FIX: Ubuntu usplash stops “Waiting for resume device”

October 2, 2009 at 13:18 · Filed under linux

I am currently messing with Ubuntu 9.04 on my laptop, and as usual I’ve set up an encrypted root filesystem and an encrypted swap; this time I preferred to use the distributions built-in means for disk encryption (basically dm-crypt and LUKS). It worked like a charm, you just have to use the Alternate CD in order to have the disk encryption options available.

There was only a minor glitch: the usplash graphical boot stopped right after the message “Waiting for resume device” leaving me with the plain old text boot; the solution is written in this bug report. The proposed patch from Florent Mertens will not work for Ubuntu 9.04 but it contains everything you need to fix the problem: you just have to edit the file /usr/share/initramfs-tools/scripts/local-premount replacing the line

/sbin/usplash_write "TIMEOUT ${slumber}" || true

with

/sbin/usplash_write "TIMEOUT $(( ${slumber} + 2 ))" || true

Basically usplash stops itself if there isn’t anything written on the standard output after a certain time; since the “Waiting for resume device” operation takes too much time this modification adjusts the timeout accordingly.

Always on the bug report there is a possible explaination for this behaviour: on the last post Alexander Sashanov says that one of the way to reproduce this bug is to change the swap partition’s UUID. Since my swap device is encrypted with a random key and so mkswap is executed at every boot, the swap UUID changes indeed at every boot, causing the timeout.

Leave a Comment

Readings

September 9, 2009 at 16:29 · Filed under readings

I always loved to read, starting from Mickey Mouse when 3 years old and onward. ;-) On the Internet there is plenty of material to feed the hungriest readers, maybe even a bit too much. Reading can be done for fun or for profit… It’s best when it’s both! So, here’s two advices about reading material that is both fun and full of useful insights (if you got some interest in computer science, that’s it):

  1. E.W. Dijkstra manuscript archive: writing was always a fundamental part of Prof. Dijkstra’s research, as you can read here. His collection of papers, called EWD’s, contains a lot of clever ideas both about mathematics, informatics (computer science) and quite some other things. Dijkstra’s opinions are always strong, often surprising, but always based on solid reasoning. Many accused him of being too close minded, but I can assure you that his writings are in fact mind openers. The documents are both in HTML and PDF format (apart few exceptions), the latter being often hand-written documents scan; I always read from the PDF’s, after having printed them, Dijkstra’s hand writing is really easy to read. If you don’t know where to start I can point you to this Convocation Speech, The Humble Programmer, Real mathematicians don’t prove, There is still a war going on and The fruits of misunderstanding.
  1. Paul Graham’s essays: Paul Graham shares with Dijkstra the usage of writing as a way to think clearly about interesting subject matters. His essays are mostly about subjects he likes: programming, software startups (he co-founded one, now he’s a venture capitalist) and art; there are also writings about unrelated fields, anyway. Graham’s style is always clear and his contents are never trivial; again, quite often his readings are mind opener. The content is in HTML format only, but Graham did put quite some care to keep it in a readable format. As starting points I can suggest Beating the Averages, Revenge of the Nerds, The Python Paradox, Mind the Gap (warning: this one is about economics and society, not strictly computer science related).

Have fun!

Comments (2)

Still tinkering with Loop-AES

July 23, 2009 at 16:34 · Filed under linux, security

Thanks to my new Toshiba Satellite A300 capabilities, from some months now I changed my Loop-AES setup to use a USB memory stick as boot device instead of the old CD-ROM. I also found a nice distribution as rescue system, System Rescue CD, which supports most of my laptop’s hardware and has built-in support for Loop-AES.

Configuring Loop-AES for USB boot was pretty straightforward, thanks to the README; I just had to adjust a parameter for the build-initrd.sh script, namely INITIALDELAY=8, in order to give my system enough time to recognize the USB device right after the kernel is loaded.

For some time I had two USB memory sticks: one to boot my laptop, the other one with System Rescue CD. An idea came to my mind: why not merge their content in the same USB drive? If I do that, then I can use only one drive both to boot my laptop and to boot the rescue system; the other drive can be a backup of this one, for safety reasons.

This turned out to be pretty easy: I’ve copied SysRescueCD files to the USB drive used to boot the computer following the instructions of the manual, I’ve changed a bit SysRescueCD’s syslinux.cfg to add Loop-AES’ boot instructions and finally  I’ve removed Loop-AES’ syslinux.cfg. The modifications to SysRescueCD’s syslinux.cfg looks like this:

default linux
...
label linux
 kernel vmlinuz
 append initrd=initrd.gz root=100 init=/linuxrc rootfstype=minix
...

In the end it was all about changing the default clause and adding Loop-AES boot configuration. Actually I modified syslinux.cfg a bit more, to add a custom boot picture, set the default keyboard map to match my Italian layout and things like these, but I’ll keep that out for simplicity.

Leave a Comment

Surrexit Dominus Vere Alleluja

April 12, 2009 at 12:57 · Filed under Uncategorized

Happy Easter, everyone. :-)

P.S. I think that remembering and celebrating the fact that Jesus overcame death and that ultimately we will overcome it too is especially important after the last happenings here in Italy.

Leave a Comment

Earthquake

April 6, 2009 at 15:14 · Filed under Uncategorized

The last night, at 1:32 UTC (3:32 local time), a very bad earthquake happened in the center of Italy. As official sources (link in Italian) say it was 5.8 (or 6.3) magnitude on Richter’s scale and the ipocentre was 8.8km deep. The epicentre was near the city L’Aquila, a bit more than 100km from where I live, near Terni.  Many buildings of L’Aquila and nearby towns have been destroyed, especially these that hadn’t been built with earthquakes resistance in mind; anyway, many buildings built with anti-earthquakes criterion in mind have also been damaged. The last news report more than 90 victims,  hundreds people injured and about one hundred thousand people that can’t go back to their homes.

Update (19:15 UTC / 21:15 local)

The victim number keeps growing, now it’s more than 150. During the day several tremors happened, the population nerves are really tense. Some jackals started to exploit the chaos. Also, the hospital, which should have been built following the anti-quakes laws directives (it is 13 years old, such laws are about 20 years old instead) is severely damaged as well.

Update April the 7th (6:00 UTC / 8:00 local)

During the night several corpses have been found, now they’re 179 in total. The night passed away with some minor quakes, the strongest being 4.8 on Richter’s scale. It rained during the whole night, which didn’t quite help.

Update April the 7th (18:00 UTC / 20:30 local)

At 17:42 UTC (19:42 local) there was another tremor estimated around 5.7 on Richter’s scale; it caused some additional building’s damage and at least another victim, the cathedral of L’Aquila went completly down after that. So far, the number of dead people is 228.

Update April the 8th (20:10 UTC / 22:10 local)

The number of victims grew up to 272, he first funerals have been celebrated. The hope to find alive people lowers more and more, but tomorrow the search for people will continue.

Update April the 9th (19:45 UTC / 21:45 local)

The number of dead people is not 281. I just felt another tremor from where I live (near Terni, Umbria, 100km from L’Aquila): it was as strong as the strongest ones of these days but shorter, about 10 seconds. I still have no official news about this one.

Update April the 11th (9:15 UTC / 11:45 local)

This will be the last update, unless something unexpected happens; by now the situation seems stable enough. The number of victims is now 291, and yesterday there have been funerals for 205 of them.

I will probably write again about all this in future, but for now that’s all.

Comments (3)

ZeroShell autologin

March 17, 2009 at 15:29 · Filed under Uncategorized

Have you ever had to regularly use a network with Captive Portal-like authentication? If you did, you surely know how annoying it can be, especially if you have some sort of automatic scripts to be executed right after connecting to the Internet.

Ok, maybe it isn’t a common situation but this is my case: at Perugia’s Mathematics and Computer Science department we have a wireless network that uses ZeroShell’s Captive Portal for authentication and I heavily use Arch Linux network facilities to run some scripts right after the connection. The problem here is that normally you have to authenticate yourself manually, via a web browser, before being able to access the Internet: only after this step the scripts would be able to to their job…

Luckily thanks to this little Python script by munhoz  I can now authenticate myself automatically and my scripts can run normally. Thank you man! :-D

Leave a Comment

Memories

January 29, 2009 at 20:46 · Filed under history

Children

January the 27th was declared “Remembrance Day”: the memories are these of the Holocaust. That day and during the previous ones I’ve heard and read so many things about Jews and Holocaust that I decided to write down something about it for peace of conscience. I really feel for the Jewish victims of such atrocity; actually I feel also for every victim of it, but what the Remembrance Day is really just about Jews, as the Italian law that created it (the link is in Italian) clearly states:

“The Italian Republic recognizes January the 27th, date of Auschwitz’s gates’ falling, as the “Remembrance Day”, in order to remember the Shoa (Jewish people extermination), the racial laws, the Italian persecution of Jews citizens, the Italian that suffered deportation, confinement, death, as well as these that, also in other fields and sides, opposed themselves to the extermination project, and risking their life, have saved other lives and protected the persecuted.

Maybe some day the other victims of Nazi’s extermination will get a remembrance day for themselves too, guaranteed by the Italian law, I really hope so.

As I said, I’m writing this for peace of conscience: it’s not like I had a role in the Nazi’s eugenic programme, nor my family did. Anyway, because I feel that such memories needs respect, I’m going to mention  a little example of people who  damage them and that, in my opinion, isn’t underlined enough by the so-called “official information”; I’m not going to cite other notorious examples just because they’re already well known.

In my opinion, the worst kind of disrespect for the memories of the Holocaust is the one that comes from the descendant of the people who suffered it. No, I’m not talking about the murder of Palestinians, that’s already well known (for example, see here, here, here and here).

Here I would like to underline how vile and shocking is the operate of these who damage historical memory by making up fake happenings; and no, I’m not referring to the usual negationists (who I still despise), they are also well known.

Some of these that should care more for the memories of the happenings of their own kind actually mocks them just by writing stories: hoaxes about the Holocausts, written by Jews (or supposed ones, keep reading…). I’ll just cite two  (actually, three) examples:

  • Misha Defonseca, in her book “Misha: A Memoire of the Holocaust Years”, she described her Holocaust experience, in her childhood: she lived with wolves to escape the Nazis, she killed a German soldier for self defense and she traveled about 5000 kilometres through Europe to find her parents. She later admitted that such stories were completely made up by her; she isn’t even Jewish.
  • Benjamin Wilkomirski wrote a book called “Fragments” about his remembrances of the Holocaust as child. In the book he describes with a direct and crude language the horror of the Holocaust as he remembers it. His true name is Bruno Grosjean, he’s not Jewish and he lived in Switzerland during the whole Holocaust. Ironically he was found out because he claimed to know another fake Holocaust survivor, Laura Grabowski; the latter invented her fake Jewish identity to sell a book as well and get money with donations.

Shame on them and on every other jackal who exploits such tragedy for their petty ambitions: they just contribute to raise suspicions and hate about the honest Holocaust victims, Jewish and otherwise.

Leave a Comment

System Rescue CD

January 20, 2009 at 17:44 · Filed under linux, security

I’ve been looking for quite some time for a live CD that supported Loop-AES in order to do some system maintainance on my laptop; Knoppix does a very good job at that, but unluckly it doesn’t have a recent kernel. As result, with Knoppix I could mount easily my encrypted root partition but I was unable to use both my wireless and ethernet network cards.

When I was about losing hope to have something ready and I almost started building a custom Knoppix with a recent kernel (or a custom Slax, patched with Loop-AES support) I found a wonderful Live CD that has everything I need: System Rescue CD.

The distribution's logo

The distribution's logo

The last x86 version features a 2.6.27.10 kernel and full Loop-AES support. I just tested it and it works flawlessy: I can mount my Loop-AES encrypted root partition and use my ethernet and wireless network cards while running this live distribution from an USB pen-drive!

I still havn’t explored the tools available on the Live CD/USB but it looks like having a rather interesting feature list. The distribution itself is based on Gentoo Linux.

Kudos to the System Rescue CD authors… They really did a cool job! :-D

Comments (1)

Disk encryption: an example with Loop-AES

November 19, 2008 at 22:23 · Filed under linux, security

This post’s topic is exactly the same as a speech that I did at the MOCA 2008. I enjoy using encrypted disks from several years and I think it is a topic worth writing about. The first part of this post will be an introduction about disk encryption in general; an overview about a particular setup for laptops’ hard disks will follow.

Why you should bother about encrypting your disks? The exact goal here is to protect the confidentiality of your data when it is not being used. This means that you should not worry about other people accessing your files if your laptop is stolen, or if you lose a CD-ROM or a USB memory key. On the other hand, if an opponent accesses your encrypted disks while you’re using them disk encryption will be bypassed. Also, disk encryption alone doesn’t grant data integrity and availability.

So, is it worth to spend time and effort into encrypting your disks after all? As usual, when taking decisions about security, you have to make a trade-off: if you encrypt your disks you’re not likely to put at danger 25 million people’s personal data just by losing a CD-ROM, for example. Nowadays we can store a lot of data in very little space: think about CD-ROMs, USB memory keys… even laptops keep getting smaller. The smaller the storage device, the easier is to lose it or to have it stolen.

I am going to describe my laptop’s disk encryption setup as a practical example of what disk encryption involves. My laptop runs Linux (Arch Linux, to be precise) and it has only one hard disk. To implement disk encryption I’ve used Loop-AES; it was the best choice for the setup I wanted to do and I think this still holds true. Loop-AES has a very well made README: everything I will describe can be seen there in detail, command by command and updated to the last Loop-AES version. For this very reason my description won’t be detailed: if you want to do this setup, or one of the others described in the Loop-AES README, check it out; if you’re Italian you may also want to look at the translation of the README’s sections that involve this particular setup.

In general, when encrypting a disk the more data you encrypt the better it is. Most of Linux full disk encryption setup that I found on the Internet are not really full. They leave out the /boot partition because the boot loader, be it LILO or Grub, is not able to boot the system using a kernel from an encrypted /boot partition. Keeping your /boot partition unencrypted makes it relatively easy for it to be tampered with and this could have bad consequences for the rest of the encrypted disk too. Even if I said before that disk encryption does not assure data’s integrity I think that it is better to avoid leaving /boot unencrypted. Being this paranoid, I’m not even going to consider encryption schemes that involves only home directories for the same reason and, moreover, because sensitive data can be written on other disk places as well: think of /var or /tmp as examples.

My setup involves two partitions on the hard disk: the root and the swap partition, both encrypted using the AES cipher with 256 bit keys. I assume that the target system has a working Linux installation with that partition scheme.

The first step is to install Loop-AES itself. Loop-AES has a kernel space part, which just replaces the standard kernel module for loopback devices management, loop.ko. The user space tools required to use Loop-AES are modified versions of some util-linux programs: mount, umount, swapon, swapoff and losetup. In order to realize the full disk encryption with a boot CD-ROM, diet-libc and statically compiled versions of GPG, and AESpipe are also needed. The latter is an utility downloadable from the Loop-AES website that can encrypt the data that it reads from the standard input.

The swap partition is simply encrypted with a random key generated at every computer’s boot. After having installed Loop-AES this means just a little modification on /etc/fstab. Using a random encryption key at every boot means that that at every reboot the data previously written on the swap partition is lost. This is not a problem for me because I don’t use suspend-to-disk.

The root partition setup instead is more articulated: the unencrypted /boot partition resides on a CD-ROM that I bring along with me even when I don’t have my laptop at hand.

To create the boot CD-ROM you need to have a kernel with some custom options set : as example, you don’t want to compile the loopback device driver on it, neither built-in nor as module, because Loop-AES replaces it. Then you will need a key file, created with GPG; Loop-AES will use your password to unlock this key file and the 65 keys that are on it to encrypt the disk; this implies that an opponent without the keyfile (that is on the boot CD-ROM) will have to crack all the 65 keys to get your data. An initial RAM-disk is also needed: in the Loop-AES distribution there is a script that creates it accordingly with a configuration specified by you. Last, to have your boot CD-ROM working, you will need to put a boot loader on it: the README suggests using ISOLINUX that indeed works very well (I had fun customizing its startup picture).

The last step is to encrypt the data of your root partition. In order to do this you need to reboot your system with a Live-CD or something alike, modify the /etc/fstab root partition entry and use the AESpipe utility to actually encrypt your disk’s content. This will take quite some time (at least it did on my old laptop), but after this your work is really done!

Comments (1)

Django at the Linux Day 2008

November 1, 2008 at 20:39 · Filed under events

In October the 25th I had the pleasure to do a speech at Perugia’s Linux Day. The Linux Day occurs every year in Italy from 2001 most of Italy’s Linux User Groups organizes events like conferences and “install fests” about Linux and free/open-source software in general. Perugia’s LUG, that I am a member of, was no exception.

My speech title was “Django: Python for the web”. Django is a Python based framework for web development that has several interesting features: among the other things it has an easy to use object-relational mapper and a powerful template system. Django based web applications are organised in a model-controller-view like structure, with few naming changes: the controllers are called views and the views are called templates. Python’s power allows run-time code generation; because of that, Django based web applications contains almost no redundant code, especially at the ORM level. Also, Django based web applications (called “projects”) are made by one or more modules (called “applications”): this encourages writing reusable components and using modules already written by other developers and already widely tested.

The speech, in Italian, consisted in two parts: a short presentation of Django and a demo based upon Django’s overview.

The Linux Day logo (a penguin's paw)

The Linux Day logo

Leave a Comment

Older Posts »