Monthly Archives: November 2011

YaCy – a p2p search engine

Posted on by

So I’m running a YaCy node – which is a pretty awesome project to create a search engine indexed “by the people, for the people.”

YaCy provides a java servent  that can index internal resources and external web pages. You have MANY controls over what and how it’s indexing and the resources allocated to it. There are tons of built-in analytics and logging for the stats geek in you.

It’s still rough, but seems damned promising.  A bonus – it uses jQuery and Solr.

I really like the idea of indexing all the content you care about and also providing that index to the world at large to search, but I have concerns over the long-term impact of more ‘bots crawling the web. I would like to see YaCy figure out a way to minimize it’s impact on a global level – if every yacy node is indexing the same sites, it could easily escalate to a DDoS-level problem. Perhaps they’re already working on this issue.

Dual Monitor support under Kubuntu 11.10 with nvidia drivers

Posted on by

There was a pretty annoying regression in nvidia support under Kubuntu (and probably regular ole’ Ubuntu) 11.10 – dual monitor support is busted. Ouch.

Confusion abounds on how to fix this, but it seems all you need to do is:

  • uninstall nvidia-173
  • install nvidia-current
  • remove /etc/x11/xorg.conf to cause another one to be regenerated, and then
  • Reboot. You’ll be using a newer driver and be able to configure twinview via nvidia-settings per the usual.
You’re just updating the nvidia driver, that’s all. This just happens to be the easiest way.

S1:E26 – Conspiracy

Posted on by

Ugh, this one was so gross, there were these bugs and they crawled into your mouth and stuck a pointy gill out of the back of your neck. I really wish they hadn’t made this episode, it was really disgusting.  (Me: What about when the guy was sitting the chair with the “mother” creature in him?) No! I don’t wanna think about that part. Ughh.  They made all these good ones with just a little bit of blood and then this one was ugh, too much.

S1:E25 – We’ll Always Have Paris

Posted on by

“Captain Picard goes into the holodeck and he sets it to “Paris,” I think? And there’s a girl waiting there – he sits next to her and talks. Then he sees the girl when she’s grown up and married. The scientist she’s married studies other dimensions and is weird in the head. He’s hallucinating about how cool the other dimension was and stuff. I don’t really remember how it ends, though. I didn’t really like this episode much.”

Inferring password storage security through maximum password length requirements.

Posted on by

I’d like to follow up on a fairly obvious thought I tweeted today:

If a site has password length limits, it’s probably stored in plaintext. Hashed passwords (of any size) have a predicable length.

Excuse the typo, please. Explanation:

The sane operating procedure for password storage is to use a hash function (md5, sha256, bcrypt and similar) along with a “salt” to one-way hash the password. This hash is a known length, no matter how long the password is. For a hexidecimal md5 sum, it’s 32 characters.  When a user comes back to authenticate, you take the password they supply and the salt, calculate the hash, and match it against the hash you have on file. If the newly calculated sum matches the one you have on file, the user has entered their password properly.

There’s no logical reason to limit a hashed password’s length: a 4 character password and a 4000 character password will both calculate to the same size hash.

So if a website has a maximum password length, it means they are probably NOT hashing it and the limit they apply is to keep you from exceeding the column length of the table they store it in.  @abackstrom pointed out here that it’s probably the same situation for disallowed “special characters” – they shouldn’t care what you enter if all they are doing is hashing your password. If they do, they are probably storing it directly in a database.

Why is this bad? Many obvious reasons:

  • Your unencrypted password is sitting in a database, waiting to be stolen if/when the site in question is compromised,
  • Many people share passwords amongst websites, so a list of email addresses and unencrypted passwords can lead to many more compromised accounts on sites all over the web,
  • It’s unnecessary. There’s almost no valid reason to store an unhashed password, especially with all the excellent authentication frameworks out there.

What can you do?

If you’re a website user, complain! If a website has a maximum password length or a restriction against special characters: contact them! Tell them you don’t appreciate their lax security.  Ask them to support openID, ask them if they store passwords unhashed, just let them know this is important.

If you’re a developer, use an authentication library known to do things right in your language of choice. Don’t write your own, busted, authentication system.

Kubuntu 11.10 on the Acer Aspire Timelinex AS4830tg-6450

Posted on by

Synopsis: The info below should tell you most of what you need to get kubuntu 11.10 working on the Acer Aspire Timelinex AS4830-tg 6450, which currently has an MSRP of $729 USD but can be found cheaper through some retailers. It’s working great! I don’t see why they wouldn’t work for a normal ubuntu 11.10 install.  These instructions should be valid for similarly kitted Acer Timelinex laptops too, like the AS3830TG-6424, the AS5830TG-6402 and other models with optimus switchable graphics.

Fear not! It is easier to get this machine working than the length of my instructions would imply.

Details

I’ve gotten Kubuntu 11.10 working with pretty much everything that I care about, including the full power-saving capabilities of the hardware. I get more than 7 hours on the battery. Notes:

  • Download and write kubuntu 11.10 to a usb stick, instructions elsewhere. I’m using the 64bit flavor and it’s wonderful.
  • HDD: Make some room on the hard drive for your linux install by shrinking the largest windows partition. I did this through windows, but whatever makes you happy. Leave the space unallocated, you’ll partition it through the kubuntu install process.
  • BIOS updates: Reboot, going into the BIOS by pressing f2 during the POST. Change the boot priority to use the USB device, or enable the “boot menu via f12” option that’s in there.While you’re in the BIOS, switch the graphics to “integrated.” This will power down the nvidia GPU and lead to some pretty major power savings.Yeah, this kinda sucks, but switchable graphics through ironhide is just not there yet. I was able to get it working (for some values of “working”) but it was VERY quirky to the point of being unusable.  Don’t get me wrong, the ironhide/bumblebee folks have done some great work and I’m looking forward to full optimus support in the near future.This BIOS change means if you want to use the nvidia GPU under windows that you’ll need to go into the BIOS during a reboot and change back to “switchable.” That’s a fine compromise as far as I’m concerned (98% of my time is in linux, I only use windows for games), and the fact that Acer makes this a BIOS option is great – my Asus 1215n didn’t have this option so the nvidia GPU was always on.
  • Install! Boot to your USB stick. Your wifi and ethernet cards should be recognized without a problem. You should probably leave the 18gb and 100mb recovery partitions alone so you can factory-reset the machine easily should you decide to sell it later on. I created a 35gb / partition, 5 gb swap and 240gb /home, but go with what you like. After the installation is complete, you have a few more linux-level tweaks to implement.
  • kernel boot options: edit /etc/default/grub, and change GRUB_CMDLINE_LINUX_DEFAULT to be:
    GRUB_CMDLINE_LINUX_DEFAULT=”quiet splash pcie_aspm=force acpi_osi=Linux i915.i915_enable_rc6=1″
    This will light up a bunch of hotkeys and power management features. Update grub after making this change, via “sudo update-grub”. Reboot. Thanks to this page for the boot options.
  • cpufreqd – install it. This will clock down your CPU according to different profiles and lead to major power savings.The default cpufreqd config needs tweaking, as it’s really not optimized well for the full capabilities of the linux kernel/i5 hardware combo. I really, really like the “ondemand” governor as it means a cooler running system that’ll use the full capabilities of your CPU when needed. I suggest changing every “policy=” in /etc/cpufreqd.conf to “ondemand” and every “minfreq=” and “maxfreq=” setting to 0% and 100% respectively.You can tweak cpufreqd.conf endlessly, but these minor changes make a HUGE difference with no noticeable impact on performance. Reboot the cpufreqd daemon after changing the config file, of course.
  • KDE changes:
    Effects:    Go into “System Settings -> Desktop Effects -> Advanced” and switch the compositing type to “XRender”. This will give you access to a significant number of effects that work pretty well under the intel integrated gpu.Nepomuk: Go into “System Settings -> Desktop Search” and disable Nepomuk (boo!). You may not need to do this, but I’ve found it’s just too large a resource hog for me to keep it enabled. This is probably because I have a huge $HOME directory with a bajillion text files for my development projects along with three very large email accounts. Nepomuk just never seems to stop indexing and I definitely notice the load. Additionally, shutting down Nepomuk means that pulseaudio works better – I’m guessing because pulse isn’t getting CPU/io starved because of nepomuk’s endless indexing.

That’s it! You’ll have a blazingly fast linux laptop that’ll run over 7 hours on the battery and that weighs less than 5 lbs. I bought mine for $729 at newegg.com – this is a great value for a laptop that just oozes quality. If / when I start to feel performance constrained I plan on getting an intel 320 series SSD drive to replace the 5400rpm western digital it comes with.

What’s working

  • Most hotkeys
  • Powersaving: > 7 hours(!)
  • Sound, including speakers (some folks reported that as a problem). I have had sound lockups that’re fixed by just suspending / awakening the laptop – but since I disabled nepomuk they’ve mostly gone away.
  • Card reader
  • DVD drive
  • Networking – wifi and ethernet
  • Suspend
  • Multitouch on the pointing device.
  • Fan speed – others reported that as a problem, I’ve not seen it.
  • Dual boot
  • webcam (trying opening the /dev/video0 capture device via vlc)

What isn’t

  • Widi
  • Nvidia GPU acceleration under linux.
  • The windows key (probably just need to map it to something)
  • Hibernate – but who cares with working suspend and a pretty fast boot time?

What’s not been tested

  • USB power-off charging
  • Microphone – internal or external
  • HDMI out (probably won’t work, if it’s like other optimus devices)
  • VGA out (probably will work, if it’s like other optimus laptops)

** UPDATE **

  • VGA out works perfectly under the intel video drivers.

S1:E24 – Skin of Evil

Posted on by

“I’m so extremely sad that Yar is dead. I liked her a lot! That skin of evil was a messed-up idiot. Picard was pretty smart to get him mad so they could beam. I bet there will be a new character. The end was too sappy. They should’ve just said she was moved to a new ship instead of killing her!”

S1:E23 – Symbiosis

Posted on by

“The drug people, they were obsessed with drugs. The rich planet was mean and they didn’t tell the poor planet that they weren’t sick any more. I don’t like that they did that. The crew gave them the drug but they didn’t give them the ship repairing things. I think the poor planet is going to get better and then they’ll learn how to build their own stuff and fix ships. Hopefully the rich planet will learn not to be mean.”