http://www.outflux.net/blog code is freedom -- patching my itch Sat, 28 Jun 2008 01:21:23 +0000 http://backend.userland.com/rss092 en While I had tried the Alt-F2 "gegls from outer space" easter egg, I'd never done the "free the fish" one. It was fun, but while looking around for how to disable it ("killall gnome-panel" -- there is no programmatic way to stop the fish), I found another egg that ... http://www.outflux.net/blog/archives/2008/06/27/another-gnome-easter-egg/ A while back I complained about terminal fonts. In the end, I was shown that the real source of my pain was a 7 year old gnome bug where vte did not attempt to use bold fonts and always used double-strike instead. For me, this was a show-stopper ... http://www.outflux.net/blog/archives/2008/06/22/bold-fonts-in-libvte-gnome-terminal-terminator/ The Call for Speakers (and registration) for the Linux Plumbers Conference is open! Get those proposals in, register, and come join us in sunny Portland, OR. The Linux Plumbers Conference was created to bring together the key developers involved in Linux plumbing - the "Linux plumbers" - and give them ... http://www.outflux.net/blog/archives/2008/06/18/linux-plumbers-conference-2008/ Tollef posted a fun (and short) Zombie mem: You are in a mall when zombies attack. You have: One weapon One song blasting on the speakers One famous person to fight along side you. I can't resist. BFG9000: ranged weapon that vaporizes multiple zombies at once. I should be out of the mall before I'm ... http://www.outflux.net/blog/archives/2008/06/12/zombie-meme/ Edgy is now officially at end-of-life. Looking back through my build logs, I can see that my desktop spent 55 hours, 14 minutes, and 3 seconds on 406 builds related to edgy-security updates I was involved in publishing. These times obviously don’t include patch hunting/development, failed builds, testing, stuff done on ... http://www.outflux.net/blog/archives/2008/04/25/farwell-edgy/ Today I spent the afternoon testing various video drivers and hardware with Bryce. My "workflow" for watching a movie from my laptop on a projector in Hardy is much simpler now. :) For ATI, everything Just Works, with one small exception: Xv. By default (at least ... http://www.outflux.net/blog/archives/2008/04/05/getting-xv-on-the-projector/ Hardy has seen a major overhaul in the SELinux department. Prior to the Hardy UDS, the folks at Tresys had contacted me, asking "why doesn't SELinux work with Ubuntu?" and I basically said, "because no one has given it any attention, yet -- feel free to help out." ... http://www.outflux.net/blog/archives/2008/03/16/selinux-in-hardy/ The right way to handle on-going input from file descriptors is to use select(). All readable events are flagged (one such event is "end of file", which is indicated by a 0-sized read()). For example, if we're reading from file descriptor fd: fd_set rfds; int rc; ... http://www.outflux.net/blog/archives/2008/03/09/using-select-on-a-fifo/ Today I needed to generate a fake ELF file with specific section contents (I was testing "modinfo", which expects to read the ".modinfo" ELF section). For future reference, here's how to create an empty .ko file that claims to have a GPL license: $ cat <<EOM | as - -o ... http://www.outflux.net/blog/archives/2008/03/08/instaelf-via-gnu-as/ Last week Soren helped me move my manually cryptsetup'd swap partition into the initramfs logic so that I could hibernate. Bottom line was: Create /etc/initramfs-tools/conf.d/cryptroot for your partition, based on the logic and defaults in /usr/share/initramfs-tools/scripts/local-top/cryptroot. Convert the existing encrypted swap to the new configuration. Update initrd, reboot, enjoy. Assuming your swap partition ... http://www.outflux.net/blog/archives/2008/03/05/swapping-encryption-hurting-your-head/ Apress was kind enough to send me a copy of their new book "Beginning Ubuntu Server Administration: From Novice to Professional" by Sander van Vugt. Overall, I was very impressed with this book -- it was well written, filled with applicable examples, covered a wide range of topics, and ... http://www.outflux.net/blog/archives/2008/02/23/ubuntu-server-administration/ Today I gave my presentation on Open Source Security to the Open Source class at Oregon State University. Along with the presentation is a collection of examples of bad (and good) programs ranging from XSS, CSRF, temp races, system() and SSL misuse, stack and heap memory corruption, format strings, ... http://www.outflux.net/blog/archives/2008/02/20/oss-security-osu-cs419-2008/ To provide myself with slightly more safety through separation, I run two firefox profiles simultaneously. One is the "general" browser for day-to-day viewing of random (and unauthenticated) sites, and the other is the "authenticated" browser, which contains the cookies for known sites I authenticate against. The trick for ... http://www.outflux.net/blog/archives/2008/02/16/firefox-trick-and-recovery-help/ Thanks to all the people that worked on it from the coding, breaking, testing, and refactoring, Hardy is now sporting the last piece of full Address Space Layout Randomization support. ASLR has been mostly unchanged since Dapper, when the first bits of ASLR went in: stack and mmap (library) ... http://www.outflux.net/blog/archives/2008/01/15/full-aslr-in-hardy/ As a quick break from software, I spent a little time this evening soldering together my TV-B-Gone Kit. It was way fun to break out all my microelectronics gear. Gave me an excuse to clean up my desk. This thing is the silliest tool ever: it's programmed ... http://www.outflux.net/blog/archives/2007/12/21/best-universal-remote-evar/ For people using VMware, the new Hardy kernel requires updates to the source module tarballs that live in /usr/lib/vmware/modules/source/ Grab the three updated tarballs from the "vmware-any-any" tar.gz here. Currently update115 works for me just fine. ... http://www.outflux.net/blog/archives/2007/12/20/vmware-on-hardy/ In case I or someone else ever needs this trick again, here's my quick solution to work around QueueAge limits, and only force a specific queue id to get delivery retried: /usr/sbin/sendmail -v -o MinQueueAge=0 -qI${ID_GOES_HERE} ... http://www.outflux.net/blog/archives/2007/12/18/force-sendmail-to-deliver-a-specific-item-from-the-queue/ I've been using xterms forever. Whenever I try to switch to using a terminal with a true-type font, my eyes hurt after a few hours. I've tried changing the various font-rendering options, and gone through lots of monospaced fonts -- nothing gives the same clarity as the fixed ... http://www.outflux.net/blog/archives/2007/12/12/search-for-a-crisp-monospace-true-type-font/ A while back, I wanted to design some banner pages for a shared network printer that would show the name of the host that sent the request (none of the standard CUPS banners report this). It was easy enough to define a custom banner page: <Printer lj4200> ... JobSheets shared-banner none ... </Printer> Then, I ... http://www.outflux.net/blog/archives/2007/09/28/cups-banner-template-variables/ A few months ago I upgraded my system to 4G of RAM. Blinded by my shiny new DIMMs, I never actually looked at the output of "free". All I saw was that the system-monitor applet now showed lots of free memory. Only recently did I notice that ... http://www.outflux.net/blog/archives/2007/09/27/stupid-bios-tricks-to-find-your-4g-of-ram/ A few days ago, I found myself with corrupted libraries and other insanity after doing a "dist-upgrade". As it turns out, my filesystem was to blame. After running xfs_repair on it, I used a handy short-cut to re-install all the packages that might have gotten caught in the ... http://www.outflux.net/blog/archives/2007/09/26/stupid-dpkg-tricks-when-fighting-xfs-bugs/ When trying to find buffer overflows, it is common practice to try and fill memory with lots of "A" characters. I first saw this when learning basic stack smashing techniques from Smashing the Stack for Fun and Profit, and have long wondered who did it first. Ever since, ... http://www.outflux.net/blog/archives/2007/09/24/0x41-0x41-0x41-0x41/ Recently I was trying to help debug a stack overflow crash in wpa_supplicant. The trouble with a stack crash is that you end up without a useful call history since the stack is left partially wrecked. The compiler code for detecting stack overflows (SSP), sets up a canary ... http://www.outflux.net/blog/archives/2007/09/15/catching-stack-overflows-in-gdb-as-they-happen/ I thought last year was going to be a fluke. Somehow we managed to do it again. Team 1@stPlace won DefCon Capture the Flag for a second year in a row. If my sources are correct, this is the first repeat CTF winner at DefCon since the ... http://www.outflux.net/blog/archives/2007/08/07/flag-captured-again/ Breezy is now officially at end-of-life. Looking back through my build logs, I can see that my desktop spent 18 hours, 49 minutes, and 4 seconds on 108 builds related to the roughly 64 breezy-security updates I was involved in publishing. So far, Dapper is at 132 builds totaling 19:59:40, ... http://www.outflux.net/blog/archives/2007/04/13/farewell-breezy/ With the help of Magnus Runesson, Jesse Michael, Martin Pitt, and many others, I've got AppArmor packaged and uploaded into Feisty universe. Prior to this, admins interested in a Mandatory Access Control system in Ubuntu only had SELinux available; now we have more of a choice. For anyone ... http://www.outflux.net/blog/archives/2007/04/02/apparmor-now-in-feisty/ I edit a lot of other people's code. Dealing with indenting depth has always plagued me, and I've tried all sorts of things to try to address it, but the "real" problems I have are when tabs are mixed into code. I personally use "4 spaces" for code indentation, and ... http://www.outflux.net/blog/archives/2007/03/09/detecting-space-vs-tab-indentation-type-in-vim/ I've been having fun fighting religious battles and confusing people with in-jokes at jyte.com. Other good claims: Inkscape rocks! Ubuntu is the best Linux desktop Duran Duran was neither Duran nor Duran Or just see what's been claimed about linux in general. Yay for silly social networking sites! :) ... http://www.outflux.net/blog/archives/2007/02/03/openid-and-goofy-claims/ I spend a good bit of time reading CVEs but their entries are plain text, without links associated with their various recorded URLs. I'm annoyed at having to select/paste to load a URL, so I had to go code a work-around. :) Since MozDev's "linkify.user.js" was a bit heavy-handed, ... http://www.outflux.net/blog/archives/2007/01/23/cve-links-via-greasemonkey/ Linden Labs released their Second Life client under the GPL, so I figured I'd have a go at getting it compiled on Ubuntu. Three libraries weren't already packaged, so I threw together some initial attempts at getting them usable (libelfio, libopenjpeg, and libxmlrpc-epi). I think the long-term approach ... http://www.outflux.net/blog/archives/2007/01/10/attempting-a-secondlife-build-on-ubuntu/