The ARM Servers Are Coming!

 Computing  No Responses »
Oct 312011
 

According to a couple of articles on The Register, a couple of manufacturers are getting close to releasing ARM-based servers. The interesting thing is that the latest announcement includes details of a 64-bit version of the ARM processor, which according to some people is a precondition for using the ARM in a server.

It is not really true of course, but a 64-bit ARM will make a small number of tasks possible. It is easy to forget that 32-bit servers (of which there are still quite a few older ones around) did a pretty reasonable job whilst they were in service – there is very little that a 64-bit server can do that a 32-bit server cannot. As a concrete example, a rather elderly SPARC-based server I have access to has 8Gbytes of memory available, is running a 64-bit version of Solaris (it’s hard to find a 32-bit version of Solaris for SPARC), but of the 170 processes it is running, none occupies more than 256Mbytes of memory; by coincidence the size of processes is also no more than 256Mb.

The more important development is the introduction of virtualisation support.

The thing is that people – especially those used to the x86 world – tend to over-emphasise the importance of 64-bits. It is important as some applications do require more than 4Gbytes of memory to support – in particular applications such as large Oracle (or other DBMS) installations. But the overwhelming majority of applications actually suffer a performance penalty if re-compiled to run as 64-bit applications.

The simple fact is that if an application is perfectly happy to run as a 32-bit application with a “limited” memory space and smaller integers, it can run faster because there is less data flying around. And indeed as pointed out in the comments section of the article above, it can also use ever so slightly more electricity.

What is overlooked amongst those whose thinking is dominated by the x86 world, is that the x86-64 architecture offers two benefits over the old x86 world – a 64-bit architecture and an improved architecture with many more CPU registered. This allows for 64-bit applications in the x86 world to perform better than their 32-bit counterparts even if the applications wouldn’t normally benefit from running on a 64-bit architecture.

If the people producing operating systems for the new ARM-based servers have any sense, they will quietly create a 64-bit operating system that can transparently run many applications in 32-bit mode. Not exactly a new thing as this is what Solaris has done on 64-bit SPARC based machines for a decade. This will allow those applications that don’t require 64-bit, to gain the performance benefit of running 32-bit, whilst allowing those applications that require 64-bit to run perfectly well.

There is no real downside in running a dual word sized operating system except a minor amount of added complexity for those developers working at the C-language level.

grub rescue Error : the symbol ‘grub_xputs’ not found.

 Linux, Working Notes  No Responses »
Oct 202011
 

So there I was, installing a Linux distribution on my new laptop. Got to the end of the installation when it refused to install grub in the master boot record. Opted to try another partition, and rebooted. At which point the infamous error “Error: the symbol ‘grub_xputs’ not found” was shown with a “grub rescue” prompt.

At which point I had a laptop that wouldn’t boot of course.

To cut a long story short, because it’s only the fix I’m interested in recording for posterity, I sorted this out by booting off an emergency USB stick (unetbootin is a good tool for writing one … if you have a working system). Once booted, I setup an environment where chroot would function well. This is basically where you start a shell whose root directory is a directory under the normal root directory. This allows commands to be run almost as if the non-bootable system was booted.

mount /dev/sda5 /mnt # Mount the root filesystem of the unbootable system under /mnt
mount /dev/sda1 /mnt/boot # And the /boot filesystem
mount -o bind /proc /mnt/proc
mount -o bind /dev /mnt/dev
mount -o bind /sys /mnt/sys
chroot /mnt

Once that is done, there are quite a few things that can be done to repair a broken system, but I just needed to re-install grub to the MBR of /dev/sda :-

grub-install /dev/sda

Once that was done, everything booted fine.

Of course all that comes with the experience of a lot of time with Linux. Those who have not used it since the 1990s will not be as lucky, but there’s a few key points there :-

  1. Don’t panic. Just because it won’t boot doesn’t mean everything is lost.
  2. Write down the error message exactly as it appears on screen. A small mistake here can make searching for the error almost impossible.
  3. Get a rescue USB stick. Ideally before you break a system, but afterwards is usually possible even if you don’t have another working system – you have friends, or there are ways to write a USB stick at work.
  4. Search the Internet for the problem. You may have to spend quite a while reading other people’s problems that may or may not relate to your problem. You may have to improve your search methodology. Putting the error message in quotes is usually a good method.
  5. And if you find a solution to your problem online, check the date of the solution. Something that worked 5 years ago may not be the best solution today. And that applies to this page just as much as any other.
Oh! And to those who would jump and down screaming about this wouldn’t happen with Windows or OSX, please grow up. Such problems occur with any operating system – and I’ve seen them.

Remembering Steve Jobs

 Computing  No Responses »
Oct 062011
 

Today was the day we learned that Steve Jobs died. This is of course massive news within the technology industry as Steve Jobs has been such an important player in the industry since the beginning of the personal computer revolution (long before the iPod and all the other iThingies). As with everyone who dies, my sympathy goes out to anyone who knew him.

The reaction has been … interesting. Amongst the other compliments he has been called a great innovator, which to those who observe the industry closely seems a touch inaccurate. There are plenty of things that Steve Jobs was – he was a great businessman who not only built up Apple in the first place, but returned to rescue it from obscurity (and possibly saving it).

He had the ability to take innovations and introduce them to the mass market – he could somehow lead his engineers into producing usable mass-market products. But without meaning to criticise he was not as much of an innovator as is sometimes made out to be.

Looking through the history of the products he brought to the mass-market …

Apple I & Apple II

Neither of these were truly original. The Apple I was one of the first personal computers that were available fully assembled, but it was not the first. The basic concept of the personal computer released as a product can be traced to the IBM 5100 (1975) or the HP 9830 (1972). These may have been a lot more expensive but were probably more successful than the Apple I which only sold about 200.

The Apple II was a good deal more successful – probably the closest to a dominant personal computer around before the original IBM PC took off, but was no more truly original. For instance amongst the hordes of similar personal computers around at the time, there was the quite close Commodore PET (which was admittedly somewhat less expandable).

And the least said about the Apple III, the better!

The Macintosh

Most people assume that the Macintosh was the first computer with a graphical user interface, but it was not even the first from Apple themselves! They brought out the somewhat less successful (and very expensive) Lisa first. The first GUI computer was the Xerox Alto first built in 1973 – before Apple even existed! Admittedly this was never a commercial product, but Xerox did eventually launch a commercial workstation based on this early experiment – the Xerox Star, in 1981. That’s still 2 years before the Macintosh.

The Macintosh did however bring the graphical user interface to a mass audience even if the first Macintosh computers were more than a little constrained by lack of memory (128Kbytes anyone?).

The iPod

After a few successful years with the Macintosh (and having ditched Steve Jobs in 1985), Apple started to go downhill. Until Steve Jobs returned, and helped to turn the company around with the launch of Macintoshes that were better designed in terms of styling. Although he was probably right to kill it off, he also did something interesting on his return – he killed the Newton product line which although it was not really recognised at the time, was actually Apple’s first slate computer (it was marketted as a PDA but with a much bigger screen than most PDAs).

But the next big thing was the launch of  the music player that nearly everyone has tried at one time or another – the iPod. Again to disappoint the reflex Apple fans, this was not a massive innovation from Apple – there were portable digital music players launched before this. Such as the music player (with a somewhat limited capacity of 3.5 minutes!) envisaged by Kane Kramer way back in 1979 (and patented in the UK in 1981). Apple even hired him when they were facing patent litigation over the iPod.

Altogether there were five different music players launched in the market before Apple took a hand. But of course Apple made it easy enough for the man in the street to use.

The iPhone

The iPhone was an interesting product – a “smartphone” (it might have been more accurate to call it a featurephone) that on the basis of pure feature comparison was weaker than the competition in every way – a less capable data network (no 3G), many missing hardware features that were present on other smartphones (GPS, proper bluetooth support, a slot for memory expansion, etc.). It couldn’t even load additional apps – Steve Jobs tried telling everyone that apps should be on the Internet and not installed on the phone!

It did do two things better than the competition though – firstly the CPU was of reasonable strength to run a smartphone with. At least the pre-iPhone smartphones I used were positively anaemic in performance due to weak CPUs. Secondly, the iPhone made using a smartphone simple. And that was the real reason the iPhone took off – anyone could use it.

The iPad

And yet again Steve Jobs does it – take a product that was pretty much universally unpopular, or at most was popular only in certain vertical markets, and pushes it out to the mass market in a way that everyone can enjoy. Again very little in the way of innovation, but a great product (with some odd weaknesses until the iPad 2).

iPhone 4S: Yawn or What ?

 Computing, iPhone  No Responses »
Oct 042011
 

So it has been announced at last. The iPhone 4S, which is more or less an iPhone 4 with some fiddling – a faster processor, an improved antenna, and a software update that gives it a feature that Android has had for a while. That is voice control.

Undoubtedly it will all be done in a very slick way – that is the Apple way, but is it enough ?

Well it all depends on what you mean by “enough”. It will undoubtedly sell – both to the Apple fans who worship anything Apple produces whatever the merits, but will it sell enough to keep Apple’s current level of influence in the mobile smartphone sector ? After all, Steve Jobs has now left and everyone is wondering how the new Apple will maintain it’s leadership in the smartphone and slate market.

Well the iPhone 4S is nice, but so is my iPhone 4. But it is hardly a major improvement – yes it’s faster; probably a lot faster. And the antenna improvement will please those who managed to tickle the antenna problem on the iPhone 4 (I could only do so by going through ridiculous contortions).

It’s a perfectly reasonable mid-life facelift, but it’s a touch late for a mid-life facelift, although admittedly a bit early for a whole new phone. Oh! Sure Apple will claim that the internals are completely different, but it’s still an improved iPhone 4 rather than an iPhone 5. Although it’s unreasonable, Apple’s problem here is that the iPhone 4S looks a little boring and in a post-Jobs era, they need to convince people that they are still able to release exciting products. And this isn’t it.

The big problem I see from my personal perspective is that there is no option for an iPhone with a big screen (and no I don’t mean an iPad!). If you look at the oodles of choice you can find in the Android phone market, you will find examples of premium smartphones with larger screens than the iPhone. Such as the Samsung Galaxy S II with a 4.3″ screen, and that is not even the largest smartphone screen you can find (although it may well be the best).

Sure not everyone wants a large screen on their smartphone, but I do and Android gives me that choice. And plenty of other choices – 3D screens, physical keyboards, etc. And no being chained up in Apple’s walled garden!

So yes, sorry Apple but it’s a bit of a yawn event. Try again with a proper iPhone 5 with a large (for a smartphone) screen.

Password Security & Cracking ‘Em

 Computing, Security, Working Notes  No Responses »
Sep 182011
 

This blog entry is of the form of some working notes to help me get to grips with this area of security. Would welcome corrections!

There are two basic forms of password cracking :-

  1. Brute force cracking where every possible password combination is tried.
  2. Dictionary cracking where the password cracker uses a list of possible passwords to try … and optionally some algorithms for varying each word in the dictionary.
I’m more interested in brute force cracking for now, so I’ll just say a few words about dictionary cracking …

Password Hashes

Some people are under the mistaken impression that it is possible to protect against password cracking by preventing multiple login attempts – try to login more than 5 times in a minute, and the account is locked.

People trying to break into systems know about this of course, so they rarely if ever try it (the exception is multiple attempts against equipment that does not perform account lockouts). What they do is obtain the encrypted password in some way – grabbing the /etc/shadow file from a Unix system, dumping Windows password hashes, etc.

Once you have a password hash, or a number of password hashes, it is possible to attempt to crack the passwords. Not by trying to reverse the password encryption – that should be impossible, but by using the same algorithm for encrypting the password in the first place.

For instance if someone sets their password to “bad”, the password hash that gets stored in ActiveDirectory or in a Unix system’s /etc/shadow file may look something like “bae60998ffe4923b131e3d6e4c19993e” (actually it won’t but we’ll gloss over that detail for now). The password cracker starts encoding 1 character passwords, moving onto all possible 2 character passwords, 3, etc.

Eventually he or she finds one that matches that “hash” at which point they will have the account’s password.

Dictionary Cracking

Brute force password cracking has historically been thought of as too computationally intensive to try, so people resorted to restricting the amount of passwords to search through by observing that most people use either simple words, or words made slightly more obscure through some method.

For example, the following are some passwords picked from a list of frequently found passwords (but before getting smug about your password being nowhere near as this simple, you may want to check first) :-

  • password
  • letmein
  • xxxxxxxx
  • qwerty
  • 123456

In addition, people often take a simple word like “monday” and make it more complex by replacing certain letters with digits – l33t speak – so “monday” becomes “m0nday”. There is no point to this at all – it is one of the most common algorithms for supplementing a dictionary. Similarly adding digits to the end of a word, etc.

Brute Force Cracking

The option of brute force cracking is the process of going through every single password combination and trying each one in turn. This would seem to be a very slow process, but computers are becoming quicker and quicker. For example, with a GPU password cracker, my workstation can tackle around 380 million passwords a second … and it is not an especially quick GPU!

As to how fast password cracking could be today, it is hard to say … some of the more interesting hardware out there doesn’t come with benchmarks, and there’s some guesswork involved. But it is probably safe to say that nothing quite comes up to the 100 billion password attempts a second mark … yet.

It is relatively easy to calculate the number of possible passwords for any particular length … take the size of the character set used in the password, which can usually be assumed to be 96 (all ASCII without the control set) and raise to the power of the length of the password.

Length Passwords Time (380M/s) Time (100 billion/s)
2 9216 <1s <1s
3 884736 <1s <1s
4 84934656 0.2s <1s
5 8153726976 23s <1s
6 782757789696 37m 8s
7 7.5E13 59h 12m
8 7.2E15 5725h 20h
9 6.9E17 62 years 1916h
10 6.6E19 6035 years 20 years
11 6.4E21 577,845 years 2028 years
12 6.1E23 55473145 years 193297 years

 

There are several points to learn from this table :-

  1. The numbers of passwords gets very large very quickly. But not quickly enough to keep up with password crackers.
  2. Any password of less than 7 characters is trivial to crack … even with relatively modest hardware.
  3. Any password of less than 9 characters is trivial to crack if you have access to a large network of machines to work with.
  4. If you want to be safe for another decade or so (and policies can last quite a while), you will probably want to pick 12 characters as the minimum password length.
  5. These are the times to search the whole password space … it is not necessary to search through every single possible password to find the password you are looking for. That password might be found in 1/10 of the maximum time, or 3/4 of the maximum time. As long as the person generating the password has not been spectacularly dumb, it will still take a significant proportion of the total time to find the password.

If you look at the different brute force password cracking software out there, it quickly becomes apparent that there are simplistic password crackers that attempt each password combination in turn, and there are more sophisticated password crackers that attempt to tackle the most likely password combinations first. They do this by looking at passwords consisting of words, parts of words, pronounceable sequences that could be words, etc.

However good they are, all they do is increase the likelihood of obtaining the password in less than the maximum time. And possibly not by very much; let’s be generous and suppose that an intelligent brute force password cracker can produce the password on average after processing 25% of the possible passwords rather than 50% of the possible passwords. So for example for a 10 character password, an intelligent brute force password grabber could be expected to find the password after 1,500 years rather than 3,000 years (with a worst case scenario of 6,000 years in either case) … helpful, but not enough to make password cracking practical for 10 character passwords.

Poor Passwords

Everyone is obsessed with telling everyone what makes a strong password, so there’s no need for me to do likewise. But here’s my thoughts on what makes a weak password :-

  • Contains a single word in any language however it may have been deformed.
  • Common sequences of digits (i.e. “31415926”) or letters (“qwerty”) … they are effectively the same as words and appear in dictionaries of words to try for dictionary attacks.
  • Where letters have been changed into digits is no stronger than the password with the letters would have been – the classic “monday” -> “m0nday”.
  • Appending simple digits or symbols.
  • Anything short; an otherwise strong password is weak if it is too short (less than 10 characters; preferably 12).

In fact the list of what makes a password weak is so long that it’s always a good idea to test how strong your password is. Preferably with a hacking tool; and not with one of those web forms where they probably don’t test too well to avoid irritating potential customers.

Passwords Suck!

Ha! Yes you’re right … passwords are now a pretty poor way of demonstrating identity. However whilst there are many alternatives, none are universal so until someone comes up with a suitable replacement we are kind of stuck with them.

 Older Entries  Newer Entries