Monday, 5 November 2012

A Man And A Plane

Once upon a time there lived an Aviator, Alexander Poddubny
He has been flying all his life. 1971 graduated from a High Military School for pilots. Was offered an instructor's position. With his students 43 years ago, second left:
Civil pilot since 1981. Flying club founder in 1993. Still teachers 17 year olds to fly:
Why am I telling you this? 'cause here comes his IL-14!
They got into a bit of a trouble in 2005 the Man and the Plane as the IL-14 was locked up on a sold-off airfield:
Until released in 2011 the plane earned no money and a tax debt has built up. A compulsory sale has been ordered for late Nov 2012
It's unfair. And anything can happen: the IL-14 can go to a static aircraft display, become a restaurant or get scrapped... More info, original story, donations.

Wednesday, 10 October 2012

Get all hostnames and ip addresses from Java

A memo to myself: here is how to get all host names network interfaces and ip address from pure Java:

import java.net.InetAddress;
import java.net.NetworkInterface;
import java.net.UnknownHostException;
import java.util.Enumeration;


public class P {
    public static void main(String[] args) throws Exception {
        InetAddress localHost = InetAddress.getLocalHost();

        printInetAddress("localHost", localHost);
        
        String hostName = localHost.getHostName();
        String canonicalHostName = localHost.getCanonicalHostName();
        printByName("  by" + hostName, hostName);
        printByName("  by" + canonicalHostName, canonicalHostName);
        
        System.out.println();
        
        System.out.println("Full list of Network Interfaces:");
        Enumeration<NetworkInterface> en = NetworkInterface.getNetworkInterfaces();
        if (en == null) {
            System.out.println("got null from NetworkInterface.getNetworkInterfaces()");
        } else for (int networkInterfaceNumber = 0; en.hasMoreElements(); networkInterfaceNumber++) {
          NetworkInterface intf = en.nextElement();
          
          System.out.println();
          String ifaceId = "networkInterface[" + networkInterfaceNumber + "]";
          System.out.println("  " + ifaceId + ".name: " + intf.getName());
          System.out.println("  " + ifaceId + ".displayName: " + intf.getDisplayName());
          
          Enumeration<InetAddress> enumIpAddr = intf.getInetAddresses();
          for (int addressNumber = 0; enumIpAddr.hasMoreElements(); addressNumber++) {
            InetAddress ipAddr = enumIpAddr.nextElement();
            System.out.println();
            printInetAddress("    " + ifaceId + ".address[" + addressNumber + "]", ipAddr);
          }
        }
    }

    private static void printByName(String prefix, String canonicalHostName)
            throws UnknownHostException {
        System.out.println();
        InetAddress[] allMyIps = InetAddress.getAllByName(canonicalHostName);
        for (int i = 0; i < allMyIps.length; i++) {
            String subPrefix = prefix + "[" + i + "]";
            System.out.println(subPrefix);
            System.out.println();
            InetAddress myAddress = allMyIps[i];
            printInetAddress("  " + subPrefix, myAddress);
        }
    }

    private static void printInetAddress(String prefix, InetAddress myAddress) {
        System.out.println(prefix + ".toString: " + myAddress);
        System.out.println(prefix + ".hostName: " + myAddress.getHostName());
        System.out.println(prefix + ".canonicalHostName: " + myAddress.getCanonicalHostName());
        System.out.println(prefix + ".getHostAddress: " + myAddress.getHostAddress());
    }
 }

P.S. Thanks to the excellent folks on Stackoverflow for my starting point

Monday, 9 April 2012

Installing grub2 without Linux

Old Win XP PC + a new HDD + Win 7 = ?
? = a need to toggle between Win XP and Win 7
at least for a while

I'd like to tell you how to set this up with Grub2

Plenty of tutorials are available online which teach you how to rescue Grub after Windows has been installed. They commonly assume you've already got a Linux installation on your machine. So they instruct you to mount that installation as /mnt then chroot /mnt and fix Grub from the chroot environment.

I don't have a Linux installation. All I have is

- Win XP on an /dev/sdb1
- a new HDD to install Win 7 on /dev/sda
- Win 7 installation media
- Ubuntu 11.10 Live CD

I heard about grub4dos. Maybe it's good for the task. However I already have the Ubuntu Live CD and I would like to learn a bit about Grub2.

So what do I do?

- boot into Ubuntu Live CD, click "Try Ubuntu"
- create a 128Mb ext3 partition /dev/sda1 for Grub with gparted
- boot from Win 7 installation DVD
- allow Win 7 to create it's usual 2 new ntfs partitions (/dev/sda2 and /dev/sda3)
- allow Win 7 to install completely (a few reboots.., update..., reboot..)

It's time to implement toggling between Win 7 and Win XP

- boot into Ubuntu Live CD, click "Try Ubuntu"
- Ctrl+Alt+T to launch terminal
- sudo bash (okay now I have a root shell)
- run gparted
- make sure the 128Mb partition I had created for Grub is /dev/sda1
- execute
mkfs.ext3 /dev/sda1
mount /dev/sda1 /mnt
mkdir /mnt/boot
grub-install --boot-directory=/mnt/boot /dev/sda1
Only this does not work.
grub-install --boot-directory=/mnt/boot /dev/sda1
yields
/usr/sbin/grub-setup: warn: Attempting to install GRUB to a partitionless disk or to a partition. This is a BAD idea..
/usr/sbin/grub-setup: warn: Embedding is not possible. GRUB can only be installed in this setup by using blocklists. However, blocklists are UNRELIABLE and their use is discouraged..
/usr/sbin/grub-setup: error: will not proceed with blocklists.
Two solutions are available: --force or install Grub2 to MBR, e.g. one of
grub-install --force --boot-directory=/mnt/boot /dev/sda1
grub-install --boot-directory=/mnt/boot /dev/sda
However the above doesn't create /mnt/boot/grub/grub.cfg. Try doing it directly
grub-mkconfig -o /mnt/boot/grub/grub.cfg
from a Live CD and you will get
/usr/sbin/grub-probe: error: cannot find a device for / (is /dev mounted?).
My solution is a bit ugly but it gets the job done:
cp /usr/sbin/grub-mkconfig /usr/sbin/grub-mkconfig1
vi /usr/sbin/grub-mkconfig1
...
grub-mkconfig1 -o /mnt/boot/grub/grub.cfg
Here is are the changes between the original and modified scripts:
root@ubuntu:/etc/grub.d# diff -u /usr/sbin/grub-mkconfig /usr/sbin/grub-mkconfig1
--- /usr/sbin/grub-mkconfig 2011-10-01 12:40:46.000000000 +0000
+++ /usr/sbin/grub-mkconfig1 2012-04-09 16:20:57.667520982 +0000
@@ -128,11 +128,11 @@
mkdir -p ${GRUB_PREFIX}

# Device containing our userland. Typically used for root= parameter.
-GRUB_DEVICE="`${grub_probe} --target=device /`"
-GRUB_DEVICE_UUID="`${grub_probe} --device ${GRUB_DEVICE} --target=fs_uuid 2> /dev/null`" || true
+GRUB_DEVICE=/dev/loop7
+GRUB_DEVICE_UUID=

# Device containing our /boot partition. Usually the same as GRUB_DEVICE.
-GRUB_DEVICE_BOOT="`${grub_probe} --target=device /boot`"
+GRUB_DEVICE_BOOT="`${grub_probe} --target=device /mnt/boot`"
GRUB_DEVICE_BOOT_UUID="`${grub_probe} --device ${GRUB_DEVICE_BOOT} --target=fs_uuid 2> /dev/null`" || true

# Filesystem for the device containing our userland. Used for stuff like
To fix this properly we probably would need to find out why this command fails on an Ubuntu Live CD
root@ubuntu:/etc/grub.d# grub-probe --target=device /
grub-probe: error: cannot find a device for / (is /dev mounted?).
and adapt the whole chain of Grub2 scripts to work from a Live CD (would be nice!)

In my final step I manually edit /mnt/boot/grub/grub.cfg to make sure the order of boot menu entries and their names are what I prefer them to be.

All looks good; fingers crossed I'm heading for my reboot :)
Bingo, success!

Tuesday, 7 February 2012

The challenge of a back door

I've been long thinking about an ideal free secure open source OS.

Now here's a tough question I haven't been able to resolve.
I absolutely demand the universal freedom to know.
Yet I do not want the bad guys to take over computers.

I want to be able to hack my computer myself.
I want nobody else to be able to hack it.

How do I achieve both? Where's the balance?
I do not know. If you do know I'd like to hear from you.

Need for an open-source mainstream capability-based OS

Sander Temme wrote:
This situation paints for me the following picture: a tap is running, malware flowing like water into a sieve and onto the floor. The security industry is frantically mopping the floor, trying to stem the flow of malware. They are paid well for their trouble, but meanwhile the expensive rug that represents your business is getting awfully wet. It would be nice if someone could turn off the tap, or design an operating system that doesn’t leak like a sieve


Barrelfish?

A secure OS gotta be capability based.
It's gotta be peformant on multi-cpu boxes.
Barrelfish might be both.

Warning: capability based OS can be really restrictive.
It can be very non free (RMS will hate it).

Remote attestation peformed by a TMP chip is the issue.

BIOS tells the TPM chip the hashcode of the OS. The OS tells the chip the hashcode of your movie player. TPM chip signs the hashcode with a secret key. An MPAA member checks the signature against a database of all TPMs ever produced. If satisfied it provides you with a personal copy of a movie. To watch the movie you need a one-off key. This key is given to you. But the key is itself encrypted. Only your TPM can decrypt it. And your TPM will only decrypt it if correct hash-sums have been provided to it after the last machine restart. Unless BIOS has been broken a 3rd party can really verify what software you're running!

The only reason this is not happening now is that a myriad of drivers are running in kernel mode. It is not possible to check that your particular combination of drivers + OS comply with MPAA requirements.

But with a capability based OS there would be a very small OS core.
And it would be possible to sign it.
The 3rd parties would be able to check that it hasn't been hacked or deny useful services.
The TMP chips would lock us from our own computers!
We would no longer have the freedom to hack, the freedom to know.

Solution?

Programmers of good will should create a practical capability based OS
before commercial vendors do. They should make it so popular that nobody in
a right mind would want to repalce it with a commercial alternative.

And it should be both secure and free.
Free as in GPL v3.
Free as in free to hack.

Both secure and free to hack. That's a challenge. More on this later.