Security Flaw Found in Door Technology: A Machinist Exclusive

2007-11-06, 1:37 am
Categories: Stream of Consciousness, Tech

Howdy, folks; it's yer old pal, Crispus T Muzzlewitt!

As you fellers well know, when I ain't writin' fer Salon's Machinist blog, I spend most o' my nights sleepin' on park benches or in boxcars. And as I have so often remarked, it's the good life -- except fer them damnable folk what live in houses. Always yammerin' on about how good they got it. "Hey Crispus," they'll say, "it sure is harder to get rained on with a roof over your head." Or "Hey, bum, you could sure use a shower." Or "Hey there, Mr. Muzzlewitt, it looks like somebody stole your bindle while you were passed out on that park bench."

Smug bastards. I hate them all so very, very much. With their clean clothes and their straight teeth and their "Hey Crispus, you'd probably have a lot fewer headaches in life if you had a bed to sleep in and if you didn't smell like gin and urine."

So it is with no small amount of glee that I announce my recent discovery that houses are actually no more secure than the wide open spaces where I rest these bones. Sit down, young'uns, and let me tell you a tale.

'Tweren't long ago I was approached by the right honorable representative of a local security firm, and he done dropped a bombshell on me: houses don't keep folk out at all!

And my esteemed colleague Battlin' Joe Frickinfrack confirmed he done saw it with his own two eyes: a seedy-lookin' feller walked right up to the front door o' one o' those fancy houses like you see sometimes, and when the owner unlocked the door, let him in, and then wandered off somewheres, why, the seedy-lookin' feller done robbed him blind. So you see, it's just like my bindle -- front doors don't offer you no more protection than a park bench in the moonlight on a mild autumn night.

Another thing: I keep hearin' about folk who keep their valuables in safes, 'cause they think it's safe, on account o' the name maybe. But truth is, safes ain't no safer'n a lady's purse. Sure, you see a lot more purse-snatchin's than safe-crackin's, but that's only 'cause more folk got purses than has safes -- safes just don't make no sense as a target; why crack a safe when it's so much easier to snatch a purse? But it can be done, and easy, too: Battlin' Joe says that there burglar I wuz talkin' 'bout a minute ago also managed to get all the money outta that man's safe, on account o' the man gave him the combination.

I talked with a gentleman from Norton Home Security about this problem, and he said that, rare as it may seem today, it'll be an epidemic in the comin' months, and every homeowner everywhere needs to go right out and buy a Norton Home Security System. He then went on to add that he has absolutely no conflict of interest in makin' that partic'lar recommendation. And shucks, I believed him, but just to be thorough, Salon sent out its star reporter, Judith Miller, an' she confirmed that her source has absolutely nothin' to gain by exaggeratin' the threat posed by this enemy.

So there you have it, you smug sumbitches, with all yer fancy "doors" and "walls" -- now we know the truth. Houses ain't no more secure than parks, 'cause you can unlock the front door and let somebody in; safes ain't no more secure than purses, 'cause you can tell people the combination and then they can crack them, and OSX is just as vulnerable as Windows, on account o' if you allow root access to a suspicious program it can do bad things to yer computer. So wipe them smirks off them damn faces; yer house ain't no safer than my bench nohow.

So that'll do fer now, but I reckon this'll be the first in a three-part series. Next time, I'll talk about how roofs are overrated 'cause rain still gets in if you knock giant holes in them with sledgehammers, and in our final installment, I'll examine how showering and that there underarm deodorant them rich folks use don't do nothin' to make you smell better if'n you rub pig shit all over yer body immediately after.

Thank you, and goodnight.

Hobo names supplied by John Hodgman.

Triple-Booting a Mac Pro

2007-10-12, 1:05 am
Categories: Status Updates, Stream of Consciousness, Tech

Updated 2007-10-14. Scroll down to where it says "Update 2007-10-14". I'd put a link here, but for some reason b2evolution will not let me use the "id" or "name" attributes; expect a presumably silly and useless "rant" on that subject very, very soon. (Update 2008-01-17: Switching to WordPress fixed the problem.)

So I got that Mac Pro I was talking about earlier. No, I still can't afford the thing, so if you notice me living a life of indentured servitude for the rest of my days, well...I'm Irish. We're used to it.

The bastard about being on the bleeding edge is that there aren't a whole lot of guides to walk you through your setup. For example, I found quite a number of guides on how to multiboot a MacBook Pro with 3 OS's on different partitions of the same drive, but approximately bupkis on how to do it on a Mac Pro with each OS on its own drive.

So, in case anyone winds up Googling for the same information I couldn't quite find, here's how I finally did it. Hopefully this'll make it easier for you than it was for me.

Installation and booting

I can't say for certain, but I think order of drives and order of installation are both important.

After some trial and error, I wound up laying my drives out like this:

Drive 1 is Kubuntu.
Drive 2 is OSX.
Drive 3 is Windows XP x64.

Leastways, that's how they're set up in hardware. For reasons I'm not altogether clear on, they show up in software as Kubuntu on sda, Windows on sdb, and OSX on sdc. Still more curiously, both the Kubuntu drive and the OSX drive are assigned SCSI ID 0,0,0. (Could be some holdover from the old master/slave days? Maybe the drives are on different controllers? Something to do with MBR vs. GPT? Is it because the Kubuntu drive is physically first but the Mac drive boots first? Don't know.)

Order of installation seems to be important too. I say this because my first time through, I installed Kubuntu, it ran fine, and then I installed Windows and Kubuntu wouldn't boot anymore. I'd click on the Linux icon and it would boot the wrong OS. (Actually, it still does; more on that later.) So, as with most things in life, everything was going great until I installed Windows.

But after a day and a half of banging my head against the wall, I finally got all 3 OS's moving by rearranging the drives (see above) and installing Windows first and then Kubuntu. (OSX, of course, was preinstalled.)

Things to keep in mind: since we're talking 64-bit Windows, the Boot Camp program is useless. You can ignore it. It might be useful for resizing your OSX partition since Windows insists, for no reason whatsoever, on writing system files to the first drive. I say "for no reason whatsoever" because you can move those files -- boot.ini , ntdetect.com , and ntldr -- to the drive Windows is installed on and it'll run just fine. There's more info at x(perts)64; that guide is specifically for dual-booting XP and Vista, but I found it useful anyway.

(Also, "the first drive" noted above is actually the second drive in my case, which caused a good deal of confusion; as I mentioned earlier, both the Kubuntu drive and the Mac drive show up as 0,0,0.)

It's also worth noting that the much-ballyhooed rEFIt doesn't work for me; I have to hold down Option at startup to get a working boot menu.

That menu gives me the following:
rEFIt, Windows, Windows, Windows
because EFI very helpfully assumes anything that's not Mac is Windows.

The first "Windows" is actually Kubuntu. The second gives me "Error loading operating system". I assume that the first "Windows" is the MBR of the drive and the second is the first partition, which is flagged bootable but doesn't have Grub on it.

The third "Windows" is actually Windows.

Now, rEFIt looks similar -- it offers "Boot Mac OS X from Mac", then "Boot Linux from HD", "Boot Legacy OS from HD", "Boot Windows from Partition 1", not always in that order -- but the last three all open the same OS, either Linux or Windows depending on which I booted more recently.

So I'm stuck with holding Option at boot and selecting the left Windows or the right Windows, but at least it works. I'm hoping future versions of rEFIt fix this problem.

Windows

Here's where you can find the necessary 64-bit drivers for Windows:

(Sources: Triple Boot thread on the Apple forums; Airport Driver thread on driverguide.com forums)

Kubuntu

Boot issues aside, this is the single most painless Linux installation I have ever experienced. I know there's no dearth of people singing the praises of Ubuntu and how close it is to being ready for desktop use, but I'm afraid I'm going to have to add my own redundant voice to the chorus. It was almost painless.

I still had to install the nVidia drivers by hand -- either get us some free drivers that work or stop being so damn concerned about ideological purity, guys; I need support for my video card, and this would make life pretty rough for the average user. But by my standards as a Linux vet...I didn't even have to touch xorg.conf. Kubuntu, how I love you.

Setting up wireless was another concern, especially when I read there was no native support for the adapter and I'd have to use ndiswrapper. Let me explain something about ndiswrapper: it was a bastard to install under Gentoo, and is responsible for every single kernel panic I've experienced in the past year and a half.

Under Kubuntu, on the other hand, it was over in minutes. And I don't want to jinx it, but it hasn't panicked my kernel yet.

There's a HowTo at ubuntuforums.org. Steps 1-3 are outdated now; Feisty comes with a current version of ndiswrapper, so you won't need to update it. As for the bcmwl5.inf file, it's the same one in the Dell package I linked above.

To get wireless to work immediately at boot, you'll also need to set your access point up. In Kubuntu, you do go to K → System Settings → Network Settings, click "Administrator Mode", enter your password, click wlan0, then Configure Interface, and enter the ESSID and WEP key. (DHCP and "Activate when computer starts" should already be set.)

I will note that on one of my reboots wireless didn't start up automatically and I had to run iwconfig myself. I think that's most likely due to signal interference in my apartment, but I can't say for sure at this point.

Sound support was the biggest problem I hit. The ALSA driver for Feisty doesn't support the Mac Pro's audio adapter.

After poking around for awhile, I decided that rather than bother with the individual package, I'd just go ahead and upgrade to Gutsy RC. After all, if you've even read this far, I'm guessing you're somebody who's not afraid of the letters "RC"; I'd advise you just to go with Gutsy from the start. (Course, by the time anybody actually reads this guide, I'm betting Gutsy final will be out.)

So far Gutsy's working just fine for me. (Update 2007-10-14: Except that I can't adjust volume from the keyboard. The bar goes between 0 and 11 but doesn't actually make any change in the volume. This appears to be a known bug in Gutsy at the moment.)

I'll edit this post if anything changes or if I find anything else out -- I have a Bluetooth keyboard and Mighty Mouse that I haven't bothered trying to set up in Kubuntu yet; I intended it more for my media center/emulation rig Mac Mini anyway. But if I get that, or anything else set up, I'll make a note of it here.

Hoping this has been a help to somebody. I don't usually do this, but when I find myself running into problems that aren't well-documented, I figure I may as well document them myself in the hopes that I can make life a little easier for the next guy.

Good luck, next guy.

Reading: Cat's Cradle again, the first in my "My favorite recently-deceased science fiction authors" theme. I think A Wrinkle in Time is probably next.

Update 2007-10-14: Accessing the Mac drive from Kubuntu

It's easy enough to mount an HFS+ volume under Linux (FS type is just "hfsplus" in mount or fstab), but accessing your home directory or mounting with write permissions is a little trickier.

To access your home directory on the Mac volume from Kubuntu, your Mac user account and your Linux user account need to have the same UID. There are a number of ways to do this; the easiest involve simply creating a new user, but I changed the UID on my Mac login to 1000 with no real trouble.

Just go into Applications/Utilites and run NetInfo Manager, click Users, then your username, then scroll down to uid and gid and change them both to 1000 (or whatever your UID is under Linux -- 1000 is, of course, the default number for the first user account).

After that, you'll need to log out and back in, pull up a terminal, do a sudo chown -R <username>:<group> /Users/<username>, and then log out and back in again.

My source on all this is the Gentoo wiki (even though I'm using Kubuntu).

That should give you write access to your home directory on the Mac drive from Linux. To get read access, you'll need to disable journaling.

It occurred to me that I'd like to keep journaling enabled in OSX and only disable it when I want to access the data from Kubuntu. I came up with a relatively simple solution: I wrote a script to enable journaling when OSX boots, and added a line to the shutdown script to disable it.

For the startup script, I created a directory called /Library/StartupItems/EnableJournaling containing a filepair called EnableJournaling and StartupParameters.plist, as follows:

StartupParameters.plist

{
Description = "Enable Journaling";
Provides = ("Journaling");
OrderPreference = "Late";
}

EnableJournaling

#!/bin/sh

. /etc/rc.common

# Enables journaling on Mac volume

ConsoleMessage "Enabling journaling on /Volumes/Mac"
diskutil enableJournal /Volumes/Mac
exit 0

(Don't forget to make this file executable.)

(Source: Greg Neagle's blog)

And I modified /etc/rc.shutdown to the following:

#!/bin/sh
# Copyright 1997-2004 Apple Computer, Inc.

. /etc/rc.common

if [ -f /etc/rc.shutdown.local ]; then
sh /etc/rc.shutdown.local
fi

SystemStarter stop

# ADD THIS LINE:
diskutil disableJournal /Volumes/Mac

kill -TERM 1

exit 0

Seems to work all right; I get journaling when I'm running OSX, and I get write access when I'm running Kubuntu. (Update 2007-11-05: It appears rc.shutdown is gone in Leopard. I'll update when I learn more.)

The bad news is that it doesn't work both ways. At present I have Kubuntu installed on a ReiserFS volume, which is unsupported by OSX. I could have made it an ext3 FS instead and installed the ext2 driver for OSX, but, well, if I wanted compatibility over performance, I probably wouldn't have gotten a Mac Pro.

How I Spent My Island Vacation, Part 2: Thad Makes Banal Observations About Airport Security

2007-10-06, 12:07 am
Categories: Announcements

Some musings, observations, and general thoughts:

  1. Who decided it was a good idea to tell people, "Oh, you're going to have to check this" after baggage check?
  2. Seriously, guys. It's jelly. What conceivable kind of danger can this jelly possibly pose?
  3. So the problem is the size of the container? So if I had, say, three smaller containers and split the jelly up into them -- the exact same matter, just in different containers -- you wouldn't have thrown it out?

Anyway. Thanks for making us so much safer, TSA.

...Then again, I guess my airport experience could have been a lot worse.

Nineteen Hundred Plus

2007-08-30, 8:47 pm
Categories: Announcements

Had some serious computer trouble last night, and it vanished as mysteriously as it came.

It has occurred to me that I know at least three couples who have gotten engaged, married, and divorced in the time since my last major hardware upgrade. And that was just a new video card.

If I had the dollars, I'd get me one o' them Mac Pro things the kids talk about. Triple-boot OSX, Windows, and some flavor of Linux. I'm thinking Kubuntu, since I've discovered I don't have the time to keep my packages up-to-date in Gentoo.

But man, I'll miss Gentoo.

All of that, of course, is academic at this point, as I do not have the dollars for a Mac Pro. Hopefully I can remedy that situation, but if my computer dies in the meantime, I guess I'll have to use Knoppix or my Mac Mini or something.

Two Hundred Thirty-One

2007-07-04, 9:02 pm
Categories: Politics

If the President be connected, in any suspicious manner, with any person, and there be grounds to believe he will shelter him, the House of Representatives can impeach him; they can remove him if found guilty.

- James Madison, Father of the Constitution

Happy Independence Day. Remember the Enlightenment thinkers who cast off the sovereignty of a man named George who believed himself a supreme power unbeholden to his citizens and the rule of law.

(See also: last year's 4th of July post, which includes the complete text of the Declaration of Independence and a link to Brent's modern version.)

Thad's Tech Tips

2007-06-19, 2:04 pm
Categories: Tech

Hello, random Googler. This one is for you.

Today's post is about some issues I've been having at work with an old Web server running Fedora Core 2. For various reasons, I have been attempting to update the packages on this old piece of junk to the latest available versions. (That is, the latest available for FC2; I'm not going to try the Herculean task of updating to 7.) For those of you who are not interested in technical details on server administration, this post is not for you; it is for the random Googler who found this page by searching for some of the keywords in the below explanation. Keywords like 4f2a6fd2, 6cdf2cc1, yum, GPG, and zlib.

The reason that I am posting this is that I have spent several days figuring this shit out for myself, with only minimal aid provided by Google searches; there seems to be no information anywhere detailing this set of problems, and I'd like to make life a little easier for the next poor bastard caught in this situation.

Problem #1 is finding a yum repository. The Fedora Legacy Project has shut down. There are still a goodly number of mirrors operational as of this writing, but my copy of yum rejected a number of them based on errors like the following:

Gathering header information file(s) from server(s)
Server: Fedora Core 2 - via Fedora Legacy Project
retrygrab() failed for:
http://[...]/fedora/2/os/i386/headers/header.info
Executing failover method
failover: out of servers to try
Error getting file http://[...]/fedora/2/os/i386/headers/header.info
[Errno 4] IOError: HTTP Error 404: Not Found

A couple of URLs I've found that do have the header.info file are:

http://www.blagblagblag.org/pub/mirrors/fedoralegacy/fedora/$releasever/updates/$basearch/
http://fedoralegacy.mirrors.redwire.net/fedora/$releasever/updates/$basearch/

and the latter, conveniently, is even the top option in the default /etc/yum.conf . So just comment out the Main Fedora Updates section and uncomment the pertinent lines under Fedora Legacy Project.

(Aside gripe: b2evo apparently automatically turns URLs into links, even if they are obviously bullshit URLs. Update 2008-01-17: Switching to WordPress took care of this problem.)

Then comes my next problem:

warning: rpmts_HdrFromFdno: V3 DSA signature: NOKEY, key ID 4f2a6fd2
Error: Could not find the GPG Key necessary to validate pkg /var/cache/yum/updates-released/packages/pango-1.4.1-1.i386.rpm
Error: You may want to run yum clean or remove the file:
/var/cache/yum/updates-released/packages/pango-1.4.1-1.i386.rpm
Error: You may also check that you have the correct GPG keys installed


It turns out that key is actually located on the default install. Just do:

rpm --import /usr/share/doc/fedora-release-2/RPM-GPG-KEY-fedora

You'll probably also want to import http://www.fedoralegacy.org/FEDORA-LEGACY-GPG-KEY.

You'd think that would be the end of my GPG problems. But you'd be wrong.

warning: rpmts_HdrFromFdno: V3 DSA signature: NOKEY, key ID 6cdf2cc1
Error: Could not find the GPG Key necessary to validate pkg /var/cache/yum/crash-hat/packages/zlib-1.2.2.2-0.i386.rpm
Error: You may want to run yum clean or remove the file:
/var/cache/yum/crash-hat/packages/zlib-1.2.2.2-0.i386.rpm
Error: You may also check that you have the correct GPG keys installed

Now this one turned out to be a bit tricky. All my Google searches for "6cdf2cc1" turned up people trying to install a certain open-source anti-virus program (I'm omitting its name because if you're like me, you'll see page after page of results mentioning that program and then attempt a Google search which removes that search term). Very few mentioned zlib, and none told me where I could find the appropriate GPG key.

After some further banging my head against the wall, it occurred to me to ask myself what set zlib apart from all the other packages, since they hadn't given me any errors.

As it turns out, zlib was the only package hanging out in the /var/cache/yum/crash-hat/packages directory. It was, in fact, from a different repository, not the Fedora Legacy repos listed above.

So I Googled crash-hat and the very first match was titled CrashHat YUM Repository. It linked the appropriate GPG-KEY and that was all I needed; at last I could update my server. Now it is merely ancient, not decrepit.

With any luck, this may help fix some of the other issues the server's been having. Perhaps more on those at a later date.

Another Love Letter to Microsoft

2007-06-14, 12:15 am
Categories: Stream of Consciousness, Tech, Work

Here is what I love about Windows 2000's network configuration.

First of all, if you uninstall a network card -- say, for example, because you are having trouble getting it to work, perhaps trouble that suspiciously coincides with the latest round of Microsoft patches --, and then reinstall that card, you will find that your network settings have defaulted back to DHCP instead of static IP.

So you'll have to re-enter your IP.

If the machine you are currently working on happens to be a Web server that uses 250 different IP's, you will have to re-enter your 250 IP's.

But Thad, you say, that is awesome! How could life possibly get any better?

Well, it may seem difficult, but it does get better.

You can only enter one IP at a time.

And you can't copy and paste.

And no matter how many dozen times you enter the netmask 255.255.252.0, it will always default to 255.255.255.0.

And and every single time you tell it to add a new IP, it pops the new IP window up right on top of the list of existing IP's. So that if it is, just for the sake of argument, 11:30 at goddamnfuckinghellshitcock night and you are entering 250 different addresses, you have to scroll a bar and then drag a window to see the last one you entered. In the absurdly unlikely event that you somehow have trouble keeping your place under those conditions.

Awesome enough for you?

Yes, I am sure you are saying. Yes, that is just incredibly, unspeakably awesome. There is no possible greater threshold for awesomeness.

Well shut up, you're wrong.

Let's say you make a mistake. Let's say you somehow enter the same IP address twice. I know, there is absolutely no way of that happening under the circumstances, but bear with me in this thought experiment.

Let's say you enter an IP twice. It doesn't like it when you do that.

But does it tell you when you enter the redundant IP? No, that would make too much sense. Does it just delete the redundant IP itself seeing as the two are identical? Of course not. That would be stupid. That would require someone at Microsoft to write an entire extra line of code.

But Thad, you may say, surely they must at least tell you which IP is redundant?

My friend, where's the fun in that? Why tell you when they can instead just make you strain your eyes staring at every single IP you've entered?

Oh, and also, there's no way of sorting them.

They don't pay me enough for this shit.

Escape from Crazytown

2007-06-11, 9:57 pm
Categories: Announcements, Stream of Consciousness, Tech

A thief comes during the night and steals 13 oxen.

Hello!

I have migrated my site to a new server!

Because it turns out that my previous hosting provider is a shining example of what I mentioned in my previous post about how all my friends are currently campaigning for the office of Mayor of Crazytown.

I would like to thank my previous hosting provider for three and a half years of hosting which was relatively free of capriciously removing the site and pretending it was an accident. And even before that, a redirect to the ol' BBS waaaaay back in '01. We had some good times, buddy, and I wish you all the best; take your ice cream cone and run with it.

On another topic, I would like to share some useful information with random people who have found this site with Google!

If you are in the process of migrating your site and don't want to ask for help from your hosting provider because your hosting provider is currently campaigning for the office of Mayor of Crazytown, and if you need to export your MySQL DB (say, for example, because it has all your blog data on it), here is the operative command:

mysqldump -u username -p dbname --single-transaction > foo.sql

That "--single-transaction" flag is key if you're getting the following error:

mysqldump: Got error: 1044: Access denied for user 'username'@'localhost' to database 'dbname' when using LOCK TABLES

Because what that generally means is you have read access for the DB, but you don't have permission to lock it.

Don't say I never gave you anything, random Googler.

(Also, now that I have migrated the site to a server I control, I can set the whole mysqldump thing up as a cron job. Whoo redundancy! Whoo redundancy!)

I hope that you, my loyal readers, as well as random Googlers, will continue to follow my very boring exploits as I continue to chronicle them -- this time on a new server.

Huzzah!

In which Thad makes oblique references to his personal life

2007-05-16, 11:04 pm
Categories: Announcements, Books, Status Updates

There comes a time in every man's life when he must come to the sobering realization that the most normal person he knows is this gentleman:
Brad wearing a penis hat

It has recently come to my attention that every single person I know is currently campaigning for the position of Mayor of Crazytown. I wish them all the best of luck, but caution them that the incumbent is going to be very difficult to defeat.

I have further realized that Brad is doing a surprisingly poor job in his campaign for Mayor of Crazytown in comparison to everyone else I know.

Actually, it's not that surprising. He didn't do so well in his campaign for Mayor of Tempe, either.

Reading: Elric: Song of the Black Sword. I agreed to read it if Felipe would read Watchmen. So far he is more impressed than I am.