μblog: engineering from the trenches

To follow up a previous post in LaTeX, here is an example of a presentation done in LaTeX and rendered to PDF for display in a PDF viewer. The .txt file contains the LaTeX (should normally be named .tex, but .txt might be easier for some web browsers) which generates the output. The LaTeX package I used is MiKTeX and the editor is simply called “LaTeX Editor”. The presentation macro is called powerdot. The one tricky part was including some graphics. To make things easier, I converted the images to PDF and then included them as shown in the code. If LaTeX complains about bounding box on the images, the solution is to open the PDF in LaTeX Editor and look at the first page or two where you see a MediaBox entry followed by four numbers. Those are the numbers copied into the includegraphics directive after bb=.

( proposal.pdf ) ( proposal.txt )

del.icio.us | digg

I decided to mess around with an old 486 laptop that I have around, perhaps to try to overclock it. Since it had no OS on it, I went looking for PicoBSD floppy images. It seems that PicoBSD has not been updated in a very long time and the semi-official PicoBSD site has been removed.  Luckily, I was able to find images on Bruce Montegue’s site. It looks to be hosted off a DSL line, so here are mirrors of the disk images. Note that the apl image will not boot on a 486 system.

  ( pico_biscuit.zip ) ( pico_apl.zip )

del.icio.us | digg

I was recently introduced to FON and decided to buy a La Fonea to get in the mode. After getting the device I promptly opened it and looked inside. The core of the unit is a MIPS (Atheros SOC) processor with 16MB ram and 8MB flash. As expected, it has both ethernet and a dual-antenna wifi front-end. The FON network is a pretty good attempt at creating a world-wide wifi community, so I fully support their cause. The only thing is that with so much storage space, maybe I can add some useful features to their firmware, since it does run Linux (OpenWrt).

The first step was to download the firmware from the FON website. Luckily, Stefans Datenbruch already had a FON and analyzed the firmware. The first four bytes are “FON#” where # is either 3 meaning a firmware upgrade or 4 meaning a “hotfix”. The next four bytes are hypothesized to contain the length of the header or crypto key according to Datenbruch. Skipping 520 bytes, everything else is a gzip of a tar archive containing the files: upgrade, rootfs.squashfs, kernel.lzma and hotfix. Upgrade is a shell script, rootfs and kernel are what their names imply and hotfix is a text file that seems to list some version information.

The “easy” way to look at the file structure of this upgrade would be to install the squashfs userland on your Linux distribution and then apply the lzma patches and then upgrade your kernel to 2.6.x and then install the squashfs drivers/userland and then install the lzma and then recompile squashfs etc etc etc. The easier method is just to install a rs232 transciever on the machine and upload all of the files to another host. The memory management or spc on the unit is flaky, so it’s best to compress each root directory into a tar file on /tmp and upload those. An archive of the filesystem is at the bottom along with a boot log.

NB: The zip file below is the extracted filesystem, not the flash image!

( fonera-0-7-1-2.zip ) ( fon-bootup.txt )

del.icio.us | digg

I have been meaning to try out some transciever chips that had an SPI interface for quite some time and was about to code up a SPI VI in LabView to work over some DIO lines. Luckily, I did some websearches first and found a free tool called SPIGen from Freescale. The tool will generate and capture up to a 160bit “command” which can then be used in scripts and with triggers. The tool works with a standard parallel port and does not require any special hardware. The maximum output rate is on the order of 100kHz and software timing is assumed.

del.icio.us | digg

Since I am not interested in shaping the Wii wireless network traffic further than I already have, I am moving on to modifying the provided Linksys firmware for the WAP54G access point. The very first step is to examine the filesystem to see what tools are available and how I might be able to hack a telnetd or something into it. The second step would be to download the sources from Linksys’ GPL code center.

After downloading the 2.08 firmware, we have a readme and a .trx file. The TRX file contains the kernel at the start and a cramfs (compressed ram filesystem) image at the end. The trick is to find the start of the cramfs image, and a good one to use can be found on this Seattle Wireless page. We look for the start of the cramfs magic number (3d4528cd), calculate the offset to it from the start of the file (0×0095f00 = 614144, add 12 for the offset to 0×3d45). Mounting the filesystem is pretty straightforward on a Linux sytem to read the contents. If you are too lazy to dedicate a machine, download the free VMware server, register it to get the serial code, download a Linux ISO and install it in a virtual machine. Most kernels come with cramfs pre-compiled and most systems with modest development tools will have hexdump.

( contents of the 2.08 WAP54G firmware: tmproot.zip )

del.icio.us | digg

If you keep your Apache logs for a really long time, it is sometimes slow and inefficient to search through a bunch of log files to see what a certain host accessed on your web server. To get around this, I wrote a small Perl script that parses the access log and saves all the entries from each ip address into a separate file. A secondary option creates directories for the first octet of the ip address and then store the files with the given first octet in that directory. This way, the overhead is reduced if you have lots of searches through logs based on ip address.

( proc_logpl.txt )

del.icio.us | digg

For years and years people have been talking about the eventual migration to IPv6 without anything really happening. Network Address Translation (NAT) is partially to blame for the continuing endurance of IPv4, but it is also the cause of significant segmentation of networks. This is to say, almost every connected household has one public IP address and then has all of the devices behind the NAT gateway with private IP addresses. The motivation to start using IPv6 is that it is easy to set up gateways so each device, across several physical networks, can have its own routable IP address.

The first step is getting IPv6 connectivity, which is typically done by choosing a “tunnel broker”, where you connect to the broker using IPv4 and then route all of the IPv6 traffic over a tunnel. The tunnel broker also has the option of giving you a subnet block of permanent IPv6 addresses, typically a /48 or /64 leading to 2^80 or 2^64 usable IP addresses. Although there are many, go6 (formerly Freenet6) is my favorite because of their unrestricted service and ease of use. They have a client application which can will do all of the tunnel configuration automatically. To configure your machine as a gateway and to get a /48 or /64 address block, the important things to set in the configuration file are host_type=router and prefixlen=64 or 48. Next, all you have to do is run the software and enjoy IPv6 connectivity.

The more complicated part is configuring DNS (forward and reverse) resolution for the new IPv6 addresses. First, a DNS server that can host IPv6 zones needs to be selected. You can run this yourself or you can use a free site like Xname (donation page) to host your zones. You can get a domain for cheap or you can just ask someone who already has one to delegate a sub-domain to you. Creating forward resolution is simple where you create an AAAA record instead of A record which can go in the same zone as your other IPv4 records. Zeros can be left out thereby making the address a little shorter. Ex:

routed.mobi.  IN  AAAA  2001:5c0:8c2f:2::4

The PTR zones are a bit more tricky. If your assigned prefix is 2001:5c0:8cf2:2/64, and you want to create a single zone for the whole block, then the zone must be called 2.0.0.0.2.f.c.8.0.c.5.0.1.0.0.2.ip6.arpa. Note the extra zeros after the 2 and 5, here all of the zeros must be written in. The PTR entries are standard where you put the remainder of the IP address on the left with all of the zeros, in reverse order, and separated by periods. Then you write IN PTR and then the fully qualified domain name followed by a final period. An example PTR zone is attached at the bottom.

Once these zones are created and are on the live server, the go6 client configuration can be edited and the dns_server=nx1.xname.org (if using Xname) can be added. This line needs to point to the DNS server that hosts the PTR records since the AAAA records will be found through normal methods. Now you have forward and reverse address resolution so you can start fully using those 2^64 or 2^48 IPs that you were just assigned.

$TTL 86400 ; Default TTL
2.0.0.0.f.2.c.8.0.c.5.0.1.0.0.2.ip6.arpa. IN SOA ns0.xname.org.	nvc3.psu.edu. (
2007011001	; serial
10800	; Refresh period
3600	; Retry interval
604800	; Expire time
10800	; Negative caching TTL
)

$ORIGIN 2.0.0.0.f.2.c.8.0.c.5.0.1.0.0.2.ip6.arpa.
IN		NS		ns0.xname.org.
IN		NS		ns1.xname.org.
4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0	IN PTR routed.mobi.
2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0	IN PTR ojii-san.routed.net.
3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0	IN PTR null.routed.net.

del.icio.us | digg

After recently upgrading my laptop to FreeBSD 6.2-PRERELEASE, I noticed that my IPv6 support became broken. I connect to Freenet6 over IPv4 using their tspc client which does all of the negotiations and configures the tunnel using gif or tun interface. It also sets up the appropriate routing table. I noticed that the default route was properly (netstat -rn) but any time I tried to ping something, even if it is the next hop, I would get a No route to host error from sendmsg. After some investigation, I found a post from John Hay specifying that it was a known problem and that it is being worked upon with a suggested work around. I guess 6.1-RELEASE will have to do.

( 62-ipv6.txt )

del.icio.us | digg

Following the Month of Kernel Bugs and Month of Browser Bugs, the Month of Apple Bugs started yesterday. This interesting contest comes at a time when Apple is still supporting both the PowerPC and x86 versions of OS X, so there is a slight chance that some code has been overlooked. Beyond that, the bugs are not limited to the OS, third party software is also fair play. Finally, these bugs are presented in the style of full-disclosure where the security lists will get the notifications first. Let’s remember that nobody is perfect, and lets remember to have some fun.

(image is from vintage computer festival)

del.icio.us | digg

One of my few peeves with Firefox 2.0 has been the default tab setup where there is a minimum tab width defined, so eventually tabs go off the visible screen, and that each tab has an individual close button. If you have similar tastes, the way to tweak the tab settings is by entering “about:config” into the address bar and hit return. The first key to edit is browser.tabs.closeButtons and set it to 3 for Firefox 1.5 behavior. The second option is to set the browser.tabs.tabMinWidth to 0 pixels so the tabs adjust to fit the screen. More information can be found at the mozillalinks blog.

del.icio.us | digg