I finally got around to updating my projects page. Turns out half the links were broken already. Maybe one day I'll finally split journal.html to one page per year, maybe I'll make index.html have something about new entries... but I'm too lazy.
It's an outdated website, by today's standards. These days people point http://fredfoobar.com/ directly at their blog or at their Twitter or whatever. I really appreciate the simple and clean designs, and I guess I've taken quite a bit of inspiration from Steve Losh's website, or maybe Ryan Tomayko's. But I'm not a designer and I'm not a programmer and I'm not a writer; I like having this weird corner of the internet that sorta feels like my home, to offset the "talking head" feeling that my Twitter feed has, not to emphasize it even more.
Or, in other words, this domain is not about me, but about things I've done. My website is under /~grawity because it's not any more special than all the other things living here. I guess it's sort of an attic, a dumping place, where all sorts of old, dusty things can be found...
I grew up when Windows 95 & 98 had just appeared; I don't remember dial-up – we went straight to ADSL – but I do remember how disks have grown from the PS/2 at school with 80 MB of storage, to family's first PC with 20 GB, to the second PC with 160 GB, to the subsequent upgrade to 1 TB. (And each of them was 80% full, as if following some laws of nature.) I saw mobile phones evolve from phones with Internet access to slabs of internet glass almost as if from some sci-fi movie, which just happen to also make phone calls.
And somehow I got stuck in this weird world of traceroutes and arcane command lines written in green ink, which, when you think of it, aren't all that different from actual magic in a world we created.
(Can you guess how often I rewatch .hack//SIGN?)
I spent many years on IRC; grew up on a small network of friends (population 30, down from ~100 back then), then moved to the megacity called freenode.
And maybe the only reason I'm still alive is because I'm damn curious to see what will happen to the Internet – ten, twenty, maybe even fifty years later.
So I have a "keys" directory where I keep all sorts of cryptographical information – private keys of my CAs, certificates for website authentication, SSH keypairs, PGP certs, DNSSEC keypairs, Gale keys... all that stuff. Basically, just so that I'd have a single place to look in, in case I lost something. It's also a Git repo to avoid screwups if I delete an old key and it turns out to be still necessary.
Two days ago I asked Unison to run my usual sync of ~/Private/keys to flashdrive, was greeted by a bunch of I/O errors; apparently some directories on the flashdrive have become corrupted, and many disappeared outright. Tried to recover by doing a clean sync, and just after I rm'd the copy on the flashdrive did I notice that Unison actually removed the lost files from my master copy as well...
And it also deleted pretty much everything in ~/Private/keys/.git as well. Crap.
Luckily, though, there still were some files and some Git objects including the last commit, and the total of which – after manually git-hash-object'ing the remaining files back into the repository – passed Git's consistency checks. So I still have all my old PGP keys and software licenses and stuff.
(It seems the flashdrive itself is mostly okay, just had filesystem corruption.)
(Update, two months later: I just found an old backup of the pendrive...and promptly rm -rf'd it. Still had a backup of that on the external backup disk, though. Turns out that it had all the files and commits I'd lost. Yay.)
One day later, I got a phone call from mother – she was at work and in panic; she had just finished a bunch of documents that took two weeks to write and were due tomorrow, when suddenly all computers stopped recognizing her flashdrive as containing anything meaningful. Checking it out at home, it turned out that the first few megabytes (where FAT keeps its file lists) had been erased somehow.
Unlike random crypto keys, though, this one was mostly full of Office documents, and running PhotoRec on it left me with several hundred files all named "fNNNNNNNN.docx". After sorting through half of them to find the important ones, I decided to check the flashdrive itself. It was the same old "prestigio" that I had written about earlier, so I low-level reformatted it just like the previous one. Sure enough, quite a few flash blocks showed up as corrupted (the reformat shrunk the usable space to 7.4 GB). These things sure don't last long...
In our next episode, I whine about how buggy UEFI sometimes is.
I seem to have terrible luck with purchasing home gateways – the kind that have a router, a switch, a WiFi AP, and importantly an ADSL modem in them.
The first one – back when we only had one desktop PC – was ISP-issued Huawei MT820, with one Ethernet port, no wireless, and mainly acting as a pure PPPoE bridge, although it did have all sorts of features through the browser-based settings screen. (Next to it, a Windows XP box directly connected to the Internet... At least SP3 had a firewall by default.)
Later the ISP gave us a Pirelli DRG-A125G, which ran OpenRG firmware, and OpenRG is quite awesome in terms of features. My favourite might be the network interface configuration screen, which shows all devices – DSL links, ATM PVCs, Ethernet ports, VLANs, bridges, etc. – in a convenient tree. (I had to configure a VLAN in OpenWRT once. Never again.)
But of course its WiFi died after a few years, and even before that, every time I rebooted the device, it'd take a while until it actually started working... As in, even after establishing a link to my ISP, it'd keep refusing any connections for maybe 10 minutes, with the system log saying "NAT table full". How can a NAT table be full immediately after boot, why does it start working later, and why doesn't it affect HTTP connections, escapes me.
So because of the WiFi thing, I bought a D-Link gateway. Fancy javascripty ajaxy slow and idiot-oriented web configuration UI, but at least it let me configure ADSL and the like. What it didn't let me do is turn off the built-in DNS proxy, and of course its built-in DNS proxy was shit – in that if you sent it an EDNS0 query for 'A' records, the reply would have all "answer" records mysteriously moved to the "additional" section. (Specifically for 'A' records, yes. All other types worked fine.)
Eventually that gateway got fried during a thunderstorm, so I bought another D-Link. (Unfortunately the supply of ADSL modems is pretty scarce here in 2014.) Web configurator a bit more to the "professional" side, though also with the options scattered all over. Optional IPv6 support. Naturally, worst DNS proxy ever, with no opt-out. By which I mean the DNS proxy only supported UDP and truncateed all UDP responses to 512 bytes – even EDNS0 ones. That didn't go well with Unbound's DNSSEC validation either...
So for now I'm still using it, with Unbound configured to ignore the DHCP-obtained DNS servers, which helps with shitty gateway DNS, but breaks with captive-portal WiFi networks, so I still have to toggle it manually on & off...
It's 2014. The firmware of both of those gateways was released in 2014. And they still can't manage to get DNS proxy right? Come on.
(Update: It gets worse. If the gateway sees a DNS reply for example.com/A, it doesn't just cache example.com/A = 1.2.3.4, it also caches 4.3.2.1.in-addr.arpa/PTR = example.com! This breaks quite a few things that rely on accurate rDNS, in situations where multiple names point directly to a host's address. – 2014-08-28)
Rebooted to Windows and promptly received Yet Another Video Driver Update, indicated by a flicker of the screen, followed by it turning off in a few moments. (I keep "hiding" that update, and they keep pushing a newer one every couple of weeks.)
Except this time I noticed it didn't really turn off. It simply went dark, as in I could still faintly see the text scrolling by.
It turns out, if I press the brightness-adjust keys, I still get the same 10 steps as previously, but the driver seems to normalize all settings to only two: 100% if I set it to anything above 66%, and no backlight at all for any other setting.)
So that's good, kinda, because I can actually use the latest drivers, even if the backlight setting is a little wonky, and I actually know how to describe the problem in case anyone from AMD ever cares to read those "issue report forms" they have.
I'm going to try the latest beta driver just to see if it's any different.
I'm a packrat. I keep a lot of things. I have gigabytes of source code – operating systems, security software, a large-ish collection of IRC servers (just in case they disappear from the internet – few people care about IRC history). Various other things, too. IRC logs, anime, backups, backups of backups, backups of backups of backups. Every small project in a Git repository.
But it's not quite like in that xkcd comic; every now and then, I get in the mood of "everything is hopeless", and start deleting stuff. I've lost many years of IRC logs that way (the ones I have now all start on July 2012), quite a few old files that I wish I could find again; threw out piles of old CD-R's. I think the oldest anything that I have is from 2009, with only a couple of files from '06–'07.
Now I try hard sometimes to find the balance between useful and useless; I keep projects in Git repos so that I could easily delete neat code that has outlived its usefulness; I tarball and stash away old things instead of letting them clutter my frequent places. I've started throwing out many physical things as well – it turns out I've had a lot of crap in various drawers; waste of space, waste of time.
In the name of quality vs. quantity, I've also removed a few posts I had in the journal. Toned down the language of a few others, too. I might get rid of the ConsoleKit ones, as they've become out-of-date. They're still here in the repository, but no longer useful.
On the other hand, I should perhaps restore the old Cluenet website. The entire project is kind of dying; we no longer really provide shell services because nobody needs them. Both founders pretty much left a few years ago; Radian, the web/core server, went down once, and nobody had any way to contact the owner (one of the founders) anymore. (Luckily, I had made a full backup just one week before.) So the website went down, and I never really bothered restoring anything (it was part-MediaWiki part-custom-PHP), even though it had a few dozen interesting pages, some going back to the ShellsNet days – the 'shell server' network that was before Cluenet.
(Radian actually went up again last week, with all data seemingly unaffected. Who brought it up, and will it stay up, we have no idea.)
A few days ago I decided to install Windows 8.1 in a spare partition – partly to just see what it's like, and partly because I expected the official Windows ATI drivers to be better at 3D stuff than Xorg's radeon module (I used to play RuneScape at ~10 fps, now it's more like 5 fps).
After having had to deal with Windows XP so much in the past, this one was fairly easy. Stopped gdm.service, logged in as root, unmounted the /home partition, ran startx and gparted to shrink it by 32 GB. An hour later, rebooted into the install CD and just let it run. This is where UEFI becomes useful – the installer just put BOOTMGR alongside Gummiboot in the existing EFI partition, so I didn't have to do anything at all to fix Linux boot.
So now that I've got it working (and with the 8.1 Update 1), first impressions:
The new UI is really not that hard to understand, although being forced to tile certain apps side-by-side is a bit annoying. (Yes, Linux has tiling window managers, but they're either all-or-nothing, or they let you switch between tiling & floating for any window. In Win8 it's per-app – "Modern" apps must be full-screen or tiled, regular Win32 ones are windowed.)
On the other hand, File Explorer became a bit confusing. I can find a folder named "Documents" under Home, under Favorites, under OneDrive and under "This PC". And apparently there still is a Win7-style "library" with the same name but showing files from both ~/Documents and ~/OneDrive/Documents. Okay.
The "Modern apps" take quite a while to load, for the tiny amounts of functionality that they have. "Mail" looks nice, but is really confused about me logging in to Windows with my @gmail.com Microsoft account – it's shown by default as "Gmail" in the app's "Accounts" menu, but if I check the "Sync email" option, I get the Outlook.com inbox, not the Gmail one... Though adding the real Gmail separately works fine.
On the topic of Microsoft accounts, apparently I still cannot use spaces in my password.
Given that the laptop still has a "Designed for Windows 7" sticker on it (though it has never run Windows until last week), I expected drivers to be easy – just let it grab everything from Windows Update... Apparently no. The good part is that Windows already had drivers for both the Ethernet and WiFi cards. Now the bad parts:
Installed the ATI graphics drivers; lost graphics. Had to downgrade to a two-year-old version (though that's still newer than what ASUS offer on their website) as the latest one disables the laptop screen (even though Windows thinks it's still enabled).
Installed Elantech touchpad drivers; no change at all – still can't scroll horizontally, and vertical scroll isn't detected half the time (though the latter seems a common problem, I guess Windows touchpad drivers are more picky in general than Xorg ones). Though I thinkI could fix it by installing Synaptics drivers in place of Elantech ones... Nope, didn't work. On the other hand, more googling led me to another ASUS webpage that listed all Elantech driver versions, and the latest one (v11.x) seems to recognize the usual gestures correctly and the configuration UI doesn't crash.
Installed ASUS ATK0110 drivers; still can't use media keys. The driver only makes the volume control keys work, but does that in an userspace daemon (by reading events directly from ATK0110, I think) – which means I get the crappy ASUS OSD (I get to choose between ugly rectangle and ugly 3Dish animation); it only controls the built-in speakers' volume, rather than headphones', and who the hell uses a laptop's built-in speakers?; and other programs do not see those keys at all – I can't bind "Next" or "Play/Pause" in foobar2000, and I can't bind "Volume Up" in AutoHotkey either. Apparently there's a thing called "Keyboard Filter Driver" though; I wonder if it'll help. That didn't help. But again, more googling, another secret ASUS webpage with an ATK driver two months old, which seems to work well for now.
For accessing the Linux filesystems, apparently Ext2IFS is a dead project and has no ext4 support (the 'extents' feature bit), so I went with Ext2Fsd which still looks as ugly as I remember it from 2011, but at least it reads all my files.
My dream is a world where networks can autoconfigure as much as possible, and where developers have to pay huge fines every time a generic error message is shown…
[…] I'm trying to set up an AP for WPA-Enterprise, EAP-PEAP & EAP-TTLS specifically, and most devices can connect to it fine except for a very stupid Nokia N8 phone. Whenever I ask it to connect to a network it hasn't seen yet, the phone doesn't even think about asking for my login details – instead, it expects to be recognized by its SIM card; in other words, it tries EAP-SIM and EAP-AKA, then gives up.
Sure, if you go up from the "WiFi networks" menu and three levels deep into "Access points – Other", you'll find that it does have a way of disabling that nonsense and configuring a long list of other EAP mechanisms; there's even a username/password dialog three more levels deep and hidden behind a most confusing "tabs" thing.
I can make it connect in the end, but the entire configuration takes several minutes at least. (Unlike Cambridge, I can't really expect the students to bother with all that.) Now compare that instruction page to, for example, Android's behavior – which immediately shows you a config dialog, with maybe a bit more than necessary, but still just 6 options total. Compare also to an iPhone, which just asks for username & password & whether this certificate looks okay.
So, yeah, I won't miss Nokia at all when it finally gets "embraced" by Microsoft.
But on the other hand, all of that happened after I spent half an hour trying to figure out the cause behind iOS spitting out "Could not connect" without so much as an association request – couldn't handle the AP being set to 40 MHz, apparently – or the AP rejecting all association requests because it had airMAX enabled in a settings tab that didn't even look like all other settings tabs.
Which was followed by a hour-long fight with Windows Phone 8 completely refusing the server's EAP certificate no matter what extensions and shit I changed... until I noticed that the phone might be set to 2012.
I suppose at this point I should just be happy that DHCP exists...
Some pastebins, such as ZeroBin or 0bin, use client-side encryption for everything stored in them (usually as a way to avoid liabilities). As the encryption is always implemented in JavaScript, it becomes quite annoying when one wants to download a "raw" version of pastebinned text (e.g. a piece of code or a digitally-signed message), or simply to view the paste's contents in situations where graphical web browsers are unavailable – since neither curl nor wget nor any terminal-based browsers (even elinks) will be able to decrypt the text.
To fix this, yesterday I added support for both 0bin and ZeroBin to my getpaste tool. Both pastebins use the same method of encrypting the text with SJCL, serving the encrypted JSON blob, and putting the randomly-generated password in the URI fragment.
I had to do some digging in the source code, as SJCL's documentation of default algorithms isn't terribly clear (sjcl.encrypt() defaults to AES128-CCM with PBKDF2-SHA256 at 1000 rounds, and the 8-byte CCM authentication tag is added to the end of the ciphertext), ZeroBin compresses the text with raw DEFLATE before encryption, and 0bin uses LZW…except when it doesn't. But now getpaste knows how to dump the raw text when given URLs from both websites, as long as they're complete with the "fragment" (…#foo) part.