Claire makes a crucial point:  groups of humans are notoriously bad at keeping secrets.  In essence, when a conspiracy theory depends on many people having kept a secret for many years, and no evidence has appeared, it’s just not credible.  I can’t compete with Claire’s eloquence, nor her imagery (cat lovers take note!), nor the additional points she makes, so I highly recommend reading the whole thing.

It occurred to me that while humans are notoriously bad at keeping secrets, they are also very good at filtering out information that doesn’t fit their view of the world, and associating with people with similar views.  This creates the appearance of conspiracies where none exists.  In the modern world, the media has been fertile ground:

The “Journolist” was a real conspiracy to spin the media to the left.  There were several hundred members, all presumably vetted by Ezra Klein, the operator of the e-mail list.  But some of them couldn’t keep the secret.  Some conspiracy theorists on the right, though, insist that the entire field of traditional journalism is waging a propaganda war on behalf of modern progressives.

OK, there’s clear evidence for media bias.  But a conspiracy across the entire field of journalism?  Wrap that in tinfoil, please.  Are there progressive activists who wish to use the media to further their political goals?  Of course, but they are right out in the open.  “Rules for Radicals” is not hidden in a back room, after all.

Every once in a while, the math is ambiguous.  A small part of our project work involves mechanical engineering, and fabricating the associated custom parts.  It’s not enough to justify a machinist on the payroll, and isn’t likely to be in the foreseeable future.  Having custom parts made can get expensive, though.  Any project we undertake for a fixed price has some business risk attached, but custom mechanical parts are particularly risky, as a design flaw usually requires fabricating a fresh set of custom parts.  Electrical design flaws usually result in an off-the-shelf purchase or two, with a bit of rewiring.  Software design flaws typically cost us some time in front of a keyboard.  It’s no accident that electrical design and software make up the bulk of our billable hours.

Rong Fu Model 40 Mill/Drill

However, the math worked out for a new customer’s project, and we are tickled to have a brand new industrial mill/drill machine in the company workshop.  No fancy power feed motors or numerical controls.  Not even a Digital Read-Out.  But solid construction and allowances for later add-on features.

The unfortunate part is that our new toy tool is a Chinese Taiwanese import.  The equivalent American-made unit was twice the price.  The project’s budget can’t justify a higher-priced machine.  Long-standing political/economic foolishness has left American machine and tool makers at a distinct disadvantage.

My linux kernel is custom-compiled: although I have many debugging tools compiled-in, I didn’t have anything that could save the messages from my dying laptop.  Yesterday, I took the time to dig around in the documentation, and created a new kernel with netconsole turned on.  I configured it to send my console log to my office server.  As luck would have it, my laptop crashed about two minutes after I turned the remote logging on.  And the remote log worked.

Surprise!  It wasn’t a driver error!  My laptop’s dying messages were reporting corrupted transfers between my cpu and my memory chips.  Hardware.  For the specific failure, there are only three possibilities: bad cpu, bad memory, or bad motherboard.  First, I opened the case and swapped the two memory chips.  This appeared to help, as I didn’t have another crash for the rest of the day, nor overnight.  (My linux install does the virus-scan for my Windows partition every night, ensuring that any virus that does get into my Windows box can’t modify the scanner.)

But I’m not out of the woods, as it did crash one more time today.  I have memory chips on order, so I can definitively rule out memory issues.  If that doesn’t work, I guess I’ll be shopping for a new laptop.

After the fold, I describe how I set up remote logging to accommodate my laptop’s road warrior use case.

When I compiled my new kernel with CONFIG_NETCONSOLE, I also turned on CONFIG_NETCONSOLE_DYNAMIC.  This adds runtime configurability to this feature.  Details are in the kernel sources under Documentation/networking/netconsole.txt.  I had to add “configfs” to my system, with the following line in /etc/fstab:

configfs /sys/kernel/config configfs defaults 0 0

I the wrote a hook script for dhcpcd that takes advantage of my customized networks.  My DHCP servers send the NTP server address option, so that Windows boxes will automatically time-sync to my local server.  Most DHCP servers don’t do this.  My new hook script looks for this setting, and assumes that my NTP server will also be the remote logger.  Here’s the script (put it in /lib/dhcpcd/dhcpcd-hooks/):

# Set up or demolish netconsole on an interface
#
setup_netconsole() {
 local target= rmac=
 echo 0 >"$1/enabled"
 target=`echo "$new_ntp_servers" |egrep -i -o "^[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+$" |head -n 1`
 if [[ -n "$target" ]] ; then
  ping -c 1 $target &>/dev/null &
  echo $interface      >"$1/dev_name"
  echo 6665            >"$1/local_port"
  echo $new_ip_address >"$1/local_ip"
  echo 514             >"$1/remote_port"
  echo $target         >"$1/remote_ip"
  rmac=`arp -n |grep "^${new_ntp_servers//./\\.} " |egrep -i -o "([0-9a-f]{2}:){5}[0-9a-f]{2}"`
  if [[ -n "$rmac" ]] ; then
   echo $rmac          >"$1/remote_mac"
   echo 1              >"$1/enabled"
  fi
 fi
}
if [[ ! -d /sys/kernel/config/netconsole ]] ; then
 exit 1
fi
case "$reason" in
 BOUND|INFORM|REBIND|REBOOT|RENEW|TIMEOUT|STATIC)
  [[ -d /sys/kernel/config/netconsole/$interface ]] || mkdir /sys/kernel/config/netconsole/$interface
  setup_netconsole /sys/kernel/config/netconsole/$interface
  ;;
 PREINIT|EXPIRE|FAIL|IPV4LL|NAK|NOCARRIER|RELEASE|STOP)
  [[ -d /sys/kernel/config/netconsole/$interface ]] && echo 0 >/sys/kernel/config/netconsole/$interface/enabled
  ;;
esac

On the server, I first used netcat for ad-hoc monitoring.  I’ve now set up permanent monitoring with sysklogd.  Find your syslogd start-up file, and add “-r” to its command line.

So here is my movie review about “AVATAR: The Last Air Bender”. To me it was the best movie seen in my entire life. It has great graphics in the movie, really awesome bending moves, and awesome characters. It had explosions, really cool scenes, and pretty awesome fights and battles. I also saw the actual cartoon series  that they use to have on Nickelodeon . It use to be my favorite t.v. show.

Second, “The Sorcerer’s Apprentice.” When I saw that movie it was the second most awesome movie I have ever seen. It was cool  for  me and my dad. It was cool and has action to it. Really awesome graphics and lights, including electric forces. I recommend you see it.

You know, life is awesome, sometimes.  But that is because your parents are the most helpful people, ever.  You know why?  They help you, protect you from danger,  and they do anything  to keep you healthy and clean.  Your parents love you all with all their heart and you do to.  So stay tuned to hear about my next post.  See you guys later next time.

First, let me answer “Why do this?”.  The general public is constantly bombarded with advice on security.  A lot of it is focused on the use of passwords.  It is difficult, if not impossible, to follow it all.  “Memorize your passwords!”  “Don’t write them down!”  “Don’t use names or birth dates!”  “Don’t use dictionary words!”  “Mix letters and digits!” “… and symbols!”  “Upper and lower case, too!”  “Make a different password for every website or program!”

As Charlie Brown would say, Aaaaauuuuugggggghhhhhh!

Because I’m obsessive, I’ve been following all of the above advice for several years.  Well, actually, with one adjustment:  I can’t memorize them all.  I don’t even try.  I get my computer to memorize them for me.  As I mentioned above, my browser’s password manager takes care of the daily grind.  But not everything is in the web, and there are web sites (banks, usually) that deliberately defeat the browser’s tool.  To cover the rest of the bases, and keep a permanent record of my scattered web accounts, I use the Password Gorilla.  I store its encrypted archive in my Windows “My Documents” folder, so I can get to it whether I boot Windows or Linux.

To follow the rest of the “best practices” for passwords, I let the Password Gorilla create nice, long, random strings for me.  If I’m not going to bother memorizing them, and I’ll be copying and pasting when needed, they might as well be unmemorizable.

Until this week, my daily routine went like so:  1) log in to Windows or KDE with user name and memorized password.  2)   Give ssh-agent my memorized RSA passphrase.  3) Start Mozilla Thunderbird and give it my memorized master password.  4) Start Mozilla Firefox and give it my memorized master password.  Repeat for Firefox and Thunderbird any time they are restarted.

This week, I discovered two tools that dramatically simplifies my KDE experience.  The KDE desktop environment has its own password manager, called KWallet.  It takes care of this task for all standard KDE applications, like the Konqueror web browser, and the KMail e-mail client.  Since I don’t use these, I hadn’t paid much attention to KWallet.  My new tools are: ksshaskpass, the KDE alternative to x11-ssh-askpass; and the Firefox add-on named “KDE Wallet password integration“.  Both of these tools look in KWallet for their pass phrases and passwords, and put new ones there as appropriate.  On a hunch, I successfully hacked the Firefox add-on’s install package to install it in Thunderbird.

My daily routine is now:  1) log in to KDE with user name and memorized password.  2)   Open KWallet with my memorized master password when ssh-agent asks for my RSA passphrase.  That’s it.  As long as KWallet remains open, both Thunderbird and Firefox have immediate access to their passwords.

Password Gorilla is still my fallback, and my permanent archive of account information, but KWallet can now handle the daily grind.