Log in

pavelmachek's Journal

Recent Entries

You are viewing 25 entries, 25 into the past.

10th March 2015

10:30pm: Happy Easter from DRAM vendors
DRAM in about 50% of recent notebooks (and basically 50% of machines without ECC) is so broken it is exploitable. You can get root from normal user account (and more). But while everyone and their dog wrote about heartbleed and bash bugs, press did not notice yet. I guess it is because the vulnerability does not yet have a logo?

I propose this one:

           |   \                                                                                     
  +---+    +====+
 -+   +-     ||
  |DDR|      ||
 -+   +-     ||
  +---+      ||

Memory testing code is at github. Unfortunately, Google did not publish list of known bad models. If you run a test, can you post the results in commments? My thinkpad X60 is not vulnerable, my Intel(R) Core(TM)2 Duo CPU     E7400 -based desktop (with useless DMI information, so I don't know who made the board) is vulnerable.
10:15pm: Random notes
Time: 1039 Safe: 101

Plane 'X' landed at the wrong airport.

You beat your previous score!

 #:  name      host      game                time  real time  planes safe
  1:  pavel     duo       default             1040      34:38   101

And some good news: Old thinkpad x60 can take 3GiB RAM, making machine usable a little longer.

gpsd can run non-root, and seems to accept output from named pipe. Which is good, because it means using wifi accesspoints to provide position to clients such as foxtrotgps is easier. Code is in gitorious tui.

6th March 2015

11:45pm: Position privacy protection
Mozilla maintains access points (AP) database at location.services.mozilla.com. Location using WIFI is cool: you don't need GPS hardware, and you can fix quicker/for less battery power in cities, and you can get a fix indoors.
Mozilla will return your position if you know SSIDs of two nearby access points, using web service. That has disadvantages: you need working internet connection, connection costs you time, power and money, and Mozilla now knows where you are.
Obvious solution would be to publish AP database, but that has downside: if you visit Anicka once and learn SSID of her favourite access point, you could locate Anicka with simple database query once she moves.

first = select N numerically lower (or most commonly seen) access points in the area
second = all access points in the area
for i in first:
      for j in second:
              at position sha1(i, j, salt?) in the database, store GPS coordinates.
If probability of missing access point when you are in the right area is P, probability of not being able to tell your location is P^N. Database will grow approximately N times.
Storing salt: it will make it harder to see differences between different version (good). But if we play some tricks with hash-size to artificaly introduce collisions, this may make them ineffective.
Problem: There is only 2^48 access points. Someone could brute force hash. Solution: store fewer bits of hash to create collisions?
Problem: If you can guess Anicka anicka likes South Pole, and suddenly new access point appears in the area, you can guess her address. Comment: not a problem since Anicka would have to take two access points to the South Pole? Or still a problem since you don't need to know address of the second AP to locate her?
Problem: If you know Anicka likes Mesto u Chciplyho psa, where noone ever moves and noone ever activates/deactivats APs, you can still locate her. Comment: is it a problem? Are there such places?

Any ideas? Does it work, or did I make a mistake somewhere? Is there solution with lower overhead?

20th February 2015

10:56am: What you might want to know about uloz.to
1. captcha is not case-sensitive

2. you can get around concurrent downloads limit using incognito window from chromium. If you need more downloads, chromium --temp-profile does the trick, too.

What you might want to know about Debian stable

Somehow, Debian stable rules do not apply to the Chromium web browser: you won't get security updates for it. I'd say that Chromium is the most security critical package on the system, so it is strange decision to me. In any case, you want to uninstall chromium, or perhaps update to Debian testing.

18th February 2015

11:50am: When you are drowning in regressions
..then the first step is to stop more regressions. That's the situation with Nokia N900 kernel now: it has a lot of hardware, and there's kernel support for most of that, but userland support really is not mature enough. So I added test script to tui/ofone, which allows testing of battery, audio, LEDs, backlight, GPS, bluetooth and more. It is called "tefone". "ofone" script (with gtk gui) can be used to control modem, place calls and read SMSes. You'll need a library to actually get voice calls with audio.

On a related note, my PC now resumes faster than my monitor turns on. I guess we are doing good job. (Or maybe Fujitsu did not do such a good job). Too bad resume broke completely in 3.20-rc0 on thinkpad.

26th January 2015

12:19pm: On limping mice and cool-looking ideas
I got two Logitech mice, and they worked rather nice. But then buttons started acting funny on first, then second, and I switched to Genius one (probably with lower resolution sensor). I quickly found that I have two mice with working sensor, and one mouse with working buttons. Not good.
Now, I got new Logitech M90.. this one has working sensor, two working buttons, and three legs of the same length. Ouch. It wobbles on table :-(.
It also shows why mouse-box is cool-looking, but not quite cool idea. Mouse is something that gets damaged over time, and needs to be replaced... which is something you don't want to do with your computer. (Plus, your mouse will not be too comfortable to use when it has three cables that were not designed for bending, connected.)

12th January 2015

6:00pm: Why avoid ACPI on ARM (and everywhere else, too)
Grant Likely published article about ACPI and ARM at http://www.secretlab.ca/archives/151 . He acknowledges systems with ACPI are harder to debug, but because Microsoft says so, we have to use ACPI (basically).

I believe doing wrong technical choice "because Microsoft says so" is a wrong thing to do.

Yes, ACPI gives more flexibility to hardware vendors. Imagine replacing block devices with interpretted bytecode coming from ROM. That is obviously bad, right? Why is it good for power management?

It is not.

Besides being harder to debug, there are more disadvantages:
* Size, speed and complexity disadvantage of bytecode interpretter in the kernel.
* Many more drivers. Imagine GPIO switch, controlling rfkill (for example). In device tree case, that's few lines in the .dts specifying which GPIO that switch is on.
In ACPI case, each hardware vendor initially implements rfkill switch in AML, differently. After few years, each vendor implements (different) kernel<->AML interface for querying rfkill state and toggling it in software. Few years after that, we implement kernel drivers for those AML interfaces, to properly integrate them in the kernel.
* Incompatibility. ARM servers will now be very different from other ARM systems.

Now, are there some arguments for ACPI? Yes -- it allows hw vendors to hack half-working drivers without touching kernel sources. (Half-working: such drivers are not properly integrated in all the various subsystems). Grant claims that power management is somehow special, and requirement for real drivers is somehow ok for normal drivers (block, video), but not for power management. Now, getting driver merged into the kernel does not take that long -- less than half a year if you know what you are doing. Plus, for power management, you can really just initialize hardware in the bootloader (into working but not optimal state). But basic drivers are likely to merged fast, and then you'll just have to supply DT tables.
Avoid ACPI. It only makes things more complex and harder to debug.

9th January 2015

11:32pm: fight with 2.6.28
...was not easy. 2.6.28 will not compile with semi-recent toolchain (eldk-5.4), and it needs fixes even with older toolchain (eldk-5.2). To add difficulty, it also needs fixes to work with new make (!). Anyway, now it boots, including nfsroot. That should make userspace development possible. I still hope to get voice calls working, but it is not easy on 3.18/3.19 due to all the audio problems.

24th December 2014

11:42pm: Merry Chrismass from DRAM vendors
As a Chrismass present, you may be interested to learn that your computer's memory (DRAM) does not work as well as you thought.

Iteration 139 (after 326.41s)
49.460 nanosec per iteration: 2.13668 sec for 43200000 iterations
(check took 0.213835s)
Iteration 140 (after 328.76s)
48.805 nanosec per iteration: 2.1084 sec for 43200000 iterations
error at 0x890f1118: got 0xfeffffffffffffff
(check took 0.244179s)
** exited with status 256 (0x100)

And yes, it probably means "your memory, too". Thread on lkml is "DRAM unreliable under..."

20th November 2014

10:18pm: fight with pulseaudio
On nokia n900, pulseaudio is needed to have a correct call. Unfortunately that piece of software fights back.

pavel@n900:~$ pulseaudio --start
N: [pulseaudio] main.c: User-configured server at {d3b6d0d847a14a3390b6c41ef280dbac}unix:/run/user/1000/pulse/native, refusing to start/autospawn.

Ok, I'd really like to avoid complexity of users here. Let me try as root.

root@n900:/home/pavel# pulseaudio --start
W: [pulseaudio] main.c: This program is not intended to be run as root (unless --system is specified).
N: [pulseaudio] main.c: User-configured server at {d3b6d0d847a14a3390b6c41ef280dbac}unix:/run/user/1000/pulse/native, refusing to start/autospawn.

Ok, I don't need per-user sessions, this is cellphone. Lets specify --system.

root@n900:/home/pavel# pulseaudio --start --system
E: [pulseaudio] main.c: --start not supported for system instances.

Yeah, ok.root@n900:/home/pavel# pulseaudio --system
W: [pulseaudio] main.c: Running in system mode, but --disallow-exit not set!
W: [pulseaudio] main.c: Running in system mode, but --disallow-module-loading not set!
N: [pulseaudio] main.c: Running in system mode, forcibly disabling SHM mode!
N: [pulseaudio] main.c: Running in system mode, forcibly disabling exit idle time!
W: [pulseaudio] main.c: OK, so you are running PA in system mode. Please note that you most likely shouldn't be doing that.
W: [pulseaudio] main.c: If you do it nonetheless then it's your own fault if things don't work as expected.
W: [pulseaudio] main.c: Please read http://pulseaudio.org/wiki/WhatIsWrongWithSystemMode for an explanation why system mode is usually a bad idea.

Totally my fault that someone forgot to document this pile of code. Thanks for blaming me. I'd actually like to read what is wrong with that, except that the page referenced does not exist. :-(.

17th November 2014

9:45pm: gcc trying to be helpful... in pretty unhelpful way
gcc tried to help me with figuring pulseaudio-module-cmtspeech-n9xx compilation... It says:

/lib/x86_64-linux-gnu/libz.so.1: error adding symbols: DSO missing from command line

To decrypt it, you should understand that "DSO" is a library. So it wants you to add /lib/x86_64-linux-gnu/libz.so.1 to command line you are using to compile. It took me a while to figure out...

9th November 2014

10:46pm: Dialer for ofono?
I have stock Debian running on Nokia n900, with ofono stack (on 3.18-rc1 and nfsroot)... and would like some GUI dialer. There's none in ofono project. mer had some, so I went to http://gitweb.merproject.org/gitweb ... but it gives me "service temporarily unavailable"... I was told to look at telepathy-ring, but that is not in Debian 7.7, and would have a lot of dependencies. Any ideas where to get sources of dialer from mer or what other software to use?

And... Is there a recommended camera application in Debian? I'd like to test that the drivers still work...

18th October 2014

9:43pm: N900 nfs root
So you'd like to develop on Nokia N900... It has serial port, but with "interesting" connector. It has keyboard, but with "interesting" keyboard map, you mostly need full X to be useful... and it is too small for serious typing, anyway. You could put root filesystem on SD card, but that is disconnected when back cover is removed. And with back cover in place, you can't reset the machine.

Ok, so NFS. Insecure, tricky to setup, but actually makes the development usable. I started with commit 4f3e8d263^ (because that should have working usb networking according to mailing lists).. and with config from same page. Disadvantage is that video does not work with that configuration... but setting up system blind should not be that hard, right?

Assemblying minimal system with busybox from so I could run second-stage of debootstrap was tricky, and hacking into the resulting debian was not easy, either, but now I have telnet connections and things should only improve.

6th September 2014

11:38pm: Fraud attempt from DAD GmbH
Got snail mail from DAD GmbH, Postfach 11 35 68, 20435. I should update my business info (which I never gave to them) and by submitting updated info, they would charge me 500 euro (small notice so that you are likely to miss it). I hope they go to jail for this.

3rd September 2014

11:09am: Boot shell
Yesterday I got electric shock. Yes, the device was supposed to be turned off by remote-control outlet, but I was still stupid to play with it.

Have you ever played the "press any key to stop autoboot" game, followed by copying boot commands from your notes, because you wanted to keep boot loader in original (early project phases) or final (late project phases) configuration? Have you reached level 2, playing autoboot game over internet?

If so, you may want to take a look at boot shell (bs) from Not Universal Test System project. In ideal case, it knows how to turn off/on the target, break into autoboot, boot your target in development mode, and login as root when user land is ready.

30th July 2014

6:33pm: Friends don't let friends freeze their hard drives
Hour and 15 minutes later, platters look really frozen... and heads are leaving watery trails on the harddrive, that clicks. Ok, this is not looking good.

Should not have let it run with water on board -- outside tracks are physically destroyed.

Next candidate: WD Caviar, WD200, 20GB.

This one is actually pretty impressive. It clearly has place for four (or so) platters, and there's only one populated. And this one actually requires cover for operation, otherwise it produces "interesting sounds" (and no data).

It went to refrigerator for few hours but then I let it thaw before continuing operation. Disk still works with few bad sectors. I overwrote the disk with zeros, and that recovered the bad sectors.

Did fingerprint on the surface. Bad idea, that killed the disk.

Ok, so we have two information from advertising confirmed: freezing can and will kill the disk, and some hard drives need their screws for operation.
6:27pm: I have seen the future
...and did not like what I saw. I installed Debian/testing. Now I know why everyone hates systemd: it turned minor error (missing firmware for wlan card) into message storm (of increasing speed) followed by forkbomb. Only OOM stopped the madness.

Now, I've seen Gnome3 before, and it is unusable -- at least on X60 hardware. So I went directly into Mate, hoping to see friendly Gnome2-like desktop. Well, it look familiar but slightly different. After a while I discovered I'm actually in Xfce. So log-out, log-in, and yes, this looks slightly more familiar. Unfortunately, theme is still different, window buttons are smaller and Terminal's no longer can be resized using lower-right corner. I also tried to restore my settings (cp -a /oldhome/.[a-z]* .) and it did not have the desired effect.

24th July 2014

3:00pm: Nowcasting for whole Europe, international travel script
CHMI changed their webpages, so that old.chmi.cz no longer worked, so I had to adapt nowcast. My first idea was to use radareu.cz, that has nice coverage of whole europe, but pictures are too big and interpolated... and handling them takes time. So I updated it once more, now it supports new format of chmi pictures. But it also means that if you are within EU and want to play with weather nowcasting, you now can... just be warned it is sligtly slow... but very useful, especially in rainy/stormy weather these days.

Now, I don't know about you, but I always forget something when travelling internationally. Like.. power converters, or the fact that target is in different time zone. Is there some tool to warn you about differences between home and target countries? (I'd prefer it offline, for privacy reasons, but...) I started country script, with some data from wikipedia, but it is quite incomplete and would need a lot of help.
2:51pm: More fun with spinning rust
So I took an old 4GB (IBM) drive for a test. Oops, it sounds wrong while spinning up. Perhaps I need to use two usb cables to get enough power?

Lets take 60GB drive... that one works well. Back to 4GB one. Bad, clicking sounds.

IBM actually used two different kinds of screws, so I can not non-destructively open this one... and they actually made platters out of glass. Noone is going to recover data from this one... and I have about 1000 little pieces of glass to collect.

Next candidate: Seagate Barracuda ATA III ST320414A, 20GB.

Nice, cca 17MB/sec transfer, disk is now full of photos. Data recovery firms say that screw torque matters. I made all of them very loose, then removed them altogether, then found the second hidden screw and then ran the drive open. It worked ok.

Air filter is not actually secured in any way, and I guess I touched the platters with the cover while opening. Interestingly, these heads do not stick to surface, even when manually moved.

Friends do not let friends freeze their hard drives, but this one went into two plastic back and into refrigerator. Have you noticed how the data-recovery firms placed the drive there without humidity protection?

So, any bets if it will be operational after I remove it from the freezer?

15th July 2014

12:00am: Fun with spinning rust
Got a hard drive that would not spin up, to attempt recovery. Getting necessary screwdrivers was not easy, but eventually I managed to open the drive. (After hitting it few times in an attempt to unstick the heads). Now, this tutorial does not sound that bad, and yes, I managed to un-stick the heads. Drive now spins up... and keeps seeking, not getting ready. I tried to run the drive open, and heads only go to the near half of platters... I assume something is wrong there? I tried various torques on the screws as some advertising video suggested.

(Also, drives immediately stick to the platters when I move them manually. I guess that's normal?)

Drive is now in the freezer, and probably beyond repair... but if you have some ideas, or some fun uses for dead hard drive, I guess I can try them. Data on the disk are not important enough to do platter-transplantation.

3rd July 2014

12:29pm: Web browser limits desktop on low-powered machines
It seems that web browser is the limit when it comes to low-powered machines. Chromium is pretty much unusable with 512MB, usable with 1GB and nice with 2GB. Firefox is actually usable with 512MB -- it does not seem to have so big per-tab overhead -- but seems to be less responsive.

Anyway, it seems I'll keep using x86 for desktops for now.

30th June 2014

10:03pm: Warning: don't use 3.16-rc1
As Andi found, and it should be fixed in newest -rcs, but I just did

root@amd:~# mkfs.ext4 -c /dev/mapper/usbhdd

(yes, obscure 4GB bug, how could it hit me?)

And now I have

root@amd:/# dumpe2fs -b /dev/mapper/usbhdd
dumpe2fs 1.41.12 (17-May-2010)


>>> (2059923-1011347)/1024.
>>> (3108499-1011347)/1024.

. Yes, badblocks detected error every 4GB.

I'll update now, and I believe disk errors will mysteriously disappear.

22nd June 2014

4:59pm: Feasibility of desktop on ARM cpu
Thinkpad X60 is old, Core Duo@1.8GHz, 2GB RAM notebook. But it is still pretty usable desktop machine, as long as Gnome2 is used, number of Chromium tabs does not grow "unreasonable", and development is not attempted there. But eats a bit too much power.

OLPC 1.75 is ARM v7@0.8GHz, .5GB RAM. According to my tests, it should be equivalent to Core Solo@0.43GHz. Would that make an usable desktop?

Socrates is dual ARM v7@1.5GHz, 1GB RAM. It should be equivalent to Core Duo@0.67GHz. Oh, and I'd have to connect display over USB. Would that be usable?

Ok, lets try. "nosmp mem=512M" makes thinkpad not boot. "nosmp mem=512M@1G" works a bit better. 26 chromium tabs make machine unusable: mouse lags, and system is so overloaded that X fails to
interpret keystrokes correctly. (Or maybe X and input subsystem sucks so much that it fails to interpret input correctly on moderate system load?)

I limited CPU clock to 1GHz; that's as low as thinkpad can go:
/sys/devices/system/cpu/cpu0/cpufreq# echo 1000000 > scaling_max_freq

Machine feels slightly slower, but usable as long as chromium is stopped. Even video playback is usable at SD resolution.

With limited number of tabs (7), situation is better, but single complex tab (facebook) still makes machine swap and unusable. And... slow CPU makes "unresponsive tabs" pop up way too often.

Impressions so far: Socrates CPU might be enough for marginally-usable desktop. 512MB RAM definitely is not. Will retry with 1GB one day.

19th June 2014

4:49pm: debootstrap, olpc, and gnome
Versioned Fedora setup that is by default on OLPC-1.75 is a bit too strange for me, so I attempted to get Debian/ARM to work there. First, I used multistrap, but that uses separate repositories. debootstrap might be deprecated, but at least it works... after I figured need to do debootstrap --second-stage in chroot. I added firmware, set user password, installed system using tasksel, and things started working.

So now, I have a working gnome on OLPC... with everything a bit too small. I don't know how OLPC solved high-dpi support, but Debian certainly does not do the right thing by default.

21st May 2014

12:31pm: I love Python
Timetable conversion finally finished. It only run for 3.5 days...

159645.09user 151296.77system 311825.86 (5197m5.860s) elapsed 99.71%CPU

And as a bonus... Did you ever see ssh man-in-the-middle in the wild?

Someone could be eavesdropping on you right now (man-in-the-middle
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
Please contact your system administrator.
Add correct host key in /data/pavel/.ssh/known_hosts to get rid of
this message.
Offending key in /data/pavel/.ssh/known_hosts:137
RSA host key for ....de has changed and you have requested
strict checking.
Host key verification failed.

That was Hotel Kossak in Krakow. Apparently when your internet connection key
expires, they launch a free attack at you as a bonus.
Powered by LiveJournal.com