Archive for November, 2009

Encrypting EVERYTHING With geli On FreeBSD


New FreeBSD LogoI’ve been a long-time user and supporter of FreeBSD ever since I was exposed to it by Greg Lehey and Ceren Ercen back in the Linuxcare days. I’ve come to enjoy its security, speed and powerful simplicity. The FreeBSD documentation is also unrivaled in the community.

But I also realized that securing the system itself only means so much, if I don’t actually encrypt the data it stores locally on those platters, so I had to do better.

You can lock down externally-facing services, ports and daemons.. but someone who has physical access to your systems can bypass almost everything if they have the tools and the skills. This includes a clueless operations person working in a datacenter (which I’ve been fighting quite a bit lately, as my own hosting provider rooted one of my machines, because I refused to give them the root password. Grr!).

Enter “geli” encryption under FreeBSD!

But getting geli encryption working isn’t quite as straightforward as you’d think. It requires some prior planning and preparation to make sure you’re doing it correctly. We’ll do this in two steps:

  1. Set up encrypted swap
  2. Encrypt the secondary drive and mount /home to it, encrypted

Read the rest of this entry »

What to Buy Your Geek for the Holidays: A Black Friday Post-Mortem

What to buy your Geek for the HolidaysIt’s that time of year again. The time of year when everyone rushes out to the malls and stores, to push and pull everything off of the shelves, to strip stores bare, in search of that “door-buster” deal of the day. There’s thousands of stores, genres, clothes, tools, toys and gadgets out there for everyone.

But what do you get your geek for the holiday? How do you please the geek who already has everything?

The first thing you want to identify, is how much are you willing to spend (or not spend) to make your geek smile over the holidays? Gadgets, gear and goodies can range wildly in price, even for the same item. Some things you can get for 1/2 the price depending on where you purchase it.

Also, not everything requires you to pay for it. There are plenty of places where you can get some free gear for your geek, without spending a dime on it. Check your local Freecycle group or CraigsList free postings. You can also find some really amazing deals at woot!.

The second important point is to determine what kind of geek he/she is. Are they a music or band geek? A math geek? A science geek? A computer geek? Or all of the above.

Ok, once you’ve got that figured out, let’s get right into it…

The Don’t

  1. DO NOT buy them computers, software, or peripherals

    Why, you ask? Because most geeks already have the computers they want or need, and software is such a complicated decision (with much of it being freely downloadable anyway). Is it supported on your geek’s operating system? patch level? hardware?

    Peripherals are such a personal choice too. Does your geek prefer a corded or cordless mouse? clicky or silent keyboard? standalone or integrated webcam?

    Chances are that unless you know your geek very well, whatever you get in this category will likely be a.) incompatible, b.) something they already have, or c.) something they don’t want.

  2. DO NOT buy them technology books

    I know, this seems counter-intuitive, but most geeks already have the technical books they want, and the rest they can probably get somewhere online through O’Reilly Safari Bookshelf, Google Books or similar places.

    Most HOWTO docs for programming languages are already online, as well as Usenet groups, mailing lists and helpful forums on every language imaginable (for example: Tech Books for Free, Computer Books Online and the Baen Free Library).

    If a geek wants books, they usually want things like sci-fi, autobiographies or books on subjects like robotics or similar. They probably do not want another book on another programming language they’re learning. Books like Neuromancer, Ender’s Game or Hyperspace are examples of the type any geek would cherish. Check NerdBooks or this large list for some ideas for books for your geek.

    If you’re not sure, take a look at your geek’s bookshelf first (if they have one), or take a peek at their “e-book” collection and see what they like or do not like.

  3. DO NOT buy them phones or PDAs

    Unless they ask for a specific model or type, don’t buy your geek a smartphone or PDA device. Chances are they already have the best unit for their specific tastes, and anything else would probably be sub-par. Avoid the temptation, and just get them an accessory for their current model phone, or a spare battery. I’ve amassed quite an enormous collection of PDAs and smartphones myself (yes, that really is my personal collection, as of late 2006).

The Do

  1. DO buy them clothes

    All geeks need clothes. Lots of clothes. Mostly t-shirts. Lots and lots of t-shirts. The geekier the better!

    All kidding aside, our t-shirts are our “uniform” for the geek. It helps define us when we’re in a sea of “normal” people in public. It’s also a beacon to other geeks who seek out one of their own “kind” in the same crowded public spaces. Some great places to shop for geek t-shirts are Jinx, Geeklabel, NerdyShirts and of course… ThinkGeek.

  2. DO buy them storage

    All geeks need storage and a place to put their digital “stuff”. The bigger the better (for capacity), but the smaller the better (for space savings; in-pocket or in-bag). Best (and cheapest) places to buy storage are at NewEgg, TigerDirect and

    Large storage is just one piece. Let’s not forget the smaller stuff; media cards for all of those gadgets and devices. USB thumbdrives, memory cards (CF, mmc, SD, microSD, oh my!). Check NewEgg and Amazon for those too.

  3. DO buy them games for their gaming system of choice (or upgrade their current system to a new version/model)

    All geeks like to entertain themselves with a little gaming now and then. Some go for the historical games and military first-person shooters, while others like puzzle and strategy games. The trick here, is finding one your geek a.) doesn’t already have, b.) hasn’t played before, and c.) will enjoy.

    Sneak a peek at his/her current game collection, write the titles down, and take it to your local game store. The staff at most of these stores are very hip to the trends, and they can recommend games that will fit perfectly with your geek’s style. Many stores also sell “gently used” games a a deeply-discounted price, which can help if your geek beats the game in the first 48 hours of owning it!

    BestBuy has a really broad selection of games for most of the gaming systems out there: PS3, XBox, Wii and others. Also check GameSpot and EB Games online or in your local mall for more games and deals.

  4. DO buy them a magazine subscription or three

    There are literally hundreds of Technology, Geek and Nerdy magazines out there on every topic and genre. Hit your local Borders Books or Barnes and Noble, walk through their magazine section and pull the reply card out of the magazines you think your geek would like, and sign them up.

    If you don’t want to do that, just write the name of the mag down and go online later and sign them up for a subscription. Not only will it be new and exciting every month, but there are valuable articles, tips, tricks and references in every issue.

Gift cards are also nice, though they should be used as a last resort. Gift cards to your local book store or even to the iTunes Gift Card to buy movies or music on iTunes can be one of your last-minute stocking stuffers.

If you’re still not sure what to get your geek for the holidays, just ask, and let them tell you. We may be very particular, but we don’t bite.

Good luck!

SOLVED: How to Disable Ctrl-Q in Firefox

As a hardcore Firefox user with no less than 30-50 tabs loaded in the browser at any given time, it always annoyed me that they put the shortcut for closing a tab (Ctrl-W), right next to the shortcut for closing the entire browser itself (Ctrl-Q). I have 38 extensions loaded into Firefox right now as I type this blog post, and next to my keyboard itself, Firefox gets the most use.

When I’m working in the dark, or not looking at the keyboard and I fat-finger the ^W key-combo, I frequently hit ^Q by mistake, closing the browser and all of the tabs with it. ARG! Not fun.

I finally got tired of having to restart the browser all the time when I close it by accident, and decided to look for a fix. Luckily I found it in an extension called “keyconfig” that does exactly what I need!

“keyconfig adds the ability to create new or modify existing shortcuts defined by a element, but only changing those which itself call a function (those with a command or oncommand attribute) has an effect (all others fulfill only cosmetic purposes it seems and are grayed out).”

Once I installed keyconfig and restarted Shiretoko, I was able to go into the prefs for it as shown here:

Firefox keyconfig prefs menu

Scroll down to find the “Quit” menu accelerator in the list. Highlight it and click “Disable”

Firefox keyconfig prefs menu

Closed out of the prefs, and went to File, and voila! No more Ctrl-Q next to the Quit option!

Firefox keyconfig prefs menu

For those who might be wondering about my 38 Add-ons in Firefox, they currently are:

  1. AdBlock Plus version 1.1.1
  2. Better GCal version 0.3
  3. Better Gmail 2 version 0.9.5
  4. BetterPrivacy version 1.45
  5. CacheViewer version 0.6
  6. ChatZilla version 0.9.85
  7. ColorfulTabs version 3.9.7
  8. Console2 0.5
  9. CustomizeGoogle version 0.76
  10. DOM Inspector version 2.0.3
  11. DownThemAll! 1.1.7
  12. DownloadHelper version 4.6.4
  13. Evernote Web Clipper version
  14. FireGPG version 0.7.10
  15. Firebug version 1.4.5
  16. Firefox Showcase version
  17. Flashblock version 1.5.12a2
  18. FoxyProxy version 2.14
  19. Google PageRank Status version 1.0
  20. Googlepedia version 0.6.1
  21. Greasemonkey version 0.8.20090920.2
  22. Hyperwords version 5.6.1
  23. Linkification version 1.3.6
  24. Linky version 2.7.1
  25. Live HTTP Headers version 0.15
  26. NoScript version
  27. PageSpeed version
  28. Power Twitter version 1.37
  29. PrefBar version 4.2.0
  30. Read it Later version 0.9948
  31. Remember The Milk for Gmail version 1.0.4
  32. Resurrect Pages version 2.0.4
  33. Tab Mix Plus version
  34. Tab Sidebar version 2.5
  35. TimeStamp Converter version 1.4.3
  36. Total Validator version 6.1
  37. VMware Remote Console Plug-in version
  38. Web Developer version 1.1.8
  39. keyconfig version 20080929

There is No Anonymity with that Torrent


I’ve been running a public BitTorrent tracker for about 7 years for several of the Open Source projects I host (Plucker, J-Pilot, pilot-link).

People ask me all the time in private email, how they can be “completely anonymous” when torrenting. I can only assume they want to share some copyrighted material with their torrent client, and don’t want the MPAA or RIAA chasing them down.

The quick and dirty answer is: you can’t!

Azureus Peers List

There are plenty of tools out there that let you lock down your torrent client, block domains, even block an entire country, but your IP and connection state are still shared across all peers you’re sharing with, or downloading data from.

Even tools like Tor can’t be used for this, because you never know who runs the exit nodes, and that is where your actual IP address is exposed. You can’t trust those endpoints.

What this means is, you can block all of the peers emanating from within US network and netblocks, and only allow connections from non-US peers, but those non-US peers are probably allowing connections from the same US peers you’re blocking.

Let me explain:

  1. You block all US peers using SafePeer, PeerGuardian, MoBlock or other tools.
  2. You connect to a peer in Romania using your “trusted” BitTorrent client (such as Vuze [formerly Azureus])
  3. Romania peer connects to some US peers (possibly those running on RIAA or MPAA harvesting hosts)
  4. Your IP and connection state have just been exposed to those US hosts you’re trying to block

There are ways to attempt to anonymize your traffic and connection state from the tracker (the main point of leakage, and the primary target of the MPAA/RIAA), but it requires that you understand and implement technologies like I2P, and configure them appropriately, end-to-end.

“I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties.”

I’ve been toying with i2p lately as a means of securing some internal IRC chat servers that I run. It’s a bit slower, but it does do the job, and does it very well.

I don’t personally need to ride BitTorrent behind the i2p network, but plenty of others are doing exactly that with i2p.

i2p is a bit earlier in the game of creating free, anonymous network traffic, and others have come before it that provide more flexibility and a more-distributed network (like Freenet), but it is maturing fast, and is very capable.

The main thing Freenet provides that i2p does not (at this point), is distributed data storage. However, the i2p developers are working on that [i2p] [http] (warning: the i2p URL won’t work unless you have your i2p proxy and tunnels configured correctly).

Just keep in mind, if you want to “hide” yourself, you need to use an entirely new network, one that relies on de-centralized peers, who do NOT trust each other, and the entire network has to use encryption at every possible turn, to ensure nothing is peeked, sniffed or re-transmitted.

p.s.: If you must, use iMule or these instructions for i2p-enabling Azureus

My First 15 Minutes with for BlackBerry

Tags: , ,

DriveSafe.lyI recently stumbled upon an app called “” while perusing some new software in the BlackBerry App Store the other day.

From their page: reads your text messages and emails out loud so you can concentrate on the road. Eliminate the temptation to reach for your phone by letting read to you and automatically respond for you.

Stay connected by listening to your messages without texting while driving or reading emails in your car. is the answer to texting while driving TWD .

For even more functionality download Pro – also available on BlackBerry® App World. Pro adds the ability to use additional voices, listen to text messages and emails without sponsor messages and much more!

Read on for more of the Pros and Cons of this piece of software…

Read the rest of this entry »

SOLVED: Install ALL Internet Explorer Versions on ONE Machine

I’ve been fighting some “interesting” proxy issues inside my Windows XP/SP3 virtual machine recently, after an upgrade to Internet Explorer v8 (IE8).

My goal was to see if something inside IE8 itself was blocking external sites when using my internal proxy. Of course everything works perfectly fine in Firefox, but behaves very oddly with IE8. I know this worked with IE6, and it wasn’t a routing issue because Firefox worked with the same proxy configuration, but IE8 would not work!

I searched around looking for a way to get IE6 on the same machine as IE8, without breaking either of them, and found only weird hacks and suggestions about running multiple virtual machines, or using one of the web-based “browser test” sites (yeccch!). None of these would work in my situation.

And then I found… the “Internet Explorer Collection“!

The Internet Explorer Collection is a packaged offering that ships with the following IE browsers:

Internet Explorer Collection

Yes, all 13 versions of Internet Explorer! Now I can run IE6 alongside IE8!

With this, I was able to validate, test and fix the MSIE proxy issues I was facing, and now everything works flawlessly.

Additionally, now I have all of these browser versions installed and working inside my VM, so I can run them again and again to test any other routing, network or proxying issues I might run into.


The Cashier Who Knew Too Little

Cashiers are bad at mathI usually go to my local PANERA Bread to work for an hour every Monday morning after dropping my daughter off at school. The staff there has become quite used to my face showing up on a regular basis.

Recently, they’ve been hiring some new cashier staff to man the front registers. These look like holiday “fill-in” folks who are pretty fresh out of school.

This morning I showed up and got the usual breakfast + iced chai latte and a fudge brownie, and the cashier printed the receipt before the register told her what the change was.

She stared at the screen, then looked at the receipt. The conversation went like this:

Me: “Is something wrong?

Her: “Yes, the register didn’t tell me what your change was.

Me: “Well, I gave you a $20.00 bill. How much was the total?

Her: “$9.72…

She continued to stare blankly at me. We sat there for an uncomfortable moment of silence while she looked at me with this “help!” look on her face. I said

Me: “So just subtract, you don’t need the register for that.

Her: “I’m sorry, I’m not good at…

Me: “…$10.28 should be my change.

She sighed a breath of relief, leaned over while looking down the galley to where her manager was standing talking to another employee and said “Thank you.


Do cashiers really not even know how to do basic subtraction now?

Can they really not count, and rely on “The Machine” to tell them what to do and how to react?

I don’t expect these people to know how to do complex algebraic functions, but a competency test for a front-counter cashier should probably include testing whether or not they can add and subtract!

If this really is what we should expect these days, we’re really heading down a slippery slope as a country with our education here.

HOWTO: Convert Video For Use on Your BlackBerry Bold

BlackBerry Bold 9000I’ve been toying around with my BlackBerry Bold a bit more since I’ve become more and more reliant upon it for my day-to-day duties (GTD, email, Reuters News, etc.). I migrated my life away from my aging Palm Treo 680 device to this BlackBerry several months ago, and I can’t imagine ever going back.

There are a few things I miss (DayNotez from Natara being the biggest one), but the raw capability of the Bold outweighs that small gap in function. The TRUE multi-threaded support, the ability to take a call while synchronizing, while streaming music in the background all on the same device, is outstanding.

The more I find myself using my Bold, the more I find myself wanting to use it more… so I started thinking about how I could start putting some full-length DVD movies on the 16GB microSD card so I could wile away the time while I work. The audio quality and the output are absolutely amazing, once you get the conversion right.

At first, I was looking for a standard Windows-style app to convert the video from my physical DVD to a format suitable for playing on the Bold. Bzzt! I tried several and the best I found was a project called Videora. Ultimately I found it to be clunky and amateurish. It also takes several hours to convert each video; too slow for my needs.

Basically nothing commercial I found out there for Windows was up to the task. None of the tools got it right.

So then I went to the old standby, free tools and Linux. I’ve used mencoder and ffmpeg before to convert YouTube video for your iPod, so this should have been very similar.

It wasn’t.

Fishing around, I stumbled upon this useful page of “19 ffmpeg commands for all needs” by Jean-Baptiste Jung. It goes through quite a bit of detail with commands for converting video and audio to all sorts of formats and devices. It is very detailed, but still lacks enough power and flexibility for my needs.

Not to be satisfied with that approach, I decided to keep looking, and I finally found “EncodeHD“; a Windows tool that is based on ffmpeg and other OSS components under the hood. As I type this, I’m converting several gigabytes of data to a format suitable for my BlackBerry Bold, and will give it a test shortly.

[…time passes…]

Here are some screenshots of the results! (taken with BBSAK, which I’ll write up on in a follow-up post. BBSAK is an amazing tool, much, MUCH better than bbscreenshooter)

Kung-Fu Panda on the BlackBerry Bold

Kung-fu Panda running on my BlackBerry Bold

Several years ago, I converted the entire full-length, extended DVD collection of Lord of the Rings to my iPod using ffmpeg, so I could watch it during the 17+ hour flight from CT to Australia.

Ah, those were good times.

Testing the Speed of BlackBerry Tethering Against My Own Networks

Tags: ,

I’ve been a long-time Cingular customer with my phones, and when they converted to AT&T, everything got wildly complex.

My normal monthly phone bill is hovering between $225.00 and $250.00 each month (yes, really… see below):

November 2009 AT&T Statement

This bill consists of my handheld (BlackBerry Bold, $99/month unlimited data + voice + text) + SIM card (inside my laptop, $59/month unlimited data). Since this is effectively two SIM cards, it counts as two separate “phones”.

Oddly though, the one inside the laptop still gets the 9-1-1 surcharge, even though there’s no way I could “dial 9-1-1” from the laptop. If I’m in any sort of emergency situation, the last thing I’m going to do, is fire up the laptop, connect to the LAN, launch Skype and call 9-1-1 from there. But they still charge me $0.35/month for that “privilege”.

I use the laptop while traveling on the train to the office, but when I suspend the laptop and resume it, the Linux “sierra” driver does not wake the SIM card back up. There is no known fix, and I tend to have to close out all of my apps, suspend my VMware sessions, power off and reboot to wake the SIM card back up. Not fun.

I wanted to try to reduce the bill, and spent about 2 hours on the phone today with a lovely woman “Sue” from AT&T to try to discuss my possible options. There are a few, but all have downsides (reduced cost, but reduced minutes or increased minutes, but lose my 20% company discount and so on).

So I’ve been testing tethering my BlackBerry to my Linux laptop, using any number of tools (wvdial, XmBlackBerry, Berry4all).

This does work, if you configure it properly. I ran into lots of trouble with it originally, because /etc/ppp/options had some conflicting options that my hand-written, optimized “blackberry” chatscript didn’t work well with. Once I figured that out, it latched right up immediately.

Writing data size: 4
	Modem -> [0x41 0x54 0x48 0xd ] [ATH.]
Waiting for PPPD shutdown to complete.
Hangup (SIGHUP)
Connect time 3.2 minutes.
Sent 200888 bytes, received 1852094 bytes.
Script /etc/ppp/ip-down started (pid 9381)
sent [LCP TermReq id=0x3 "User request"]
Script /etc/ppp/ip-down finished (pid 9381), status = 0x0
Network stats thread completed.
sent [LCP TermReq id=0x4 "User request"]
Connection terminated.
Modem hangup
PPPD finished

At this point, I could use my BlackBerry as a modem for my laptop and get around the suspend/resume bug with the Linux Sierra driver, but that comes at a price (literally and figuratively).

My laptop’s “phone contract” doesn’t expire until March 2010, and I pay about $53/month for that, and the early termination fee is $175.00. I could cancel that now, and save $90.00, but then I’d have to pay $60.00 for the “unlimited data + tethering” package. I already have a $30 “unlimited data” package on my BlackBerry, and so that would be a net add of $30.00 to the existing $99.00 plan already on there.

But what exactly is the “tethering package” that AT&T offering, doing for me? What am I paying $60/month for? I can tether today. It works. I can continue to consume the data on the data plan side of things, so why pay for tethering?

Basically I’d be saving $23.00 over the cost of a $225+ phone bill, after paying $175 to get out of the existing contract. You can see where this is going.. because AT&T has put some serious mathematicians behind figuring this out, so they can extract every single nickel and dime from your personal monies to pad their coffers.

I wanted to do some speed tests to see what the actual performance gain/loss would be across my local WiFi segment, my laptop’s onboard AT&T card (using the aforementioned “Sierra” driver), and the BlackBerry tethered to the laptop using ppp to “dial out” to the Internet.

Here are the results:

Speed using my home WiFi Connection:

Fast, strong, solid speeds. No complaints, and I use it every day to push gigabytes of data around.

Speedtest using my home WiFi connection

Speed using my BlackBerry tethered to my laptop:

As you can see, the speed is disgustingly slow here. Absolutely useless for anything more than telnet or ssh, and barely even good enough for that.

Speedtest with the BlackBerry tethered to the laptop

Speed using the onboard AT&T SIM card inside my laptop:

The speed here is reasonable, and acceptable for working on the train.

Speedtest using AT&T GPRS on the laptop

I just can’t continue to stomach the costs of the whole set of services anymore. $200+/month for a standard phone bill with no overage charges is ridiculous.

From what “Sue” at AT&T told me, everyone who uses a BlackBerry or an iPhone with an unlimited data plan, pays roughly the same amount. I’m skeptical.

I’m going to play with the tethering/ppp options to see if I can’t get some more performance out of it, and roll through to March and discontinue the service that my laptop is currently consuming.

The real question though, is how can AT&T tell if I’m not just using my BlackBerry to stream a ton of data (like through Pandora for BlackBerry), or if I’m tethering?

Bad Behavior has blocked 104 access attempts in the last 7 days.