Archive for the author ·



Review: “Dreaming in Code”, Scott Rosenberg

no comments

What makes software so hard? Why does it take so long to develop? Why is it always late, always full of bugs, always over budget? In “Dreaming in Code” by Scott Rosenberg, he explores these questions from a historical perspective, and through anecdotes from the Open Source Applications Foundation (OSAF) project “Chandler“. The story of the Chandler project, founded and funded by Mitch Kapor in 2002, serves as an anchor to which Rosenberg attaches the history of software development and management. It turned out to be an interesting choice, since the Chandler project came without a deadline, with “unlimited” funding from Kapor’s pocket, and with very enthusiastic collaborators. Nevertheless, they hit the same hurdles as pretty much any large complex software project have, including being stuck in “software time”, communication overhead, planning and time estimate problems, delayed releases, and thousands of bugs.

Between the project anecdotes, Rosenberg surveys the software development and management literature, and gives a brief glimpse into its history. He frequently comes back to Fred Brooks’ “The Mythical Man-Month” and concludes that the communication overhead grows exponentially, even with today’s online always-connected tools. And there is still no silver bullet to solve it. He touches on various methodologies and processes, including the Capability Maturity Model (CMM); Team Software Process (TSP); Rapid Application Development (RAD); Agile Software Development; Extreme Programming. All of which were supposed to assist a software project and guarantee some kind of success, but which in the end come with their own short-comings and pitfalls.

Given that Chandler is already history, it is not a spoiler for the book to mention that the project failed. It was designed and planned as a native application, right before AJAX and Web 2.0 become buzzwords, and much of the functionality it tried to deliver have now been covered by large web services like Google’s Apps suite, Microsoft’s Office365 and similar. Still, there is plenty to learn from its story.

Learn from it

Rosenberg himself, as well as authors he quote lament the fact that many developers do not take the time to read and study their own profession and history. I have no basis to say whether this is holds or not, however, if it is the case, this book is a good entertaining pick. Despite its age, it is just as relevant today.

If you are or have ever been part of a software project, either as a developer, designer, tester or manager, this book will come with a lot of deja vu moments. Every team believes to some extent that their project, their company, or their goal is special. And because it is special, conventional rules and wisdom does not hold. Usually, history tends to get the last laugh as it repeats itself over and over.

Ubuntu 16.10 on Asus ZenBook UX330

Comments Off

As mentioned in a previous post, I recently got the Asus ZenBook UX330 (UX330CA-FC020T, to be specific). It’s a very light weight 14″ decent spec’ed laptop which runs Ubuntu flawlessly. Here are some notes on installing, and first impressions.

UEFI boot and install

As far as I’ve seen, there are at least two versions of the BIOS around for these machines: The display model had an “old fashioned” ASCII text based BIOS, while the one which got delivered had a new UEFI based GUI. Both can boot the Ubuntu 16.10 64-bit live image, but the Secure Boot just needs some tweaking.

Before getting to boot, it’s important that the partition of the USB stick which holds the image is marked as bootable. In GParted, this can be done with the option seen below. Once that is taken care of, transferring the ISO is easily done with UNetbootin.

Once ready, plug in the USB stick, restart the machine, and hold F2 to enter the BIOS / UEFI setup. (Holding ESC will show the temporary boot selection menu). The “easy” mode can be seen below.

From here, press F7 to enter “Advanced” mode, and use the arrow keys or mouse to tab over to the Security options. Towards the bottom of that tab, there’s a sub-menu for Secure Boot. Enter that menu, and disable Secure Boot.

Use F10 to save and exit, and got back into the UEFI setup with F2 to verify that the Ubuntu live portion shows up as “1100, Partition 1″. From here you can change the Boot settings to select the USB portion first, or use F8 to boot from that only once, which should be all you need to get the installation going.

Ubuntu compatibility

Here’s a list of features I’ve personally tried and confirmed to be working. In summary, this machine looks very well prepared for Ubuntu, with no major draw-backs. The only additional setup which might be worth-while is configuring the touchpad to temporarily disable while typing, as described here.

USB ports Work
SD card reader Works, mounts.
Wifi Detects all networks; connects.
Fast re-connect after suspend.
Bluetooth Not tried
Web cam Works with “Cheese”
Suspend Works; resumes quickly.
From Ubuntu menu, lid close, or Fn + F1
Flight mode
(Fn + F2)
Work, reconnects quickly.
Keyboard brightness
(Fn + F3/F4)
Screen brightness
(Fn + F5/F6)
External display
(Fn + F7/F8)
Not tried
Volume buttons
(Fn + F10/F11/F12)
CPU throttling Not tried


The UX330CA is a decent spec’ed laptop, and there’s a few variations should you want more power. Here’s the selection as it looks in early 2017, comparing to the slightly more expensive UX330UA line.

Price range €750 €930 – €1300
CPU Core M3-7Y30 1 (2.6) Ghz Core i5 7200U 2.5 (3.5) GHz -
Core i7 7500U 2.9 (3.5) GHz -
Max TDP 4.5 W 15 W
RAM 8 GB 8 / 16 GB
SSD 128 GB 256 / 512 GB
GPU Intel HD Graphics 615 Intel HD Graphics 620
Display 1920 x 1080 pixels; 13.30″
anti-glare; no-touch
1920 x 1080 pixels; 13.30″
anti-glare; no-touch
USB 2x USB 3.0 A
1x USB 3.1 C
2x USB 3.0 A
1x USB 3.1 C
SD card reader SD, SDHC, SDXC SD, SDHC, SDXC
RJ45 / LAN No,
comes with USB adapter.
comes with USB adapter.
3.5mm mini-jack 1x 1x
Web cam 1280 x 720 pixel 1368 x 768 pixel
Bluetooth version 4.1 4.1
Wifi version 802.11 ac 802.11 ac
Weight 1.20 kg 1.20 kg
Dimensions (W x L x H) 32.20 x 22.10 x 1.23 cm 32.20 x 22.10 x 1.35 cm
Comments Off

Review: “Amusing Ourselves to Death”, Neil Postman

Comments Off

In “Amusing Ourselves to Death” by Neil Postman, he warns against the perils of television as a communication channel for serious content, and explores why typographic media should be preferred over visual in public discourse, especially in politics, education and religion. He gives examples of how “the medium is the message”, that is, how the channel a message is sent through shapes the message itself. He worries that visual media, television in particular, transforms every message into entertainment, void of context, serious content, or troubling information. He references the fiction in the dystopian worlds of “1984″ and “Brave New World”, to point out “the possibility that Huxley, not Orwell, was right”. (The original foreword and the last chapter argues this eloquently). In other words, we are not suppressed by a surveillance state and dictatorship, but instead distracted by bread and circuses.

Postman’s argument has two main parts: The historical value and importance of the written word as a medium of communication for serious content and public discourse; and the distractions and lack of context in visual communication, especially with television tending to morph every message into brief bits of entertainment.

From typographic to visual media
In the first part of the book, he considers how politics in colonial and 19th century America was mostly conducted and presented through long public letters, or by today’s standards, very long public debates, stretching over many hours in front of local audiences. He is amazed by the attention-span the citizens at that time commanded, and how engaged they were in the politics and arguments of the various politicians. He claims many people at the time would have recognized famous politicians by their writing, but not necessarily by appearance, which is of course the opposite of today’s situation.

In further chapters, Postman looks at how first the telegraph and later the photography changed the media landscape, and how those media shaped the content they channeled through. He traces the beginning of the irrelevant and out-of-context news bits to the telegraph, where snippets from afar could awake as much emotion, if not insight, as local business and news. He continues with discussion about the photograph, and asserts that a picture contains no context but itself. Any additional context is from information surrounding it, or prior knowledge we inject into it.

The medium is the message
To illustrate how the medium shapes and constrains the message, he uses the example of smoke rings for communication: Although they can be used to send very brief messages, it is not possible to conduct a philosophical discussion through that medium. Similarly, Postman argues, television cannot be used to convey serious content, since the visual presentation demands most of the viewer’s attention, and the narration or discussion will tend towards short sound-bites. (As an example of this, look at a site like, which transcribes the audio of most of their short video clips. It is surprising how little text, read in 10 to 20 seconds, which goes with a minute of video).

In addition, most public television is of course funded by advertisement. This directly interrupts and distracts any and all programming, but also dictates the content. The message must be optimized to maximize the number of viewers, and thus eyeballs on their ads. The result can only be one thing: entertainment. Thus, whether the content is news, politics, education or religion, the viewer can never be allowed to get bored, challenged nor offended, lest he skips to another channel.


Postman’s book was first published in 1985. In the 2006 edition, his son, Andrew Postman, points out why his father’s book is even more relevant now. Today, we are surrounded by visual content and entertainment, through the Internet; mobile phones; computers; never-ending TV station streams. Had Neil lived to see our world, he would probably have been even more shocked than he was back then, when an actor was elected US president in 1980.

What makes the book so approachable and readable, is its timeless message about the relevance of the written word for serious communication. Thirty-two years ago, the strongest opposing force was television, while today the Internet brings the same visual entertainment to large parts of the Western population. In fact, the lack of context have gone even further, with services like Facebook, Instagram, Reddit centered around streams of completely random pictures of irrelevant content, often from people we hardly know.

Recent political communication has taken this to a sinister level, when messages are now tailor-made based on a user’s profile. As a result, we might vote for the same party and candidate, but based on different promises automatically designed to appeal to our emotions. The choice of policy is based on the entertainment value of the candidate, or whether he seems like a guy we’d like to sit down for a drink with.

Today, “Amusing Ourselves to Death” is a must-read.

Comments Off

How to disable the touchpad while typing

Comments Off

Most modern laptops come with a touchpad for cursor control. It is typically located below the space-bar, which means it’s easy to rest your palms on it while typing and send the cursor flying. There are two ways to get around the problem: Disable it altogether and use another pointing device, like the red “TrackPoint” or an external mouse; or temporarily turn it off while typing. Here’s how to do both.

First, make sure the these packages are installed:

apt-get install usbutils xinput xserver-xorg-input-synaptics

Permanently disable

Any input device can be configured through the xinput tool. However, as machine configurations will be different, we’ll need to look at what is connected first. This will list internal and connected devices:

xinput list

The first command will list connected USB devices, which might be relevant. The second command will output a list like the following, where each device has an ID, but which will change based on the machine and what is connected. The example below is from a Lenovo Thinkpad with an external mouse, so three hardware pointing devices are listed: The touchpad; the trackpoint; and the external Logitech mouse. Notice the ID for the touchpad, which is 12 here.

⎡ Virtual core pointer                    	id=2	[master pointer  (3)]
⎜   ↳ Virtual core XTEST pointer              	id=4	[slave  pointer  (2)]
⎜   ↳ SynPS/2 Synaptics TouchPad              	id=12	[slave  pointer  (2)]
⎜   ↳ TPPS/2 IBM TrackPoint                   	id=13	[slave  pointer  (2)]
⎜   ↳ Logitech M570                           	id=9	[slave  pointer  (2)]
⎣ Virtual core keyboard                   	id=3	[master keyboard (2)]
    ↳ Virtual core XTEST keyboard             	id=5	[slave  keyboard (3)]
    ↳ Power Button                            	id=6	[slave  keyboard (3)]
    ↳ Video Bus                               	id=7	[slave  keyboard (3)]
    ↳ Sleep Button                            	id=8	[slave  keyboard (3)]
    ↳ Integrated Camera                       	id=10	[slave  keyboard (3)]
    ↳ AT Translated Set 2 keyboard            	id=11	[slave  keyboard (3)]
    ↳ ThinkPad Extra Buttons                  	id=14	[slave  keyboard (3)]

We can query details about a specific device:

xinput list-props 12
xinput list-props 12 | grep Enabled

There are two ways to enable and disable a device: By setting the “Device Enabled” property, or with the xinput command shortcut which does the same:

xinput set-prop 12 "Device Enabled" 0
xinput disable 12
xinput set-prop 12 "Device Enabled" 1
xinput enable 12

Temporarily turn off while typing

You might want to use the touchpad though, and only avoid the “fat fingers” problem while typing. Here the syndaemon tool comes to the rescue. It’s a “a program that monitors keyboard activity and disables the touchpad when the keyboard is being used”. It means, you’ll have to make sure it’s running in the background, typically through the start-scripts of your desktop.

There’s a few settings to play around with and also a CLI client “synclient“. See also the synaptics driver documentation for more options.

Having this in a startup script will cover most common use cases:

/usr/bin/syndaemon -i 1 -t -d

Comments Off

Linux compatible notebooks and laptops

Comments Off

You’d think that there would be a sizable market for a Linux based laptop, but Microsoft maintains its stronghold, and if anything it’s getting harder to buy random hardware and expect it to just work. Due to the UEFI bootloader; Secure Boot; various proprietary buttons solutions; touch screens; and no or little support from the hardware vendors. After doing a bit of research in small and mid-range notebooks and laptops that works with Linux, here’s a brief summary.

Most of the newer devices were evaluated with a USB live version of Ubuntu 16.10 64-bit.

(Disclaimer: This is not meant to be an exhaustive list of all available brands or Linux compatible devices. Please take it as a snapshot in time of the laptops which happened to be available in my local market. Also note, beyond being a consumer of some of the mentioned laptops, I’m not affiliated with any of them).


The Lenovo Thinkpad is still top of the line when it comes to business laptops. After using the Carbon X1 2016 4th generation edition for about half a year, it’s a sure all-time favorite. It’s available with Intel’s 7th generation Skylake CPU at various speeds, it does not get warm and uses little battery, which again makes for long battery life. A full working day without carrying a charger is usually not a problem.

Any Lenovo Thinkpad you’ll pick up will support Linux easily. It has a huge community and following, which means drivers, special buttons, sensors etc. get support quickly. The exception might be some of the more exotic variants of the Yoga Book (which run Android). In general, booting and installing any version of any GNU/Linux distribution is not a problem.

The downside is of course the price. At 1500 to 2500 Euros, it can be a tough pill to swallow if you’re buying new. However, there is also a healthy used-marked, so if you’re willing to wait a bit longer to get the latest tech, it’s a good compromise.


In hardware circles, ASUS is perhaps more famous for their high quality motherboards, but they also have a healthy range of laptops, many of which support Linux. I looked at a few models, with the ZenBook as the clear winner.

ZenBook UX330

These are nice! In fact, there’s a wide range of configurations colors and prices, most with 13.30″ full 1080HD screens, some with touch screens or larger screens. The cheapest version is now around €750 for an Intel m3-7Y30 dual core (4 threads). At only 4.5 W TDP, it does not get warm and is fan-less. It comes with 8 GB RAM and 128 GB SSD which is decent. Best of all, it’s only 1.3 kg, so just as light as the Lenovo Carbon.

There seems to be a few different BIOS versions on these models. The traditional text-based BIOS had no problems booting the Live USB. However, with the UEFI version, a bit of fiddling with Secure Boot and Boot Priority was required. Turning off Secure Boot and making sure USB partition was marked with a “boot” flag fixed it. (Spoiler alert: I’ll get back to this in a another post, as I already bought this machine).

Furthermore, on Ubuntu 16.10, everything works out of the box: Wifi; suspend; all function buttons: volume; screen dimming; flight mode; touch pad enable/disable. Battery life looks promising at around 10 hours.

The higher end versions, with i7 CPUs; 16 GB RAM; 256/512 GB SSD are probably the closest competitors to Lenovo’s light weight laptops at the moment. At about 25% lower price, they might certainly be worth considering.


The Eee line from a few years back were nice super-small “ultrabooks”, albeit somewhat under-powered by today’s standards. A more recent edition, the R105HA is a €240 2-in-1 11″ detachable table and keyboard. It has a USB A slot; it booted to the GRUB menu, but failed to load the Live UI. It could be that it’s not a x64 based CPU at all; not sure.


A bit further up the range, but at similar price there’s the E402SA. It’s a 14″ laptop, with full sized keyboard, but only 2 GB RAM and 32 GB SSD. Still not bad for €280. It booted the Ubuntu live stick fine. Wifi; volume buttons; suspend works. Screen dimming works, but not through the function-buttons. The main downside is the cheap keyboard, where the SPACE-key is hinged in the middle, so it might not register a thumb-click in its corners.


I’m not familiar with this brand, and it could be only a label on generic OEM devices of some kind. However, I thought it was worth including, since they had the cheapest smallest notebook I came across.

PNB C111

This is an 11″ but full 1080HD laptop with a tiny keyboard; think early Asus Eee. The €180 version comes with an Intel Celeron N3060 CPU; 2 GB RAM; 32 GB SSD. It is light, but feels plasticy. And as mentioned, the keyboard is cramped, even for small fingers.

It booted the Ubuntu 16.10 64-bit live image fine, and wifi; volume function keys and suspend all work out of the box. Screen dimming also works, but not through the function buttons (this seems to be a common problem).


HP and Dell

There were a few HP and Dell laptops in the shops I went to, but where I tried, none of them would boot the USB image. This could be down to bad luck; the Asus Zenbook was also difficult in UEFI mode, however, I’m not sure they are good options at higher prices than the Zenbook range.

System 76

This is one of the long time dedicated Ubuntu Linux hardware retailers. They don’t make their own hardware though, and instead merely put their name on OEM devices. The problem is, as much as I’d like to support a Linux hardware vendor, it comes at a very high price for mid-tier hardware. Of course, they put extra effort into making sure the drives are all available for their products, including keeping their own driver package repository running, but I’m not sure it’s worth it.

The version I have experience with and bought was the “Gazelle Professional” for some $1300. (New edition here). It works and has been running for five years, it’s nice, but extremely heavy even for its time. At some 4 kg with the charger, it can no longer be considered portable. The newer version in the picture above is the Lemur, at 1.6 kg and starting price of $700.

Comments Off

Asus Thinker Board

Comments Off

Asus recently released their single board computer “Thinker Board”, modeled on the same form-factor and pin layout as the Raspberry Pi 2 and 3, and at the same price point. It comes with some interesting upgrades over the RPi 3: 2 GB RAM (over 1 GB); 1.8 GHz quad core (over 1.2 GHz quad) dedicated Realtek 1 Gb/s Ethernet; Realtek audio codec; and support for 4k HDMI out. It could make both a good media player platform, as well as a usable desktop box.

In their early review, Hackaday laments the lack of website and community. The former has since been addressed, and Asus’ official site is actually rather slick fun and informative, and includes a Debian based OS ISO and other downloads. They have also put up a Facebook page, but it’s mostly linked product reviews and blog post for now.

Comments Off

Linus: Hash function as identifier vs. crypto security

Comments Off

Linus had an interesting observation last week, after it was announced that collisions could be found for the SHA1 hash algorithm. On the “Shattered” page, they declare that everything is broken, from cryptographic signatures to backup systems, and git. Linus however, refutes this, noting that the use of SHA1 in git is not for security, but rather as an identifier for the commit.

In fact, as is pointed out in the comments section of Linus’ post, git could probably have gone with a CRC 160-bit function (the default SHA1 is 160 bits). Or, if there was no need to relate the ID directly to the submitted code, an UUID would also have been fine.

The point is, security does not exist for itself, but rather as a reaction or mitigation to a threat. If the threat is cosmic rays or disk corruption, assuming no other intentional attack, and all that is required is to detect when there is a bit-flip, CRC, MD5, SHA1 are all fine alternatives. However, for dealing with encrypted messages, keys and signatures, other algorithms are needed. As for git, the biggest threat there is not bit-flips, accidental or malicious. Rather, it is the incorrect behaviour and functioning of the code in the repository. And for that, the solution is not hash functions, but unit tests. As Linus points out, you will definitely notice if characters and code is flipped around.

Comments Off

Expanding police and surveillance powers across Europe

Comments Off

In January, two interesting and thorough reports on expanding police and surveillance powers across Europe were published: Amnesty International published a 70 page report which summarizes its research into expanding police laws across EU and the troubling consequences to innocent citizens. It was followed up by an opinion piece in The Guardian by one of its authors, John Dalhuisen.

The second report was by Privacy International (original), and analysed the expanded surveillance and data retention powers in UK, Germany and France.

Each report paints a grim picture of the state of human rights and privacy across the EU. Overall a somber picture emerges: The liberty and freedom we have enjoyed over the last quarter of a century is eroding. Add to that the sweeping wind of right-wing nationalist politics across the continent, and the alarm bells should be ringing.

Too often, the counter-argument in this debate is “if you’ve got nothing to hide, you’ve got nothing to fear”, or the corollary “I’m too boring for the state to be interested in”. Glenn Greenwald does a good job of dispelling that argument in his book “No Place to Hide”. He points out that surveillance stifles self-expression, creativity and experimentation. On a state level, its very purpose is to hinder deviant and radical thought and action. As such, surveillance and lack of privacy is an obstacle to political and cultural progress.

Given that mass state surveillance harms us all, our individual relation with the state authority, and whether we personally feel we have anything to hide or not, is nonessential to the debate. It is irrelevant if you yourself is involved in politics, opposition groups, and protests. Surveillance harms everybody, depriving us of freedom, and hindering political, cultural, and human progress. It makes us complacent, unable or unwilling to question authority.

Dangerously disproportionate

In their report, titled “Dangerously disproportionate”, Amnesty International analyses events and laws passed in 2015 and 2016 in multiple EU member countries, including UK, Germany, France, Holland, Spain, Poland, Hungary and Austria. They look at new emergency powers; legality of laws and powers; the right to privacy; freedom of expression; right to liberty; freedom of movement; and stripping of nationality. In each section, Amnesty International specifically calls on EU member states to respect established Human Rights and the rule of law. They provide multiple examples from the various states where it is questionable whether the police and the executive branches have acted legally, against their countries laws or against basic human rights.

The report is well written, and comes with several insightful and well placed warnings. Amnesty International is ringing the alarm bells, and points out that the governments of Europe are now the biggest threats to their own nations and freedom of their people:

“Ultimately, however, the threat to the life of a nation – to social cohesion, to the functioning of democratic institutions, to respect for human rights and the rule of law – does not come from the isolated acts of a violent criminal fringe (…), but from governments and societies that are prepared to abandon their own values in confronting them.”

Terms like “the enemy” and “terrorism” have always been deliberately vague. This is now causing real problems when such vague and undefined terms are used as part of laws:

Because there is no universally agreed definition of “terrorism” under international law, states and international bodies have created their own. In that process, over the years, definitions of terrorism have become ever more vague and overly broad. This lack of clarity in many counter-terrorism laws has led, in turn, to a lack of certainty regarding what precisely constitutes an act of terrorism. If people can’t tell whether their conduct would amount to a crime, they cannot adjust their behaviour to avoid criminality. The consequences can be significant, ranging from the profiling of members of certain groups thought to be more inclined toward “radicalization”, “extremism”, or criminality based on stereotypes – i.e. guilt by association – to the outright misuse by states of laws that define terrorism loosely to deliberately target political opponents, human rights defenders, journalists, environmental activists, artists, and labour leaders.

Mass surveillance is still illegal and against Human Rights:

Any communications surveillance measure used must be strictly necessary and, to the extent that it interferes with people’s rights, must be proportionate in the particular circumstances of each case. The cornerstone of lawful communications surveillance is that it is individualized and based on reasonable suspicion of wrongdoing.

Indiscriminate mass surveillance, in effect a fishing expedition and “just-in-case” retention of people’s communications and data, is the antithesis of this. States may refer to indiscriminate mass surveillance practices by other names – “bulk” rather than “mass”, “collection” or “interception” rather than “surveillance” – but linguistic gymnastics do not make the practices conform to human rights standards.

When laws are vaguely defined and the state can monitor everybody all the time, this is causing a chilling effect on freedom of speech, thought and expression. Simply clicking on the wrong link can be enough to land somebody in trouble. The report points out how musicians and other artists have already been the target of discrimination and “terrorist” laws.

The right to freedom of expression has been under direct and sustained assault across Europe in recent years. Measures that seek to curb speech and other forms of expression, taken cumulatively, reflect a landscape where freedom to access information, offer opinions, exchange ideas, and engage in robust and challenging debate – publicly or online – is in rapid decline. The risk that a person could be labelled a security threat or “extremist” has had very real consequences for some people as the examples below illustrate, while the “chilling effect” that such measures creates has left the public space for free expression smaller and more impoverished than it has been in decades.

Finally, the report discusses freedom of movement, and the dangerous trend towards “preventive measures” and “pre-crime” initiatives without the rule of law:

Indeed the extent of the remove can be seen from the fact that states are criminalizing not just the preparatory act of travelling abroad with the purpose of committing a terrorist offence, but also acts preparatory to the preparatory act of travelling abroad with this purpose. The problem here is that acts such as browsing “extremist” websites and looking up the price of flights to Istanbul can all render people liable to prosecution, long before individuals may have made up their minds to commit a terrorist offence, or without their ever even having contemplated it in the first place.

Mass Surveillance in Europe

The Privacy International report is shorter, but just as interesting and worrying. It covers the British “Snoopers Charter” or Investigatory Powers Act (IPA); the German Communications Intelligence Gathering Act (“Ausland-Fernmeldeaufklärung des Bundes-nachrichtendienstes”); and the French International Electronic Communications Law (“mesures de surveillance des communications électroniques internationales”). For each law, the authorized powers, oversight, and power over privileged communication is examined.

Although the terrorist attacks in these countries over the last years are driving forces, many of the laws being passed now seems to have at least some relation to the EU Data Retention Directive, issued a decade ago, in 2006. Although that was annulled by the EU Court of Justice in 2014 for “violating fundamental rights”. Still, similar and broader laws are now in place in many EU member states.

The report concludes:

The leaders of Germany, France and the UK are setting a dangerous precedent which echoes within the European Community and far beyond it: Mass surveillance by governments has become the new normal.

No sanctuary in Switzerland?

Upon till recently, Switzerland was a sanctuary of privacy and secrecy of private information and financial information. The latter was shattered a few years back, when the US threatened to throw out the Swiss banks if they did not disclose account details on what US citizens held. The former came under attack in 2015 and 2016 when two separate data retention and surveillance laws were enacted and passed. The BÜPF – “Überwachung des Post und Fernmeldeverkehrs” (“Monitoring of post and telecommunications”) and the NDG – “Nachrichtendienstgesetz”, an extension to the existing national intelligence law. There’s a discussion of both here, and more details by ProtonMail.

The laws call for all communication channels and services to retain certain metadata about the communication for a year, which apparently includes any open wifi hotspots; IRC chat rooms; email and chat services; message boards and so on. Again, similar laws which were declared illegal for violating fundamental rights by EU Court of Justice in 2014 have become national law. Furthermore, the laws make state hacking and wiretapping legal.

Even though Switzerland is neutral, they maintain close ties to the US, including data sharing agreements through the Privacy Shield Framework, like the other EU countries. (The double-speak has really gone far when “privacy shield” is a name for business and government information sharing). Furthermore, regarding financial details, Switzerland is taking part in the Automatic exchange of information (AEOI) program, under the guise of detecting tax evasion.

An interesting note about the “Nachrichtendienstgesetz” extension is that it met strong resistance, and ProtonMail were amongst activists who gathered enough signatures for the 2015 proposal to go through a national referendum, as is required in Switzerland. The only problem: they lost. On 25 September 2016, the vast majority at 65.5% voted in favour of the law. Although only about 43% of eligible voters cast their vote, the outcome was similar across all cantons, and therefore we must assume representative of the opinion of the population as a whole. It goes to show, that even in Switzerland when the choice stands between privacy and security, people will give up their privacy.

Comments Off

808 documentary

Comments Off

As a follow-up to the TR-8 post, here’s an interesting and entertaining documentary about the original drum machine TR-808. Featuring plenty of colorful characters, from Afrika Bambaataa with a knife as a hairpin to Goldie with his mouth full of gold, it’s a fun watch. There’s other famous artists as well, including Norman Cook (aka. Fatboy Slim); Phil Collins; Felix Da Housecat; Tiga; Armand Van Helden and many more.


Comments Off

Roland TR-8: Techno beats!

Comments Off

The Roland TR-8 drum machine is the prefect complement to the TB-03 synthesizer. In the TR-8, you can find the old school beats of the TR-808 and TR-909, plus more. There’s a smooth heavy bass drum; a snare; toms; claps; hiats; and cymbals. The ride-cymbal in particular gives a nice spacey sound when used in combination with some delay, and perhaps one of the scatter effects.

There are multiple input and output options, including analog connectors, MIDI and USB. The TR-8 syncs fine over MIDI with the TR-03, as slave or master. However, I was surprised to find that connecting the USB to an old computer did not go so well; it somehow interferes with the clock, so notes are skipping, even when nothing is connecting to MIDI nor audio on the computer.

Roland has a somewhat cheesy tutorial here, while this guys talks about the “hidden” features in the “boot mode”.

Finally, my own MIDI monitor is starting to come along, and can now understand both TB-03 and TR-8 messages, including all special controllers. The PatternHistory is already useful to see which notes and patterns are playing. So far only one instrument at a time is supported, but more is coming.

Comments Off

Roland TB-03: Old school acid

Comments Off

The Roland TB-03 is a remake of the famous TB-303 bass synthesizer which defined acid techno since the late 1980s. The TB-03 recreates the squeaks and high pitches of original. The button and knob layout is mostly the same as the original, but with a few extra features: A four digit LCD display is added, which makes it easer to keep track of programmed patterns and tempo. Another modern feature is the micro USB port, which exposes a 24-bit/96kHz audio interface and MIDI. It can be powered by USB or 4 AA batteries.

I was lucky to be gifted one for Christmas, so have had only little time to try things out. So far I’ve gone through the brief but instructive videos from Roland’s own Youtube channel listed below; plugged it in over USB and seen the MIDI messages in midisnoop (packaged in both Debian and Ubuntu); and programmed a snippet inspired by Josh Wink’s “Higher State Of Consciousness”.

TB-03 Quick Start video

  1. Installation
  2. Using the Knobs to Adjust the Sound
  3. Pattern Playback
  4. Pattern Write (TB-303 Original Mode)
  5. Pattern Write (Step Recording Mode)
  6. Playing/Editing a Track

Also useful, this trick to copy patterns, using the Original 303 Mode.

Comments Off

Raspberry Pi headless install

Comments Off

The minimal “lite” image of Debian 8 (Jessie) is an excellent choice for a headless Raspberry Pi. After downloading to the SD card, these notes from Dmytro Bobkov covers the basic initial setup, while wifi setup from the command line is explained here. More details on CLI wifi on Debian in a previous post here.

If there is no screen or keyboard available, the SD card have to be prepared before the initial boot. Mainly to make sure SSH is running, so you can log in. This discussion covers the topic. However, if things are not working at once, a few debug statements can help. E.g., add as needed in the config file (change the IP as needed to your laptop or machine):

echo "$_IP" | nc 10100

echo "ssh has started" | nc 10100

On the other end, receive the messages by:

while true; do nc -l 10100; done

Finally, you might want to add a few extra packages, based on what you want to use the device for. These might come in handy:

apt-get update
apt-get upgrade

apt-get install htop itop atop git tig tree autossh nmap rsync lynx links emacs

Comments Off

cryptsetup basics

Comments Off

Talking about encryption in the previous post, I realized there are a few details I keep having to look up. This is a collection of the Frequently Asked Questions about cryptsetup formatting and mounting.

Note: For all the following examples, the example device /dev/sdX is used. It’s a device and file which doesn’t exist, on purpose. When replacing with your own e.g. /dev/sda or similar, be careful!

Formatting a new physical drive

Before working with a new drive, it’s recommended to check for bad blocks, to confirm it’s not a DOA (Dead on Arrival). If it is, you might want to claim it on the warranty immediately to avoid losing data in the future.

This command will check for bad blocks, as well as fill the disk with random data to better hide the encrypted volume later:

badblocks -c 10240 -s -w -t random -v /dev/sdX

Next is the partition setup, where all you need is a new cleared (similar to unformatted, but actually cleared) partition. In the gparted UI it’s simply “New -> Cleared -> Apply”, while on the CLI it would go something like this, to create an optimally aligned, primary partition.

parted /dev/sdX mklabel gpt
parted -a optimal /dev/sdX mkpart primary '0%' '100%'

Now, coming to the encrypted volume, you could just use a passphrase, and skip the first line, or store a salted hashed password in a key-file. The benefit of the latter, is that it will generally be a more secure key, and yet you could re-created the keyfile if you lost it, assuming you remember both the password and the salt.

mkpasswd --m=sha-256 --salt='SOME_SALT' | tr -d '\n' > /tmp/key-file

cryptsetup luksFormat /dev/sdX1 /tmp/key-file
cryptsetup open /dev/sdX1 unenc --key-file /tmp/key-file

Notice the mapping name “unenc“, which can be anything of your choosing.

Finally, format and mount the drive. Here, the ext4 file-system is used, with 1% reserved for system

mkfs.ext4 -m 1 -O dir_index,filetype /dev/mapper/unenc
mount /dev/mapper/unenc /mnt/tmp

Creating an encrypted file volume

In some cases, it is useful to encrypt only a small part of the disk, or even move the encrypted container around. A loop device can create a filesystem inside a file residing on any file system, be it USB stick, network mount or local disk.

First, you will have to create an empty file. The dd command will copy zeros to the specified filename. The total size is block size times count, or 500 MB in this example:

dd if=/dev/zero of=myfile bs=1M count=500

Then establish the loopback. It will become available on /dev/loop0, and can be formatted and mounted like any other block device.

losetup /dev/loop0 mycryptfile

Now repeat the luksFormat and filesystem format commands from above:

cryptsetup luksFormat /dev/loop0
cryptsetup open /dev/loop0 mycrypt
mkfs.ext4 -m 1 /dev/mapper/mycrypt
mount /dev/mapper/mycrypt /mnt/tmp

Key managment

Most of the cryptsetup commands above have at least two options when dealing with the keyslot: A passphrase and a key file. Typically, a passphrase is typed in on the prompt when unlocking the partition or modifying the other keys, while a key file is supplied using the –key-file argument. In terms of security, the first is “something you know”, while the latter is “something you have”.

To list the active keyslots use the following command. It will work both on an open and closed partition.

cryptsetup luksDump /dev/sdX

To add a new key with a prompted password:

cryptsetup luksAddKey /dev/sdX

or a randomly generated key-file:
dd bs=512 count=4 if=/dev/urandom of=~/keyfile_for_sdX iflag=fullblock

cryptsetup luksAddKey /dev/sdX ~/keyfile_for_sdX

To erease one of the existing key-slots, assuming you have more than one.

cryptsetup luksKillSlot /dev/sdX <key slot number>

You might also want to backup the LUKS header, which includes the key-slots, so in case you overwrite existing keys, you can restore the header and unlock with the old keys. It should be noted, that this header will then be able to unlock the partition given any password or keyfile in its keyslots. So, even if you change a password, the old header can be restored and an old password used to unlock. Therefore, it should be considered a secret file and stored securely just as the key file.

cryptsetup luksHeaderBackup /dev/sdX --header-backup-file ~/header_for_sdX

Finally, you might need to wipe the whole encrypted volume. You can do this with the luksKillSlot command, or manually remove all keys, and then change or add the remaining one with a password or keyfile you later remove or forget. E.g. by generating a key-file on the RAM disk /dev/shm, and then rebooting to lose it.

Comments Off


Comments Off

Tasked with setting up another NAS solution, I went for the simple 4-bay QNAP TS-431P, since the previous QNAP gave a good impression. This one does not have HDMI; in fact the only external ports are three USB 3 ports and two RJ-45 Gigabit Ethernet – no eSATA. Compared to its previous version, TS-431P has double the amount of RAM (for a total of 1 GB), and a slightly faster CPU. Software is as expected from QNAP.

The following describes the standard disk layout when using a single / stand alone disk, which still gets formatted as RAID + LVM, and optionally an encrypted partition.

Windows shares setup is covered at the end.



The QNAP NAS OS supports encryption, and I wanted to evaluate how secure this is in terms of failure. That is, if a disk fails, or the NAS itself fails, can you recover the data from the remaining disks. You can, but there are a few steps to watch out for.

First of all, even if each disk in the NAS is set up as “Single Disk / Stand Alone”, using no RAID, the NAS will still configure each partition on the separate disks as RAID partitions and in a LVM2 single volume group. That means you’ll need the Linux RAID and LVM tools and commands to mount. (Some useful discussion here).

General install, scan and list commands:

apt-get install mdadm lvm2

mdadm --assemble --scan
cat /proc/mdstat


And to mount, use the example commands below.

Note: The device names and volume names will most certainly be different. Use the commands above to understand the layout of the disk you’re working with.

Also note: if the mdadm scan command does not make all the RAID partitions available, it could be due to an existing /etc/mdadm/mdadm.conf file. You could try to rename it to mdadm.conf.old, or append the RAID details with mdadm –detail –scan >> /etc/mdadm/mdadm.conf. See here for more.

mdadm --assemble --scan

vgchange -ay vg1

mount /dev/vg1/lv1 /mnt/tmp

That should mount the drive, however, if you are working with an encrypted drive, you’ll need one more step before the mount command works, so ignore the last line and continue reading.



If you have followed the steps above, and type lsblk, part of the output will look something like this. It shows the layers so far: from the physical partition (sdb3) to the raid1 partition (md126), which contains two LVM logical volumes. In this case, the second is the LUKS encrypted main partition.

├─sdb3              8:19   0   3.6T  0 part  
│ └─md126           9:126  0   3.6T  0 raid1 
│   ├─vg288-lv545 254:1    0  37.2G  0 lvm   
│   └─vg288-lv2   254:2    0   3.6T  0 lvm   

So, we continue to decrypt, and mount it. Using cryptsetup luksDump, you can confirm that there is only one keyslot on the encrypted volume, which uses the paraphrase you typed in when installing the drive. However, the password is salted and MD5 hashed, so you have to generate a key-file with the new key. The salt is YCCaQNAP when using the mkpasswd tool, but encoded as $1$YCCaQNAP$ when calling the crypt library. Also make sure the key-file does not contain a newline.

cryptsetup luksDump /dev/vg288/lv2

mkpasswd --hash=md5 --salt='YCCaQNAP' | tr -d '\n' > /tmp/key-file
cryptsetup luksOpen /dev/vg288/lv2 unenc_lv2 --key-file /tmp/key-file

mkdir /mnt/tmp
mount /dev/mapper/unenc_lv2 /mnt/tmp

You now have access to the data files on the drive.

Coming back to the original question: Is this a resilient way of storing files? There are certainly a lot of layers, and although they each are well established technologies, they add complexity. Especially in the scenario when you would need to do the recovery it adds additional stress. Ideally, a single partition, no RAID, no LVM could be used. However, it seems that is not possible with the stock QNAP OS, since it will format any drive which is added to the NAS in its own way, including the RAID + LVM stack. In fact, this warning from the user manual is worthing taking careful note of:

Caution: Note that if you install a hard drive (new or used) which has never been installed on the NAS before, the hard drive will be formatted and partitioned automatically and all the disk data will be cleared.


Windows shared folders

The Windows sharing is easier to set up, but not without hurdles. On the local network, it typically will work out of the box when you point Windows Explorer to \\NAS_DOMAIN. If you need to connect across a firewall, you’ll have to open or forward at the minimum TCP 139,445, but possibly more ports on TCP and UDP.

The problem is that when sharing these ports cross the Internet, you will very likely run into other firewalls. ISP might block the default 139 or 445 ports. Although it is possible to port-forward to non-default ports, and this will work on Mac and Android, Windows will not accept it. A work-round if all else fails is therefore to set up a VPN or tunnel. Using SSH, this can easily be done with:

ssh -L -L admin@remotehost

Here it is assumed the NAS has DNS “qnap” on its local network, otherwise, replace with it’s IP. You might also want to forward 8080, forward SSH on a different port (e.g. 2222), as well as keep it running with autossh:

autossh -M 12340 -f -N -p 2222 -L -L -L admin@remotehost

Finally, if using only Windows machines to connect to the shares, there is the option of combining multiple shares into one. However, if other OSes also connect, you probably want to skip that.

Comments Off

Linux Credit Card

Comments Off

The Linux Foundation is offering a credit card as a way to donate to their cause. There’s an initial $50 price, and then the points which normally gather dust on other credit cards will automatically benefit them. And the card features Tux!

Comments Off