projects | pushover | github | twitter | rss | contact
November 2011

On Android

posted to writings on nov 20th, 2011 with tags android and blandroid

The source code to Android 4.0, nicknamed Ice Cream Sandwich, was made available last Monday. For developers of Android ROMs like my Blandroid project, these source code releases enable us to release our own modified versions of Android to users that prefer to use our software on their phones. The source code to the previous major version, Android 3.0, was not made available[1] and was only given to certain tablet manufacturers like Motorola. While many complained about the lack of source code to a supposedly open source project, Google's "excuse" was that the code was not suitable for release. They rushed and hacked together version 3.0 to add a tablet-compatible interface to its then-current version, 2.3, nicknamed Gingerbread, so that tablet manufacturers could push out rushed and hacked-together tablets to compete with the iPad. Google told everyone to wait for Android 4.0 which would combine the tablet interface changes of 3.0 but still work on smaller screens like phones.

I put "excuse" in scare quotes because Google doesn't really need to justify their decision to anyone. Android is their product, they are free to do whatever they want with it, and any source code they release to anyone that isn't a partnering hardware vendor is a gift. That's not how they would like it to appear, though, and to most it would seem that anyone can just download and compile the code like any other open source project. To many people familiar with the term, "open source" is used for a project that is developed in the open, releasing changes as they are made, taking in patches and input from the community along the way before releases are finalized. Developers participate in the project, contributing code and project direction, releases are made, and developers and users use the software. Users sometimes become developers by fixing bugs in the software, which get merged in and pushed back out in future releases.

Continue reading 2,736 words...

August 2011

An Ecobee Automation Hack

posted to writings on aug 29th, 2011 with tags apple, ecobee, and ruby

I've had an Ecobee thermostat in my house and now in my apartment for a number of years. It's a touchscreen thermostat equipped with 802.11 wireless that can be remotely adjusted and monitored from Ecobee's website as well as iPhone and Android applications. While the expected use case might be monitoring the temperature of one's home while at work, I often lazily use the phone applications while at home when I'm too cold to get out of bed to turn the heat up. Also, while Ecobee's website touts its "green" features and energy savings, working from home has always meant being unable to use automated work/home schedules and instead having to hold the same temperature all day. With some Ruby code and SNMP, I am now able to automatically detect when I am home and when I leave the apartment, and adjust the temperature automatically.

Continue reading 1,116 words...

A Man-in-the-Middle Attack in the Wild

posted to writings on aug 17th, 2011 with tags openbsd and security

Last night I tried to visit one of the websites that I host on one of my dedicated servers, and to my surprise, I saw this instead of the usual content:

Continue reading 1,090 words...

April 2011

Making OpenSSH on Mac OS X More Secure

posted to writings on apr 19th, 2011 with tags mac, security, and ssh

Since 10.5, Mac OS X has had integrated keychain support in OpenSSH that lets one store one's SSH private key passphrase in the keychain. This makes it easy to securely store the passphrase permanently, instead of just per-session or per-boot as ssh-agent(1) does (unless the "Remember password in my keychain" option is not selected, in which case the passphrase is only stored in the memory of the running ssh-agent).

Continue reading 1,199 words...

March 2011

On Tinfoil Hats

posted to writings on mar 23rd, 2011 with tag security

Some time in 2010, Google, Adobe, and "dozens of other high-profile companies" were hacked by the Chinese government. The attack was done through a previously unknown vulnerability in Internet Explorer and considered to be highly sophisticated. The attackers copied intellectual property of these companies and accessed Gmail accounts of human rights activists.

Rather than directly hack into the accounts of those activists, the entire e-mail provider was compromised.

Continue reading 1,375 words...

December 2010

Pipe Event Plugin for Adium

posted to writings on dec 27th, 2010 with tags adium, mac, and pidgin

Back when I used OpenBSD on my laptop and Pidgin for instant messaging, I wrote a D-Bus script to watch incoming messages and forward any to my cell phone that were received while my screen was locked. The script forwarded messages to Prowl's web API, which would forward them to my iPhone using push notifications.

The last time I switched back to a Mac desktop, I had to switch back to Adium and lost the ability to selectively forward messages. While Adium does have an event action to run an AppleScript, there's no way of passing the actual event text to the script, so it has to talk back to Adium and try to find the newest message. The only option was to generate Growl notifications for all messages and then configure Growl to forward them to Prowl. I got fed up with that pretty quickly, so I modified Adium to create a new event type for "messages received while away". That way I could have the Growl notification only on that event, so I would only get messages forwarded while away. That worked better, but it prevented me from being able to go away while still at my computer without getting a bunch of messages queued up on my phone.

Continue reading 547 words...

October 2010

Idea: An Android Tablet "Shell"

posted to writings on oct 31st, 2010 with tags android and ipad

I keep reading stories about these new Android tablets that are destined for failure because they're too big or too small or too expensive. I owned an iPad and sold it after a couple months because I didn't use it enough to justify the cost. While its large screen was nice for viewing webpages or playing games on the couch, it was also one more device that I had to sync, charge, carry around, and possibly pay for another data connection for. With that in mind, I had an idea the other week: why doesn't someone make an Android tablet that just acts like a docking station (or "shell") for an Android phone?

The tablet would essentially be a big screen with no guts. An Android phone would plug into the back of it like the battery of a laptop does (think aluminum Powerbook but without the need for a coin), so that when it was installed, the tablet would be flush on the underside and have the same form factor as an iPad or other tablet. Once the phone was connected, the tablet would provide a larger display for the phone, just like plugging an external monitor into a laptop. The tablet would have no CPU, storage, or memory of its own, and wouldn't even need its own battery (though perhaps it could include an internal one for additional run time). Since the phone is still powering everything, it would still be able to use its WiFi and 3G connections.

Continue reading 527 words...

April 2010

Properly stopping a SIP flood

posted to writings on apr 11th, 2010 with tags asterisk, openbsd, ruby, security, superblock, voip, and work

At about 9am yesterday morning, I noticed on the monitor that the CPU utilization of one of my servers was abnormally high, in addition to a sustained 1mbit/sec of inbound traffic and 2mbits/sec of outbound traffic. syslog messages from Asterisk showed it to be a SIP brute force attack, so I dropped the offending IP (an Amazon EC2 instance IP) into /etc/idiots to block it and went back to my work.

A while later, I noticed the traffic still hadn't died down, so I reported the incident to Amazon and my server's network provider. No luck on either front; Amazon just sent back a form reply stating the incident was forwarded to the EC2 instance's owner (yeah, seriously) and the network provider said they wouldn't bother adding an ACL to their border equipment unless it was needed to protect their entire network. With the IP blocked on my server, the CPU utilization had died down and it was no longer sending out reply traffic, but I was worried about the inbound garbage traffic counting towards the server's monthly bandwidth cap.

Continue reading 831 words...

March 2010

the setup

posted to writings on mar 28th, 2010 with tags mac, me, openbsd, and setup

since i will never be interviewed for the setup, i have interviewed myself.

Continue reading 1,032 words...

January 2010

merging a git repo into a subdirectory

posted to writings on jan 27th, 2010 with tag git, last updated on apr 3rd, 2011

update: this behavior is now supported natively in git with subtree merging.

for a project i'm working on, i need to host a local copy of a remote git repository inside of my project's git tree, but rooted in a subdirectory. it wasn't as straightforward as i was hoping, so i'm writing this so someone else can find it.

Continue reading 394 words...

November 2009

restoring case-sensitive hfs+ volumes with time machine

posted to writings on nov 11th, 2009 with tag mac, last updated on feb 24th, 2011

i've always formatted my mac os partitions with case sensitivity enabled, which usually means formatting a new system and re-installing mac os x as soon as i get it. after installing the 10.6.2 update, i lost my system menu bar icons and was forced to restore from a 10.6.1 backup made the day before.

following apple's instructions, i booted to the snow leopard installation dvd, chose the "restore system from backup" option and thought i was on my way. about 50% into the recovery, the recovery application crashed:

Continue reading 820 words...

September 2009

ruby, snow leopard, and dl

posted to writings on sep 3rd, 2009 with tags mac and ruby

more snow leopard breakage: ruby compiled for a 64-bit processor crashes when doing certain calls through the dl module.

the gd2 ruby module (which just dlopen's the gd2 c library) calls gd2's gdImageStringFTEx function which crashes the ruby interpreter. apparently this is an old issue that is still unfixed in the ruby shipping with snow leopard (1.8.7p72; why so old apple?) or any 1.8.7 for that matter. even after ripping out the old ruby and installing the latest patchlevel (174), it still crashes:

Continue reading 159 words...

on snow leopard

posted to writings on sep 3rd, 2009 with tag mac

pgp doesn't have a (non-beta) version of its whole disk encryption product that is compatible with snow leopard yet, so i was holding off on upgrading once my snow leopard dvd arrived. once i read that i would have to decrypt the entire drive (an ~8 hour process), uninstall pgp, upgrade, then re-install and re-encrypt the drive anyway, i figured i might as well do the first half now and wait for them to finally release the new version. please don't steal my laptop until i re-encrypt my hard drive.

installation of snow leopard was easy and fairly quick. i took screen shots of the drive in finder before and after to see how much disk space i saved, but since snow leopard now reports drive capacities in base 10, both values changed. before it was 6.95gb free on a 148.73gb drive. now it's 23.94gb free on a 159.7gb drive. i'm also not sure how pgp wde affected the disk space utilization, so i guess these numbers are meaningless.

Continue reading 835 words...

July 2009

running multiple x11 instances under mac os

posted to writings on jul 27th, 2009 with tags mac, openbsd, and ratpoison

i am heavily using x11 under mac os x with ratpoison as my window manager. combined with mac's "spaces", this basically gives me full-screen x11 (but not actually full-screen with a root window) and a bunch of xterms in one screen, full-screen firefox in another, and then other mac applications in the rest.

i am also a heavy gimp user, but the attempts to port gimp to mac as a non-x11 app don't work very well at all. since i'm using fink, installing the regular x11 gimp was as easy as fink install gimp2, but using gimp with ratpoison has never been fun.

Continue reading 535 words...

June 2009

my mac os x setup

posted to writings on jun 30th, 2009 with tags ipv6, mac, macbook, and openbsd, last updated on jul 8th, 2009

3 years ago, i was using mac os x as my full-time workstation operating system on a 12" aluminum g4 powerbook. i eventually got annoyed at some hardware issues with the powerbook and some software issues with mac os x, which prompted me to switch back to a new thinkpad x40 running openbsd (and then to a thinkpad x200, then random netbooks running openbsd).

a few weeks ago, i purchased a new 13" macbook pro and immediately tried to put openbsd on it; not so much because i'm an openbsd zealot, but more so because i'm so much more productive in it than in anything else and i quickly get fed up when i can't get something done (and can't fix it).

Continue reading 1,487 words...