Sun, 15 Aug 2010

Review of Droid X

Yesterday I bought a Droid X because my iPhone 3G has serious battery issues when I am using data. It's to the point where I spent most of Defcon with my phone plugged into my laptop in my bag. When I first bought my iPhone there was no decent competition in the market so I went with it. Times have changed and there is now a couple of phones that are worth looking at.

I picked the Droid X. There's no definitive functionality that I liked in it over the other Droid phones. I simply liked the form factor and did not require a physical keyboard. So far I do not regret my decision from a hardware perspective.

My biggest complaint is that the UI feels completely unpolished when compared to iOS' UI. The default UI from Motorola takes the idea of a smartphone to it's painful extreme. There is simply too much going on in the default UI. And on top of all of that the visual effect is very painful: there are a lot of obtrusive icons everywhere making it very cumbersome.

As I take the time to turn 99% of the worthless crap Motorola ships with the phone off I find that the UI is nice and easy to follow. It's a drastic difference from the "built for idiots" UI that the iPhone has. This one feels like a real OS and not some bastardized single-tasking joke. I can do so much more with this phone than with my iPhone and I haven't even scratched the surface.

It may seem like the previous two paragraphs are in direct contradiction to each other. The beauty of the iPhone is it's UI. It is very easy to use and navigate around in. The downside of the iPhone is that unless you want to jailbreak it and jump through a crap ton of hoops it's very limited it what you can do with it. Even once you jailbreak it you have to deal with some fundamental problems with the OS. The beauty of the Droid X is that you are not as easily limited. Sure, you can jump through the same hoops and have even more freedom but generally speaking it just feels like a proper OS. The downside of the Droid X is that Motorola crams it so full of things that it's a pain in the ass to use and navigate around in by default.

My biggest wish at this point is that Motorola needs to hire some UI people who can build something that makes me believe I'm using a well polished product and not a bunch of shitty software built upon a nice OS.

I also have a couple of friends who are quite smart in the area of Droid hacking. I fully intend to pick their brains on ways I can drop some of this crap from my phone and get to a decent UI that doesn't make me cringe every time I use it.

posted at: 09:20 | tags: | path: /entries/geek | permanent link to this entry

Sun, 16 May 2010

Shared library bump? No problem.

Earlier today I updated one of my machines which runs FreeBSD current. One of the changes I picked up was that libz was bumped (libz.so.5 -> libz.so.6). I had a small number of ports that were dynamically linked with libz so they needed to be rebuilt. I wasn't sure what they were so I did the following: 

wxs@ack wxs % for file in /usr/local/bin/*; do (ldd $file 2>/dev/null | grep -q "not found") && echo $file; done | xargs -n 1 pkg_info -W | awk '{ print $NF }' | sort | uniq                           
cvsup-without-gui-16.1h_4
libxslt-1.1.26
postgresql-server-8.2.15_1
subversion-freebsd-1.6.11
upx-3.04
wxs@ack wxs %

The result was a list of packages that had binaries that were linked with the now missing libz. They needed to be rebuilt so I just fed each package into my updating tool of choice and was done. 

for file in /usr/local/bin/*; do (ldd $file 2>/dev/null | grep -q "not found") && echo $file; done | xargs -n 1 pkg_info -W | awk '{ print $NF }' | sort | uniq | sudo xargs portmaster -D

This is just another example of knowing your basics. If you know them well enough things that would normally be annoying become easy.

posted at: 09:07 | tags: | path: /entries/freebsd | permanent link to this entry

Thu, 29 Apr 2010

GELI + ZFS. Easy.

Someone recently asked me how I would run ZFS on top of GELI devices. It's not that hard. Here's how I did it using two vnode backed md(4) devices since I didn't have any spare drives or slices laying around. 

wxs@ack wxs % truncate -s 10G a b  
wxs@ack wxs % sudo mdconfig -a -t vnode -f a
Password:
md0
wxs@ack wxs % sudo mdconfig -a -t vnode -f b
md1
wxs@ack wxs % dd if=/dev/random of=key bs=64 count=1
1+0 records in
1+0 records out
64 bytes transferred in 0.000145 secs (441506 bytes/sec)
wxs@ack wxs % sudo geli init -s 4096 -K key -P /dev/md0 

Metadata backup can be found in /var/backups/md0.eli and
can be restored with the following command:

	# geli restore /var/backups/md0.eli /dev/md0

wxs@ack wxs % sudo geli init -s 4096 -K key -P /dev/md1

Metadata backup can be found in /var/backups/md1.eli and
can be restored with the following command:

	# geli restore /var/backups/md1.eli /dev/md1

wxs@ack wxs % sudo geli attach -k key -p /dev/md0 
wxs@ack wxs % sudo geli attach -k key -p /dev/md1
wxs@ack wxs % sudo zpool create foo mirror /dev/md0.eli /dev/md1.eli
wxs@ack wxs % zpool list foo
NAME   SIZE   USED  AVAIL    CAP  HEALTH  ALTROOT
foo   9.94G   364K  9.94G     0%  ONLINE  -
wxs@ack wxs % zpool status foo
  pool: foo
 state: ONLINE
 scrub: none requested
config:

	NAME         STATE     READ WRITE CKSUM
	foo          ONLINE       0     0     0
	  mirror     ONLINE       0     0     0
	    md0.eli  ONLINE       0     0     0
	    md1.eli  ONLINE       0     0     0

errors: No known data errors
wxs@ack wxs %

posted at: 13:56 | tags: , , | path: /entries/geek | permanent link to this entry

Wed, 07 Apr 2010

git + tcpdump + libpcap updates. Moving forward on isc-dhcp family...

I've been keeping busy with random updates to ports. I've updated tcpdump and libpcap to their latest versions (after fixing some bugs with the initial release). I've cleaned up the git port so that it is not as dumb when choosing the extra documentation. It now uses the pre-built documentation instead of building it's own. I also went ahead and made it so the signatures are not downloaded in the normal case.

I'm working on updating the ISC DHCP family of ports to the latest release and eventually removing the unsupported ones. The ports are big with a lot of patches and extra functionality added. I've chosen to just get a stock port working and I'll figure out what to forward port after it's all working. So far I have a working server port but it needs more polish before I move on to the other parts. Expect more from me on this in the coming week.

posted at: 20:14 | tags: | path: /entries/freebsd | permanent link to this entry

Mon, 22 Mar 2010

On Distributed SCM and Somewhat-Misleading Statements...

One thing I've heard mentioned over and over the past couple of days is how a distributed SCM saved the day when the owner of the domain took the master copy off-line. What people keep saying is that the fact that it was a distributed SCM was great because they all had a copy of the code and they were able to host it elsewhere. What they really mean is that they had a copy of the repository (code + history) and were able to host that elsewhere.

If a centralized SCM is taken off-line I can take the latest copy I have of the source, dump it into a new SCM and host that. I will lose the history, which is almost as important as the source in a long-running project, but I will still be able to continue. This, obviously, assumes that the source was checked out somewhere.

I know it's nit-picking but from a "the source is never lost" standpoint there is no difference between a distributed SCM and a centralized SCM. As long as someone has checked it out you can always keep going from that point forward if the main repository is taken off-line.

posted at: 16:39 | tags: , | path: /entries/geek | permanent link to this entry

CarolinaCon 6 - Best One Yet.

So CarolinaCon 6 happened this past weekend. It was, in my opinion, the best one yet. I was given the opportunity to rant for an hour and as far as I can tell I didn't get in any fights over it. Next year I promise to actually have something interesting to talk about. ;)

If you were at the conference and I got a chance to meet you for the first time, or if you are someone I've known from before and I got to see you again, thank you for making it another memorable experience for me. One thing I love about CarolinaCon is the small, intimate nature of it. It really emphasizes the human aspect of the scene (or industry in some cases), which is something the bigger conferences simply can not do.

So if you were there and are reading this I'd like to say thank you. If you were there, and are reading this and I got a chance to speak with you, even for a short time, I'd like to say thank you. If you were not there then you should have been, and I hope to see you there next year.

posted at: 06:55 | tags: | path: /entries/geek | permanent link to this entry

Fri, 12 Mar 2010

I was looking over the release notes for OpenSSH 5.4. Among the list of nice things (key revocation, better passphrase protection, and certificates - though not X.509) in there I noticed support for a new -W option. The manual has this to say about it: 

-W host:port
        Requests that standard input and output on the client be for-
        warded to host on port over the secure channel.  Implies -N, -T,
        ExitOnForwardFailure and ClearAllForwardings and works with Pro-
        tocol version 2 only.

The release notes specifically state: 

 * Added a 'netcat mode' to ssh(1): "ssh -W host:port ..." This connects
   stdio on the client to a single port forward on the server. This
   allows, for example, using ssh as a ProxyCommand to route connections
   via intermediate servers. bz#1618

That sounds nice and like it will save me from having to do things in a two step process. Normally I have to do ssh -L 7272:gmail-smtp-in.l.google.com:25 syn and use nc localhost -p 7272 or something else in another terminal to get data out through the tunnel. Now with -W it's combined into one simple step. 

wxs@ack wxs % ssh -W gmail-smtp-in.l.google.com:25 syn     
220 mx.google.com ESMTP 14si5094846qyk.3
EHLO PANTS!
250-mx.google.com at your service, [129.21.50.215]
250-SIZE 35651584
250-8BITMIME
250-ENHANCEDSTATUSCODES
250 PIPELINING

I like things that make my life easier.

posted at: 09:19 | tags: | path: /entries/geek | permanent link to this entry

Wed, 24 Feb 2010

Shmoocon 2010: Now With Photos AND VIDEO!

I put up Drew's and Jordan's photos up from Shmoocon 2010. They are up here.

posted at: 13:02 | tags: | path: /entries/generic | permanent link to this entry

Tue, 09 Feb 2010

Shmoocon 2010 Aftermath

Shmoocon happened this past weekend. I'd give a full review/write-up of it but I've been insanely pressed for time lately. If you were there and we got a chance to meet for the first time or if you are someone I've known from before and I got to see you again I'd like to say thank you for making it a great conference for me. I'll be posting Jordan's and Drew's pictures to flickr when I have them as I forgot my camera (again). Expect a link to them here when I have them online.

posted at: 09:21 | tags: | path: /entries/generic | permanent link to this entry

Wed, 13 Jan 2010

Airport Extreme Shenanigans

I recently got my hands on an Airport Extreme from Apple. It's a nice little device to replace my old linksys. I was using my Soekris board to do that but something which speaks AFP natively is nice to have, especially now that I have 2 Apple machines in the house. Have no fear, my Soekris box will still be my border device, and will run a couple of key services too.

While configuring the Airport to replace my Linksys I was unable to find a way to set the internal IP address of the device. I can tell it to use NAT or just bridge at layer 2. If it is in NAT mode I can't tell it what to use for an internal IP address, at all. It defaults to 10.0.1.1, 192.168.1.1 or 172.something.1.1. This totally screws up my network, and AFAICT there is no way to change it, at least after spending 10 minutes looking through their administration stuff and online.

Back when I learned networking basics your default gateway lived at the top of the network address space, and I've always configured my networks to be like that. I understand that it doesn't have to be that way, but it's just the way I've rolled for as long as I can remember. At some point it apparently became fashionable to put your default route at the bottom. Seems kind of silly to me but whatever, as long as I can change it I don't care what the default is.

I had a machine at 192.168.1.1/24 already, which obviously was conflicting with my Airport Extreme. So now I have to re-configure that machine (I have a handful of static machines because they serve various things out to the public and changing firewall rules to match DHCP changes is annoying). To make matters worse every machine on my network that was static was using 192.168.1.254 as a DNS server, so every time I SSH'ed into a machine to re-configure it I had to wait for reverse DNS to timeout.

If Apple made it so you can not change the IP address of the airport extreme I would not be surprised. Apple products are great if you fit into their very narrow use-case. But the minute you try to do even basic things that are normal EVERYWHERE else in the world you end up fighting with Apple stuff. I can point to multiple instances of where Apple products are total failures. This Airport Extreme business is just one example.

posted at: 21:23 | tags: , | path: /entries/rant | permanent link to this entry