I had a tough time finding Opera for Ubuntu 7.10 64 bit. The 9.50 release, opera_9.50-20071109.2-shared-qt_amd64.deb, works fine. Newegg doesn’t work with Firefox. I usually use Epihany when not using Firefox, but sometimes I just feel like a change. Thanks to the Opera Desktop Team. Shame on Newegg for not supporting Firefox.

I’ve gotten around to migrating my backup partition to a Truecrypt encrypted partition. This partition, /dev/sda2, was an ext3 partition I’ve been using for backups. I have an external backup drive (also encrypted) that I keep off-site and so didn’t worry about destroying the backup data on the partition.

Knowing a little something about computer forensics, I wanted to ensure that data I had written prior to encrypting the partition would be unrecoverable. If I had wanted to erase the entire drive I would have used Darik’s Boot and Nuke or some other linux-based drive eraser conforming at least to the DoD specification for file wiping. It’s important to remember, though, that wiping only files likely leaves data remnants in the empty drive space, file slack space, and sectors marked as bad. So, clearly it’s important to erase the entire partition or drive, not only files.

I wanted to only erase a partition so I used a more configurable utility to overwrite the space within the partition. First I rm -rf’d the files and directories on the partition. Then I overwrote the available space in the partition with random data using dd and /dev/urandom. sudo dd if=/dev/urandom of=/mnt/back/bigfile I probably should have just overwritten the partition at the device level, but I didn’t think of it until later. Next I used wipe to remove the bigfile. Only then did it occur to me that I could call wipe against the block device itself. sudo wipe -Q 1 -R /dev/urandom /dev/sda2

Hoping that the drive was sufficiently overwritten with random data I created a Truecrypt container on the partition. I chose to use the ext3 file system so chose the ‘no filesystem’ option in Truecrypt. After creating the container, I mounted the container. sudo truecrypt /dev/sda2 Then, I created the filesystem. sudo mkfs.ext3 -cjv /dev/mapper/truecrypt0

Now I have an encrypted backup partition on a separate internal hard drive completely independent of the LVM/dm-crypt encrypted system. I have a script that calls rsync against my /home, /etc, and /usr/local directories, which is everything I need to rebuild a system.

To those who would suggest that only people with something to hide should be concerned with privacy, I urge you to read ‘I’ve Got Nothing to Hide’ and Other Misunderstandings of Privacy.

I’ve been experimenting with drive encryption in Ubuntu 7.10 and am quite pleased. I used the AMD64 Alternate Install disk to encrypt everything but an ext3 boot partition. Ubuntu uses LVM to build logical partitions inside a dm-crypt partition. Installation was a snap, though it takes much longer than an unencrypted install mostly due to the drive wiping process. I assume it uses /dev/urandom to generate random data to overwrite drive space, but could be wrong. I’d probably use a trusted wiping utility if I didn’t need to preserve other partitions on the drive.

The installer offers several encryption algorithms, such as AES with, and several key sizes, up to 256 bit, but doesn’t offer cascading encryption algorithms, which I imagine would impact read/write speed. I don’t have any previous experience with LVM or dm-crypt, but have used cryptoloop under Suse 9.x with ReiserFS and lost a fair amount of data to it no thanks to personal support from Hans. I formatted all of the LVM volumes with ext3 and decided it prudent to have a backup plan independent of dm-crypt and LVM. I have a partition encrypted with Truecrypt on another internal drive to which I backup in addition to a Truecrypt-encrypted firewire drive I keep off-site and refresh periodically. I have confidence that if either LVM or dm-crypt fails and I lose access to the encrypted system, I can recover my data from the backup partition on the other internal hard drive or, if some greater calamity occurs, I will be able to access my off-site firewire backup.

Other than the dm-crypt password prompt when booting and the mildly confusing entries in /etc/fstab, I don’t notice any difference from the uncrypted installation I used previously. I’ve included a drive map below to show the partition layout. Installation into available space while maintaining both my Windows XP and Thinkpad recovery partition was straightforward. The Windows partition is unprotected, but I can’t remember the last time I used it and certainly wouldn’t trust it with anything important anyway.

One question I had and was unable to find and answer to was this: Does suspend to ram work with encrypted drives? I suspected it wouldn’t since the swap space is encrypted, but was pleasantly surprised to find I was wrong. I can suspend and recover successfully. I realize now that the dm-crypt partition stays mounted through the suspend which means that while I can have quicker recovery times, the data isn’t protected. Hibernate requires a dm-crypt password on recovery. In my mind, though, the benefit of drive encryption is two-fold. First, you’re protecting the data, both the data you intentionally have and the remains of data left in empty drive space and file slack space after deletion, from boot-time attacks. Everyone knows that physical access to a machine is the kiss of death. Second, you’re protecting against third-party forensics. Both of these scenarios require the machine to be shut down. When the machine is shut down, the dm-crypt session is lost and your data is again protected. So, unless there is a flaw in the session authentication mechanisms (pam, xscreensaver, GDM, etc), and there might well be, it seems safe.

Anyway, I’m very satisfied with the installation process and the encrypted system.

The drive map shows that the dm-crypt partition is unrecognized. Also, each LVM volume is recognized as a separate drive.

For those of you looking for the torrent files for the alternate install of Ubuntu 7.10 Gutsy Gibbon, here are some. I see the Canonical servers are being hammered and thought it might be useful to mirror the torrent files. I couldn’t find them elsewhere. Of course, by the time this site gets crawled again, the hammering may have stopped.

ubuntu-7.10-alternate-amd64.iso.torrent
ubuntu-7.10-alternate-i386.iso.torrent
ubuntu-7.10-desktop-amd64.iso.torrent
ubuntu-7.10-desktop-i386.iso.torrent

I’m getting 1060KB/s.

I thought I’d upload the presentation from our Hackfest project in spite of the fact that the code isn’t ready.  The idea was to create a simple GUI interface to create library Facebook apps.  It’s based on the work done at Ryerson University Library.  I started the day working on the open source Evergreen ILS, but I thought I’d be more useful to the other group.  Fun stuff.  I’ll post the application if we finish it.

I’m on my way to Access 2007  in Victoria, BC.  The library is very generous with travel funds, but doesn’t pay for internet access by the rank and file.  Now that many hotels charge around $20 USD per day for wireless, I’ve had to work around the obstacles.  I discovered Ping Tunnel not long ago and this is my first opportunity to test it.  It’s pretty easy to configure except for IPTables firewall rules to allow ICMP traffic without allowing other junk.  Anyway, by using SSH to create an encrypted tunnel to the server I can use any application over the ICMP tunnel at pretty respectable speed.  SSH -D 8080 localhost -p 7777 creates a SOCKS 5 proxy connection that I can use to route traffic through.  Very nice!

I installed the beta release of Ubuntu Gutsy Gibbon to test application compatibility with 64 bit Linux. Specifically, I wanted to verify that the Oracle Calendar desktop client, Crossover Office, Internet Explorer 6, and Microsoft Office 2003 work without errors. I haven’t ever opted for the 64 bit version before and was worried about not being able to run applications that I commonly use at work. I feared for nothing! Everything went very smoothly.

In fact, installation and configuration was a breeze. Nvidia driver and proprietary codec installation was incredibly easy even though I decided to use a 32 bit browser so that I can easily use plugins such as Sun Java, Adobe Acrobat, Real Player, and Flash. In a former job I installed hundreds of systems with Windows version ranging from 95 to XP. Installing and configuring Linux AND all the software I use is orders of magnitude faster and easier. I hadn’t ever just copied over configuration directories before, but by copying the directories for Thunderbird, Firefox, ssh, gnupg, and Pidgin, I probably saved myself at least an hour. I had a nearly exact replica of my old system in about 2 hours. In fact, for applications like Oracle Calendar, I didn’t even install them in the new 64 bit system. I just copied the entire directory from the old system to the new and it ran.

I can’t say that I notice any speed improvement from migrating to the 64 bit environment, but I probably wouldn’t notice. I mean, fast is fast enough. I was able to play Call of Duty and Battlefield 2 under Cedega so I can’t complain. Ubuntu 7.10 Gutsy Gibbon will be officially released October 18th.

is 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

Well, at least it seems to be the favorite number of the Motion Picture Association of America. They’re issuing DMCA Takedown Notices to people who post this number, I’ve read. I’ve always wanted one of my own! For those readers not ‘in the know’, this number is the decryption key for HD-DVD Processing. DVD encryption is meant to prevent DVD copying, but also makes it a criminal act to watch DVD’s in Linux, among other things. When I pay for a DVD I want to be able to watch it. That’s it. Also, copyright law clearly grants the right to make ‘archival backups’. See Spread this number for more information.

I’ve gotten a lot of feedback from my howto about installing Ubuntu on the Cobalt Qube. Please feel free to leave comments on this post if you like.

I’ve just gotten the green light to replace equipment at El Centro with hardware running an assortment of open source software including SuSE Linux and OpenOffice. I’ve been subtly pushing for open source in our computer distribution and community computer labs as both a way to move away from Windows 95, which we currently use, and a way to avoid the licensing fees of Windows 2000 when we need a more powerful or flexible operating system. I will be the first to admit that Linux is not the best answer to every situation, but it is in many situations.