Category Archives: tech

Should you easily hand over those encryption keys to the law?

Leave a reply

Don’t try this in India yet, but in US, a district court is about to judge on whether you have to hand over encryption keys to the law if asked. Or can you decline because that is akin to self-incrimination? Given that the general pattern in our country of late is that you are guilty till proven innocent, trying this at “home” is probably only going to get yourself convicted,

I personally feel that the point of deliberation out here is on thin ground. If you can get a magistrate’s order to get a search warrant for a house, I don’t see how that is different from a similar warrant to search your computer. The difference is that one key is physical and the other is not.

Article link

One of the highlights of the upcoming Windows 8 is …

Leave a reply

.. the easing of reinstalling it. I am not joking. Here is the official blog post about this: Refresh and reset your PC

As Business Insider says it well:

Think about any other product that is so unreliable and degrades in performance with such predictable regularity that the next version will have a feature that makes it easy to WIPE IT CLEAN and start over. Is that a product you’d be super-excited to buy?

Looking forward to the future OS of choice for all the corporate IT environments out there. :)

To be fair, this was really my biggest request from Microsoft. Kudos for them for swallowing their ego and going ahead and giving customers what they want.

The incoming Secureboot/Restrictedboot war

1 Reply

For those who aren’t aware of this, FSF (Free Software Foundation) has been running a campaign for the last few months about Microsoft’s malicious Secureboot initiative (which FSF calls restricted boot). Given the mostly Microsoft friendly corporate IT environments out there, I think this is one topic on which most employees should be very aware.

A nice summary of the issue can be read up at:
http://www.theregister.co.uk/2011/10/18/fsf_windows_8_campaign/

Apparently, Microsoft is practically arm-twisting OEM manufacturers to implement Secureboot to be able to install Windows 8 on their systems – it is a Windows 8 requirement. And most Windows loving IT departments around the world are only too eager to go ahead with this just to be able to install the “latest and greatest” from Microsoft. Combine this with a decree … umm … “security” policy to never remove Secureboot from office laptops, and you can be rest assured that Linux will never be found on business laptops ever. (Speaking on security policies, how come these IT folks never admit that Windows itself is their biggest internal security threat, is something I could never understand )

This would be a good time for you to send this message to similarly interested friends working out there, so that they can encourage their IT departments to not fall for this DRM/anti-Linux trap.

Here is the official FSF campaign page:
http://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/

If you read carefully, you will find that FSF’s main issue is not just the secureboot spec itself, but rather how it gives OS/manufacturers a way to lock you out of your own hardware.

If this becomes mandatory, you will never be able to install Linux and other FOSS OS on even computers you buy yourself. You will never be able to reuse old computers for barebones Linux server installs and the like.

Blog merge

Leave a reply

There was a time when I used to blog frequently. After the age of twitter, it reduced. But rather than keeping on writing, I focused on an issue which was a lower priority – splitting up blogs so that the topics do not collide. That was in 2008, today it is 2012. I have posted only about two dozen entries in over 3 years.

Do you know how many blogs I have ended up maintaining? Five! That is madness, and it needs to stop.

The idea earlier was to not put off people who are going to be at best irritated if not offended by my other interests and world views.

I think that ship has sailed. Far lesser people read my blog than my Facebook and Twitter posts, and by now people know what kind of person I am. :)

So, one of my 2012 resolutions is to forget what I feel about people reading this blog :-P . No seriously, it is to use this blog itself for all my ramblings – tech, politics, food, whatever. So if you are one of those rare persons who follow my blog, be prepared to unsubscribe. :)

If you want to just get my tech posts, use this feed instead –
http://feeds.feedburner.com/SandipBhattacharyaTech

Vim git commit color weirdness

Leave a reply

I have been noticing that writing a commit message in git just like I have been doing in svn or CVS gives me a rather colorful output (see the credited link below for a screen grab).

Searching on the web led me to this post about someone else who found it odd and actually posted about it.

Turns out that the vim syntax file is trying to point out git commit messages best practices.

Here is a good ref for that.

To summarize these:

  • Git commit messages are written as in a mail, because they can actually be sent as an email.
  • Keep text wrapped at 72 chars, like in most plain text email.
  • Use the first line like the subject of an email – a summary of your changes. Should be 50 characters or less. Anything longer is fine too, just that it can get truncated in git log summaries.
  • Leave the second line blank
  • Put the details from third line onwards. Think of this as the body of the message.
  • Write commit messages in present tense. Well, vim syntax doesn’t check this :) but I am just noting this here because I generally tend NOt to do this.

Fedora 15 Fixes

1 Reply

Spending all my time at work with Redhat’s suite of products and at the same time sticking to having my primary working OS to be Ubuntu was causing too much dissonance. So I finally decided to move to Fedora as my primary OS after 6 years of Ubuntu. My guess was that as a desktop user, beyond packaging issues, the transition is going to be minimal. But as with any new release, there are always some niggling issues, and I am going to document them here in one place as I continue to find them.

Selinux issues

SElinux is enforced by default on F15. For once I think I will not fight this. This would be a good opportunity to learn selinux properly. However, there are some application errors because of this:

  • Google chrome config files have wrong selinux labels causing some extensions to repeatedly crash. [Bug 710273]. The fix is to run restorecon -R ~/.config. (Source: Randell’s Blog)

Gnome issues

Fedora 15 includes Gnome 3, which requires a major re-learning for doing every day stuff. The settings applications is missing a lot of config options which I was using earlier in Ubuntu. It turns out that Gnome 3 hides a lot of these settings by design. Unfortunately, this means that people will need to learn additional tools to do what they want.

  • Appearance changes: Install the gnome-tweak-tool package to customize fonts, window behaviour, etc. (Source: Rajaseelan.com)
  • Virtual Workspace location direction in Gnome 3 changes from left-right to up-down. So to move from workspace 1 to workspace 2, you need to press Ctrl-Alt-Down.
  • Application menu and shortcut toolbar has disappeared. To see it, take the mouse cursor to the upper-left corner of your screen (hot spot).
  • No visible option to shutdown. Lock screen, logout, switch user, suspend, but no shutdown. To do this, you need to press the Alt key, while clicking on the status menu (the one with your name in the top right corner) and the “suspend” key will change to shutdown. (Source: Arch linux wiki)

Lots of Gnome 3 tips at the Archlinux wiki.

Quick tip: Making ssh agent work in screen sessions

1 Reply

The only annoying this I find in the otherwise indispensable GNU Screen is the fact that once you have launched screen (not resume) and have detached and logged off the first time, ssh-agent magic stops working in the screen sessions.

Obviously this is because the next time you login, your ssh agent socket changes but the screen sessions still only have the location of the ssh-agent socket when you launched screen for the first time. The end result is that you start typing out passwords all over again, risking inadvertently revealing them to your colleague while you are showing him some stuff at your workstation.

There are scores of workarounds all over the net of how people have solved this problem. I just wanted to post here about how I work around this.

The work is actually done at the bottom of my .bashrc which reads:

case "$TERM" in
    screen)
      source ~/.bashrc.ssh
        ;;
        *)
      echo "export SSH_AUTH_SOCK=${SSH_AUTH_SOCK}" > ~/.bashrc.ssh
      ;;
esac

This will ensure that all new shell sessions in screen going forward will have the right ssh-agent socket info. For the sessions which are still open, just do a source ~/.bashrc.ssh whenever you login next and resume screen.

ISP data caps taken to court in US with very convincing arguments

Leave a reply

We Indians have been cribbing about ISP data caps for broadband called very insultingly as Fair Usage Policy (FUP), but I have heard few making a very good case about why this is a bad idea for the market. And how the ISP’s justifications of minority data hoggers is a case of Bull*.

But I just heard about a very good case being made against such data caps in the US broadband market. Two prominent Washington DC tech policy groups have asked the Federal Communications Commission to investigate Internet data caps in the US—with a special focus on AT&T.

Unlike competitors whose caps appear to be at least nominally linked to congestions during peak-use periods, AT&T seeks to convert caps into a profit center by charging additional fees to customers who exceed the cap. In addition to concerns raised by broadband caps generally, such a practice produces a perverse incentive for AT&T to avoid raising its caps even as its own capacity expands.

The lower cap for DSL customers is especially worrying because one of the traditional selling points of DSL networks is that their dedicated circuit design helps to mitigate the impacts of heavy users on the rest of the network. Together, these caps suggest either that AT&T’s current network compares poorly to that of a major competitor circa 2008 or that there are non-network-management motivations behind their creation.

It is time Airtel and it’s ilk is taken to court for the FUP scam they are running in the broadband market. Thanks to these greedy operators, India still has one of the lowest penetration figures (~7%) for broadband in Asia, forget the rest of the world.

Automatic folders for mailing lists using procmail

Leave a reply

Here is a quick tip which I have gleaned from multiple sources which makes using procmail filters a breeze. I subscribe to dozens of mailing lists, and it really is somewhat of a chore to create filters for every mailing list I signup for so that mails for that list goes to a separate folder.

However, it is possible to setup procmailrc in such a way that you really don’t need to update procmailrc for every new mailing list that you signup for. You essentially use procmail’s regex support to generate folder names.

At the end of procmailrc, you just need to add this rule:

:0  
* ^((List-Id|X-(Mailing-)?List): *<\/[^.]*)  
.list-$MATCH/

This will use the list-id header value, extract the text before the first period (e.g. for a list-id xxxx.lists.sourceforge.net, it will extract xxxx) and generate a folder name called .list-xxxx to store the mail in. If the folder doesn't exist, it will create it.

Now I mention to add this at the end of the procmailrc so that it works kind of like a catch-all recipe. You can have other recipes before this which work differently on incoming mail, which stores mails for lists into folders which don't quite match the list name, etc. Whichever mailing list mail gets past these custom filters, they would hit the recipe given above and go into the "magic" folder for the list.

However, if you really want to keep this recipe at the top of procmailrc and want to restrict this "automatic folder creation" treatment to a select few lists, you can use a variation of the recipe which still saves you some effort. 

:0  
* ^((List-Id|X-(Mailing-)?List): *<\/[^.]*)  
{  
    LISTID=$MATCH  
  
    :0  
    * LISTID ?? (ilugd|ilugd-announce|bangpypers|linux-india)
    .list-$MATCH/  
}

Now whenever you subscribe to a new list, edit the line with "??" above, and add a "|listname" before the final brace and you are set. This recipe can stay at the top of the procmailrc, automatically filtering only the lists you mention here. The mails from mailing-lists which don't match these lists will keep looking further down for the rest of the procmail recipes.

I must mention at the end, that if you are using IMAP to access this mail store where procmail is doing something similar to a server-side filtering, then after you incorporate this procmailrc recipe, wait for the first mail to arrive and then use the "subscribe" option of your IMAP client to subscribe to the new folder. Most IMAP clients don't automatically subscribe to new server-side created folders. So even if procmail would be creating the new folder, it won't be visible in your IMAP client unless you subscribe to it, and you might get the impression that the recipe is not working. That is unless you are using procmail's log feature to debug new recipes already. :)

microUSB cellphone charger becomes EU standard

Leave a reply
The European Commission has put into effect a June 2009 agreement stating that major cellphone manufacturers should standardize their charging/data connection ports to the popular microUSB format.

via blogtechnical.com

Finally. It took over a decade (in Indian market) to get to this point. I wonder why it took so long. But I am so glad that already my Android phone, Kindle and bluetooth headset all use the same charger.