Posts for Friday, January 28, 2011

## Jury Rigging Google Chrome to Use Tor

Chromium is a great browser, but it does do various types of phoning home and packet routing, which makes using Tor with it somewhat tricky. I’ve devised a script that creates a new Chromium session configured to route its traffic only through Tor, and erases all evidence afterwards. It also disables Flash and Java (which will reveal your IP address), spoofs a generic Chrome user agent, disables metric reporting, prefetching, syncing, search result suggesting, and whatever other phoning home services I could identify to lock down. The first lines of the script run vidalia if it isn’t running, the official GUI for Tor. This is known to work on Chromium 10.x, which is the current dev channel; I do not know about prior versions.

$cat Projects/torchrome.sh if ! ps -C vidalia > /dev/null; then vidalia& fi rm -rf /tmp/torchrome && mkdir -p /tmp/torchrome/Default && touch /tmp/torchrome/First\ Run cat <<END > /tmp/torchrome/Default/Preferences && { "alternate_error_pages": { "enabled": false }, "autofill": { "enabled": false }, "browser": { "custom_chrome_frame": true }, "default_search_provider": { "enabled": true, "encodings": "UTF-8", "icon_url": "about:blank", "id": "2", "instant_url": "", "keyword": "google.com", "name": "Google", "prepopulate_id": "1", "search_url": "{google:baseURL}search?ie={inputEncoding}&q={searchTerms}", "suggest_url": "" }, "dns_prefetching": { "enabled": false }, "download": { "directory_upgrade": true }, "extensions": { "autoupdate": { "next_check": "12940162523897409" }, "chrome_url_overrides": { "bookmarks": [ "chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html" ] }, "theme": { "id": "", "use_system": true } }, "geolocation": { "default_content_setting": 2 }, "google": { "services": { "username": "" } }, "homepage": "about:blank", "homepage_is_newtabpage": true, "ntp": { "alt_logo_end": 1255017600.0, "alt_logo_start": 1255017600.0, "pref_version": 3, "web_resource_cache_update": "1295688216.445951" }, "plugins": { "enabled_internal_pdf3": true }, "profile": { "clear_site_data_on_exit": true, "content_settings": { "pref_version": 1 }, "default_content_settings": { "plugins": 2 }, "exited_cleanly": true, "multiple_profile_prefs_version": 1, "notifications_default_content_setting": 2, "password_manager_enabled": false }, "safebrowsing": { "enabled": false }, "search": { "suggest_enabled": false }, "sync": { "passwords": false, "preferences": false, "sessions": false, "themes": false, "typed_urls": false }, "tabs": { "use_vertical_tabs": false }, "translate": { "enabled": false } } END chromium --incognito --proxy-server=socks5://localhost:9050 --user-data-dir=/tmp/torchrome --disable-plugins --disable-java --disable-metrics --disable-metrics-reporting --user-agent='Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10' && rm -rf /tmp/torchrome <iframe allowtransparency="true" frameborder="0" scrolling="no" src="http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fblog.zx2c4.com%2F440&amp;layout=standard&amp;show_faces=true&amp;width=450&amp;action=like&amp;colorscheme=light&amp;height=65&amp;font=lucida+grande" style="border:none; overflow:hidden; width:450px; height:65px"></iframe> ## Compulsive Columbian Tweeters Tremble Below is my pre-edited version of this Bwog post. Having recently finished Dawking’s The God Delusion, an anxious audience murmured in fear of having their new deities of Facebook and Twitter crushed by Evgeny Morozov, at a lecture this Tuesday at Columbia’s School of International and Public Affairs on The Net Delusion, his recent analysis of social technology in authoritarian regimes. After working for NGOs that promoted “new media” for social justice, Morozov began to suspect that organizations like his own were doing more harm than good. He saw evidence not just of government censorship, but also of governments paying bloggers to publish propaganda and large government projects to scour social networks to learn how best to squelch opposition activists. Eventually he left his organization to investigate just how much an impact – for better or for worse – the Internet has had on activism in authoritarian countries. Morozov claimed that our fundamental incorrect presumption about the Internet is what he called the “dictator’s dilemma”: either a country can keep the Internet out, and thus exclude themselves from the global economy, or they can let the Internet in and be eventually usurped by protestors well organized through websites like Twitter. In reality, however, autocratic powers have figured out how to let the Internet in without the supposed massive undermining consequences, not just through firewalls and censorship – as in the case of China – but through tracking and surveying. Governments can easily learn, with ease, which activists are associated with one another, what their plans are, how they acquire funds, and the like. There have even been reported instances in which governments have crawled Facebook for pictures of an anti-state protest, and then created a fake “crowd-sourcing” website that encouraged viewers to identify their “friends” in the pictures. Arrests came swiftly after. In Belarus, the government went so far as to request a cellphone company to query the identities of all cellphone users who were located in a particular square during a protest. And just last week in Tunisia, the government attempted to access protestors’ Facebook accounts. Of course, Morozov made sure to remind us that our own government undoubtedly has similar interests. Just as he mentioned this last fact, the girl next to me logged onto Facebook and updated her status with an enthusiastic blurb about what an honor it was to see Morozov in person, most likely feeling particularly witty at her own self-aware irony. But it is a real issue, implored Morozov, while looking directly at each of the fifteen others wielding social technology as he spoke (which, of course, were exclusively iPhones and Macbooks, whose users never seem to pass up an opportunity for hyper-public self-consciously aware doubly-ironic gestures). The US is pushing a diplomatic agenda of Internet freedom, while at the same time actively spying on its citizens at home. Their programs for promoting freedom through technology are also not well thought-out. The US designed a program for Mexico whereby witnesses of drug violence could send a text message to a special number to report the crime. This plan received wide positive media coverage, when in reality, no actual cellphone carriers in Mexico were willing to support the service, because they were unable to ensure the anonymity of the messages. The carriers were aware that criminals could easily intercept these messages, a small fact the US government and the media chose to ignore. In general, the US media, according to Morozov, lacks the “critical rigor” to speak sensibly about the real effects of the Internet. Last year’s protests in Iran received intense media coverage for being a “Twitter Revolution”, when in reality, there were only sixty tweeters located in Iran. The rest of the tens of thousands of tweets were generated by media coverage. We all left feeling slightly dejected that our treasured way of wasting time might possibly be responsible for the continuation of authoritarianism around the world. On the elevator downstairs, I looked up at a depressed crew of journalism PhD students and gleefully asked, “So are you all going to tweet about it?” I received nothing but double-death-stares, until the doors opened and one particularly embarrassed girl murmured, “I tweeted during the lecture. I didn’t know what else to do. I had to.” On the same day, Twitter was credited as being an enabler of massive demonstrations in Cairo. The following day, Mark Zuckerberg’s Facebook was hacked. <iframe allowtransparency="true" frameborder="0" scrolling="no" src="http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fblog.zx2c4.com%2F428&amp;layout=standard&amp;show_faces=true&amp;width=450&amp;action=like&amp;colorscheme=light&amp;height=65&amp;font=lucida+grande" style="border:none; overflow:hidden; width:450px; height:65px"></iframe> Posts for Thursday, January 27, 2011 ## Customising Dates in Evolution Evolution is Gnome's official email, calendar, contact, & task management software. ie. I use it daily to check my emails. I've always had a pet peeve with date formats that look like this: It's fine when I'm thinking about mail relative to today. However, sometimes I have to check for certain emails with regard to the absolute date. For example, "What was all the correspondence to a certain customer on the 21st". I would quickly scan the date column for 21/01/11, and find there isn't any. However the 21st was last Friday, which is shown as "Fri 02:42 PM". There are various reasons why this is not a good thing with regard to efficient human-machine interfaces, however there are also good reasons for a fuzzy date. Since Linux gives you so much choice (in the right places) it's gratifying to see the option to change the date column to any of a number of presets, or your very own format: As you can see, I've selected a simple day/month/year format: Note: the version of Evolution used here is 2.32.1 ## KDE 4.6 released! http://www.kde.org/announcements/4.6/ No related posts. Posts for Tuesday, January 25, 2011 ## Dir 2011, Fosdem 2011 <html>On February 4, I'll be in Amsterdam at DIR 2011, the 11th Dutch-Belgian Information Retrieval Workshop. After that, I'm going to the devopsdinner and Fosdem beer event in Brussels. On february 5/6 of course, Fosdem itself. Looking forward to the systemd talk. On sunday I'll do a talk about simple shell based Gnu/Linux installers, like mentioned earlier I hope devs from other "lightweight"/kiss-style distro's will be present (Gentoo and other *too's, Crux, *ppix, ... You know who you are) It would be interesting to share some common codebase for distribution independent topics (like filesystems), or at least discuss how feasible it would be. </html> ## bash.org rss feed is working again! Since my webhost had a php upgrade some the php scripts that generates the bash.org rss feed did not work any more. However after some minor fixes it now works like a charm again! Posts for Monday, January 24, 2011 ## QR Wifi code I was looking around in the world of QR Code today and found that you can share your WiFi (SSID, password and network type) via a QR code! It works flawless on android and probably also on other platforms. Will safe me a lot of time to tell people the password every time! 1. Go to a QR code generator site (I used this one“). 2. Choose “WiFi Network for Android” from the drop down list. 3. Fill in you network details and export (to SVG of course since vector graphics rule!). 4. Print the code and put it on the refrigerator or something . 5. Let your friends scan the code. Awesome stuff those QR codes! ## FOSDEM 2011 This year I will be attending FOSDEM! Together with Sander and Daan I will be in Brussel from Saturday morning till Sunday evening! I am very excited and really looking forward to all the talks and discussion with everyone! Now I finally get to put the famous button on my own website: See you all at FOSDEM! Posts for Sunday, January 23, 2011 ## Ice Tube Clock Kit Built! For Christmas this year, I received one of Adafruit‘s Ice Tube Clock kits. It is a really neat project that is basically a PCB that Adafruit designed along with a bunch of parts (resistors, capacitors, etc.) that you must solder onto it in order to build the kit. It is a good introduction to building electronics, as it teaches better soldering skills and has a few hints as to what each part does. I took some extra time while making the kit to understand how voltage boosters work and a number of other parts. It is a great kit for an introduction to DIY electronics. I started out a little overwhelmed. I laid all the parts on the table and just began reading the instructions. The instructions that Adafruit gives for this kit are very easy to follow and intuitive. You can see below that I did a poor job of soldering the DC jack onto the PCB. I later went back and re-soldered those three joints. The only issue I had during the build phase was that I forgot to solder in a resistor, which caused a little bit of chaos as I attempted to figure out my mistake. Luckily, no damage was done to the kit. About 3-4 hours later, I finished the kit. The finished product turned out quite nicely. I now have an extra edition to what I like to call my Linux Shrine! Above, you will see: Binary clock Hard drive Laptop running Gentoo Linux Router running DD-WRT Cable modem Arduino (inactive, waiting for friend to return my breadboard) Ice tube clock Tux plushie Knitted penguin from my sister Thanks to Adafruit for the great kit and instructions! Thanks to my family for the great Christmas gift. Posts for Saturday, January 22, 2011 ## Publishing my dot files Well, I decided to publish some of my "dot files" (i.e. settings for those uninitiated) on my Gitorious repository. Why publish them? Well, I'm not claiming utmost brilliance, but since I decided to use Git to keep track of the changes I make to more complicated setting files on my sytem and noticed that some actually like my custom Zsh prompt, I thought I might as well share some of my other solutions. Why exactly Gitorious? Well I've read the ToS and PP of a few popular Git hosts and Gitorious has the most sane ones — such that I could actually agree with (and not only saving my firstborn). So far I've included: • Zsh — as already noticed, the coolest thing about my Zsh settings is the custom Zsh promopt I already blogged about. • Vim — nothing too fancy yet (just cca. 80 lines of useful stuff), but I do plan to make my own colour scheme in the future. • Fluxbox — apart from standard settings, I try to bind the keys the same way that I do in KDE and Awesome (also true transparency is planned). • Awesome — I try to pimp up my favourite tiling WM as much as I can and also keep the key bindings the same throughout KDE, Fluxbox and Awesome (also true transparency is planned). … but the list may grow when I add some new stuff. Also, I keep my comments and changes in my native language (Slovenian), but if there's any public interest, I could translate it all to English and continue in that lingua franca. Now without further ado, I welcome you to Hook's Dot Files. hook out → drinking Moroccan Mint tea (Taylors of Harrogate) and studying Environmental law ## Building a search engine <html> I started working at IBCN, the research group of the university of Ghent. I was looking to get back to the challenging world of high-performance and large-scale (web) applications, but I also wanted something more conceptual and researchy, rather then the highly hands-on dev- and ops work I've been doing for a few years now. The Bom-vl project is pretty broad: it aims to make the Flemish cultural heritage media more useable by properly digitizing, archiving and making public the (currently mostly analog) archives from providers such as TV stations. Currently, I believe there's some >100TB of media in our cluster (mostly from VRT, afaik), along with associated textual descriptions/metadata, with more to follow. The application is currently for a selected audience but the goal is to make it public in the near future. I'm part of the search engine team, we aim to provide users with the most relevant hits for their queries, by using existing technology (think Lucene, hadoop, etc) or devising our own where needed. As I'm charged with a similarity search problem ("other videos which might also interest you"), I'm studying information retrieval topics such as index and algorithm design and various vector models. Starting next week, I'll probably start implementing and testing some approaches. </html> ## Paludis 0.58.1 Released Paludis 0.58.1 has been released: • When a package strongly blocks other installed slots of itself, the resolver no longer fails to find an ordering if upgrading older slots would make the blocker no longer met. • ‘cave show’ now displays overridden masks on unmasked packages. Filed under: paludis releases Tagged: paludis Posts for Friday, January 21, 2011 ## Presenting the Nagger Over Christmas one of my more humourous gifts to my parents was to allow them to remotely nag each other electronically. Since my dad is often overseas, this actually has some practical use. The idea was to create a remotely synchronised dynamic wallpaper with text that could be set by another person remotely. Person A would type in some text, a wallpaper with the text formatted would be generated, Person B’s computer would detect that there is an update, download the wallpaper and set it immediately. (I originally wanted to make a pop up message, but realised that having "Go and exercise!" pop up during a powerpoint presentation with your boss wasn’t the best thing) The system would operate as such: I would create a html form on my webserver to allow somebody to type in text. PHP would take the text and use GD to generate a .jpg file of an image with the text overlayed on top. Batch file on Windows computer would download the .jpg file (either on startup, or via cronw) via URL2FILE. Batch file will call imagemagick installed on the Windows computer to convert .jpg to .bmp because apparently that’s what Windows likes for wallpaper formats and converting on the server would mean a ultra big file download. Finally, batch file will tweak the registry to change the wallpaper and "refresh" it such that it changes immediately. Here’s an example :) PHP code: <?phpif (isset($_POST['submit']) && isset($_POST['nag']) && !empty($_POST['nag'])) {$width = 1280;$height = 800;$imgname = "wallpaper_blank.jpg"; # The empty blue background template$im = imagecreatefromjpeg ($imgname);$text = $_POST['nag'];$textcolor = ImageColorAllocate($im, 255, 255, 255);$font = 20;$font_width = ImageFontWidth($font);$font_height = ImageFontHeight($font);$font_width = 10;$text_width = $font_width * strlen($text);// Position to align in center$position_center = ceil(($width - $text_width) / 2);$text_height = font_height;// Position to align in abs middleposition_middle = ceil(($height -$text_height) / 2);imagettftext ($im, 15, 0,$position_center, $position_middle,$textcolor,'/path/to/ttf/fontfile/AllOverAgainAllCaps.ttf', $text); # We're offsetting this a little to give space for desktop iconsImagejpeg($im, '/path/to/final/image/wallpaper.jpg', 100);chmod('/path/to/final/wallpaper.jpg', 0644); # Ensure we can download it (depending on server setup)echo 'Nag done!';} else {echo '<form action="" method="post">';echo '<textarea name="nag" rows="10" cols="50"></textarea><br />';echo '<input type="submit" name="submit" value="Nag!">';echo '</form>';}

Batchfile code:

C:\path\to\URL2FILE.EXE http://mysite.com/wallpaper.jpg C:\path\to\save\wallpaper.jpgC:\path\to\imagemagick\convert.exe C:\path\to\save\wallpaper.jpg C:\path\to\save\wallpaper.bmpREG ADD "HKCU\Control Panel\Desktop" /V Wallpaper /T REG_SZ /F /D "C:\path\to\save\wallpaper.bmp"REG ADD "HKCU\Control Panel\Desktop" /V WallpaperStyle /T REG_SZ /F /D 2REG ADD "HKCU\Control Panel\Desktop" /V TileWallpaper /T REG_SZ /F /D 0%SystemRoot%\System32\RUNDLL32.EXE user32.dll, UpdatePerUserSystemParameters

I thought it was cute, parents loved it.

P.S. If anybody knows a sane wait to input code into WordPress/Blogilo and have it immediately embedded in <code> tags as well as not lose whitespace, give me a poke.

Related posts:

## “Gentoo in production?” Oh no, not again…

I think it is that time of the year again, where people get some crazy ideas. Again I discussed the what must be the gazillion-th time I’ve been asked “Do you think Gentoo is ripe for use in production?”. Honestly, I always tell myself to ignore those discussions but I’ve never managed to actually do that – ignore, that is. So to give me some leverage the gazillion-th plus one time I get that same question, let me vent my opinion about the subject right here and allow me to hurdle the permalink to whomever tries to start another heated discussion.

Your question is wrong. It is never about a technology being “ripe enough” or “stable enough”. What you need to ask yourself (or get acquainted with) is what you, your organization or your company expects from a technology to be introduced in your (organization/company) infrastructure. This includes, but is not limited to:

• What kind of bugfixing and security fixing support do you want for the technology?
• What kind of knowledge support do you want for the technology?
• How important is certification of (other) technologies with respect to the technology or operating system?
• How far do you implement an operating systems’ release cycle?
• What level of experience do you expect from your internal support team (or yourself)?

As you can see, the questions are not about technology itself or pretty features. It is about how you work with that technology. And one shouldn’t look at these questions as having a single phrase as answer. To properly answer the first question alone, you’ll need to take a look at delivery times (how fast do you want a bug to be fixed), follow-up (how fast does the technology issue security announcements, do they follow CVE closely, …), responsibilities, eventual legal or contractual obligations you might need to cover your ___, the ability of the provider to reproduce issues etc.

Internal experience is also not to be underestimated. How quick do you (organization/company) want to be able to resolve problems? How experienced are you with analyzing logs? How well are you able to integrate a technology within your existing architecture? What auditing does you(r organization/company) require and do you know how to get that from the technology?

I mean, come on, you’re talking about “production”. That’s not the same as saying “I’ve installed it for my parents”.

## Free Software & law related links 15. I. 2011 - 21. I. 2011

CC licenses are enforced in Israeli court for the first time. The article also mentions an Israeli variation of fair trade and why the court didn't apply it in this case. The reason is that fair use does not apply to moral rights and is not all about economic interest.

Google and EFF both support MP3tunes in its legal battle against EMI in order to keep online music/file lockers legal.

Short post on copyright in China.

Two weeks ago I reported about rumours regarding Brazil's copyright reform. This week it seem the rumours have some solid ground. Lately Brazil's Ministry of Culture also relicensed its website from CC to a (similar) verbatim license, which may not be a good sign.

### Patents

In the Microsoft vs. Salesforce lawsuit, it shows that Microsoft holds a "Network Software Update Patent", which may be a problem for Linux distributions. I skimmed through it (and Alexandre Oliva did as well) and it seems like distros could be on the safe side.

Intel has settled with WiLAN over alleged infringement of WiLAN's WiFi, CDMA, Bluetooth and DSL patents. It is predicted that others will follow suit.

The EU is coming closer to a common patent system. The EP committee on Legal Affairs has just released its positive draft report on the Commission's proposal for an Enhanced cooperation in the area of the creation of unitary patent protection. The report is due on 27th of January and mid-February the EP plenary sitting is scheduled.

The USPTO issued more utility patents in calendar year 2010 than in any year in history (31% more then in 2009). Although also more patents have been rejected then ever before, this does raise concern whether they lowered their standards for patentability.

A similar trend is reported in China by SIPO (Chinese patent office) which has officially announced that the number of patents granted in China in 2010 was 40 percent higher than in 2009.

In related news IBM has more US patents then anyone else.

The threat of CPTN acquiring Novell's assets (incl. patents) is so threatening that for the first time ever FSF and OSI have written joint statements and requests to battle it.

Google's decision to drop support of h.264 in its Chrome browser and concentrate on WebM as the video format of choice has spurred critique. But it remains true that WebM is a more open format then h.264 ever was. It would be great if WebM would be developed by a consortium though, to make it trully open. Some myths that Ars Technica follows are taken appart by the other two links below.

More critique on broadening the scope of open standards in EIFv2 to include (F)RAND patents. Post also points out that PCAST which "is not the government but it is the highest private sector advisory body on science and technology [whose] views are taken seriously" think that RF licensed patents are part of the open standard definition and the only way to go.

### Privacy & Data Protection

European Comission launched a new consulation on IPRED, a directive on the enforcement of intellectual property rights, adopted by the EU in 2004. The report — whose logic is similar to ACTA — is based on an analysis of the application of IPRED. It calls for the massive filtering of the Internet to tackle file-sharing: according to the Commission, ISP should "cooperate" in the war against sharing to avoid the threat of litigation.

FFII analyses what is wrong with the resolution on ACTA that the European Parliament adopted in November. Also European academics start signing a public opinion on/against ACTA.

New Zealand unions are demanding that the country’s government tell people what is being proposed under the US-led TPPA negotiation. (ACTA déjà vu anyone?)

Verizon sues the FCC over its "net neutrality lite" rules, claiming FCC is not the one who should be making the rules, but the US Congress.

Russia's Prime Minister Vladimir Putin instructed the federal government agencies to switch to Free Software by 2015. The transition will start this year with a federal support centre and the first to make the switch is Ministry of Communications. Sources state this decision may not be just economically motivated, but based on distrust of the securty of foreign proprietary software.

Surprisingly Microsoft started a gratis web development tool based to run Free Software web solutions (e.g. Drupal, Wordpress, Joomla etc.) on Microsoft's IIS Express server.

OpenGamma, a financial startup, which has an "open core" analytics and risk management platform for the financial services industry, has completed a $6 million Series B round of equity financing led by FirstMark Capital, a New York-based VC Google has announced that its co-founder Larry Page will take over as CEO from Eric Schmidt. An independent IT analyst company has written a short post about successful Free Software companies and asks for any it has missed to raise their hand. More about OpenStack that Rackspace and NASA have published under the Apache 2.0 license. ### Misc. What Sony could have learned from Microsoft and its XBox to avoid its own PS3 DRM fiasco. It's specially sad that PS3 was actually promoted with the possibility to run GNU/Linux. After Sony turned off that option with a firmware upgrade, hacks to bypass this DRM were inevitable. Microsoft's Kinect is some nifty piece of hardware, for which enthusiasts soon made Free Software drivers and a whole bunch of inventive uses. Microsoft doesn't seem to know what to do with them — embrace or prosecute them. Law students in India now have a free knowledge and documet repository and legal search tool. IETF celebrates its 25th birthday. Ars Technica writes a brief summary of IETF's accomplishments in that time. AGIMO decided that the Australian government will standardise on using OOXML as their default document format. hook out → making my own QtCurve theme and color scheme for KDE (purple all the way!) ## running the nix-package manager in a prefix (as the home directory) ## motivation this posting is about how to setup a nix prefix installation on gentoo linux. if you do not have permission to install software on your server you can install a package manager in your home directory. prefix distros: • [1] gentoo prefix (using portage) • [2] nix prefix (using nixpkgs) • source deployment (done manually) ### gentoo prefix + pros: • contains many packages • great documentation • works in prefix on: linux|mac|cygwin/interix • security related tools available • Xorg stuff as qt programs will work - cons: • time consuming installation • complicated • linux prefix setup uses the sun solaris guide, which is …. _strange_ at first ### nix prefix + pros: • binary deployment (when not altering: –with-store-dir OR –localstatedir) this is only possible if root assists installation • assisted binary deployment (when using self-made channel & a build robot as hydra) i have not tested this but it should be possible • it is very easy to experiment with several different versions of a single program • Xorg stuff as qt programs will work - cons: • because you need to change the /store path, it is mainly source deployment at first • no security tools • compared to other linux distros a very small subset of packages available (as in ebuilds) ## nix prefix – setup download the software from [2], then follow this guide: tar xf nix-0.16.tar cd nix-0.16 ./bootstrap ./configure –prefix=~/nix –localstatedir=~nix/state –with-store-dir=~/nix/store make make install NOTE: –localstatedir is not visible when doing ./configure –help! ## nix prefix – how to use next you have to add it to your PATH, do: bash export PATH=~/.nix-profile/bin:$PATH

NOTE: you have to do this every time you want to use your prefixed nix.

this will alter your path to use program you install using ‘nix-env’ as:

nix-env -i wget

which wget

which should report: ~/.nix-profile/bin/wget

## org-mode is awesome

I've seen org-mode for Emacs mentioned very frequently around the interwebs, so it went into my mental queue of topics to learn. It finally bubbled to the top this week, so I took a look.

# Organizer? Nah.

As an organizer/calendar, well, I doubt I'll need it. Enforced use of MS Outlook is mandated by work. My Post-it-notes-all-over-my-desk method of organization will also continue to serve me well.

There are some nice agenda-related shortcuts that are probably worth using though, like typing C-c . to enter a datestamp, like <2011-01-20 Thu>. Then you can increment or decrement it one year/month/day at a time via S-up and S-down. I like this.

# Plaintext editor? Yes!

As a plaintext outline and table editor... wow. org-mode rocks. Do you know how many hours of my life could have been saved by having a good ASCII table/bullet-list editor? org-mode lines everything up and keeps it all nice and neat for you.

You can also make plaintext check boxes and check/uncheck them. And you can insert hyperlinks and footnotes, and click them to open web pages or jump back and forth between footnote and reference.

There are ways to collapse and expand outlines, search for items and only display those items, and so on. The documentation for org-mode is very clear and took me less than an hour to read through. All-in-all a pleasant experience.

* Agenda
** Things to learn
1. [X] Clojure
2. [X] org-mode (see [fn:diagram1])
4. [ ] Japanese
1. [X] Hiragana
2. [X] Katakana
3. [ ] Kanji
5. [ ] The true meaning of friendship

* Footnotes
[fn:diagram1]

| Task                              | Annoyance (1-10) |
|-----------------------------------+------------------|
| Making ASCII tables by hand       |              9.5 |
| Making ASCII bullet lists by hand |              7.2 |
| Using org-mode                    |              0.4 |


It looks nice plastered into my blog, but you don't get a real idea of how many cool things you can do with it until you open it in Emacs and start shuffling items around, bumping them up/down a level in headlines, creating properly-numbered bullet items with one key, and seeing the columns in the table auto-resize as you type.

I also highly recommend putting (setq org-startup-indented t) into .emacs to make everything look pretty on-screen. It still saves as the simple plaintext above, but it looks like this in Emacs:

I can definitely see using org-mode for TODO files in some of my projects. (You can mark entries as TODO (just by typing TODO in front), and then toggle between TODO/DONE via C-c C-t.) I can also see using it as a general-purpose note-taker.

org-mode also has a mobile version for iPhone and Android, synced via WebDAV or Dropbox, so you can org-mode on your phone while you're driving to the grocery store1. Again I don't really need this, but there it is.

# The joy of plaintext

Plaintext is awesome.

It's the universal file format. It's readable and writeable by scripting langauges, terminals, text editors, IDEs, word processors, web browsers, even lowly humans.

Plaintext's one shortcoming is its lack of structure. It's just a bunch of letters. It doesn't have a color, it doesn't have a style, it doesn't line up into columns without a lot of effort. There's nothing stopping you from opening a parenthesized list and forgetting the closing paren.

Computers don't care about these problems, but humans are bad at producting plaintext by hand, and bad at editing it once it's produced. Our clumsy, stumpy fingers and inconsistent, chaotic brains can't handle the freedom.

Emacs (and Vim) are awesome because they let you do magical things to plaintext. They enforce structure. They provide shortcuts so you can get your plainext right the first time.

[ ] is just two braces and a space, but org-mode lets me hit C-c C-c and turn the space into an X. This may seem banal, hardly worth caring about, but add to this shortcut thousands upon thousands of others. Things like org-mode, or paredit, or all of Vim's built-in magic... it all adds up to something wonderful.

And best of all, you always still have the option of manually keyboarding over and typing that X between the braces yourself. It's still just plaintext underneath. So you end up with the best of both worlds.

1. I do not recommend using org-mode while driving, for public safety reasons.

Posts for Wednesday, January 19, 2011

## motivation

nix (see [2])  is a package manager like apt (used in debian/ubuntu) or portage (used in gentoo). windows does have a package manager which is typical among linux distributions. so here some recent findings and how to use nix (and nixpkgs) on windows.

## reproduction of my nix system

setup of my system:

• core 2 duo processor
• windows xp sp3
• cygwin (setup.exe version 2.738) with a full installation [1] (some 2-7 GB, 1h download)
using setup.exe, do use ‘default parameters’ everywhere, expect for the software selection: use all (do not install the source, binaries are enough)
• nix 0.16 release from [2]
• install (as mentioned in the docs) to a ntfs partition

components i used (get installed using cygwin::setup.exe:

• gcc version 4.3.4 20090804 (release1) (gcc), target i686-pc-cygwin
• libtoolize (GNU libtool) 2.4
• aclocal (GNU automake) 1.11.1
• automake (GNU automake) 1.11.1
• autoconf (GNU Autoconf) 2.68

## how to build

as there is no windows installer (for example using NSIS) you have to bootstrap nix from source.

1. extract nix-0.16 to c:\nix
2. start the cygwin shell (desktop icon)
3. in the shell, type: ‘cd /cygdrive/c/nix/nix-0.16
4. type: ‘./bootstrap.sh‘ (this is very important)
that is why several of my attempts to get nix running failed ;P
5. type: ‘./configure
6. type: ‘make install
7. afterwards you can use it with: ‘nix-env -qa ‘*’‘ for example

## how to use nix

this is quite easy but it does not work as mentioned in the documentation (which worked only for unix systems so far). the full cygwin installation installes many tools.

1. check your environmen for nix, type ‘nix-env.exe’ and test if that program works (should be in the path)
2. if ‘nix-env.exe’ does not work, check /usr/local/bin for a propper nix installation
3. check if there is a unrar tool already (not included in full-cygwin installation with: ‘unrar.exe
4. you have to subscribe to a nix channel, see the nix documentation: chapter 2. quick start [4]
5. if ‘nix-env.exe’ works, install ‘unrar’ using: ‘nix-env.exe -i unrar
you should see compiler stuff and it installs a million *.drv files…
7. now type: “export PATH=~./nix-profile/bin:$PATH 8. and try the command from step 5 again, now you should get a working ‘unrar.exe’ installation ## what worked using nix on cygwin-windows most of the software related to X did not work, as windows and mesa don’t go along nicely. i’ve tried a few programs: • wget.exe worked (checked with ‘which wget’) and a download • hello.exe worked (GNU hello) • unrar.exe worked (compiled, installed, probably to work, didn’t extract anything) • qt (nix throws a nix exception): unsupported platform for Mesa • irssi (nix tries to compile the needed software but fails at glib-2.24.1) • firefox (nix throws a nix exception): flashplayer is not supported on this platform ## summary great to have nix on windows. no it’s time to use it, here are a bunch of scenarios: • use it to create windows software • use it to create installers (using NSIS) but both points would be independent of nix, so this results in a very nice build system. maybe combined with hyrdra this is a great way to build software. ## links ## Deleting tracks from within Rhythmbox I was having trouble removing tracks in Rhythmbox (right-click “Move to trash”). Running the application with debugging enabled didn’t do too much help, but the many bug reports of similar problems did. I have my music stored on a separate EXT4 partition rather than the commonly reported NTFS, so the fix was as simple as creating a .trash-{uid} directory in the root of the mounted partition with the correct ownership and permissions, of course. Posts for Tuesday, January 18, 2011 ## Liberating Flash Video From an RTMP Server Let's say you did a presentation that was recorded and you'd like to post it to your website. Sadly, let's now say there are some problems, like that your 5 minute presentation is part of a nearly 2 hour video only available in a flash player that doesn't even have a time display so you couldn't even point people to the video and say jump to 1 hour and 15 minutes to see me. It sucks. Technically your presentation is available online, but it's not really accessible. So here is how you might rescue it! It turns out there are two ways flash players server videos these days. The first and easiest is that a simple flash player loads in your browser, and uses your browser to make a GET request to the server to load a .flv file (FLash Video). This is relatively easy to intercept, there are lots of tools and plugins for Firefox that do this automatically for you. Even better, on Linux for example, these videos are usually stored in /tmp so your browser does the whole job and gives them to you. No work required. The other more complicated but more secure option is that the flash player connects to a dedicated rtmp server that streams flash video. The flash plugin does the networking and there is no file to save, it's a stream. If you are lucky enough to have a player using the first option, you are done. Assuming you have the second option, then your fun has just begun. First we need to try and figure out where the server that your flash video is. My first approach was to use wireshark to sniff the traffic. Through this I discovered the basics, like the address the server and the port, 1935. Next I installed rtmpdump. RTMP is the Real Time Messaging Protocol and rtmpdump is a program that can connect to an RTMP server, get a stream and save it to a file. Sadly the data I got from wireshark didn't have all the parameters I needed to get the file. Or I couldn't read it properly. So while I knew where the server was and could now connect to it, I still didn't know how to ask for the video I wanted. Thankfully rtmpdump comes with several other utilities. After reading its README I went the rtmpsuck route. I set local redirecting of all port 1935 requests to localhost with iptables and ran the rtmpsuck proxy server. In theory it was supposed to intercept all calls from the flash player to the rtmp server, decode and spit them out, and then forward them along. Even better, it would try to save the stream on the way back as it passed through it. # iptables -t nat -A OUTPUT -p tcp --dport 1935 -m owner --uid-owner OWNER_UID -j REDIRECT$ ./rtmpsuck


Where OWNER_UID is the uid of the user running rtmpsuck. With this running I just reloaded the page with the player (twice, it's a bit glitchy) and then tried to skip to where my part was so it would save the stream from there.

It was partially successful. It spit out on the console all the pertinent path parameters about the video on the server, but it kept chocking on bad packets of data and stopped recording. Also for some reason the video it did store was very large, space-consuming wise.

Armed with the right parameters though I was able to use rtmpdump to suck down the whole video from the server surprisingly quickly and in a reasonably sized format.

$./rtmpdump -r rtmp://server.net/app_name/blah/event/date/date-1 -o video.flv  Now the video was liberated from its flash interface and in my possession, I just had to cut out my small part and then convert it to a more common format. $ mencoder -ss 1:15:50  -endpos 0:05:57  -ovc copy -oac copy video.flv -o result.flv
$ffmpeg -i result.flv result.avi  And volia. I now have just my part of the video and in a common format. I mean you hypothetically do! Yes... Completely unrelatedly, you can expect to see my presentation on my project Cortex from the BCNet Broadband Innovation Challenge (where I got second place) online soon. Posts for Monday, January 17, 2011 ## Using libPDF with Chromium on Linux I build my own Chromium using Gentoo‘s ebuild. The problem is that Google’s great PDF plugin is not open source, so it doesn’t come with Chromium, which means I need to extract it from the binary builds of Chrome each time I upgrade. Here’s my ugly shell script for doing so: $ cat latestlibpdf.sh #!/bin/sh rm -rf /tmp/chromepdfscratch mkdir -p /tmp/chromepdfscratch pushd /tmp/chromepdfscratch wget http://dl.google.com/linux/direct/google-chrome-unstable_current_amd64.deb ar -x google-chrome-unstable_current_amd64.deb tar -xJf data.tar.lzma popd sudo mv /tmp/chromepdfscratch/opt/google/chrome/libpdf.so /usr/lib/chromium-browser/ sudo chown root:root /usr/lib/chromium-browser/libpdf.so sudo chmod 644 /usr/lib/chromium-browser/libpdf.so rm -rf /tmp/chromepdfscratch

<iframe allowtransparency="true" frameborder="0" scrolling="no" src="http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fblog.zx2c4.com%2F424&amp;layout=standard&amp;show_faces=true&amp;width=450&amp;action=like&amp;colorscheme=light&amp;height=65&amp;font=lucida+grande" style="border:none; overflow:hidden; width:450px; height:65px"></iframe>

Posts for Sunday, January 16, 2011

## Confining user applications

Ever since I started using SELinux, I’m getting more and more fond of what it can do for (security) administrators. Lately, I’ve started confining user applications (like skype) in the idea that I do not want any application connecting to the Internet or working with content received from untrusted sources to work inside the main user domain (user_t or staff_t in my case). This particular exercise has been quite interesting, not only to learn more on SELinux, not only to get acquainted with the reference policy which Gentoo basis its policies upon. No, it’s been interesting because you learn how applications work underneith…

Take the skype application for example. Little did I know it read stuff from my firefox configuration (like the sec8.db and prefs.js file), most likely to see if the skype firefox plugin is installed. With SELinux, I saw that it did all that – and also denied it. But it isn’t easy to find out why an application behaves as it does. After all, these aren’t questions that average joe asks. It also isn’t easy to deduce if you want to allow it or not. If it was purely for my own system, I wouldn’t hesitate for long, but the idea is that the modules should work for the majority of people – and who knows, perhaps even be included in the reference policy in the future.

Perhaps Gentoo Hardened can write up some rules on the SELinux policies and how they should be made for the distribution. Do we want to deny as much as possible, only allowing those things developers can safely verify need to be allowed? Or do we want to allow everything that the application already does (but nothing more) so that no AVC denials are shown anymore? And if Gentoo Hardened chooses “deny as much as possible”, do we configure the policy to not audit those things we don’t think we need (hiding it) or do we expect the security administrator to manage his own dontaudit rules? Well, guess I’ll ask the hardened folks and see what they think ;-)

During the quest, I’ll try to update the Gentoo Hardened SELinux handbook draft. It’s far from finished, but should be usable for most interested parties. If you’re interested in SELinux and want to give it a try with Gentoo Hardened, this might be the document you are looking for.

Posts for Saturday, January 15, 2011

As today I'm trying to make heads and tails of a few Microsoft patents which are said that some Linux distributions might infringe, I wanted to share a few links on how to read patents (especially for non-lawyers). There is some dark art behind it, but for basic use it can managable if you know how to.

If you just need to quickly go through the patent (which is more often then not the case), Dan Shapiro has a nice blog post on How to Read a Patent in 60 Seconds. These are the very basics.

For a bit more advanced questions and a better, yet still practical, analysis check out Andrew Tridgell's (of Samba and Rsync fame) presentation titled Patent Defence for Free Software. In about 45 minutes he describes how patent applications look like, how to read them, how to fill a claim chart to show to your lawyer and how the Free Software community should best tackle patents. If after Saphiro's method you aren't sure that you're not infringing or have other reasons to read the patent, do watch or read Tridge's presentation.

Some more legalese, yet short and to the point drections are also published by Brown & Michaels, PC.

Another thing I learnt today is that software patents are a bloody pain to read. You have to know both the legal and technical bits and then there's the wording with (intentional) ambiguity and vagueness. BTW, the myths about half-page long sentances in patent claims are true! …I'll need some more practice with these buggers, but this could be fun ;)

hook out → bed, most definetly, bed; more patent madness tomorrow

P.S. Moreover I think (software) patents should be abolished. (cf. Ceterum censeo Carthaginem esse delendam)

## Quit MSN/WLM → Completely free of proprietary IM now

For the past week or two MSN/WLM has ceased to work in Kopete. Since I already wanted to quit all proprietary IM for reasons I alredy mentioned and I think a half a year's notice should be enough for anybody, I just closed my MSN/Windows Live account.

Microsoft actually has a nice FAQ entry about how to close your MSN/Windows Live ID and it's not that hard to find either. As opposed to e.g. ICQ which after you dig it up just says you cannot close your account or AIM which is impossible to find and basically says "maybe you can, maybe you can't". And in Yahoo's case I had to write an e-mail to support to get the link to delete my Yahoo! account.

Tip: In Konqueror Windows Live gave me an error when I wanted to close the account stating that service is faulty at the moment. If I tried the same in IceCat (GNU fork of Firefox) it worked just fine.

So, I'm not actively using proprietary IM anymore, but I still have to do something about ICQ and AIM (and at some point delete my Yahoo! account as well).

hook out → probably sipping some tea, listening to Iambic² and reading MS' patent on network software updating systems

Posts for Friday, January 14, 2011

## Free Software & law related links 8. I. 2011 - 15. I. 2011

The Court of Justice of the EU ("ECJ") has been asked to clarify the issue of whether the intellectual effort and skill involved in creating data for a database may be taken into account when considering whether the database copyright subsists therein. The question of whether copyright can exist in any other form in a database has also been referred. The dispute is over football (soccer for our US members) fixture lists.

China is fighting hard against copyright (and other "IPR") infrigement. Since November the government has already arrested 4000 people and further 2000 cases have already been reported.

Nigeria's movie industry blooms although/because its copyright system is completely ineffective.

### Patents & Standardisation

Apple withdraws VLC from its App Store in order not to infringe GPLv2.

À propos last week mentioned selling of Novell's patent portfolio: early this week there were reports that Microsoft, Apple, EMC and Oracle have withdrawn their idea to form a consortium and buy the said patents. This was later reported to be just a tactical retreat and the plans to acquire the portfolio are still there. FSFE and others are concerned were this to happen it would endager many Free Software projects.

Earlier this week, the US Federal Circuit removed a bit of the haze by invalidating the "25% rule" a.k.a. "rule of thumb". This means that now the patent holder is not by rule of thumb eligible to 25% of the infringers profits. While this neither eliminates software patents nor brings immense changes to the patent legislation, it should still diminish the impact. (And yes, for once we can celebrate a win from Microsoft's side.)

Google has decided to remove the patent-encumbered H.264 codec from Chrome and concentrate on its open video format WebM.

### Privacy & Data Protection

German data protection officials say Google may be voilating German data protection laws by tracking IPs with its Google Analytics tool.

EU Parliament is to decide whether to block websites in order to stop child abuse. La Quadrature du Net and EDRi [European Digital Rights] are very oposed to it, of course.

Black Duck Software acquired Olliance Group. After Ohloh.net, Koders.com and SpikeSource, this is its fourth FOSS-related acquisition.

Ubuntu and Dell will release together the Ubuntu Enterprise Cloud [UEC] which will be based on Dell's servers, Ubuntu, Eucalyptus and OpenStack.

On the other hand there are still businesses that apparently do now know how to develop FOSS.

CROSS — the open source resource centre of the Italian autonomous region of Friuli Venezia Giulia finds in its report that public administrations should use the savings they realise by their use of generic free software applications, to pay for development of specialised IT solutions. Also that cca. 60% of the 192 municipalities in the Friuli Venezia Giulia region use free software.

### Misc.

The EU Comission report on application of directive 2004/48/EC on the enforcement of IP rights has been published. It mainly concentrates on infringements of "IP rights" and concludes that the Directive is good, but does not address all issues that the internet brings. Especially worrying are the circumvention of the E-Commerce Directive, plans to overturn the ban on imposing a "general obligation to monitor" on Internet providers, and the intended weakening of the EU's data protection regime for the benefit of copyright holders. It also calls all interested parties for comments until 31. III. 2011.

Michael Geist gives his predictions about the upcoming year in technology law and policy in Canada.

BSA loses IBM, HP, EMC, SAP, Cisco, Borland, Microsoft and many other members.

hook out → going to a presentation of a book from my great-great-great-grandfather