Skip to main content

Posts

Showing posts from June, 2014

Replicating Fedora Machines using Kickstart

Sometimes one wants to install more machines the same as one that is already working.  Replication is one point where Linux is light years ahead of the competition. Using Kickstart, you can roll out thousands of identically configured machines (with hardware that may be completely different) in a jiffy - Kickstart will automatically install the correct device drivers. The Skinny I usually do it manually, since it is too simple to bother scripting: Save file /root/anaconda-ks.cfg Save /etc/yum.repos.d with tar -zcvf yum.repos.d.tgz /etc/yum.repos.d Save the packages list with yum list installed > packages Use the saved kickstart file to install the new machine, untar the repos and run yum -y install $(cat packages) or yum -y install < packages Booting Kickstart Kickstart is the remote control system of the Red Hat Anaconda installer. A Kickstart installation requires access to the Linux installation media on a local CD-ROM drive or hard drive, or over

Ramadan Kareem

Fortunately, it only hits 50 degrees Celsius a few days in the year. BTW, Lulu Hypermarket seems to be the only place that sells big black umbrellas in summer. Actually even hotter than John Fogerty rambled on about: https://www.youtube.com/watch?v=jYguNCDfnCY

Franz Kafka strikes again

In a case seemingly from the pen of the late Czech writer Franz Kafka, the United States Court of Appeals for the Seventh Circuit has ruled against terrorism suspect Adel Daoud, saying that he and his attorneys cannot access the evidence gathered against him. Daoud, an American citizen, was arrested in a FBI sting operation in Chicago, for attempting to bomb a bar. When Daoud’s lawyers discovered that this case involved secret evidence that they had not been privy to, they eventually asked the court to notify them if any evidence gathered had been done so under a Foreign Intelligence Surveillance Court (FISC) order. I commend the FBI for catching idiots like this, but this is not how the justice system is supposed to work.  Secret trials are a ridiculous perversion.

Streamripper on Fedora 20

I live in a desert oasis, right behind a huge radio tower, yet the only radio station that I can reliably pick up is Abu Dhabi Classic, which I guess comes from this stupid tower.  That gets rather trying after a while.  The internet connection at home is fibre - everything comes over that - TV and net.  Therefore, to get something to listen to in my car, I record internet radio streams onto a USB stick using streamripper . Streamripper works like magic.  It somehow avoids recording commercials (well, at least, the vast majority of them) and it will not save the same song multiple times.  The main problem with it is getting the stream descriptors into a working format.  I used to use streamtuner as my interface to the network radios and it includes streamripper , so the combination was perfect.  Lately however, streamtuner doesn't work and I am too lazy to fix it myself. (Update: I got streamtuner to work using a special RPM made by a kind soul on http://forums.fedoraforum.or

Encryption Test

So, how can one tell whether something is encrypted? One way is to try to compress a chunk of the encrypted data.  If it compresses at all, then the encryption is suspect. Let's test the encryption of the swap partition. # swapon NAME TYPE SIZE USED PRIO /dev/dm-0 partition 3.8G 151.2M -1 # dd if=/dev/dm- of=swaptest bs=1M count=1 1+0 records in 1+0 records out 1048576 bytes (1.0 MB) copied, 0.011246 s, 93.2 MB/s # ls -al swaptest -rw-r--r--. 1 root root 1048576 Jun 12 08:50 swaptest # gzip -9 swaptest # ls -al swaptest.gz -rw-r--r--. 1 root root 1044778 Jun 12 08:50 swaptest.gz Hmm, it actually compressed a little bit, so my swap encryption is suspect, probably due to some repeating headers, but if it reduced by half, then it would have been clear that there is no encryption at all. Let's look at the swaptest file with hexedit and see whether there is readable stuff in there: # dd if=/dev/dm- of=swaptest bs=1M count=1 # hexedit sw

LibreSSL

The latest compromise found in OpenSSL is not a backdoor by itself, but it provides a great DIY Kit to subvert the system and it is conveniently built right into the Windows software API:  http://www.openbsd.org/papers/bsdcan14-libressl/mgp00025.html OpenSSL should not be lightly discarded, it should be thrown, with great force and the programmers who are responsible for subverting it cannot be trusted ever again. OpenBSD needs your support to reconstruct this crucial piece of security software the right way - please donate:  http://www.openbsdfoundation.org/donations.html

Lies, damned lies and site statistics

Everyone who has to deal with computers, have to deal with the mess that is Windows from time to time.  My main beef with Windows is that one cannot fix it when it is broken and I don't like being beholden to an incompetent 3rd party. Conventional wisdom says that Windows is used primarily by clueless home users and cheapskate businesses, while true card carrying computer geeks prefer some sort of UNIX.  A year ago, that was true and my site visitors always were about 70% Windows. Lately, my site visit statistics show some interesting trends though.  During the week the visitors are 40% Macs, while during the weekend, it is 40% Linux. Could it be that both corporate and home users are smartening up and are abandoning Windows in favour of Mac and Linux?