Tag Archives: Linux

Package Manager Security

(The following is long, rather technical, and somewhat esoteric. Sorry, it’s what I do.)
I try to keep reasonably abreast of developments in Arch Linux, since it has been my favorite distribution for about seven years now, and the OS on my primary-use computer for five of them. Someone (almost entirely a single very loud someone as it turns out) has been making noise about package signing in pacman, the package manger used by and written for Arch, and said noise propagated up to an article on LWN, so I took some time out tonight to read up on the matter.

The short version is that the description of events on pacman developer Dan McGee’s blog seems to be essentially correct, and the “Arrogant and dismissive” accusations were the result of someone new showing up and making long-winded demands on the mailing list in regard to a topic which has been under (occasionally contentious) discussion for years. The Arch community can certainly be a little blunt, but it has never struck me as unfriendly or inappropriately autocratic (there is quite a bit of the “Those people actually doing things get to decide how they are done” mentality: as far as I am concerned this is exactly right for community projects).

The two primary things I learned in reading are that package manager security is indeed a hard problem, and that most of the possible attacks would be extremely difficult to carry out, regardless of package signing. The typical least concern matter of security: if production machines anywhere that matters are having their DNS (& etc.) spoofed on the required scale, there is a much bigger problem than trying to slip compromised packages into systems during updates. I’ve also discovered that generally, people don’t seem to care: for example, as best I can make out, gentoo has had discussions on package/repository signing since 2002, support since 2004… and it isn’t generally used today. The Arch Wiki has a nifty article about how various distributions handle package security in the context of designing a system for Arch – it is somewhat incomplete, but the only comparison of existing systems I found. Note that the page was started and largely populated in July of 2009.

One thing I don’t quite understand is why there isn’t a movement toward, at least optionally, performing updates over secured connections: simply using ssl (which has it’s own problems) for mirror-to-mirror and user-to-mirror communication would (aside from making the CPU load involved in running a mirror much higher and considerably slowing update downloads…) convey many of the befits of signed packages/repositories with less hassle. More importantly, it would close many of the holes in package management systems which do support signing for those individuals and organizations with sufficiently critical systems and/or paranoid administrators to be willing to swallow the overhead.

With all that in mind, I find myself agreeing with the pacman developer’s ambivalence on the issue – a security scheme for pacman is not so much a “critical feature” as a”nice to have”, largely for future proofing. Likewise, a broken scheme, or one so obtrusive it goes unused is probably worse than none at all. The obtrusive issue is honestly probably the most important to me – one of my favorite things about pacman is that the makepkg process is incredibly easy. I can often go from a source tarball or CMS checkout to a easily handled package as fast as I can (safely) build and install by hand. Contrast this with, say, Debian, where packaging and installing even simple software is often a painful multi-hour affair even with things like debhelper, and simple packages tend to (in my experience) do unhelpful things like fail to uninstall cleanly. I want making my own packages, and building or modifying packages with scripts written by others to remain easy and transparent much more than I want to be protected from improbable attacks.

Forcing the issue (it looks like security features will appear in the next few pacman release cycles as a result of the noise, mostly handled by existing developers) was probably not the right thing – the security scheme should have been done slowly, carefully, and correctly by someone who is actually interested in the matter – the last point both so that it really is done right, and because Arch and Pacman are community maintained projects, where everything should be done by someone who cares, as Linus himself puts it, just for fun.

Posted in Computers, DIY | Tagged , , | Leave a comment

Marksbury Movein


I’ve had a couple neat projects eating up my spring break, but one of the bigger ones has been helping move the KAOS group into UK’s new Marksbury Building. So far it seems nice and very attractive, albeit a little weird – we’re talking 40+% unsuable glassed-in hallways, cubicle farms, and almost no storage space. I have a little cube in the corner of a lab on the first floor to call my own (until it is dynamically reallocated away – everything in the building is wrongheadedly set up to prevent entrenched labs…), which is actually a reasonably nice workspace. On that note, the various bits of furniture in the building have ABSURD list prices; each of the 12 student desks in the lab have at least $2,155 of furniture in them, including a useless drawer-and-a-half wheeled filing cabinet with a $700 list price, and a table(labelled “desk”) with a $368 list price – which is nearly indistinguishable from this $54 number from IKEA. We also have several conference tables where each LEG has a list price in excess of $300, and the whole building is furnished this way. I have no doubt that the institutional discount was deep, but it is still startling to contemplate.

Machine Room

Hotlink from Live-Update Image


One of the cooler bits is getting the group’s new machine room up – total floor space wise it isn’t very large, but has enough power and airconditioning for a couple city blocks of normal residential buildings, and enough exposed glass to make working in it a little like being in a zoo. The airconditioning unit in the back of the room that feeds the raised floor is so loud it is uncomfortable to be in the room without hearing protection, which makes working in it sort of surreal, and gives the adjoining lab a nice “distant waterfall” level of white noise. We’re bringing up somewhere in the neighborhood of 200 machines in there initially, most of them with fairly straightforward single-link Ethernet networks and stateless node configurations – so far two of the smaller machines (cik and emcluster, made of Core2Duos and Opterons respectively) are up with caos NSA and Perceus, as has been our habit of late. Unfortunately, the administrative process still has nonroutable IPs on our drops in the server room, so we can’t SSH in to use the machines remotely yet.

Posted in Computers, DIY, General, School | Tagged , , | Leave a comment

Chromium

I downloaded Chromium (google chrome, but purely FOSS, so there is a build that can be grabbed directly from the Arch repos) to play with this weekend, and it is way more promising than last time I played with it. In particular, I wanted to see if the touted speed benefits were real, and see if there was a viable alternative after the massive UI (”Open in new tab” is a critical feature for tabbed browsers…), resource consumption, and stability regressions in Epiphany after it’s switch from Gecko to WebKit.

I should note that my browser usage is a little weird; I keep one Firefox window per topic (usually 3-4) on my first virtual desktop, plus an instance of Epiphany on the second virtual desktop, which is used for mail (it stays logged in to my google account, Firefox doesn’t), banking and various other things I’d rather not have logged in alongside my normal browsing, or brought down when I manage to crash Firefox.

As for Chromium itself (I’m using “Chrome” and “Chromium” interchangeably here):

The good:
* Fast. Very, very fast. Especially javascript, which is it’s claim to fame.
* Responsive. The UI is WAY more responsive than Firefox, I’m yet to have a “did that work?” moment with it.
* The default new tab behavior that places text entered to a new tab into a google search is correct as far as I’m concerned, I’ve had Firefox set up that way for ages.
* Per-tab processes to prevent broken pages from taking down the browser.
* Extensions in separate processes. This is probably the best feature, Flash crashes all the time on my machines, and I hate having to restart Firefox to get it back.
* Incognito windows. This is a partial solution to the logged in/not logged in issue that makes me keep two browsers up.
* Perfect default tab opening behavior; tabs created from “Open link in new tab” open next to the parent tab, tabs created by ^+T open at the end of the bar. I’ve never managed to make that work consistently right in Firefox, despite having a nice extension to do so.

The bad:
* That “innovative” UI that doesn’t integrate with the desktop theme, and gets clumsy when you turn on the “Use System Title Bar and Borders” option in the vain hope that it will help.
* That same “innovative” UI that puts the tabs in that awkward fitts-law worst case scenario place close enough to the edge of the screen to require long travel, but not close enough to get edge benefits. I am not alone in this opinion, would it really be so bad to add an option to fix that?
* No scrolling tab bar. I usually have several windows with <20 tabs each, but if I spawn tabs for all the interesting unread threads in a forum or somesuch, I really like to be able to read the titles.
* Ravenous memory and cycle consumption: if you think Firefox is bad about consuming resources, just wait until you see Chrome. Then again, the latest builds of Epiphany have a nasty habit of bugging out taking up some CPU time constantly, and Chrome is way better than that.
* Awkward bookmark-group behavior. There is a “open all in new window” feature (which is very cool), but it extends to sub-folders (which is not).

Overall, it is definitely my new second-choice browser, and I’ll keep it installed to use when I have problems with Firefox. I might even switch despite the UI issues; some of the above features are really nice, and adblock works just as well with chrome (this is very important for my primary browser). It should be neat seeing the next few versions of Chrome and Firefox, real competition (sorry IE and Opera, you don’t really count) is a wonderful thing.

EDIT: Apparently adblock doesn’t work quite as well in Chrome, Firefox adblock actually prevents ad material from downloading, Chrome adblock simply prevents it from rendering. Not an issue with a fast connection and fast machine, but you might want to go ahead and fix your hosts file to get rid of the more egregious offenders anyway.

Posted in Computers, General, Objects, OldBlog | Tagged , , , | Leave a comment

Reference Manager

I’ve decided I need to start using a reference manager utility. My old system of keeping a text file full of BibTeX entries in a folder with pdf’s, with an extra “file:” field for the file name of the document is a little crude, and starting to break down as I get large piles of documents for some topics.

Because my PSY562 class this semester is largely using readings from HFES journals, I’m going to use the pile it generates as a testbed to find something I can use generally.
My requirements for a reference manager include:
* Accepts and Emits BibTeX Citations
* Capable of linking citations to files
* Storage format which is (roughly) human readable
* Easily transported database
* FOSS
* Works on Linux
* Limited dependencies (I’d prefer to avoid Java or Qt)
* Works without network connection

The most widely used solution, EndNote, fulfills very few of the above (plus, interoperability dickishness, but fortunately there are lots of projects to make reference managers floating around the ‘net that seem promising. Unfortunately, most of the promising ones are dead. The best of the actively-developed bunch seems to be Referencer. Referencer is a C++/gtkmm app (so it plays nice with my XFCE4 environment), with a Python plug-in system (Should I ever choose to use it), reasonably limited ties to the various non-GTK gnome libraries, and stores it’s records in XML. It looks remarkably close to what I want, and has some features I didn’t know I wanted (preview icons, tags) that are pretty useful. I think it’s going to be a keeper, but would love to hear what other people are using.

Posted in Computers, DIY, General, OldBlog, School | Tagged , , , | Leave a comment

Karmic Koala

I (probably foolishly) bumped my spare machine (which has lately acted as a jukebox/CIFS server) to Ubuntu 9.10 “Karmic Koala” the day it was released, since the machine doesn’t do anything critical. For a point upgrade on a fixed release system, it was quite smooth, but I’ve discovered a weird bug with SMB and FUSE that I haven’t yet been able to find a solution to. The basic jist of the problem is that under 9.10 it seems to be impossible to share things stored on volumes mounted via FUSE over CIFS; it just throws permissions errors when clients try to connect, even if guest access is enabled. There are other reports of Samba issues after upgrading to Karmic.
I’m reasonably sure it’s some kind of permissions issue having to do with the combination of ntfs-3g/fuse (the drive it shares is a large NTFS-formatted external drive) and Samba in conflict, but I haven’t yet managed to track it down.
Other than that one minor regression, Karmic seems to be a nice clean incremental update; no amazing new features (at least that I care about), and no catastrophic performance regressions or other classic upgrade symptoms. The noticeable improvements are mostly the result of moving off of the obsolete branches of various pieces of software, so modern plugins and compatibility improvements are available.
I’ll update this post with a solution if and when I find a solution, discounting “Install a more predictably behaved OS” style solutions.

Posted in Computers, General, OldBlog | Tagged , | Leave a comment

xlock on pm-suspend

I’ve always preferred that my machines be locked when they wake up from sleep/suspend/hibernate/etc., and this has been a little bit of a fuss to hand-configure on Linux of late. The problem is that the pm-utils suite that almost all distributions use isn’t really well suited to triggering a lock, and not everyone thinks it should be able to. The Ubuntu solution follows the “not in pm-suspend” idea, and predictably adds another (bulky) layer of abstraction, using gnome-power-manager lock the screen and call the suspend scripts separately. Because I don’t always call pm-suspend the same way and don’t want an extra thing running anyway, that isn’t an option for me. So, a solution to run xlock on every invocation of pm-suspend that ACTUALLY WORKS is to add an appropriately named file in /etc/pm/sleep.d, like the following:

22lock

#!/bin/bash
user=`finger| grep -m1 :0 | awk '{print $1}'`
case $1 in
    hibernate)
        su $user -c "xlock -mode blank -display :0&"
        ;;
    suspend)
        su $user -c "xlock -mode blank -display :0&"
        ;;
    thaw)
        ;;
    resume)
        ;;
    *)  echo "The xlock-on-sleep script is broken"
        ;;
esac

Remember to make the file executable (chmod +x).
The finger/grep/awk incantation at the top is a cheap (and not entirely proper) way of grabbing the first user on display :0, which is USUALLY the user logged in on what is USUALLY the local X server; sudoing to an appropriate user (and the explicit “-display :0”) is required because the script is run in an environment where the display isn’t visible and the user is always root.
xlock and it’s options can be modified or swapped out for your screen-locker of choice.

(Posting as a reminder to myself, and because I didn’t see a solution when I searched)

Posted in Computers, DIY, General, OldBlog | Tagged | Leave a comment

N8x0 PowerVR Drivers!

Since the N800 came out there has been a lot of rumbling in the community about the unutilized hardware present in the device (and it’s sibling/successor, my beloved N810). The piece most complained about are the PowerVR MBX 3D accelerator and 5MB SRAM included on the OMAP2420 SoC the device is built around. The explanation has always been a mixture of licensing issues for the drivers, and that the external Epson S1D13745 display controller was better suited to the 800×480 (still unusually high for mobile devices) resolution, despite being rather slow and devoid of 3D-capability.

With the advent of the N900 and it’s non-backward-compatible Maemo 5 OS, there is some fear in the community that the N8×0 devices will be abandoned. The N900 looks like a very cool device, but like many tablet owners, part of the appeal of my N810 was that it wasn’t designed to have a >$50/month cellular data plan. Nokia’s offical (and seemingly very classy) stance is that they will provide support for continued community developed FOSS software for the platform, which currently mostly means Mer, a community firmware/ partial Maemo 5 backport. There are also several other linux-based OS ports to the N8×0 platform, and a burgeoning effort to produce a binary-compatibility-maintaining system software update like the ones Nokia used to produce for Maemo 4 which will hopefully all cross-pollinate sources and keep the platform alive. One only has to look at how long the OpenZaurus (later merged into OpenEmbedded/Ångström) community held on, and how much they accomplished to be hopeful.

The combination of these thoughts? Nokia (and the various other relevant IP owners) announced they will be supplying drivers for the PowerVR to the community in the immediate future. With a little luck the Mer hackers will get them integrated into a release soon, which may contribute to tipping to Mer as the predominant OS for n8×0 devices over the OS2008/Maemo 4 stack Nokia provided.

I depend so much on my n810 I haven’t really been into OS hacking on it, but as it ages and the community firmwares come to the fore I suspect I’ll get more into it (if I have time). Maybe as they get cheap I’ll even end up with one of the “knockoffs” to use as a test platform in the same primary machine/beaterbox setup as my bigger machines.

Posted in Computers, DIY, Electronics, General, OldBlog | Tagged , , | Leave a comment