No ads? Contribute with BitCoins: 16hQid2ddoCwHDWN9NdSnARAfdXc2Shnoa
Feb 092019

One of the things that irritates me about fancy new service management systems like systemd is that unless you get everything exactly right, you can end up with things interfering with specific configuration files – specifically /etc/resolv.conf.

Now as a DNS administrator, I have a certain fondness for manually controlling /etc/resolv.conf and it does actually come in useful for making temporary changes to test specific DNS servers and the like. The trouble comes when something else wants to control that file.

The ideal fix for this conflict is to have things like systemd control a separate file such as /etc/system/resolv.conf.systemd, and for /etc/resolv.conf be installed as a symbolic link pointing at the real file.

But back in the real world, if you do disable systemd-resolver which can be done with: systemctl disable systemd-resolved.service; systemctl stop systemd-resolved.service

Then you may also want to make the file immutable: chattr +i /etc/resolv.conf. On at least one server, systemd merrily re-created /etc/resolv.conf as a symbolic link to an empty file despite systemd-resolved being disabled.

Corner Of The Pyramid
Feb 032019

Apple’s stockprice has taken a bit of a tumble just recently, prompted by a statement from them indicating that they’ve made a bit of a mess of the iPhone releases and they’re not selling as many as they expected.

Foolish scaremongers are predicting the demise of Apple. Over a few bad quarters? That’s just ridiculous.

If anything (and you fancy a gamble), now is probably a good time to buy shares in Apple, because they are not going away any time soon. And they will probably come up with an answer to what they are doing wrong.

So what are they doing wrong?

Too Few Products

It may seem a bit strange to say considering just how many different iPhones you can buy, but what I am really talking about here are product types rather than individual variations. After all whether you are buying an iPhone X, XS, XS Max, or XR, you’re still buying an iPhone.

Just take a look at the Apple web site navigation bar :-

Each of those (with the possible exception of a particular keen Mac user of the “Mac” group, and of course “Music”) is a product that a person is only likely to have one of.

And keeping the number of products you sell small makes you more vulnerable to the occasional “miss”. Which with the best planning in the world will happen from time to time.

Just imagine what is missing :-

  1. The Apple HiFi
  2. The Apple alarm clock.
  3. The Apple home/small office network server.
  4. The Apple power-line ethernet adaptor.
  5. The Apple WiFi access point.
  6. The Apple air pollution monitor/smoke detector.

And that’s just a few items thought up by an individual on a lazy Sunday afternoon.

Don’t Ignore The Fringe Fanatics

For many years, Apple survived by making products well suited to the audio/visual creator community. And yet looking through the Mac line-up, there is nothing there suited to the real power user.

And yet Apple has fans who still want to run macOS – either compromising on their needs by getting an iMac Pro (usually with huge piles of non-Apple external disks) or by getting an ordinary PC and running macOS on it.

Give them what they want, and no a promise to release a proper Mac Pro “someday” isn’t sufficient.

There may not be a great deal of profit in it, but a small profit is better than none. And catering to power users may well have a greater effect than you suppose – they are or can be influencers. Imagine every photographer, videographer, and sound engineer saying “Forget about Windows; get yourself a Mac”.

Because that’s what they used to say.

Too Expensive

If you ask anyone if they would like more features, the answer is almost always yes, but they can become more reluctant if you ask them to pay a little more money for those features.

And if you ask them to pay more for features they are not interested in, they’ll rapidly lose interest if money is tight and their old phone is ‘good enough’.

And that is what has happened, the latest iPhone has more and better features than any previous iPhone but the price has crept up. For many (including the affluent “middle-class”) it has become a significant purchase rather than something that can be paid off with 2-4 months of minor inconvenience.

Follow The Path
Jan 252019

If you are using the right kind of terminal that supports graphics inline (such as KiTTY), then you can write simple (or complex) tools that insert images into the terminal.

Being able to display the flag of a country (if you know its two-letter ISO code) is kind of trivial but useful if you need it.

And a shell function to do that is remarkably simple :-

function flag {
    wget -o /dev/null -O /var/tmp/flag.$$${1}.png
    if [ $? -eq 0 ]
        kitty +kitten icat /var/tmp/flag.$$ && rm /var/tmp/flag.$$
        echo Not found

(that’s a Zsh function which may require adaption to Bash).

Jan 152019

Now that the click-bait is out of the way, vi movement keys are perfectly reasonable particularly to those who have been using them for decades (which includes me). But for ages, vi itself has supported the arrow keys for movement as well as the tradition cursor movement keys.

For the benefit of those who have not used vi and are wondering what those traditional cursor movement keys are, they are H (left), J (down), K (up), L (right). A bit like the gamer’s set of movement keys – W, A, S, and D, except that the vi movement keys pre-date arrow keys.

There are those who will claim that the traditional movement keys are more efficient as they require less hand movement. And they are. So it is perfectly understandable that many tiling window managers and other keyboard-centric software uses these movement keys.

But someone who hasn’t spend decades hard-wiring the vi movement keys into their brain, will find vi-style key bindings inscrutable. And the fix? Just use the arrow keys as well.

There is no harm in having two key sequences do the same thing; no harm in emphasising that the arrow keys work too. And indeed no harm encouraging the use of vi-style movement keys by emphasising their efficiency.

Don’t forget that someone learning a new tiling window manager (or most other things) can be put off by the silliest of things – such as inscrutable control keys.

Rusty Handrail
Jan 052019

Well mine does (which I would recommend, but I’ve no idea what it is), but I don’t know about yours.

Send me it with some cash in it, and I’ll take a gander.

But …

Just how practical is RFID or NFC scanning anyway? The scaremongers would claim that there are people out there, slapping payment terminals to your bum and siphoning off your bank account.

I know from my own attempts at scanning (and you will know similarly from “tap & pay”) that the distance at which you can read RFID or NFC is normally fairly minimal. Sure you can get antennas which can read at distances of up to 700m, but they tend to resemble those old TV antennas.

Which is kind of obvious for someone trying to be at least relatively stealthy.

And if they do grab details they get to make a single limited payment (even a bank isn’t dumb enough to miss multiple payments) and you’ve probably got a good claim against the bank any way.

So it is pretty unlikely, the damage is limited (and may even be none).

So is an RFID/NFS blocking wallet really necessary? Well if you are in need of a new wallet any way, getting one with that feature makes sense. But it probably isn’t worth throwing away a perfectly fine wallet to get one.

But stick your wallet in your front pocket.

Dec 082018

I recently bought a second-hand camera – but this is not specific to photography (but perhaps particularly relevant). The seller threw in an old SD card which was nice of them (although unnecessary for me).

After doing the photo thing with the new-to-me camera, and having carefully replaced the SD card, it occurred to me that I could test a file recovery tool to see if there was any previously shot photos on the card.

Using photorec, I fired it off and came back 30m later – not because it’s particularly slow but I have spent far too much time watching the equivalent of a progress bar, and I would rather get on and do something useful.

By the time I came back, it had recovered in excess of 1,000 images and videos. It turns out to be probably the most boring collection of photos you can imagine – an ordinary collection of family (not your own) photos would be interesting in comparison.

I won’t be including any of those recovered photos here because that would be unprofessional and potentially embarrassing to the camera seller (although they would most likely never find out). 

But you can easily imagine how such a recovery could be potentially embarrassing; even distressing. We usually choose whether a photo should be made public or not.

So how do you protect such things from happening? Is it sufficient to format a card in camera?

No it isn’t. Tools such as photorec are designed to recover images from cards where the images have been deleted or when the card has been formatted. Surprisingly enough, formatting a card does not overwrite all of the data blocks on a storage device; it merely replaces the data structures that allows an operating system to find files with a new blank structure.

So what are the solutions to keep your private photos to yourself?

It should be emphasised that this is advice intended to protect you from personal embarrassment; if there are legal or risk to life issues involved, seek professional advice.

The first rather obvious solution is to never give away or sell old cards; if you want to dispose of the cards, destroy them. It is not as if you could recover much by selling them – who wants a 5-year old 512Mbyte SD card?

If you do want to let others use your old cards, then use a special utility to destroy the contents completely; optionally (but nice for the recipient) is to then format the cards afterwards.

If you are using Windows (or macOS although the following Linux recipe can be adapted), then you will need a tool such as SafeWiper. There are those who claim that Windows format can do the job, but I wouldn’t trust it – the “quick format” option is the default which definitely doesn’t erase the data from the disk, and I have not personally checked that a “slow format” really removes the data beyond recovery with normal tools.

Whatever method you choose, check, double-check, and triple-check that the device you are erasing really

The first step under Linux is to identify the block device path to erase. You may well find that your SD card is automatically mounted when you plug it in. So running df from the command-line will give you a device path (/dev/sdb

But to double check, run lsblk

✓ mike@Michelin» lsblk -o NAME,FSTYPE,MOUNTPOINT,VENDOR,MODEL,SIZE | grep -v loop 
NAME                    FSTYPE      MOUNTPOINT                      VENDOR   MODEL              SIZE
sda                                                                 ATA      SAMSUNG MZNTY128 119.2G
├─sda1                  vfat        /boot/efi                                                   512M
├─sda2                  ext4        /boot                                                       732M
└─sda3                  crypto_LUKS                                                             118G
  └─sda3_crypt          LVM2_member                                                             118G
    ├─ubuntu--vg-root   ext4        /                                                         114.1G
    └─ubuntu--vg-swap_1 swap        [SWAP]                                                      3.9G
sdb                                                                 Generic  USB  SD Reader     3.8G
└─sdb1                  vfat        /media/mike/disk                                            3.8G

Note that how we have “USB SD Reader” alongside /dev/sdb and that it’s size is just 4Gbytes. So we have three confirmations that this is the device we want to erase.

To erase it, first we unmount it, run a hdparm command to erase it, and erase it a second time :-

✓ mike@Michelin» umount /dev/sdb1
✓ mike@Michelin» sudo hdparm --security-erase NULL /dev/sdb
security_password: ""

 Issuing SECURITY_ERASE command, password="", user=user
SG_IO: bad/missing sense data, sb[]:  70 00 05 00 00 00 00 0a 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SG_IO: bad/missing sense data, sb[]:  70 00 05 00 00 00 00 0a 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SG_IO: bad/missing sense data, sb[]:  70 00 05 00 00 00 00 0a 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
✓ mike@Michelin» sudo dd if=/dev/zero of=/dev/sdb bs=64M

Whilst we’re waiting for the “dd” command to finish writing zeros all over the SD card, why are we erasing this twice? 

We’re using hdparm

And I then suggest using the old slow method of “dd” as well because there is nothing wrong with being cautious in this area.

Misty Trees
Nov 112018

If you use the Unix or Linux command-line, you may very well wonder about the origins of some of the “special” characters. One of those is tilde (~) which is expanded by the shell into “home” :-

✓ mike@Michelin» echo $HOME                        
✓ mike@Michelin» echo ~
✓ mike@Michelin» echo ~root

This doesn’t of course work in general; just in the shell.

But where did this usage originate?

As it turns out, it was the markings on the keyboard of the ADM3A terminal :-

If you used Unix in the late 1970s/1980s, you may very well have used the ADM3A terminal and it seems that those who added the tilde feature to the Unix shell were amongst the users.

Oct 092018

And yes that includes me

For those who don’t know, RFC1918 is the Internet standard that allocates the addresses used for private networks – 10/8, 192.168/16, or 172.16/12. 

And in reference, specifically :-

To minimize the risk it is strongly recommended that an organization using private IP addresses choose randomly from the reserved pool of private addresses

(Apologies for the incorrect spelling above; it’s a quote from an American source)

This was reinforced to me yesterday whilst I was working from home, and I had trouble with a site-to-site VPN joining my network to work’s. As it happens there was no addressing conflict, but I had to install many routes more than should be necessary.

And I keep seeing this sort of thing; joining multiple networks when everybody is using 10/8 is a continual game of chicken – when are we going to find ourselves in conflict? 

Of course there is a “fix” for this – NAT. The real fix of course is to use global IPv6 addresses even for devices and networks that will never be on the global Internet.

The Window
Oct 032018

I have a Python script that over-simplifying, reads very large log files and runs a whole bunch of regular expressions on each line. As it had started running inconveniently slowly, I had a look at improving the performance.

The conventional wisdom is that if you are reading a file (or standard input), then the simplest method is probably almost always the fastest :-

for line in logstream:

But being stubborn, I looked at possible improvements and came up with :-

from itertools import islice
while True:
    buffer = list(islice(logstream, islicecount))
    if buffer != []:
        for line in buffer:

This code has been updated twice because the first version added a splat to the output and the second version (which was far more elegant) didn’t work. The final version 

This I benchmarked as being nearly 5% quicker – not bad, but nowhere near enough for my purposes.

The next step was to improve the regular expressions – I read somewhere that .* can be expensive and that [^\s]* was far quicker and often gave the same result. I replaced a number of .* occurrences in the “patterns” file and re-ran the benchmark to find (in a case with lots of regular expressions) the time had dropped nearly 25%.

The last step was to install nuitka to compile the Python script into a binary executable. This showed a further 25% drop – a script that started the day taking 15 minutes to run through one particular run ended the day taking just under 8 minutes.

The funny thing is that the optimisation that took the longest and had the biggest effect on the code showed the smallest improvement!

Four Posts
Sep 102018

If you have not heard, Steam have added a compatibility layer to Steam which allows a limited number of Windows games to run. The “compatibility layer” is in fact a fork of WINE called Proton.

Peered at from 500 metres away, Proton allows Windows software to run (or not infrequently crash and burn) by translating the Win32 API into Linux APIs, and translating the variety of graphics APIs into Vulkan. That is a really difficult thing to do.

I have taken a very quick look at the new Steam client (and “Proton” is no longer part of a beta release of the Steam client – it’s in the standard client). It works perfectly adequately, although you will have variable experiences running Windows software.

For some reason this news has captured the imagination of a number of ‘tubers who are more gamers than Linux users, which has lead to some misunderstanding :-

  1. This is not Linux gaming; it is Windows gaming under Linux. If you have a bad experience with Steam under Linux, you are not experiencing a bad time with Linux gaming. Linux gaming involves native Linux software, and yes there is some out there.
  2. Problems with Steam could well be down to the Proton compatibility layer with unsupported API calls or buggy usage of the Win32 API which relies on Windows behaving in a certain way for undefined parameters.
  3. In addition problems with Steam could be due to the hardware you are running; take a game that works perfectly fine with an Nvidia card. It may behave problematically with an AMD card or even a different Nvidia card. Or the other way around.

The important thing to remember when looking at videos about Steam is that the person looking at Steam may not be the most experienced Linux user out there. That is not necessarily bad – the whole purpose of Steam is to be able to run games easily without a whole lot of Linux experience.

But they may not be understanding properly what is going on – for example the first thing I would do as a professional game-orientated ‘tuber would be to try out a selection of games with an nvidia card, and then repeat using an AMD card – just to see if things work better, worse, or at least differently.

And again, this is not about Linux gaming but about allowing easy access to old Windows titles that someone may have bought in the past. 

Pentland Hills
WP Facebook Auto Publish Powered By :

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.