mikas blog

This might have become a rant too. First of all because it’s not possible to log the “apt-get upgrade”-process in detail with (on-board) debian-tools. What IMO sucks too is the missing documentation for some tools like apt-listchanges and apt-listbugs. So I tried to figure it out via manpage in combination with the provided example-scripts of apt-listbugs. Corresponding to google-output and #debian.de it seems that most of the debian-developers even don’t know of their existence.

Ok – what I was searching for:

* log upgrades in detail to be able to reconstruct possible errors (very important on productive systems)
* check for open/outstanding bugs (also on selected packages only) and list them
* show bug-reports with different severities without using a webbrowser

What’s my solution? First of all I tried to do some logging via strace. Problem: does not work while using the configfiles /etc/apt/apt.conf.d/10apt-listbugs and /etc/apt/apt.conf.d/20listchanges which are calling DPkg::Pre-Install-Pkgs-commands.

So I wrote a small shellscript:
www.michael-prokop.at/computer/config/bin/debstrace

I’m also using some adjusted apt-listbug-examples in my zsh-setup:
www.michael-prokop.at/computer/config/.zsh/zsh_debian
and a ruby-script:
www.michael-prokop.at/computer/config/bin/listbugs.rb

WFM (works for me). Suggestions are welcome.

Currently I’m building my own chroot-environment. Now I’ve a static zsh from cvs-tree:

[mika@tweety(519): ~/Source/zsh-cvs-040803/zsh]$ ldd Src/zsh
        not a dynamic executable
1 [mika@tweety(520): ~/Source/zsh-cvs-040803/zsh]$

Now I’m trying to modify my zsh-setup so it works without any more modifications out of the box in the chroot-environment.

In a chroot you’ll probably find no GNU-date so I wrote a zsh-wrapper for it:

zmodload -i zsh/datetime
alias datereplacement='strftime "%Y-%m-%d" $EPOCHSECONDS'
export DATE=`datereplacement`

Now you can use “$DATE” in zshrc for dynamic stuff.

I relaxed at the weekend without touching any computers (expect for about 20 minutes on saturday). Quite uncommon feeling ;-).

What I’ve done on friday before driving back to Klagenfurt was setting up chroot on two of my linux-boxes. Based on the work of Wolfgang Fuschlberger and hisssh-scp-chroot-jail-script (thanks Wolfgang!) I tried to set it up but noticed some traps. I sent some bugfixes to Wolfgang and he already merged them into his script (great!).

I wrote a small webpage with some notes on setting up chroot and mentioned it on my german linux-tipps-webpage.

What’s on my todo-list (as 423 other things 8-)) is to check the security-state of the chroot-environment. And I’ll try to check and provide some static binaries inside chroot for providing shellaccounts on my boxes for scp, svn,…

Second week of IPICS04 has been done too.

Monday (26th of July):
Bart Preneel (Katholieke Universiteit Leuven, Belgium) was giving “An introduction to cryptology, Part II” in 5 units. Main topics were MAC, PKI and GSM-security. Herbert Leitold (Secure Information Technology Center, Austria) was talking about ‘Electronic voting in Europe’ and it’s main problems. Afterswards Karl Scheibelhofer (Secure Information and Communication Foundation, Austria) give us some information about ‘Java Crypto Solutions for Embedded Systems’ like J2ME and IAIK Java Crypto Products.

Tuesday (27th of July):
Keith Martin (Royal Holloway, University of London, UK) held interactive 4 units on ‘Electronic commerce’. Main topics were B2C, B2B and clients vs. managers point of view – no real news for me. Eugen Brenner (Graz University of Technology, Austria) held a lecture on ‘Writing secure code’. It’s content has been development process, threat modeling, risk mitigation, security testing, root causes and secure coding techniques.

Start 3-Days Industrial Seminar

Wednesday (28th of July):
Stefan Mangard, Elisabeth Oswald and Vincent Rijmen (Graz University of Technology, Austria) were talking about ‘Side channel attacks’ and ‘Defense against side channel attacks’ including demonstrations. Taling about SPA (Simple Power Attaks), DPA (Differntial Power Attacks) and Timing Attacks was very interesting!

Erkay Savas (Sabanci University, Istanbul, Turkey) hold a lecture on ‘Sensor Network Security’ – including topics like SNEP, microTESLA and PKC in sensor networks.

Johannes Wolkerstorfer and Martin Feldhofer (Graz University of Technology, Austria) were talking about ‘Authentication with RFID Tags’.

Thursday (29th of July)
Bart Preneel (Katholieke Universiteit Leuven, Belgium) was talking about GSM-, WLAN-, UMTS- and bluetooth-security in his talk ‘Mobile communications security’. Very interesting!

Ernst Haselsteiner from Philips Semiconductors (Austria) was talking about ‘Common Criteria Evaluation of a Smart Card Cryptographic Library’.
Afterwards Dieter Gollmann (TU Hamburg-Harburg, Germany) give us an introduction to ‘Evaluating Protocols’.

Quite interesting was the lecture from Holger Bock (Infineon Technologies, Austria) about ‘Random Numbers in Security Applications’. Main topics were Kalmogorov Complexity and systems like RANDy, Protego and SLE66C(X)xxxP and some more theory.

IPICS Presentation Day – Friday (30th of July)

Very detailed information on ‘Computer architecture for pervasive security’ like as “fast cryptographic processing” and “attack resistance” was telling us Ruby LEE from Princeton University (USA).

Bart Preenel (Katholieke Universiteit Leuven, Belgium) told us some news on ‘Trends in cryptological research: The European Network of Excellence in Cryptology’ – again very interesting!

Dieter Gollmann (TU Hamburg-Harburg, Germany) was talking about TCP (Trusted Computing Base) , MLS (Multi-level security) and TCPA/TCG in his talk ‘Trusted Computer Platform’.

An introduction to the topic bometry gave us Reinhard POSCH (Chief Information Office, Austria) in “Biometry and Identification”.

Conclusion: IPICS04 was very interesting. I got many new keywords I could/can google for. Organisation of the event was also absolutely great. Thanks to Prof. Karl C. Posch!

BTW: I’ve done some urlblogging during the second week of IPICS04 – it’s available online: http://del.icio.us/mika/ipics04

Yesterday evening I was (together with Sven Guckes) at JazzerSommerGraz where Chick Corea was playing a really great concert.

Some pics are available online.

There was – as usual – free entrance and I think some people didn’t know what kind of music Chick Corea and his Electric Band are playing because they left concert quite early 8-). At least you were able to figure out the non-musicians in the audience – banging with head on the wrong beat (or they were musicians but blowers 8-)).

Just found on planet.debian.net:

mailto:de_DE@euro.UTF-8

—
http://blog.drinsama.de/erich/2004/07/27#locales

My Kanotix/Knoppix-installation on my Sony-Laptop sucked. Hotplugging was quite crappy and using WLAN-card with WEP at IPICS04 did not work. So it was time for testing the Debian/Sarge-DVD I got by Fred Andresen from Linux-New-Media.

Installation of Debian/Sarge was quite comfortable. No (obvious) bugs in the installer, no loss of data and a fast way to get a current version of Debian/unstable. The takeover of my pptp- and wlan-setup was done quite fast. Sound is working and I’m running 2.6.8-rc2.

Notice: never try to start KDE when you don’t have a loopback-device. Not a single error-message, debugging due to the kdeinit-system is quite hard and you just notice a hanging ksplash at 25% – *doh*.

A cronjob sends me a daily output of my calendar for the next 20 days (pal -r 20). What I also like is ‘at’ as a reminder:

echo "mail -s 'check TODO-list' your@address.invalid < /dev/null" | at 23:42

Of course this can be used also with other programs like osdsh, [kgX]dialog,…

What’s your favourite way of handling reminders and todo-list?

Let me show the power of zargs. First of all let’s see wheter both commands do the same:

$ find /usr/include -name \*.h -exec grep printf /dev/null {} \; | wc -l
389
$ zargs /usr/include/**/*.h -- grep printf /dev/null | wc -l
389

Yes, seems so – so let’s compare them via ‘time’:

$ time ( find /usr/include -name \*.h -exec grep printf /dev/null >| /dev/null {} \; )
Real: 4,89s User: 1,41s System: 3,46s CPU-percent: 99%
$ time ( zargs /usr/include/**/*.h -- grep printf /dev/null >| /dev/null )
Real: 0,27s User: 0,14s System: 0,14s CPU-percent: 102%

Now I was searching for other zsh-addicts via Feedster. I couldn’t find really interesting blogs but what I could find is ZWS. ZWS is a simple web server written in ZSH. ZWS uses zsh/stat, zsh/datetime, zsh/net/tcp and tcp_proxy. IMO it’s just something like a prototype – but at least it demonstrates the power of zsh.

And now going on searching for other zsh-addicts…

Because I’m having internet-access while sitting at IPICS04@TUG I will give a short overview over the last week.

Tuesday (20th of July):
Ahmed Patel from Ireland was talking about ‘Investigative Computing’. Main topics were comparison of existing models (Interpol, Casey, DRWS,…) and some main parts of computer forensic. Günther Pernul from University of Regensburg took a 4 units lecture on ‘Authorization and access control’. Till now this has been to most interesting lecture for me due to I learned some really new stuff. Pernul was talking about discretionary, mandatory and role-based access controls and presented some case studies (DAC+SQL-security, CSAP and RBAC in IRO-DB). All together 198 slides and about 5 coffees. ;) In the evening we took a tour through Graz, drinking some beers on Schlossberg.

Wednesday (21th of July):
Vincent Rijmen (TU Graz) was giving ‘an introduction to cryptology [part 1]’. Rijmen’s topics have been historical ciphers, modern ciphers (DES, AES, RC4) and asymmetric cryptology. Afterwards Simone Fischer-Hübner from Karlstad was talking about ‘privay and privacy-enhancing technologies’, topics like LBS (Location Based Services), mix nets and P3P (platform for privacy preferences). Only 87 slides and about 3 coffees for the whole day.

In the evening my girlfriend came from Klagenfurt to Graz together with her brother Christian and we went to JazzSommerGraz where global.kryner were playing a really great concert. There we met Sven Guckes and Karl Voit who had 3 seats for us 8-).

Thursday (22th of July):
Javier Lopez from university of Malaga (spain) was talking about ‘network security’ for 4 units and afterwards on ‘advanced security services and public key infrastructures’ for the other 3 units. His main topics in network security have been ISO/OSI-model, IPSec and SSH/SSL/S-HTTP. In the PKI-lecture his topics were X.509 and other hierachical models. IMO Lopez should get an entry in the book of world records, he has done 1 slide per minute in average in 7 units(!).

Friday (23th of July):
Udo Payer (TU Graz) was talking in ’embedded intrusion destection’ [58 slides] about FSM-implementations, SOM (self organizing maps) and OS-fingerprinting. Erland Jonsson from Chalmers university (Sweden) hold a lecture on ‘dependability and security’ – 39 slides, very theoretical content like dependability and it’s attributes, security and dependability metrics. Finally Jorma Kajava from Oulu (Finland) was talking about ‘end user perspecitve’ (article of 38 pages) with an ‘ill voice’ – quite hard to listen.

Saturday (24th of July):
The trip to the vineyard-street in styria was quite funny. Visiting a vine-museum and an accident from the bus with a car in a small city on countryside which took us for about 1,5 hours (till police arrived ;-)) were quite ‘interesting’ 8-).

Sunday (25th of July):
Some of the other visitors of IPICS04 were going to Schwarzlteich, but I decided to relax on this day (suffering from short of sleep over the last few days) and just did some work at home and watching movies.

Notice for ipics-visitors: check the password-restricted ipics04-webpage.

If you don’t read Andi Krennmair’s (AK) weblog you might be interested in being pointed to his tool tpp. tpp is a tool for presenting “slides” on a textconsole. It works like a charme and Andi already implemented some of my suggested features.

What you need is Ruby 1.8, a recent version of ncurses and ncurses-ruby, get tpp on http://synflood.at/tpp/.

Great job – Andi!

I wanted to have this feature for quite some time. Today I realized it with osdsh. osdsh in combination with osdctl now displays a blue text in the centre and top of X (when it’s running) on every virtual desktop. So I don’t have to check for new messages such often (centericq is running inside a screen-session). I receive this message only in online-mode so it won’t disturb while playing dvds, working,…

# snippet of ~/.centericq/external
%action display-message-via-X
event msg
proto all
status online
options nowait
%exec
#!/bin/sh
if [ -z $(ps aux | grep "[X]11/X") ] ; then
  exit 0;
else
  nname=`head -n 46 $CONTACT_INFODIR/info | tail -n 1`
  if [ -z $(ps aux | grep "[o]sd") ] ; then
    DISPLAY=:0.0 osdsh -c blue -n 19 -o 1 --a 1 && sleep 3 &&
    osdctl -s "centericq: $nname,"
  else
    osdctl -s "centericq: $nname,"
  fi
fi

What I’d like to have is using such a feature while sitting on remote hosts. Any ideas? 8-)

Update: Changed the osdctl-command due to it expects two lines in any case, seperated by a comma. Thanks for the hint to Karl Voit.

2nd Update: corrected a spelling-error in the commented line of the script, of course it’s ~/.centericq/external and not external’s’ ;)

178 slides, 5 units in >7 hours (including pauses) – first day of IPICS04 has taken place. Prof. Karl C. Posch gave us an ‘Introduction to Information and Communication Security and Secure Embedded Systems’. Steven Furnell of University of Plymouth (UK) was talking about cyber crime.

35 participants from all over the world are here in Graz for the next two weeks. The organisation is absolutely perfect. Free(!) coffee and snacks in the pauses, a free map with >500 pages of the slides – seems to be a really great event!

Due to I’m concerned in IPICS04 for the next two weeks I assume I’ll blog more often on this events, for the upcoming lectures refer to the program.

I just found a perl module for gmail via Planet Debian.

This perl module uses objects to make it easy to interface with Gmail. I eventually hope to implement all of the functionality of the Gmail website, plus additional features.

Anyone writing an extension/wrapper for mutt? 8-)

Opera’s look and feel can be changed with one-click setups. These setup files bundle popular browser settings so you can select a style that suits you best.
Setups can change Opera’s skin, toolbars, menus, keyboard shortcuts, and mouse gestures.

— www.opera.com/startup/customize/

I really like those setups. The Safari look and feel (skin) together with the Web Developer toolbar is very useful for me. Now I’ve more space for the many tabs inside Opera on my 14,1″ TFT on my laptop.

If you are zsh-user you probably know the german “zsh-liebhaber-seite” of Matthias Kopfermann. Because the webserver of the old and original webpage is often under high load we (Matthias and me) decided to overwork the webpage and locate it on my website.

So if you are interested in zsh and are capable of reading german have fun with the new zsh-liebhaber-webpage [currently german only].

Groups Google 2 Beta is online. It’s interface is quite similiar to the one of gmail.

Check out the new interface via going through some postings. One of the new features I could find is the option “Recent groups” on the left side of the panel, displaying recently viewed newsgroups. It’s also possible to “Clear this list”. Another nice feature is that searching for a posting via it’s message-id works via the normal search field.

What I noticed is a problem with the utf8-charset. Have a look e.g. at
this posting and the following screenshots.

Opera, Konqueror, Firefox, links2 and w3m on my laptop are displaying wrong characters:

Displaying source of the posting works as it should. A nice(?)/new feature is the protection of mailadresses, message-ids don’t get touched 8-) [many people can’t distinguish between mail-addresses and message-ids]:

Have a look at the javascript-stuff. Most of the important navigation-stuff seems to work without javascript:

As you maybe know I’m currently working on the book about texttools. I’d like to include a chapter with some details on terminals. But documentation about raw-, cooked-queue and so on sucks^Wdoesn’t really exist ;-(. The only useful documentation I could find is the Single UNIX © Specification on “General Terminal Interface” and of course sourcecode of texttools working with terminals 8-).

And what I don’t like (hey, this should become a rant 8-)): I’d like to have image-support (which looks really great in “links -driver x”!) in framebuffer-mode, but:

[mika@tweety(545): ~/tmp/links2-2.1pre15]$ ./configure --with-fb --enable-graphics
[...]
Configuration results:
GPM support:            NO
SSL support:            YES
Javascript enabled:     NO
Graphics enabled:       YES
Graphics drivers:       X
Image formats:          GIF PNG XBM JPEG
xterm for OS/2 support: NO

And of course a “ldd ./links” shows that ‘links’ is not compiled against libdirectfb & CO. Grml! Ok, I’ll try to figure it out in the next few days. The duel links vs. w3m is still going on :)

Since Wednesday 16:00 I’m at holidays 8-). No work, no university – at least not official ;-). Now I’m listening to Nils Landgren’s Funk Unit at Jazz Baltica on tv (3sat).

Today I met Sven Guckes at Kunsthaus in Graz. Sven is in Graz for the next three months. Together with Sven I’m writing a book on texttools. The LaTeX-framework already exists and the subversion-repository is working fine [At revision 17.].

Sven gave me some posters from FFII and for LinuxTag 2005 in Karlsruhe. And Sven – you’re absolutely great! Sven brought me Linux DVD 2004 from LinuxTag 2004. Now I’m browsing through the documentation-dvd, thanks – Sven!