You are viewing linuxrocks123

NIHIL VEL PERTINAX SUM
The Web Log of Linuxrocks123

Date: 2014-11-23 05:58
Subject: GreatShow
Security: Public
There was a "highly advanced virus" in the most Elementary episode that flashed a lot of images on the screen in quick succession. It was used to induce a seizure in someone who had epilepsy. In actuality such a program is trivial to write.
Post A Comment | Share | Link






Date: 2014-11-21 09:44
Subject: pkgsrc Works on Linux
Security: Public
pkgsrc, aka NetBSD's "ports" repo, works on Linux. That's really cool! I don't know if I'll ever need it for anything, but, still, it's awesome it's there.
Post A Comment | Share | Link






Date: 2014-11-14 20:44
Subject: Wikipedia Needs A Fork
Security: Public
Title says it all. Wikipedia's destructive deletionist policies and general dysfunction have led to a situation where they are no longer reasonably responsible stewards of the compendium of human knowledge they hold. Deletionpedia is a good start. We probably need more than one guy with a script that (as of now at least) isn't really working right. But this is necessary if we are to stop knowledge of all things politicking, bureaucratic twats might consider "not noteworthy" from being simply erased from human knowledge. The site has had years to get its act in order; instead, as I view it from (mostly) the outside, it's spiraling further into dysfunction. They have demonstrated that they can't fix their culture. What to do? What is always done in OSS-land when a maintainer goes bad. Fork.

And it's important this be done fairly soon. You wouldn't host a site like Wikipedia in China. You also shouldn't host it under the stewardship of a bureaucracy that feels the need to censor 10K text files (and it's not the disk space anyway ... admins can restore deleted pages, so they're still on the server, just being censored) containing interesting information about cult favorite cultural artifacts because "IT'S NOT NOTEWORTHY".

---linuxrocks123
Post A Comment | Share | Link






Date: 2014-11-06 03:02
Subject: Death in Literature/TV/Cinema/Plays
Security: Public
There seems to be a recent trend to kill off major characters in TV shows, movies, etc. It's part of a trend of making entertainment "dark" in general. I'm not a fan of this for a number of reasons, which I'll enumerate here.

First off, killing off major characters is wasteful. Presumably you've spent a long time building and developing this character. After you kill the character off, that character can typically no longer play a major role in your work. All the capital you put into that character is, in that one act, destroyed forever. Yes, the scene can be dramatic, a plot point, etc., etc. Sometimes spending your capital in that way might be warranted. But killing a character in the middle of an ongoing work is an extremely expensive act, and one that, understandably, will often annoy viewers/readers who have spent their free time following and bonding with the now-deceased character. Creating and killing off a minor character can often serve the same plot purpose as killing off a major character, and this is much less expensive. This should be considered first.

What about killing off major characters at the end of the work, though? If it's the final act anyway, you might as well kill them off, right? That would add some depth to the work! Well, this is certainly preferable to killing them in the middle of the work, but it has a tendency to come across as, for lack of a better word, cheap.

First, if you're on a soap box, and using the death of the character to illustrate the evils of society or whatever, it will be obvious, and annoying. Find a way to make your case without making a fictional character a martyr for your cause.

The right way to do it, imo, is basically the way it's done in The Old Man and the Sea. Make the character a symbol for something else, something more. A good example of how to do it right is the death of Walter White in Breaking Bad. He died, ultimately, after sacrificing everything he was in order to provide for his family. Or, at least, that's one way to look at it.

The wrong way is how Hank was killed in Breaking Bad. There was no plot reason he had to be killed, barring extreme writer laziness. Viewers had watched for probably over an hour of screen time as he learned to walk again, which was then ultimately for nothing. And his death wasn't really symbolic of anything. Yes, yes, it was "Ozymandias" for Walter White, at least at that moment. But that's really stretching.

Hank's death is a perfect example of the trend I'm talking about. Killing characters is certainly a tool writers, screenwriters, and other storytellers can use to excellent effect. But it can be overused, and there has been a recent trend of such overuse.
Post A Comment | Share | Link






Date: 2014-07-26 17:15
Subject: Weird Al
Security: Public
https://www.youtube.com/watch?v=8Gv0H-vPoDc

This. Is. Awesome.
Post A Comment | Share | Link






Date: 2014-06-20 13:48
Subject: Repost of comment to ipwatchdog
Security: Public
Gene,

I was sent here by LWN (Linux Weekly News). It's well known over there that when you're unhappy, we should be happy, so I'm very happy today :) The converse is likely also true -- you were probably happy about the Oracle v. Google reversal, and I'm very unhappy about that :(

That's not to say I disagree with you on everything -- it seems (from your article on software not being math) that you wouldn't be averse to limiting terms for software patent to something like 5 years, which would be a great thing and might even make software patents benefit society.

Anyway, here's why I'm commenting here: your claim that software isn't math is quite strained. You try to make the distinction that math is "descriptive" and that software "controls a computer", but that's a matter of how software is used, not what it is. You don't have to use software by executing it on a computer; you could use it by reading it like a book if you wanted, and, depending on the software, you could be enlightened by doing that. You could also use software as part of a mathematical proof in the field of computability theory, and this is commonly done. There's a mathematical category of "computable algorithms", which are any formal languages that can be described by a Turing machine, and code that computes an algorithm is a proof that that algorithm is in fact in the category of computable algorithms. Hypothetical software is also written as part of proofs that certain algorithms are "NP-complete", meaning they can't be done quickly on a computer unless a lot of other (hard) problems can also be done quickly on a computer.

Look at functional programming sometime: it's "descriptive" rather than "controlling" (imperative), but it's equivalent to to more conventional (imperative) programming. Functional programming looks a lot more like math than imperative programming, so, if you look at it, maybe you'd see where all the people saying "software is math" are coming from. Look up the Church-Turing thesis to see how functional programming is equivalent to the more common Turing machine-based systems. And the equivalence is (you guessed it) a mathematical definition.

Oh, and, by the way, banning people because you disagree with them is juvenile. Perhaps that comment wasn't constructive, but still.
Post A Comment | Share | Link






Date: 2014-05-16 18:15
Subject: I Miss Groklaw
Security: Public
With the Oracle v. Google reversal and remand, I'm really missing Groklaw. I wish PJ still felt secure enough to continue with it. It was a great space for collaborating on threats to OSS, and, so far, there's been no good replacement for it. GrokTheLaw tried to continue in the spirit of the original, but it seems to have fizzled. What a shame.

---linuxrocks123
Post A Comment | Share | Link






Date: 2014-04-04 20:09
Subject: SystemD
Security: Public
https://bugs.freedesktop.org/show_bug.cgi?id=76935
http://www.networkworld.com/news/2014/040314-linux-280404.html?hpg1=bn

Just read that bug report. I mean ... just ... read it.

"Generic terms are generic, not the first user owns them."

SystemD parses the KERNEL'S command line, sees a parameter that has always been intended for the KERNEL to use, and responds by spamming the KERNEL'S debug log so much that the boot fails.

And then this is reported as a bug. And then SystemD says it's not their problem.

Linus can be abrasive. Linus can be wrong. In this case, Linus is 100% correct.

Slackware doesn't use SystemD. My hope is that Slackware never will. These arrogant, opinionated, anti-UNIX twats have no business managing the core of a Linux system.

---linuxrocks123
Post A Comment | Share | Link






Date: 2011-04-23 22:40
Subject: A Solution to the Cold Boot Attack
Security: Public
I've been working on the cold boot problem for a while. Read my glorious paper! Then, download aes-amnesia.S and come back here to figure out how to use it.


WARNING: DO NOT USE HARDWARE OR SOFTWARE SUSPEND WHILE THE LOOP.KO MODULE IS LOADED OR YOU WILL TOTALLY TRASH YOUR HARD DISK -- WE'RE TALKING EXTREME, IRREVERSIBLE DISK CORRUPTION -- UPON RESUME!

WARNING: DO NOT USE ON A SYSTEM CONFIGURED WITH SMP SUPPORT OR YOU WILL TRASH YOUR HARD DISK! PROBABLY NOT AS BAD AS IF YOU SUSPEND, BUT STILL PRETTY BAD!

AND THIS WILL CERTAINLY HAPPEN. IT'S NOT, LIKE, WELL, MAYBE IT WILL HAPPEN. IT WILL HAPPEN EVERY TIME. YOU ABSOLUTELY MUST NOT SUSPEND YOUR COMPUTER WHILE USING THIS. YOU ABSOLUTELY MUST USE A NON-SMP KERNEL WHILE USING THIS. AND IF YOU DON'T KNOW WHAT A NON-SMP KERNEL IS, YOU SHOULDN'T USE THIS. BECAUSE YOU'LL TRASH YOUR HARD DISK IF YOU USE THIS ON A NORMAL LINUX SYSTEM. ALL OF YOUR FILES. GONE. FOR GOOD. AND YOU WON'T KNOW AT FIRST. MAYBE YOU CAN RECOVER SOME OF THE FILES USING A TOOL LIKE PHOTOREC BUT DON'T GO THERE JUST DON'T USE THIS UNLESS YOU'RE ABSOLUTELY REALLY DAMN SURE YOU KNOW HOW TO AVOID CORRUPTING YOUR HARD DISK. THIS IS PRE-ALPHA QUALITY SOFTWARE. DO NOT USE THIS UNLESS YOU KNOW WHAT YOU'RE DOING. AND EVEN IF YOU DO KNOW WHAT YOU'RE DOING, DON'T SUSPEND YOUR COMPUTER, EVER, WHILE LOOP.KO IS LOADED. IF YOU DO ACCIDENTALLY, PULL THE PLUG ON THE LAPTOP AND TAKE OUT THE BATTERY RATHER THAN RESUMING BECAUSE ONCE YOU RESUME, YOUR FILES ARE DEAD. IF YOU DO RESUME, WELL, AGAIN, IMMEDIATELY TURN OFF THE COMPUTER TO AVOID FURTHER DAMAGE. IF YOU USE WITH AN SMP KERNEL, YOU'LL CORRUPT YOUR FILES MORE SLOWLY SO YOU WON'T KNOW AT FIRST. DON'T USE THIS WITH AN SMP KERNEL. IF YOU DON'T KNOW HOW TO DO THESE TWO THINGS -- NOT SUSPEND AND ONLY USE WITH A KERNEL YOU HAVE COMPILED WITHOUT SMP SUPPORT, DO NOT USE THIS SOFTWARE. THIS SOFTWARE CAN DESTROY YOUR DATA. ALL OF IT. FOREVER. DON'T USE THIS SOFTWARE UNLESS YOU UNDERSTAND THIS ENTIRE WARNING AND KNOW HOW TO MAKE SURE YOUR DATA DOESN'T GET DESTROYED.


This is what you do to use it (works with AES128 on 64-bit Linux only):
1. Get Loop-AES here.
2. Configure your kernel for Loop-AES. While you're at it, disable hardware performance monitoring (oprofile) and multiple CPUs (we don't support SMP systems unless compiled without SMP support ... yeah, I know, that needs to be fixed, and it can and will be).
3. Copy aes-amnesia.S to aes-amd64.S.
4. Make sure you've configured Loop-AES to use its AMD64 assembly language implementation of AES, which we just copied over. Note that things like Via PadLock and AES-NI are not supported currently; configure them out.
5. Compile Loop-AES as normal.
6. Some tests will fail because Loop-Amnesia doesn't support AES-192 or AES-256 yet.
7. Set up an encrypted volume with Loop-AES using AES128. You're now immune to cold boot!

DO NOT SUSPEND YOUR SYSTEM WHILE LOOP-AMNESIA IS IN USE OR YOU WILL ABSOLUTELY FOR SURE CORRUPT YOUR HARD DISK. In fact, you can do this to make sure it's working:
1. Unmount every encrypted volume except for a small loopback volume WHOSE CONTENTS YOU DON'T CARE ABOUT.
2. Software or hardware suspend the disk.
3. Resume and unmount your test volume DO THIS AND YOU WILL NEVER SEE THE DATA IN THE TEST VOLUME AGAIN IF YOU ARE USING LOOP-AMNESIA.
4. Use "losetup -d" on the loop device you used for the test volume.
5. Unload and reload loop.ko. IF LOOP.KO WON'T UNLOAD, YOU SHOULD BE VERY VERY AFRAID THAT PERHAPS YOU HAVE ANOTHER PARTITION LOADED AND OH GOD YOU'RE GOING TO LOSE ALL YOUR DATA FOR SURE IF YOU UNMOUNT ANYTHING YOU CARE ABOUT SO DON'T DO THAT AND DON'T TYPE "sync". JUST PULL THE PLUG IF YOU MESSED UP AND HAVE ANYTHING OTHER THAN A DUMMY TEST PARTITION MOUNTED. IF YOU'RE LUCKY, MAYBE YOUR DATA WILL STILL BE THERE WHEN YOU TURN THE COMPUTER BACK ON.
6. Verify that the loopback volume's filesystem is corrupted. If it's not, you've done something wrong and are using a non-cold-boot-immune Loop-AES implementation, not Loop-Amnesia!

Best of luck, and comment on this blog post if you have problems! Also comment if you want SMP support; I'd get to adding it faster if I know people are wanting to use it :)

UPDATE: The people who did AESSE (mentioned in my paper) have continued to work on the cold boot problem and have also released code. If you have a computer with AES-NI support, or a 32-bit CPU, you may want to have a look at TRESOR. TRESOR is a project similar to Loop-Amnesia but uses dm-crypt as its base rather than Loop-AES. TRESOR can also make use of the AES-NI registers to provide better performance than Loop-Amnesia on computers that have them (I will add AES-NI support to Loop-Amnesia if there is demand, however), and, unlike Loop-Amnesia, TRESOR also supports 32-bit versions of Linux (which Loop-Amnesia will never do). Unlike Loop-Amnesia, however, TRESOR does not support mounting multiple encrypted partitions. This means, for instance, that if you want cold-boot-immune data and swap partitions, you'll have to use Loop-Amnesia, not TRESOR.

Author of Loop-Amnesia,
---linuxrocks123
3 Comments | Post A Comment | Share | Link






Date: 2011-04-22 12:13
Subject: HOWTO: Avoid Internet Filtering
Security: Public
When I was in elementary through high school, my public school district used an Internet filtering system to stop students from accessing "evil" websites, such as those containing nudity or email. I have no idea if the PISSED (inside joke) school district has decided to lighten up any, but I decided to do a comparison of my school district's censorship system with that of China. I have also decided to include instructions on evading censorship of each.

PISSED school district:
- Annoying picture of stupid dog displayed when site is blocked.
- No DNS hijacking.
- Dedicated servers for censorship.
- HTTPS not blocked and not censored because contents of website couldn't be examined.
- I seem to recall port blocking was in effect, with only ports 80 and 443 allowed through.
- Unknown whether running an ssh server on port 80 or 443 would work (would unless they're doing deep packet inspection).
- CGIProxy was effective.
- Booting Linux eliminated need for login.

Communist China:
- Blocked site simply fails to load.
- DNS hijacking stops effectiveness of evasion tools that do not also tunnel DNS.
- Dedicated servers for censorship (assumed).
- Contents of HTTPS websites not examined; some https websites might still be blocked.
- No port blocking in effect.
- CGIProxy not tried but should work if run as https server.

I have successfully evaded both of these censorship systems in the past. Now, I want to tell others how to do this, too.

For the PISSED school district system, the following method should work:
1. Run a proxy server using SSH SOCKS5 proxying or HTTPS CGIProxy on your home Internet connection. If you choose SSH, use port 443.
2. Boot a PISSED computer from a Linux Live CD or DVD so that you don't have to log in and can't be tracked.
3. Connect to your proxy server.
4. Visit blocked websites.

For Communist China, the following method should work:
1. Run a proxy server in another country using SSH SOCKS5. CGIProxy probably won't work because of China's DNS hijacking.
2. Configure Firefox to redirect DNS requests through SOCKS to evade the DNS hijacking by setting network.proxy.socks_remote_dns in about:config.
3. Connect to your proxy server.
4. Visit blocked websites.

On Linux, to connect to an SSH server from a client and use it as a proxy, do ssh -C2qTnN -D 8080 username@remote_machine.com. Add a "-p 443" if you configured your SSH server to use port 443 to evade PISSED port blocking.

If you are personally suffering under the evil, anti-freedom regimes of China or PISSED, or otherwise have a need for evading Internet censorship, please post below so that I can assist you with your specific censorship evasion needs. I recognize these directions are rather skeletal; I feel that, if you are running into trouble, I can best help you by discussing the issue with you personally.

---linuxrocks123
Post A Comment | Share | Link






browse
my journal
November 2014