sharealike.org

I am thoroughly enjoying my MythTV setup now that I have it recording over-the-air HDTV, but I have to admit that these folks at snapstream have me beat with their Godzilla PVR that is capable of simultaneously recording 4 HDTV broadcasts and 7 standard broadcasts, i.e., 11 shows at once. Of course, their setup costs about three times as much as mine and it’s not clear that there would ever be eleven things on at the same time that are worth recording, but nonetheless, it’s impressive.

1. You should be using Firefox to browse the web.

2. One reason is how many add-on search engines you can add to the top right corner so that searching Wikipedia, Merriam-Webster, eBay, Amazon, Flickr Tags, etc is just a click away and built right into the browser. It’s stunningly useful. Begin with Mozilla’s 23 popular add-on search engines, but then check out the motherload of add-on search engines at mycroft. Just click on ‘Google’ alone and see all the different ways you can more easily utilize Google (searching News, Images, etc.) and it’ll blow your mind.

3. Note: I’ve found that after installing a bunch of these at once sometimes Firefox needs a restart before it sorts all your changes. So, if you notice strange behavior, don’t panic, just restart.

For those who recall text-based adventure games, check out defective yeti’s Iraqi Invasion: A Text Misadventure. Hilarious. An excerpt:

> STAY COURSE
The situation in Iraq deteriorates.

Some insurgents arrive. There is a large number of insurgents here.

> STAY COURSE
The situation in Iraq deteriorates.

> STAY COURSE
The situation in Iraq deteriorates.

Some insurgents arrive.
There is a huge number of insurgents here.

> STAY COURSE
The situation in Iraq deteriorates.

> STAY COURSE

The situation in Iraq deteriorates.

Some insurgents arrive.
There is an overwhelming number of insurgents here.

via lawgeek.

Falko Timme at howtoforge.com has a number of excellent howtos on setting up GNU/Linux servers. I have learned much from using his Perfect Setup for Debian Sarge 3.1.

However, when I finish his perfect setup, there remain a few things that I think essential to do, particularly regarding security. There are an increasing number of dictionary attacks against ssh servers that should be addressed. I do the following:

# apt-get install logcheck
edit /etc/logcheck/logcheck.conf to change the SENDMAILTO=”your@email.address” line to include your email address so you can be notified of suspicious log activity.

To actually ban those ssh attackers, I love a program called fail2ban that is currently in Debian unstable, but not in stable. I prefer to install it without messing with my apt sources by browsing ftp://ftp.debian.org/debian/pool/main/f/fail2ban/ and noting the filename of the latest version. Then

# wget ftp://ftp.debian.org/debian/pool/main/f/fail2ban/fail2ban_0.6.0-2_all.deb
# dpkg -i fail2ban_0.6.0-2_all.deb

Then I edit /etc/fail2ban.conf and change the maximum failures allowed from 5 to 3 and the time (in seconds) that the failed IP is banned from 10 minutes to a little over two months. Also, set up the section entitled [MAIL] to notify you of the bans.

maxfailures = 3
bantime = 6000000

# /etc/init.d/fail2ban restart

Next, edit /etc/ssh/sshd_config and add the usernames of anyone authorized to have ssh access:

AllowUsers user1 user2 user3

Then, perhaps it’s the nascent attorney in me, but I like to put the SSH attackers on notice that their unauthorized access attempts are not welcome. In the same
sshd_config file, uncomment

Banner = /etc/issue.net

Then edit /etc/issue.net to contain only the following text:

If you are not authorized to access this system, LEAVE NOW.
Access attempts will be logged. Unauthorized access will be prosecuted.

On servers that have excess processor cycles and bandwidth, it’s also nice to help out the Tor network by (at least) being a middle-man server. (Tor is free software that improves your privacy online and their network relies on volunteer servers.) I prefer to run the latest version and stay up to date, so modifying /etc/apt/sources.list is the way to go. Add:

deb http://mirror.noreply.org/pub/tor experimental-0.1.1.x-sarge main

# apt-get update
# apt-get install tor privoxy socat

Then to allow no more than 1 GB of traffic per day at an average rate no greater than 75 KB/s edit /etc/tor/torrc like so:

Nickname something-unique-like-your-hostname
ContactInfo Your Name <your AT email dot address>
BandwidthRate 75 KB
AccountingStart day 12:00
AccountingMax 1 GB

Then be sure to uncomment:

ORPort 9001
DirPort 9030
ExitPolicy reject *:* # middleman only — no exits allowed

# /etc/init.d/tor restart

Then make logcheck do a little more work for you by editing /etc/logcheck/logcheck.logfiles to include:

/var/log/tor/log
/var/log/daemon.log

After a few days, when you know the tor server is working correctly, you should register it. Send mail to tor-ops@freehaven.net with a subject of ‘[New Server] (your server’s nickname)’ and include the following information in the message:

• Your server’s nickname
• The fingerprint for your server’s key (the contents of the “fingerprint” file in your DataDirectory — on Linux/BSD/Unix, look in /var/lib/tor or ~/.tor)
• Who you are, so the tor ops know whom to contact if a problem arises
• What kind of connectivity the new server will have

Finally, you should implement some sort of backup process. Falko at howtoforge comes to the rescue again with his Automated backups with rdiff-backup. (Strangely, I can get remote backups to work like this fine, but backing up the backup server itself required me to resort to a root cronjob, despite different howtos describing two alternative ways to handle this. –Update: solved.)

Also, if you’re doing rdiff-backups across various GNU/Linux distributions it’s usually important to have the same version of rdiff-backup installed on each. In this event, you might not want to follow the installation instructions at howtoforge (just the subsequent configuration stuff). For manual installations, do this:

Step 1: Get Python dependencies (explained for Debian, but just do the equivalent for your distro).

# apt-get install python2.3 python2.3-dev python2.3-pylibacl python2.3-pyxattr

(Those last two are optional, but you might as well…)

Step 2: Get librsync.

# wget http://easynews.dl.sourceforge.net/sourceforge/librsync/librsync-0.9.7.tar.gz
# tar zvxf librsync-0.9.7.tar.gz
# cd librsync-0.9.7
# ./configure
# make
# make install
# ldconfig

Step 3: Get rdiff-backup.

# wget http://savannah.nongnu.org/download/rdiff-backup/rdiff-backup-1.0.4.tar.gz
# tar zvxf rdiff-backup-1.0.4.tar.gz
# cd rdiff-backup-1.0.4
# python setup.py install

Then you configure according to the howtoforge article linked above and you’ll be backing up in style.

When I get a chance I may also explain how to set up snort, portsentry, and spamassassin. I’ve also used Bastille in the past. For the security-conscious, that’s worth looking into as well.

I ran a wireless access point finder on the bus on the way home tonight, travelling the 2.2 miles from Bancroft & Telegraph on UC Berkeley’s campus to Market St. & Stanford Ave. in Emeryville/Oakland near my place. It located 175 access points in those two miles. 61 of the APs (35%) used no encryption. What was interesting about it was that at almost every moment of the trip there were at least two or three active signals.

This made me think, if GPS technology were cheaper and were put into a future generation of wireless routers (which presumably will also have far better range) then even those who wanted to deny access to their bandwidth via WEP could at least broadcast: “I’m located at these coordinates” and then future mobile devices could ping all these routers and triangulate their position too.

I suppose people already have plans to do this using cell phone towers. I was just sort of intrigued by the thought of the general public creating the network rather than the cellular companies. I think one problem with the idea is that if the GPS technology were so cheap that it could go in every router, then it would also be cheap enough to go in whatever mobile device was hoping to do the triangulation.

I guess this brings me back to my original thought, (which I haven’t written about yet): rather than having GPS in the routers, it should just be possible for the user to enter their coordinates and broadcast them. This is basically free, requiring only some know-how on the part of the router owner. (It should be noted that of the 175 APs the SSIDs had often not been changed from their defaults: 36 2WIRExxx, 3 Apple Network xxx, 5 belkin54g, 5 default, 10 linksys, 7 NETGEAR, etc. providing some indication that people just plug them in and don’t do any configuration, and consequently counting against the chances that they’ll enter their latitude and longitude!)

The reason I didn’t mention this first was the opt-in problem but also the abuse problem. A wise guy is sure to claim that his router in Berkeley is actually located in Fiji, so a mechanism for discounting bad data would have to be built into the triangulating technology. I don’t know. There’s potential for something here. Maybe someone can work it out in the comments.

Five years ago today, on Dec. 12, 2000, I created an account with the SETI@Home project and signed up my computer(s) to help analyze radio signals from the Aricebo telescope in search of signs of intelligent life elsewhere in the universe. SETI@Home, while not the first volunteer distributed computing (DC) project, is certainly the most popular and most widely-known. The “Classic” version of the client has attracted 5,436,301 users who have been dazzled by the screen saver that illustrates the radio signal one’s computer is analyzing.

The SETI@Home team also contributed to the creation of BOINC, the Berkeley Open Infrastructure for Network Computing. BOINC is basically the ‘@Home’ portion of volunteer DC projects, providing a middle-ware infrastructure upon which other DC projects can operate and obtain volunteer computing resources. SETI@Home has transitioned its work onto the BOINC platform and now has nearly 310,000 users moved over to the new platform providing access to around 625,000 computers. The computing power of the combined BOINC SETI users, who provide 9,674.2 GigaFLOPs of processing prowess, is considerable. It would place the BOINC SETI users at the 29th slot in the Top 500 Supercomputers list. All of BOINC combined comes in at 101,725.5 GigaFLOPs, or #2 on the Supercomputer list. (IBM’s BlueGene/L does 280,600 GigaFLOPs and cost over $100 million.)

The “Classic” SETI@Home client will be forever shut down in just three days, on December 15, 2005. In the two weeks since a story announcing the transition appeared on slashdot.org on November 23, the number of new users of the BOINCified SETI has grown by over 58,000 or 23%. Other BOINC projects, such as Einstein@Home, Rosetta@Home, and Predictor@Home have seen a similar increase in their user base over that time period. Einstein +13,000 (+19%), Rosetta +15,000 (+165%!!!), and Predictor +6,650 (+20%). However, SETI still accounts for 63.4% of the work done by BOINC users.

Of all those who joined SETI@Home on the same day as me, five years ago, 84 have persevered and submitted work units within the last month. My last work unit submitted was in January of this year, having completed 1,872 work units taking 4.106 years of CPU time, averaging 1.02 results per day. This places me in 188,402nd place among SETI Classic users, a rank shared by 82 others. I completed more work units than 96.533% of SETI@Home Classic users.

Currently the computers I have myself are fairly busy acting as servers or as my personal laptop, but the student group at Boalt I am so overly-involved with, boalt.org, now has its own BOINC teams where the boalt.org office computers and computers of members contribute to various BOINC projects. You’re welcome to join us.

Wow. I managed to figure out where I had backed up all of this blog’s posts and then (I think) I got the mysql tables from the older version of b2evolution to play nice with this version and so now all the old posts from this site are back. Whew.

Let me know if you come across an error while browsing the site. I should start posting more now that I’ve got this fixed.

The Supreme Court has ruled. Here are the opinions:

Opinion of the Court by Justice Souter with a concurring opinion by Justice Ginsburg (joined by Chief Justice Rehnquist and Justice Kennedy) and a concurring opinion by Justice Breyer (joined by Justice Stevens and Justice O’Connor).

I awoke this morning and confirmed with FedEx and UPS that the last of my components for my broadcast-flag-busting MythTV PVR would arrive today. Then I learned that the American Library Association, EFF, and Public Knowledge had won their court case challenging the FCC’s authority to issue technology mandates such as the broadcast flag! Here’s the unanimous 3-0 34-page opinion (pdf) from the D.C. Circuit Court of Appeals. The court wrote, “we hold that the Commission acted outside the scope of its delegated authority when it adopted the disputed broadcast flag regulations.” at p. 4. For the challenge to succeed, the court had to find that someone challenging the flag stood to suffer actual harm. The court wrote, “faculty members make broadcast clips available to students in distance education courses via the Internet, but there is a substantial probability that the Libraries will be unable to do this if the Flag Order takes effect. It is also beyond dispute that, if this court vacates the Flag Order, the Libraries will be able to continue to assist faculty members lawfully redistribute broadcast clips to their students.” at p. 14. This is a great victory. Brace yourselves for the MPAA to go to Congress to ask them to either give the FCC the authority this court held they lacked or to enact a flag directly. You’ll probably want to donate to EFF and Public Knowledge. Don’t forget to hug a librarian today.

r0ml writes,

Availability of the source code is probably only relevant to computer programmers. After all, if you aren’t a programmer, what would you do with source code? In which case, a freely copyable binary would be equivalent to freely copyable source code. The ability to do something with the source code (i.e. to create a derivative work), is something only a programmer could do. Strikes me as the definition of a programmer. Yes, I know that benefits might accrue to the non-programmer indirectly, but conceding that there are no direct benefits to most people doesn’t seem like a great debating point.

We know that only 2.4% of the population are employed in “computer and mathematical occupations”. Which would seem to put an upper bound on the number of people to whom Free and Open Source Software would be relevant. And any movement which can only possibly be relevant to such a small fraction of the population is going to have difficulty garnering widespread support, or even interest.

While I am interested in the topic he goes on to discuss later, whether or not universal programming literacy ought to be a goal of our society, I think these first paragraphs go too far.

Availability of source code is extremely relevant to the non-programmer. The most important example of why is vendor lock-in, a serious problem with proprietary software, and nearly impossible with free software.

If I have to use a piece of software, either to operate this blog or to run part of my business, and I have a choice between a proprietary program (or even a no-cost binary provided without source) where any problems I have can only be solved by the software’s author, who is the only person with source code access, versus a piece of free software where I have access to the source code, and even though not a programmer myself, where I can hire any competent programmer to solve my problems with the software for me, I would, other things being equal, always choose the latter.

Free software creates a competitive market in software services because the code is available for anyone to examine and modify. That means even if I myself can’t modify it to any useful effect, I can at least enter a competitive marketplace of those who can. With proprietary software if I want my problem solved, and if I’m not an important enough customer I may even be ignored. If they are willing to help me, then the proprietary software owner can charge monopoly prices for the fix I want.

This reason alone makes free software extremely relevant to the non-programmer. It removes the proposed upper-bound on to whom free software is relevant, and gives a good reason why free software is having no problem garnering widespread support and interest. I don’t expect that I have to explain this to r0ml, but as I said, those two paragraphs seemed to overstate the situation.