Sunday, November 2, 2014

Apple Mac NTFS Read/Write Support

Apple Macs have NTFS support, but for some inexplicable reason, it defaults to read only when you plug a NTFS removable disk in.

There must be a way to change this, but the simple workaround is to mount the annoying thing manually:

First open a terminal and become super user:
$ sudo su
password

Plug the removable disk in, then:
# dmesg

Look to see what device name is used, probably disk2s1.

To ensure that it is free, in case it was 'helpfully' auto mounted already:
# umount /dev/disk2s1

Make a directory as a mount point:
# mkdir mnt

Mount the device read/write:

# mount -t ntfs -o rw,auto,nobrowse /dev/disk2s1 mnt

Now open Finder and copy to/from the new mount point.

When you are done, unmount it with:
# sync
# umount /dev/disk2s1

La voila!



Saturday, November 1, 2014

Biometric Insecurity

Judge Steven C. Frucci ruled this week that giving police a fingerprint is akin to providing a DNA or handwriting sample or an actual key, which the law permits. A pass code, though, requires the defendant to divulge knowledge, which the law protects against, according to Frucci's written opinion.

This is a very important strike against using Biometrics for security.  Use of biometrics for authentication may be OK, but security not.  A big problem is that most common users confuse the two.

The problem with using fingerprint or voice biometrics is that you leave samples of it everywhere you go. You leave your prints on glasses and door handles.  You leave your voice every time you use a phone and it gets recorded 'for customer satisfaction' reasons.  You leave a picture of your face every time you use a bank machine.  You leave your DNA whenever you use a hair brush. Any semi-savvy crook can lift it and use it against you and worst of all - You Cannot Ever Change It.

Once someone figured out how to impersonate your biometrics, that person can keep doing so forever and you cannot do anything about it, short of dying before he does.

Nowadays, banks and phone companies are starting to use biometrics for identification and authentication.  This is potentially a very bad development.

Tuesday, October 21, 2014

Serial Ports Revisited

We were trying to test a pair of radios with a data loop-back and were again making the same old mistakes and then wondering what the heck is going on. It is just amazing how many times I have sat down and scratched my head with these things - it feels like I never learn or remember!


The mistake we make over and over again is to expect the wrong read/write behaviour from a serial port utility:
  • A serial port is a bidirectional device.
  • A program will grab the device file handle and open the device file either as 'Read', 'Write' or 'Read/Write'.
  • Simple programs like 'cat', 'echo', 'bash' (read, write), 'head', 'tail' and 'of', all open the device file as either 'Read' or 'Write', never 'Read/Write'.
  • Complex programs like 'cutecom', 'minicom', 'screen' and 'netcat', open the device file as 'Read/Write'.
So, one cannot run 'cat' twice on the same port in order to send and receive data, you have to use 'netcat' or 'screen' to do that in one convoluted operation, or you have to make a T cable and run the Rx and Tx wires to two separate serial ports and then you can run 'cat' twice (on the different ports).

Here are some examples:

Ensure that you are a member of the dialout group:
# usermod -a -G dialout username

To configure a serial port you can use either 'screen', 'minicom' or 'stty':
$ screen /dev/ttyUSB0 115200
$ minicom -b 115200 -o -D /dev/ttyUSB0
or
$ stty -F /dev/ttyUSB0 raw
$ stty -F /dev/ttyUSB0 115200


To exit screen, type Control-A k and exit minicom with Control-A x.

Then, to send and receive data through the port:

This will not work concurrently.  You cannot open two terminals and run these commands together to see what is transceived in real time:
$ cat txfile > /dev/ttyUSB0
$ cat /dev/ttyUSB0 > rxfile


After the first instance of 'cat' grabbed the file handle to send the file, the second instance cannot open it again to receive the file at the same time - oops...


If you make a T cable then you can do this in two terminals:
$ cat txfile > /dev/ttyUSB0
$ cat /dev/ttyUSB1 > rxfile


That will work because each instance of 'cat' uses a separate serial port, but then you got to find three 9 pin connectors and two serial port adaptors, which may not all be available, but the commands are easy to understand.

The easier way, is to use screen with exec, or minicom with expect, or do character I/O one at a time in bash with echo and read.


While I am at it, sometimes it is better to output data in hexadecimal. This can be done with the 'od' (octal dump) program instead of the venerable 'cat':
$ cat txfile | nc < /dev/ttyUSB0 > /dev/ttyUSB0 | od -x

or
$ od -x < /dev/ttyUSB1

or
$ $ od -x < /dev/ttyUSB1 > rxfile

and so on.


Obviously, you need a real computer to do all this:
http://dilbert.com/dyn/str_strip/000000000/00000000/0000000/000000/20000/1000/000/21021/21021.strip.zoom.gif

The joke comes from here:
http://www.cryptonomicon.com/beginning.html

Monday, October 20, 2014

Printers

A few notes for those new to Linux printing on how to waste perfectly good trees.

FTP

First walk over to the printer and write down the IP address.

Many network printers have an unsecured FTP server that your company IT is blissfully unaware of (or more likely, they know only True Card Carrying Geeks will use it in a moment of sheer desperation, so they leave it be, even though it can potentially be abused).  If you upload a postscript file to a printer, it will print it immediately - no questions asked.  This works without having anything special installed on your Linux machine.

The process works something like this:

In your application, select Print to File, then save the file as file.ps.  Open a terminal and connect with FTP, then put the file: 

$ ftp 172.22.8 12
Login: [enter]
Password: [enter]
ftp> put file.ps
ftp> bye

La voila!

CUPS with IPP

The CUPS service is maintained by Apple and it works very well indeed.   Usually, it will discover network printers automatically, but unless your company IT named the printers properly, it won't tell you where the printer is and in a large company there may be hundreds of printers all over the world.  If you cannot figure it out, then you can manually configure a printer.

Open a browser and type localhost:631 to open the CUPS management program.

Go to the Administration screen and select Add Printer.  Select the IPP protocol.  For the URL, type for example ipp://172.22.8.12/ipp/

Enter a printer name and location so you can remember which one it is.  Find the printer manufacturer and device driver, for example HP and HP Laserjet 9040 with CUPS and Gutenprint (en).  If you can't find the exact printer model number, try something similar, it usually works - sometimes you just lose a special feature such as duplex printing that nobody ever use anyway, since it always causes paper jams.

Finally, select Maintenance and print a Test Page.

When you experience printer trouble, restart CUPS from the command line with service cups restart  and then go to the management screen again and clear all the stuck print jobs.

Easy as pie.

LPR

When you have CUPS installed, you can also use the lpr program from the command line.  CUPS can print most types of files automatically.  You don't necessarily need to run a specific application to print something - just send the file to CUPS and it will usually figure it out and convert the file to postscript all by itself.

For example to print to the default printer on your machine:

$ lpr -P localhost file.pdf

It also works with text files and even pictures.  You don't need to fire up a PDF reader or Gimp to print.  You can also pipe multiple files and then go and feed the trees and toner into the printer.

You can likewise use lpr to send a file from a new machine with no configuration, to another machine that already has CUPS installed and print via a proxy.  There is always a simple way to make it work.

Saturday, October 18, 2014

Diabetic Foods and Cooking

A few notes on sugar free cooking.

As my doctor put it, I am not diabetic, but I should eat as if I am.

It appears that the most important dietary modification to diabetes and weight control, is to avoid any food that digests rapidly.

At first the list looks daunting: Wheat, potato, rice, alcohol, glucose, sucrose... essentially all common carbohydrates must be avoided - which makes one wonder what is left, since that is about 90% of all the junk on the supermarket shelves!

Oats and Rye

I don't mind going on a caveman diet of meat, salad and nuts, since I'm a committed carnivore already, but wheat bread is curiously addictive and getting over it is not easy.  There are many different kinds of wheat: Spelt, Durham... so be careful that you don't buy an alternative that isn't an alternative at all.

Rye bread is commonly available at bakeries, but it is a little chewy - an automatic consumption limiter.

My wife is an engineer of economics, loves cooking and did a few experiments with rye, oats and barley kernels.  She quickly figured out that it is very easy to make rye and oats flour: Simply chuck the grains into a coffee grinder and press the button - brrrrrrrrrrrrzzzzzzt - done, perfect flour!

The other surprising thing is that when oats flour is used in baking, it doesn't taste like oatmeal porridge as one would expect.  Baked oats confectionery works and tastes the same as wheat bread and cake - probably because of all the other ingredients.  So between oats and rye, we got wheat eliminated easily and she bakes bread, cake, pancakes, strudel - anything - with oats and rye flour.

Barley

Barley makes a perfect alternative to rice.  It is a little different, but sufficiently the same that we don't miss rice at all.

Sucralose, Aspartame, Xilatol and Stevea

For baking, it is important to use a sweetener that doesn't denature at high temperature.  Sucralose is available in boxes as a fluffed up powder that can be used almost 1:1 (more like 1:2, since it is extremely sweet) to replace sugar.

Be careful with diet sodas.  Many people are sensitive to phenylalanine (produced when Aspartame is broken down) and it increases muscle tension.  Too many diet sodas and you will feel creaky as if you are a 100 years old.  If you overdosed on sodas, bear in mind that phenylalanine takes about 14 days to get out of your system again, so be patient, you will eventually be able to turn your head again.  I can handle one diet soda every other day - no more.  Alcohol free beer is much better and I can chug as many of those as I want with no side effects.

Xilatol is used in 'dental' chewing gum.  It is derived from wood.  The only reason I mention this here, is because Xilatol gum will kill a dog - it makes a dog stop breathing.  Don't leave gum lying around where a puppy can get it, or you could become rather unpopular very quickly.

I don't like the taste of Stevea root much, but I cannot imagine life without chocolate...

Life in the Slow Lane

Once you made the above modifications, you will enjoy life in the slow metabolic lane.  Various nuts and little round cheeses is my way of snacking and when we go out, I drink either nealco Zlatý Bažant (Golden Pheasant) or Bavaria (yum), or Diet Cola (yech).

Swimming

The other important thing is exercise - the more the merrier.  I prefer swimming, since gym machines always hurt my hands and I need my fingers for typing.  So I swim about 3km per week - it sure helps living in a hot country, although it is rather chilly today - only 34 Celsius!

Saturday, August 9, 2014

Reversing the Telephone Table

Are you also fed-up with telemarketer calls?  Chris Blasco wrote a nice piece about social engineering a telemarketer into resetting his own phone set: https://plus.google.com/+ChrisBlasko/posts/GzCuzTyUXNq

Being somewhat incredulous after reading that, I researched it myself.  It turns out that it really is that easy to reset a Yealink phone, but resetting a Polycom may require a password and for a Cisco, you need to enter the configuration menu first, so your mileage may vary.

Here is a handy list:
http://www.3cx.com/blog/ip-phone-configuration/factory-reset-your-phone/

This may become a new sport - at least until the telemarketers wizen up.


Saturday, August 2, 2014

Canoeing in Cinque Terre

A Real Canadian always has a canoe at the ready.  We have inflatable canoes stashed with relatives in multiple countries.  These water toys are cheap, relatively light weight (about 25kg) and easy to transport in the boot of a car.  This summer, we took our European Sea Eagle to Northern Italy.

We rented a tiny little apartment in Manarola, roughly in the middle of this picture, next to the old tower, directly above the harbour.

Nowadays, I mostly use my Samsung phone camera - it has some spherical distortion, but the quality and warmth is very pleasing.



Cinque Terre is a crazy place which really should be on your bucket list.  Many of the buildings are from the 15th century, but the craziest building period was in the 19th and 20th.

Note that the best way to get there is by rail from La Spezia.  The railway runs up the coast in an infinite series of tunnels, so it is mostly invisible and doesn't spoil the park.  We went by car and dragging the canoe and luggage between the car park up on the mountain and the village down below, was really hard work.

Pirates ahoi!


We still heard the party on the pirate boat by 4 in the morning.

The view from the canoe, using my waterproof Olympus uTough camera.  The Olympus produces very sharp, but colder photos, which really need to be hue adjusted a bit, but usually I can't be bothered:


The trains only exit the tunnels at the stations.  With only one person in the Sea Eagle, it is a bit wobbly for photos so I ended up with lots of fuzzy ones, but an inflatable has a nice soft ride over the swells - it just bends a bit - same as an air mattress:


...and if you don't have a canoe and don't like trains, take a ferry:


With an inflatable, you should never leave your pump behind!

You can click the pics for a larger view.