From the Canyon Edge -- :-Dustin

Sunday, December 28, 2008

Win a Hardback Copy of Daemon, by Daniel Suarez!

In September, I blogged a review about the best crypto-cyber-punk-thriller I have read in some time, Daemon by Daniel Suarez. At the time, the first-run paperback was already out of print, and a new re-print in hardback had not yet hit bookstore shelves. This book is a must-read by anyone interested in modern science fiction and techno-writing.

Courtesy of Dutton Press, I now have in my possession 3 copies of the hardback, hot off the press...

And I'm giving them away!!!

The Contest

If you haven't read the book yet, you're really in for a treat! I'm presenting 3 challenges, something like of a crypto-scavenger hunt, reminiscent of the Daemon itself.

The Prizes
  • A total of 3 hardback copies of Daemon will be awarded as Grand Prizes to the winner of each challenge. No more than one book will be awarded per person.
  • The first person to successfully complete a particular challenge will be named the winner of that challenge.
  • Any additional successful submissions before March 1, 2009 will earn fame and notoriety by being mentioned here in my blog, with your name and a timestamp of your completion date ;-)
  • And hopefully everyone who competes will learn at least something about Daemon, Ubuntu, eCryptfs, free and open source software, and cryptography.
  • Kees Cook has independently solved each of these challenges and has graciously volunteered to serve as an independent judge in the event of any tie or controversy. His decision is final.
The Schedule

The challenges (increasing in difficulty) will be published here in my blog as follows:
In the meantime, you might want to brush up on:
  • Ubuntu, livecd's, virtual machines, encryption, encrypted private directories, eCryptfs, gnupg, md5, sha, john, shell scripting
Cheers!
:-Dustin

Saturday, December 20, 2008

Jaunty Manpages


A new version of the Ubuntu Manpage Repository has just rolled out to production! Thanks Lamont ;-)
This version includes a number of bug-fixes, a few new features, and the complete collection of manpages in Jaunty.

:-Dustin

Thursday, December 18, 2008

Linux Inflight Entertainment Boot Sequence Video

On my last flight between Paris and Houston on Continent, I had the privilege of seeing one of the Linux Inflight Entertainment systems in action.

At first, I didn't get to see it boot up, but I did have fun playing with the music and movies on demand. It's something roughly akin to the MythTV I've grown to know and love at home.

A couple of hours into the flight, the lady in front of me rang the flight attendant and complained that her system wasn't functioning properly. The flight attendant said that she'd just "reboot" the system.

I jumped up and yelled, "Oh, mine's not working either...can you reboot mine too?!?" My wife knew what was going on, and she rolled her eyes :-)

I grabbed my camera and videoed the whole boot process. I uploaded all 450MB to YouTube in high quality (while I was onsite at Google for UDS last week):
* http://www.youtube.com/watch?v=F1-rfMBp6vw



Your impressions?

Seeing that this is a 4 minute long boot process, I'd say they have some room for improvement! On the other hand, my sarcastic side sees this befitting of all things related to the airline industry and flying...hurry up and wait for arbitrary and no good reasons...

Sorry for the bumps...


:-Dustin

Sunday, December 14, 2008

The Ubuntu Server already includes a Window Manager?


The Ubuntu Server has always had a command-line only interface, and has never included a graphical desktop, such as Gnome, KDE, or XFCE. We differ quite a bit from other Linux distributions in this respect.

But did you know that the default Ubuntu Server installation, as of Intrepid Ibex, does include a window manager by default? Expand your mind a bit and check out the venerable GNU screen utility!

screen is simply an incredible program--dare I say that any good Linux/UNIX system administrator really must get to know screen. You can multiplex several tasks, send them to the background, and bring them to the foreground later, and customize task bars with all sorts of interesting information. I've never considered myself a screen expert, but I know enough to know that there's a lot I don't know :-)

The default configuration of screen in Ubuntu is quite functional, but it's lacking, um, pizazz... It's capable of a lot more.

The following is the result of several hallway conversations at last week's Ubuntu Developer Summit in Mountain View, California. Nick Barcet and I decided that the Ubuntu Server could, and should include some more useful profiles for screen, that take advantage of its more advanced features. Dave Walker helped with some early prototyping, adding some code that detects when updates are available and a reboot is required. We kicked around the idea a bit more with Kees Cook, Jamie Strandboge, and Steve Langasek.

So I created a new package this morning, screen-profiles. This package currently includes two screenrc profiles that I created, one for Ubuntu, and one for Debian. It also contains a binary, select-screen-profiles, which provides an interactive method for quickly switching among the available profiles on the system.

I have uploaded packages for Hardy, Intrepid, and Jaunty. To install, add my PPA to your /etc/apt/sources.list. And then:
$ sudo apt-get install screen-profiles
$ select-screen-profile

Here's a sample screen shot.


Notice that the first status bar across the bottom actually contains "tabs" of the open screen sessions. You can use ctrl-a-c to create a new tab, and ctrl-a-0 .. ctrl-a-4 to swtich among the available tabs. The highlighted tab is the currently active one, 1 source.

The second status bar I've reserved for system state information. Currently, this includes the current LSB release and version, Ubuntu 8.10. The blue @ indicates that a system restart is required (it's supposed to look like the Ubuntu restart icon). The red 28! indicates that there are 28 updates available. And, of course the system time follows. Note that an Ubuntu circle-of-friends logo is pretty much impossible with a standard character set, but hopefully the 3-colored \o/ logo approximates the "spirit" of Ubuntu ;-)

And for good measure, I tested this on a Debian and a Fedora system, each with their own logo approximations in the lower left.

Debian:

Fedora (on a black console, just to show that look too):

So I think I'm just scratching the surface of the possibilities of screen for the Ubuntu Server. I'm really interested your favorite ~/.screenrc profile! If you're doing something interesting or cool with your screen configuration, please post your ~/.screenrc (with a GPLv3 header) and screenshots in your blog, and add a URL here as a comment. I'm hoping to ship this package in the Ubuntu Jaunty Server with a number of interesting profiles.

If you're looking for more information on customizing these screenrc files and the various commands, take an hour and read the screen(1) manpage. It's a long one ;-)

:-Dustin

Ubuntu Allstars Bootlegged!



That's right... I bootlegged the Ubuntu Allstars Jam at UDS Jaunty! I mean, we recorded everything else this time, so why not?

Using Audacity -- an excellent open source sound editor in Ubuntu Universe -- I recorded the gig, carved it up into tracks (with fade ins and fade outs), and then exported to both MP3 and OGG formats.

While we had a hell of a lot of fun jamming, I think we'll be keeping our day jobs hacking on Ubuntu ;-)

Available for download at:
* http://people.ubuntu.com/~kirkland/Ubuntu_Allstars/2008-12/

The set-list:
  1. Blues Jam
  2. Wonderwall
  3. Brown Sugar
  4. Knocking on Heaven's Door
  5. Whisky in the Jar
  6. Dead Flowers
  7. Hey Joe
  8. Wish You Were Here
  9. You Shook Me
  10. Sweet Home Alabama
  11. Tangled Up in Blue
  12. American Pie
Rock on,
:-Dustin

Wednesday, December 10, 2008

Ubuntu Server: Suspend/Hibernate for Jaunty?

We spent an hour yesterday at the Ubuntu Developer Summit discussing the potential of suspending, hibernating, and resuming an Ubuntu server.

The Ubuntu Desktop has gotten really good at suspend/hibernate/resume. I think I've suspended/resumed my laptop 30 times already at UDS. Woohoo!

With Ubuntu virtual machines, we have a couple of ways to "suspend" or "hibernate" at the hypervisor level, with pausing, and snapshotting.

I'm suggesting that we close the gap and attempt to support hibernate and/or suspend in the Ubuntu Server OS.

Radical? Perhaps... A number of people noted that, "No one hibernates or suspends a server." But that's what's so attractive about it to me.

On the positive side, the frameworks have been established already on the Desktop side. The pm-utils package provides command-line utilities to enter into the lower power states. Most i386 and amd64 server hardware is remarkably similar to laptop/desktop hardware from an ACPI perspective.

On the negative side, much server hardware (think PCI devices) have never been tested for suspend/hibernate and resume. We would additionally need something like wake-on-lan, open-ipmi, or nut to remotely send the "wake up" signal.

Okay so the use cases... We came up for a couple, but I'm certainly looking for more.

Server hibernation might be useful for offline hardware maintenance, migration of installations from real hardware to virtual machines, and migration from virtual machines to real hardware.

Server suspend might be useful for faster power-on and hot spare backup servers.

Either way, such a feature would allow an administrator to bring Ubuntu servers running on real hardware down to low-power states, and resume back to a running system and restore the previous context. We discussed build servers and DNS servers as potential candidates, in that these systems build a cache of valuable data into memory over time--to reboot or shutdown is to clear memory and loose the "optimal performance" state.

I suspect you might have some other server scenarios that could potentially benefit from hibernate/suspend/resume... If so, I would love to hear from you in the comments below. Or, if you would rather, you can join the ranks that are calling me crazy for even proposing this ;-)

:-Dustin

Monday, December 8, 2008

Encrypted Home Directory Performance

Thanks very much to Michael Larabel of Phoronix.

He picked up the instructions from my last blog post, Ubuntu Jaunty: Encrypted Home Directories and ran the Phoronix performance suites.

These are very early results, on a nascent Jaunty distribution still undergoing heavy development. But I must say that I'm rather pleased with the performance hit to the majority of the workloads they tested.

There was roughly a 1% hit in most tests (compilation, compression, audio/video encoding, image processing). The hit was a bit more significant when encrypting a file in userspace, on top of eCryptfs (which is really asking the kernel to encrypt already encrypted data, and compress), as well as the huge-file write. We're looking into some optimizations we might be able to make at the kernel level to improve this.

Without further adieu...

http://global.phoronix-test-suite.com/?k=profile&u=phorocrypt-16497-10491-19665

:-Dustin

Tuesday, December 2, 2008

Ubuntu Jaunty: Encrypted Home Directories (Beta Available!)

One of the biggest features (in my not-so-objective opinion) of Ubuntu Jaunty Jackalope is rapidly coming together...

Encrypted home directories!

I have two packages available for beta testing in my PPA:
  • adduser
  • ecryptfs-utils
To test this functionality on a Jaunty system, install these two packages and then, as the root user, create a "foo" user with an encrypted home:
  • adduser --encrypt-home foo
This will create the user, generate a mount passphrase, copy the /etc/skel default data into a mounted/encrypted home directory, take the new user password, wrap the mount passphrase, and then unmount the home directory. Subsequent logins by the "foo" user will mount the home directory accordingly.

I've tested this pretty thoroughly with both command-line, server logins, as well as graphical desktop logins. It's working really well, and I'm quite excited about it! This is going to be far easier and more secure than moving bits and pieces of data in ~/Private, and manually symlinking files and directories around.

Caveats...
  • Encrypted filenames have landed in the upstream Linux -mm kernel; but they're not in the Ubuntu Jaunty kernel yet. I think they should make in time for the Jaunty release.
  • Migrating an existing, non-encrypted home directory to an encrypted one is not something that we can do automatically--there's quite simply too much that can go wrong. I will, however, provide a wiki page describing how to do it as the root user, in a recovery shell. Basically, bad things can happen if any other processes running as the user try to read or write data in their home directory during the migration.
Next Steps...

I've released the code necessary to setup the encrypted home directory in ecryptfs-utils-67. As soon as Debian pulls that release into unstable, I'll merge it into Jaunty (and then you can skip the PPA step).

After that, I hope to add "Encrypt Home" as an option to both the graphical and server installers, when creating the administrator user. We should be able to do this in the Server Installer easily by Alpha-2, and the Desktop Installer by Alpha-3.

Also, we need to modify the graphical "User Settings" program as provided in system-tools-backends to support the --encrypt-home option.

Miscellaneous

Separate, but related to this work item are two other blueprints for Jaunty:
:-Dustin

Monday, December 1, 2008

Tux on a Groom's Cake

I read an interesting blog post today, about Ubuntu bread:
It reminds me of the groom's cake at our wedding a few years ago:


The cake designer started with a mold of Buddha for the basic body shape, and added a beak and webbed feet :-) Cool, huh?

:-Dustin

Printfriendly