Yves-Alexis Perez writes a bit about Debian and crypto-containers, comparing cryptsetup and encfs. The comparison is decent enough, except that it’s fairly trivial to get cryptsetup to integrate into the whole gnome-volume-manager stack and have a dialogue pop up when you insert an encrypted USB stick or similar. Sure, it’s mounted by a root process, but I wouldn’t claim it’s any kind of insecure because of that.

What did really catch my eye was the line near the end:

[…] but this is a bruteforce attack against master password (1024 bits RSA key), not against 128bits aes key of the container.

Well, according to conventional research, a 1024 bit RSA key is about as strong as an 80 bit symmetric key. A semi-recent RSA paper confirms this too. And to the best of my knowledge, there has not been found weaknesses in AES which lower the effective key size.

• Plug all the power plugs back in. Not just almost all of them.

A small update of my contentless ping script has now been released. First, it’s a bit more configurable, thanks to some patches sent to me by way of Martin F. Krafft. Secondly, it now rate limits, so you can’t get people kicked off channels by pinging them repeatedly.

Russel Coker writes about using multiple Ethernet devices in Xen and wonders about if there is something similar to RFC1918 addresses, but for Ethernet. Apparently, there is, they’re called “Locally Administered Addresses”. To make a local address, just set the seventh bit to one. You probably want to make the eigth bit a zero too, unless it’s a multicast address. Wikipedia has more, as usual.

At home, I have had a setup with a wireless router for quite a while. It’s more or less a stock OpenWRT setup, but I have split the joined all the wired ports into one virtual interface (actually, I think they’re just on one VLAN) and split off the wireless. The wireless is open to the world, but I have a fair amount of packet filters there so it doesn’t get too annoying. Some people have no shame and run bittorrent and other file sharing utilities on other people’s open wireless.

Anyway, my setup is no longer so simple. I bought a WRT54GL to provide better reception in other parts of the flat and wanted to join those two. After a little bit of reading, I found what I wanted: WDS. Due to a previous misconfiguration of the WRT54GS, the WDS connection was joined onto the br0/LAN segment and not the wireless segment. That was easily enough fixed, but it’s always a bit scary to change network settings on headless devices. (I did manage to lock myself out, but I could ssh through in from the wireless network, so I just used the WRT54GL to bounce through.) Once that bit was up, I could set up WDS, I did as the documentation told me and did it with lazywds (anyone can do WDS with you) enabled. It worked, so I turned it off and rebooted both routers (again..), and it still worked. Yay!

I have been walking to and from work lately and have become increasingly restless over not having anything to listen to, so I bought a small media player, a Samsung Z5F. First impression is it’s tiny. Really tiny and I used a little while to get used to touch-buttons. Upgrading the firmware is trivial, both from Linux and Windows: the firmware download is a zip file, inside there’s .dat file which you place in the root directory. When you disconnect, the player says “new firmware detected. Upgrade?”, I answered yes (who wouldn’t? It gives me 30% better battery life and gapless MP3 playback), it rebooted, upgraded itself and rebooted again. After a long (probably 15-20 seconds) wait where it just displayed the Samsung logo, during which I was a bit scared it was bricked, it booted up fine.

It works well, it plays music and podcasts, but I have run into one strange problem with it. I was about 1/3 through the latest episode of Lugradio when I wanted to go ten seconds back to catch something somebody said, but it entirely failed to seek backwards. It seems like it either doesn’t support seeking in big .ogg files or doesn’t support seeking in big files or doesn’t support seeking in .ogg files. Anyway, annoying bug. I’m going to download the MP3 instead to see if it has the same problem or not.

Apart from that, it’s a lovely, tiny little player with 44 hours of battery life and 4GB storage. Nice little toy.

Update (2006-12-26): I got an email from one of the firmware developers about the problem of seeking in large Ogg Vorbis streams and this is now fixed. The fix isn’t public yet, but is somewhere in Samsung’s QA chain. And the problem is only large Ogg Vorbis files, not large MP3s, so it can be worked around in most cases. Yay!

One of the jobs of an archive administrator in Ubuntu processing sync requests. The job is fairly simple: read a sync request (in the form of a bug report), make sure it includes the relevant information and is either filed by or seconded by a person with the appropriate permissions. Then, it’s downloading the source, injecting it into the correct queue and marking the bug as closed.

The by far most boring bit of this is actually closing the bugs: opening the bug report, clicking on the relevant task, marking as “Fix released”, assigning to myself, pasting the update report from an editor and clicking “submit”. Rinse and repeat, today for 73 bugs.

To help this, I started looking into writing a greasemonkey script. Just add a button besides the submit button which would then be labeled DTRT or something like it, but ran into some trouble which is really obvious: Javascript run in the content’s security context can’t access your clipboard. A small hack to greasemonkey.js fixed this and I now have a shiny GM_fromClipboard function. After playing around with this for a while, I thought it wouldn’t help me at all since the javascript is called in the page content’s security context, but any event listeners I add seemingly aren’t. Nice. (This is of course due to the whole concept of closures and how Javascript works.)

Anyway, I ended up with a script that does the right thing. It needs a greasemonkey patch.

Enrico writes about putting a live CD on a removable disk. I added the support in casper for doing this almost a year ago and it has saved me lots of debugging time. Booting the live CD that way is almost as fast as booting an installed system. If you couple this with using the persistent storage support in casper, you can get the configure-on-boot support together with persistency.

In a later update, slh is quited saying that xresprobe doesn’t work on AMD64. This is wrong, I wrote that support based on code by Matthew Garret a little more than nine months ago. I wouldn’t recommend incorporating it in new-written code, but rather use libx86.

Adrian von Bidder writes about retty, a tool to make processes reattach to your terminal. While useful, it seems mostly like a limited version of cryopid which seems even more insane and crackful, but quite cool nevertheless. I have not had a chance to actually try cryopid yet though, so if any of you have, please blog about your experiences with it. Oh, and please package it, somebody.

So, the Ubuntu release candidate was released today. As a release manager, it’s a fascinating process. First the development where there is relativetly little central control: People work on their specs and my job as a relase manager is to roll new alpha/snapshot releases every couple of weeks. Those are lightly tested (does it boot and install on at least one machine?) and if a derivative or an architecture isn’t ready, well, then it isn’t ready.

Beta, the release candidate and the release are completely different beasts. We have test plans, people are assigned tests and so on. In addition, we have a freeze which in total lasts about a week for beta, two weeks for release. Every upload has to be hand-checked and approved. As the release grows nearer, the bugs have to be more severe in order for an upload to be approved and in the end it’s more or less a full commitment “we have this, we have tested this thoroughly and there is no way we can do a full test and still release on schedule”.

At some point, it gets scary. There is just one command left to run; sync-mirrors. No arguments, just the command. I pushed the button, and we are now live.