the appropriate _Release file under /var/lib/apt/lists/.

Note that the value of site is the hostname of the package repository, also present in the first part these *_Release filenames (stable.packages.cloudmonitoring.rackspace.com in the example below).

In my case, I was looking at the following inside /var/lib/apt/lists/stable.packages.cloudmonitoring.rackspace.com_debian-wheezy-x86%5f64_dists_cloudmonitoring_Release:

Origin: Rackspace Codename: cloudmonitoring Date: Fri, 23 Jan 2015 18:58:49 UTC Architectures: i386 amd64 Components: main ...

which means that, in addition to site, the only things I could match on were origin and component since there are no Suite or Label fields in the Release file.

This is the line I ended up adding to my /etc/apt/apt.conf.d/50unattended-upgrades:

Unattended-Upgrade::Origins-Pattern { // Archive or Suite based matching: // Note that this will silently match a different release after // migration to the specified archive (e.g. testing becomes the // new stable). // "o=Debian,a=stable"; // "o=Debian,a=stable-updates"; // "o=Debian,a=proposed-updates"; "origin=Debian,archive=stable,label=Debian-Security"; "origin=Debian,archive=oldstable,label=Debian-Security"; + "origin=Rackspace,component=main"; }; Testing

To ensure that the config is right and that unattended-upgrades will pick up rackspace-monitoring-agent the next time it runs, I used:

unattended-upgrade --dry-run --debug

which should output something like this:

Initial blacklisted packages: Starting unattended upgrades script Allowed origins are: ['origin=Debian,archive=stable,label=Debian-Security', 'origin=Debian,archive=oldstable,label=Debian-Security', 'origin=Rackspace,component=main'] Checking: rackspace-monitoring-agent (["<Origin component:'main' archive:'' origin:'Rackspace' label:'' site:'stable.packages.cloudmonitoring.rackspace.com' isTrusted:True>"]) pkgs that look like they should be upgraded: rackspace-monitoring-agent ... Option --dry-run given, *not* performing real actions Packages that are upgraded: rackspace-monitoring-agent Making sure that automatic updates are happening

In order to make sure that all of this is working and that updates are actually happening, I always install apticron on all of the servers I maintain. It runs once a day and emails me a list of packages that need to be updated and it keeps doing that until the system is fully up-to-date.

The only thing missing from this is getting a reminder whenever a package update (usually the kernel) requires a reboot to take effect. That's where the update-notifier-common package comes in.

Because that package will add a hook that will create the /var/run/reboot-required file whenever a kernel update has been installed, all you need to do is create a cronjob like this in /etc/cron.daily/reboot-required:

#!/bin/sh cat /var/run/reboot-required 2> /dev/null || true

assuming of course that you are already receiving emails sent to the root user (if not, add the appropriate alias in /etc/aliases and run newaliases).

Andrew McDonnell: Linux.conf.au 2015 catchup #1

Mon, 2015-01-26 22:27

At the conference in Auckland I had two presentations.

For the first time I managed to get a main conference talk accepted, actually it was a tutorial which goes for 90 minutes! It was a bit daunting beforehand, but after I finished, I realised I prefer the tutorial format over having to deliver a talk. I enjoy the interaction with the audience and the sharing of knowledge, and also not being the sole focus (and not having to remember exactly what to say so much!)

My tutorial was on Reverse Engineering with Radare2; the video (Youtube) and slides are linked from the conference presentation, and have the slides up on my personal landing page as well. Thanks to James for helping with a final practice run, its always good to have a typical candidate audience perspective beforehand.

I also did a shorter talk at the Open Hardware mini-conference, on hardening embedded Linux, using OpenWRT on devices like the carambola2 as an example. The video of the mini-conferences is a bit less polished due to resourcing, here I am on about 2/3 the way through. I was somewhat more flustered in my delivery due to late changes to some slides (see earlier blog article) and a problem with my laptop deciding to have thermal issues an hour before the talk. I managed to resolve these (thanks AndyK for your help!) but it put me off my mojo a bit unfortunately. The live demo I was quite happy with, it worked without issue, so perhaps the demo gods were appeased by my earlier mishaps… The final slides are here.

Tim Serong: A Brief Exercise in Shameless Self Promotion

Mon, 2015-01-26 20:28

At linux.conf.au the other week, a friend asked if I’d ever considered a career writing a web comic. I forget exactly how it came up, but it might have had something to do with the STONTIH Deathmatch t-shirt I was wearing at the time, or may have been due to someone mentioning the talk Florian Haas and I gave at LCA 2011 with the live cartooning.

Anyway, the answer was “no, not really”, largely because I sincerely enjoy my gig at SUSE (we’re hiring ATM, BTW), but also partly because I honestly don’t come up with enough interesting stuff often enough, and consider it unlikely I’ll ever make a living off it. Still, I have put a handful of bits and pieces up on Redbubble over the last few years, so I thought I’d engage in a bit of narcissism and promote it shamelessly and obviously. In chronological order then, from oldest to newest, I have produced:

Michael Still: First jog, and a walk to Los Altos

Mon, 2015-01-26 16:28
Today was a busy day, not only did I foolishly go for a jog 5 minutes after sunrise...



Interactive map for this route. ...but then I went for a walk with James in the afternoon as well.



Interactive map for this route. Let's just say my fitbit is very impressed with me.



Tags for this post: blog walk california running

Related posts: Walking to work; Did I mention it's hot here?; Summing up Santa Monica; Noisy neighbours at Central Park in Mountain View; So, how am I getting to the US?; VTA station for the Santa Clara Convention Center



Comment

Clinton Roy: clintonroy

Mon, 2015-01-26 15:27

Notwork, due to Australia day. Spending an inordinate amount of time trying to find some aircon so I don’t sweat all day long. I did get to pre-poll vote in the morning, so not all aircon hunting time was wasted.

My headphones have died in one ear, time for another set of consumables. The wirleless in the library is hopeless. This combination is making me very unproductive at both tasks I set myself for today.



Filed under: Uncategorized