Today we fight back

If you don't have JS disabled you might have noticed the huge black banner on the bottom of this blog. Stop mass surveillance. This is the day we fight back. https://thedaywefightback.org/international/

Compiling tarsnap on RaspberryPi

Just a quickie for tarsnap 1.0.35. Featuring my new favourite, the download software called aria2.

aptitude install aria2 libssl-dev zlib1g-dev e2fslibs-dev
aria2c https://www.tarsnap.com/download/tarsnap-autoconf-1.0.35.tgz
aria2c https://www.tarsnap.com/download/tarsnap-sigs-1.0.35.asc
gpg --recv-key 2F102ABB
gpg --decrypt tarsnap-sigs-1.0.35.asc
sha256sum tarsnap-autoconf-1.0.35.tgz # should get the value from sig file, 6c9f67....9a
tar xf tarsnap-autoconf-1.0.35.tgz
cd tarsnap-autoconf-1.0.35/
./configure
time nice ionice make -j2

How do I know that -j2 really gives some advantage on raspi ? Well, here are the timings:

#fresh, j1
real    14m7.129s
user    6m30.790s
sys 0m21.640s

#-j2
real    11m33.868s
user    6m36.690s
sys 0m19.880s

#-j1 again, caches warmed up
real    12m38.598s
user    6m30.960s
sys 0m20.470s

#-j2 again
real    10m14.975s
user    6m34.980s
sys 0m20.710s

Meetings

Decisions

Most of the meetings come from the desire to have a decision made. The problem is in most cases is that these are not decisions to be made now. Software prototyping is cheap. We should just try to build a working solution and iterate around. Let's prototype. Get someone most annoyed by the problem and leave them to build it. Of course, the clearer communication of what they are actually doing the better. It should be something like ‘hey I’m gonna build this – okay’ or even ‘hey, I”ve build that, let’s see how it behaves’ Not like “we should now spend multiple meetings on discussing how this should be done’. Just make it work, instead of talking about it.

Documentation

There are people that like those meetings around decision making. And those decisions, that should not be made now, of course, need proper documentation around to prove the point. And document the decision-making process. Oh, and office software and document versions of course. That's what everyone uses. What, you developers have text files and this git stuff ?! The thing is if the need for some documentation for something comes from the team then the team will make it when needed. If not then probably not.

Sharing the knowledge

Other possible reasoning behind having a meeting can be that of some knowledge needs to be shared. And that's a noble cause. Just don't make a meeting out of it. Make a lecture. A presentation. No audience members interacting with each other. Speaker talking and maybe sometimes allowing questions. The knowledge sharing sessions are oftentimes a prelude to the decisionmaking meetings. See above.

Confirming your ideas

Sometimes however somebody just wants some confirmation on their idea, maybe before building a prototype. Then, there is a good chance that they already know who they should ask. No meeting then. Just ask the people you know you should ask. 1-on-1 interaction. Maybe somebody will overhear and start listening. Notice that the social dynamic is very different from the meeting then, two people having a conversation and another one politely listening, maybe being invited to the conversation after some while. Just look how it works in between talks on conferences. Very different from “everybody says everything” meetings.

The meetings that are left

Also, if for some cosmic reason you really need to have a meeting – make it opt-in. Just the people who are interested coming. Set the timer. There is one I particularly like - a clock showing amount of money wasted so far by this meeting.

Post scriptum

37 signals on meetings: http://gettingreal.37signals.com/ch07_Meetings_Are_Toxic.php These guys have the idea of every communication should be async and read when convenient, hence their emphasis on email. That gets you to really think of your proposal and really describe it and stuff, which is sometimes good. To stop and think, RFC-style. However, as mentioned above, imho most of the times it’s quicker to just write the software. Possibly, also, I just like ‘hey, got a second?’ approach better.

Wordpress and nonstandard ports and protocols

I needed to set up a Wordpress installation where https is on nonstandard port and the admin interface lives in that land, while the site itself is using plain http.

In wp-config.php:

if (!empty($_SERVER['HTTPS'])) {
    define('WP_SITEURL', 'https://example.com:12345');
    define('WP_HOME', 'https://example.com:12345');
}
else {
    define('WP_SITEURL', 'http://example.com');
    define('WP_HOME', 'http://example.com');
}

This allows the installation to properly see resources like images and css if accessed via nonstandard port. So if you don't see image previews in the admin panel, your styles look weird, or you just don't see new posts' previewes - this might be it.

30C3 day 1

I'm writing this on the beginning of the day 2 of 30C3, as day 1 was so packed with action that I was not able to sit down and type, not even for a little while. First of all - Glen Greenwald. Yep. Glen Greenwald's keynote was moving the crowd, making the audience interrupt him with rounds of applause every few minutes. Lots of mobile phone network exploitation talks along with general anti-buffer-overflow techniques. Tor guys talking about the interesting times we live in. Quite a day. Here are some photos, with no Congress people, except for me, in them, as the tradition goes.

Booting Gentoo with LUKS+LVM2+systemd

I've spent quite some time recently trying to get a laptop running Gentoo boot from an encrypted partition with LVM. I thought that this might be useful for someone else, so here you are: First things first: I'm assuming you've followed Gentoo handbook and are operating from within livecd's shell. You've done the regular luksFormat + lvm stuff and you've come up with a layout similar to this one:

dagrey ~ # lsblk
NAME                          SIZE TYPE  MOUNTPOINT
sda                           55.9G disk
└─sda1                        55.9G part
  └─crypthome (dm-3)          55.9G crypt /home
sdb                           29.8G disk
├─sdb1                       485.4M part  /boot
└─sdb2                        29.4G part
  └─root_sdb2-vg-root (dm-0)  29.3G crypt
    ├─vg-swap (dm-1)             8G lvm   [SWAP]
    └─vg-root (dm-2)          21.3G lvm   /

You need a kernel to boot this, a kernel that understands crypto stuff as well as lvm.

genkernel --symlink --save-config --no-mrproper --luks --lvm --udev --menuconfig all

If you're using gentoo-sources you'd notice the fancy gentoo-specific menu on top. Go there and check systemd. Apart from the usual stuff, please make sure to check stuff on this list, and also this one:

Device Drivers
 Multi-device support (RAID and LVM)
 [*] Multiple devices driver support (RAID and LVM)
 <*>  Device mapper support
 <*>  Crypt target support

Cryptographic API
 <*>  SHA256 digest algorithm
 <*>  AES cipher algorithms

Your setup is so new that you need grub2. Grub2 is very picky about its configuration. Take this one and avoid hours of reading:

dagrey ~ # cat /etc/default/grub

GRUB_DISTRIBUTOR="Gentoo"

GRUB_DEFAULT=0
GRUB_HIDDEN_TIMEOUT=0
GRUB_HIDDEN_TIMEOUT_QUIET=true
GRUB_TIMEOUT=3

GRUB_PRELOAD_MODULES=lvm
GRUB_CRYPTODISK_ENABLE=y
GRUB_DEVICE=/dev/ram0

# Append parameters to the linux kernel command line
GRUB_CMDLINE_LINUX="real_init=/usr/bin/systemd quiet real_root=/dev/mapper/vg-root crypt_root=/dev/sdb2 dolvm acpi_backlight=vendor"

You're using initrd to set everything up for the kernel, so you need real_root and real_init instead of regular ones. cryptdevice no longer works, use crypt_root And dolvm is essential, without it only the first part will work, leaving you with open crypt container and kernel panic just afterwards. Also notice GRUB_DEVICE, GRUB_CRYPTODISK_ENABLE and GRUB_PRELOAD_MODULES. Make sure the first partition on the disk you're installing grub onto is starting at 2048. If it's any earlier grub just won't be able to fit its magic in there. Finally, install grub

grub2-install --modules="configfile linux crypto search_fs_uuid luks lvm" --recheck /dev/sda
grub2-mkconfig -o /boot/grub/grub.cfg

That should be sufficient to boot the system and initialize root. What about those other encrypted partitions like /home though ? Well, init subsystem needs to initialize them, OpenRC did such by reading /etc/fstab and then /etc/dmcrypt/dmcrypt.conf accordingly. Systemd is a bit different here. You still need your /etc/fstab entries for it to know which partitions need to be initialized. The place where you say how to map and decrypt crypto containers, however, is in /etc/crypttab.

dagrey ~ # cat /etc/fstab

/dev/sdb1              /boot     ext2    defaults    1 2
/dev/mapper/vg-root    /         ext4    defaults    0 1
/dev/mapper/vg-swap    none      swap    sw          0 0
/dev/mapper/crypthome  /home     ext4    defaults    0 2

dagrey ~ # cat /etc/crypttab
#crypthome /dev/sda1
crypthome /dev/sda1 /etc/conf.d/dmcrypt.key

The keyfile is available from then already decrypted root partition. You can also skip the key and the you'll get a password prompt, sometimes hidden somewhere in systemd messages. Hit enter to reveal it once more.

New dotfiles repository

Hi ! Just letting you know that I've been working for some time on structuring my dotfiles and finally published them to github. These contain e.g. my vimrc and font configs. I've even patched the famous solarized theme for vim to allow better gitgutter symbols display. Enjoy !

Freakin debuggers - how do they work ?

I gave a talk yesterday. It was on debuggers. From VM-level debuggers to JTAG, quite a packed, high level overview. In fact I gave it before, on another occasions. And this time was different, hence this post. The thing I am particularly proud of is that I was able to entertain the crowd for the first half of an hour despite not having any computer launched and connected. You know, like, interacting with actual people ! We had some difficulties connecting to a beamer so I thought it'd be good to have an open discussion first. We've started with "unit tests vs debuggers". Is having a rock solid unit tests suite enough for you to never touch a debugger ? After some time I've transitioned to my presentation, talked a bit about the history of debugging, then what are the features of modern debuggers and finally how all of these work. And while we're at it I would like to give a shout out to the organizers of these 2 events. Thanks !

Idea for a curated links directory

I read a lot. Of books and news alike. Oh, and whitepapers too. And some recipes maybe. Some of them I find by my RSS reader. Some are given to me by colleagues at work, some arrive by mail, sometimes even in somewhat curated, described form. I read through most of them. And resend. Often I want to share a particular piece with friends of mine and possibly some other people too. Most often I do this by pasting the link into the IM window or email it to a particular person I know might be interested. Then I recall the other person who would also love to hear about this. Then I need to search the IM logs or my Delicious. And all of this only to hear that the people mentioned did not have the time to read the article referred but would love to in the future. Just not right now. I need a system for this. I read something, I archive it in the system. People sign up or I do sign them up. People receive my curated links list in a more or less regular email. But there is also a public, searchable web directory for all the previous editions. Is there anything like it around ? Open source please. Selfhosted please. If not - I'm just gonna write it.

New laptop

Hey, remember my search for the new laptop ? It's finally over ! I found that Clevo, Taiwanese custom laptop manufacturer, has recently added 13'3 FullHD laptop base to their offerings - W230ST. And to my surprise - there is a Polish importer which allows pretty neat specs calibration for you. Game on you say ? Indeed. What do I like about it:

  • Haswell-based, so all the new tech is here, same as in the newest MacBooks
  • up to 16GB RAM, I have 8GB installed for now and it works pretty good
  • 2x mPCIx mSATA capable slots
  • nice copper cooling inside
  • FullHD matte display
  • 4x USB
  • HDMI
  • typing on its keyboard, just clicks with me
  • survived OHM2013 camp - not scared of humidity and hot air

What I do not like so much:

  • Haswell-based, so Linux support is not that great yet, everything seems to be working okay, however power consumption is off the limits. 60Wh battery lasts for ~2h tops.
  • while the outer side of the case is of nice rubberrized plastic, the inside is cheap-looking grey one. There was no option to change it unfortunately, while I see that other importers/assemblers around the world have such mods avaiable.
  • the looks of the keyboard, purely visual stuff like the font used to print the characters, the layout is okay

Running Linux on it: Everything seems to be working by default on most of the distros. I've tested Gentoo, Arch, Fedora and Crunchbang. The only thing that needed some tweaking was that by default I was unable to control backlight brightness at all. adding

acpi_backlight=vendor

to the kernel boot parameters, as suggested on Arch wiki, solved the problem. I haven't delved deeply into Optimus yet, so I don't know whether the graphics cards switching works correctly or not. The one thing I've noticed is that, after waking from deep sleep, so after leaving the lid closed for a long time, not for few minutes, there are some visual artifacts on screen. Also, as mentioned before, power consumption worries me a bit. Will keep you posted !