Randomizing (spoofing) MAC address in Fedora 17

In a previous post, I showed how to spoof mac addresses on bootup  in Fedora 16.  When I upgraded to Fedora 17, it stopped working.  So, here’s how I got it to work in Fedora 17.

 

UPDATE: This stopped working in the recent kernel upgrade (I’m now at 3.5.2-1.fc17.x86_64)  The fix is easy and I’ve updated the article.

Note:  If you don’t want to do it on startup, but just want to change your MAC address (or want to put a script in cron to do it periodically) once you install macchanger, it’s pretty straightforward.  The process is:

 

1) Use Apper to download and install “macchanger” or do “yum install macchanger”

2) do the following commands:

% service NetworkManager stop

% macchanger -a wlan0

(note, your interface may be something different than wlan0)

% service NetworkManager start

Of course, if you don’t want to use macchanger, you can do it directly by replacing that line with
ifconfig wlan0 hw ether aa:bb:cc:dd:ee:ff (with aa-ff replaced by whatever numbers you want)
Note that I don’t start and stop network (eg. service network stop, service network start). NetworkManager seems to take care of that for me.  Now I can put it in a script, say, called changemac.sh

*************************

#!/bin/sh

service NetworkManager stop

macchanger -a wlan0

service NetworkManager start

********************

and put that in a bin directory (which I created) in my root’s home directory.

So, if you wanted to re-spoof your MAC every six hours, you could add this line to your root’s crontab:

 

0  */6 * * * /root/bin/changemac.sh

Though, of course, that might play havoc with any longstanding connections or downloads you might be doing.

 

/************

UPDATE:  As someone pointed out, this assumes you are using NetworkManager.  If you aren’t then do the same thing, only turning network on and off.  If you know how to turn off NetworkManager, then you know how to do that…

*********/

But, if you want to do it at boot up, it’s a bit more complicated;

 

The first part of the solution is:

1) Use Apper to download and install “macchanger”, or do “yum install macchanger”

2) Put a script in /etc/init.d to run macchanger at startup.  I created the file /etc/init.d/macchangerd that contained:

 

***************************************************

[root@localhost system]# more /etc/init.d/macchangerd
#!/bin/bash
#
#

start() {
echo “in macchangerd”
macchanger -a wlan0
}

# See how we were called.
case “$1″ in
start)
start
;;
*)
echo $”Usage: $prog {start}”
exit 1
********************************************

 

The issue seems to be this.  If you want to change the MAC address *and* use NetworkManager (which I do), then you have to change the address *before* NetworkManager takes control.  In Fedora 16, you could add a script to init.d and point to it early in the list of services to start in /etc/rc3.d.

In Fedora 17, it seems that the stuff in /etc/systemd runs the show, and NetworkManager kept starting before anything I put in /etc/rc3.d — even if I make it an S01 level command.  So, in order to fix this, you have to play around with the services in the /usr/lib/systemd/system directory.   If you want to review what’s going on there, take a look at this site. and the follow-up here.

I’m no expert on systemd, and I’m sure there’s a better way to do this, but if you look at the NetworkManager.service file in /usr/lib/systemd/system, it says:

 

************************************************

[root@localhost system]# more NetworkManager.service
[Unit]
Description=Network Manager
After=syslog.target
Wants=network.target
Before=network.target

[Service]
Type=dbus
BusName=org.freedesktop.NetworkManager
ExecStart=/usr/sbin/NetworkManager –no-daemon
# Suppress stderr to eliminate duplicated messages in syslog. NM calls openlog()
# with LOG_PERROR when run in foreground. But systemd redirects stderr to
# syslog by default, which results in logging each message twice.
StandardError=null

[Install]
WantedBy=multi-user.target
Alias=dbus-org.freedesktop.NetworkManager.service

************************************

What I get from that is that NetworkManager starts after syslog and before the network.  What I want, is to take that macchanger script I did for Fedora 16, and get it going before NetworkManager..

So… I added a “macchanger.service” script in /usr/lib/systemd/system that tells it to run the script in init.d and start before NetworkManager:

 

****************************************************

[root@localhost system]# more macchanger.service
[Unit]
Description=macchanger
After=syslog.target
Before=NetworkManager.service

[Service]
Type=oneshot
ExecStart=/etc/init.d/macchangerd start

[Install]
WantedBy=multi-user.target
**********************************

 

This seems to do the trick.  Let me know if it works for you…

 

UPDATE:  This stopped working in a recent kernel/systemd upgrade.  In order to make it work, I had to add one more step.  I had to soft link the macchanger.system file to /etc/systemd/system/multi-user.target.wants.  I.e:

 

ln -s /etc/systemd/system/multi-user.target.wants/macchanger.service /usr/lib/systemd/system/macchanger.service

 

 

 

Configuring Sentelic touchpad on ASUS G74S laptop running Fedora 16

NOTE:  This does NOT work with Fedora 17.  In Fedora 17, you can simply remove all references to touchpads in the xorg.conf and let the hotpluging stuff take over. In Fedora 17, the touchpad is correctly recognized and,at least in KDE, appears in the system settings.

A while ago, I bought an ASUS G74 laptop — the specs were great and I do a fair amount of imaging work on the road.  I’m running Fedora 16 64-bit (kernel 3.3.4-3.fc16.x86_64 )  with KDE 4.8.2.

I was having a heck of a time configuring the Sentelic touchpad.  It was recognized correctly as “SPPS/2 Sentelic FingerSensingPad” and run by the ubitquitous evdev driver.  It was recognized as a “mouse,” however, and I could not configure it using the KDE desktop tools.  I badly needed it to do three-button emulation, but no such luck.  By default, the /etc/X11/xorg.conf file described it as in InputDevice:

Section “InputDevice”

Identifier  “Touchpad”
Option      “RightEdge” “5300”
Option      “TopEdge” “1700”
Option      “BottomEdge” “4200”

Option      “FingerLow” “25”
Option      “FingerHigh” “30”
Option      “MaxTapTime” “180”
Option      “MaxTapMove” “220”
Option      “VertScrollDelta” “100”
Option      “MinSpeed” “0.06”
Option      “MaxSpeed” “0.12”

Driver         “synaptics”
Option         “Device” “/dev/input/mouse0″
Option         “Protocol” “auto-dev”
Option         “Emulate3Buttons” “on”
Option      “LeftEdge” “1700”
Option         “AccelFactor” “0.0010”
Option         “SHMConfig” “on”
EndSection

 

To be honest, I don’t know how this got generated — I’ve updated a lot of drivers that automatically massaged the xorg.conf file (particularly NVIDIA drivers), so who knows.

A quick look around the web suggested that the kernel used the synaptics driver, so that was OK, I thought.  However, the synaptics tools such as synclient couldn’t find the driver (even though it came up in modprobe -l) Ever since udev started dealing with hotplugging and evdev took over all the drivers in the kernel, I have never been able to makes sense of what the xorg.conf file was good for.  I gamely tried to change the driver to “evdev” but that didn’t help all that much.  I tried to use the device using the  “input” convention (e.g. /dev/input/event5 ), but that didn’t fix anything.  I won’t go over the stuff about /dev/input/eventnnn (where “nnn” is a number) and udev, but the bottom line is that it is not trivial to figure out what goes where now.

Then, reading the descriptions, I found that if you want to use xorg.conf to modify something that udev and evdev are controlling, you can do it not by modifying the *device* (which seems to try to grab control  from udev/evdev but is often ignored) but by modifying the description of the *class* of devices.  Thus, to change the configuration of the Sentelic touchpad, I used “InputClass” instead of “InputDevice”:

Section “InputClass”
Identifier     “FSPPS/2 Sentelic FingerSensingPad”
Driver         “evdev”
Option         “Protocol” “auto-dev”
Option         “Emulate3Buttons” “on”
Option         “AccelFactor” “0.0010”
Option         “SHMConfig” “on”
EndSection

 

This works for turning on three button emulation.  It will also work with the configuration parameters I’ve played with.

 

Note that there is no “Device” option, and I don’t know if the Driver statement is actually necessary.  Also note that “InputClass” sections are *not* included in the ServerLayout list at the beginning of xorg.conf.

 

Hope this helps somebody

 

Fedora 16 — bad atheros driver for AR9002WB-1NG?

I recently installed Fedora 16 on my laptop (ASUS G74S) that has an Atheros AR9002WB-1NG wireless card.  It works fine with my home wireless system, but it doesn’t play well with the big router at work.  It  finds and attaches to the wireless system fine, and I get good throughput for about 15 mins, but then it starts dropping packets and getting delays.  Wireshark shows up to 10 second for round trips on ACKs.  I thought it was the router’s problem, but this is a dual boot machine, and it doesn’t happen on the Win 7 side.  In addition, I have a USB wireless adapter (ALFA) that I can plug in and have no problems with.

This seems to be something specific to this card and this router — it doesn’t happen on my home network, and it hasn’t happened a couple of hotels I’ve stayed at.  I plan to install Mageia 2 when in comes out, and I’ll see if that changes things, but I’m beginning to suspect that it’s a driver issue.  Fedora recognized the card as an  Atheros 9285.

 

UPDATE:  This is fixed in the 3.3.4-3.fc16.x86_64 kernel, or maybe the update just before it. Thanks, Fedora team!

Fixing the Ajaxterm shift key (and no login) problem

Ajaxterm is a wonderful little program written by Antony Lesuisse to create an ssh terminal from a browser window.  This is important to me because a local library allows *only* web surfing from public terminals, but not ssh.  So, I use ajaxterm to act as a ssh server that I can access from http.

However, I could not login.  After some playing around, I determined that it was because I had capital letters in my password.  When I looked at the way ajaxterm interprets keystrokes, it turns out that it captures the pressing of the shift key as a separate keystroke (and interprets it as uparrow).  It then interprets the capitalized letter correctly — i.e. shift+A  counts as two keystrokes, “shift” and “shift+A”.  Uparrow in my shell  provides the previous historical shell command.  Thus, if my last command was “ls” then instead of “A”, hitting shift+A gives me “lsA”.

So I went back and looked at the code for ajaxscript (thank God for open source), and found where this was done.  I put in a little line that captures the shift key by itself and sets it to the null character.  Now everything works fine.  Here’s the code for Mandriva 2010.0.  I assume the files are in a similar place in Ubuntu and other debian distros.  In any case, file you need to look at is ajaxterm.js, and on my box it lives in /usr/share/ajaxterm.

If you open up /usr/share/ajaxterm/ajaxterm.js, you will see a function keypress(ev):

function keypress(ev) {
     if (!ev) var ev=window.event;
     //s="kp keyCode="+ev.keyCode+" which="+ev.which+" shiftKey="+ev.shiftKey+" ctrlKey="+ev.ctrlKey+" altKey="+ev.altKey;
     //debug(s);
     //return false;
     //else { if (!ev.ctrlKey || ev.keyCode==17) { return; }
    var kc;
     (etc...)

Basically, it goes through and captures any control codes, and then interprets each. If you turn on the debug code that’s in there you will find that the shift key is ev.keyCode=16 and ev.which=16. Thus, after the code checks for control, alt, etc. you just need to add a little snippet that turns the key into a no-op if the keycode is 16. I did it here (my added code is in red):

    (...long list of characters...)
     else if (kc==123) k="[24~"; // F12
     if (k.length) {
         k=String.fromCharCode(27)+k;
         }
      }
    } else {
        if (ev.which==16) {
             k="";
             kc=0;
        }
      if (kc==8)
     k=String.fromCharCode(127);  // Backspace
      else
     k=String.fromCharCode(kc);
}

That seems to have fixed the problem.

Some basic hygiene for blogging and surfing

Laughing Wolf at Blackfive is in an uproar over some computers being seized by the TSA and CID forensics folk.  Without discussing the validity of the outrage, he makes an interesting suggestion — that anybody who has a computer seized dump it and get a new one, because Big Brother will likely have loaded child porn on your machine in order to entrap you.

In fact, it is not policy of any of the investigating agencies I know (and I know  a few from working with SWGIT, SWGDE, AAFS, and ASCLD-LAB) to go around planting evidence.  Please.  But it is *not* uncommon to install key-loggers , rootkits, and surveillance software as allowed by law.  For the most part, however, they will not seize your computer to do it.  They will either install it remotely or get a warrant to break into and enter your house or office unobserved, and install it on site.  You will never know.  The bottom line is that if these folk have *that* much interest in your computer activities, they will find a way to  monitor them.

But that’s not what gets most folk, it seems to me.  What gets most folk is that they are sloppy about the hygiene of their machines.  Computer anonymity is like a lot of things — you can’t beat someone who has unlimited resources and infinite time and patience.  However, you can make it increasingly difficult and discourage folk who have limited resources and limited time.  You don’t have to be the low-hanging fruit. As a friend of mine once told me, when you are being chased by a bear, you don’t have to faster than the bear, you just have to be faster than the guy beside you.

Anonymity is a *good* thing, and we need to remember that.  There’s a reason the Federalist Papers were signed with pseudonyms.  The world does not have a right to know every detail of your life, and law enforcement *should* have to respect your rights.  There should be no stigma attached to desires for privacy, and the best way to remove that stigma is for *everybody* to insist on theirs.

So here’s some simple things I do to try to be just a little faster than the guy running beside me.  Note that this is *not* a security tutorial.  I am going to assume that you do basic security.  I’m not going to talk about firewalls and intrusion detection.  These steps will *not* stop intrusion — they assume the installation (or attempt) of forensic surveillance software, not more traditional malware.  They are only to minimize exposure assuming you *are* intruded upon or your computer seized.  They are not the *only* things you can do — they are just things that i do.

It may sound like a lot, but in fact it’s all pretty easy once you have the scripts written and the procedures in place.  None of this interferes with my enjoyment of computing at all.

1) Run Linux or BSD as your operating system.

This is not really a thing about the Microsoft-as-Satan thing.  It’s just a matter of cleanliness.  Microsoft operating systems are inherently dirty.  They store little traces of what you do *everywhere* and it’s almost impossible to clean it all out.  Linux is inherently cleaner in that respect.  There are fewer logs and hidden caches of data to clean up, and since Linux is completely open source, none of them are really hidden.  Sure, Linux does keep logs and various apps do make their own little logs, but you can find them and clean them pretty easily.  Note that the new versions of Gnome and KDE both have centralized areas where user preferences are stored — gconf and .kde4/share — that some folk find analogous to the Windows registry.  Whether that analogy is valid is a religous debate, but in either case they are both easier to clean.

1A) If you *do* run Linux, don’t use a journaled filesystem.  Of course, you don’t have a choice in Windows, but in Linux you do. Journaled file systems are filesystems that keep data from files that are in the process of being written to disk.  Thus, if the computer crashes in the middle of a write, the computer can figure out what it was trying to write on next boot up and fix things automatically.  The downside is that it is possible to forensically look at the cache.  That means that an investigator can tell what files were being accessed and may be able to reconstruct part of all of the file. Journaled systems are great — there’s a reason they are so common. If you don’t have one, every time your computer crashes you have to let the computer do a disk scan and try to repair things.  You’ve seen that in older Windows versions when you get that “Your computer did not shut down cleanly.  Hit any key within x seconds to abort scandisk…” or whatever it says (I don’t remember all that well).  The newer Linux filesystems *also* are journaled, but you can still use ones that aren’t (like ext2).

2) Encrypt your wireless  at home.  If you are running from home, of course it’s better to be wired than wireless, but most folk will find that too inconvenient.  And don’t use WEP, which is, oddly, often the default.  Use WPA, or better, WPA2.  Change your ESSID and passphrase on a regular basis.  Some people have argued that you should not encrypt your wireless, but instead leave it open — which provides plausible deniability in that it’s always possible that someone is borrowing bandwidth.  For awhile, I tried to have the best of both worlds by having a second wireless router that was open.  Thus, my machines were part of the the encrypted network, but there was an unencrypted back door that tunneled through my encrypted network.  My experience has been that wherever I’ve lived, there’s been little bandwidth use.  Your mileage may vary.

3) Periodically re-install your operating system from scratch or use a removable distro.

This is the second reason to run Linux.  The idea of installing Windows from scratch is profoundly frightening to a lot  of people.  Most people who get over the initial idea that installing an operating system is “supposed” to be hard will find that it’s usually a piece of cake with Linux, particularly with hardware that’s been around for awhile and has had time for good driver development.  Linux support for hardware is profoundly better than it was a few years ago, though there are still a few problems here and there.  And you can bet that if you have a problem, a quick search on the web will find a solution.

But whether you use Windows or Linux, there is no better way to make sure you are rid of a rootkit or malware than to start afresh.  More important, it also makes sure that you get rid of all those old files you forgot to delete three months ago. Most Linux users do this as a matter of course simply because they upgrade their OS on a regular basis.  I use Mandriva Linux, which comes out with a major upgrade on a 6-month schedule.  Thus, at least once every six months, I wipe my drive and install from scratch.

4) Back up frequently, but *only* back up files you want to keep.  A lot of people have the habit of making disk images as backups, and backing up all files automatically.  Since the idea here is *not* to have old, forgotten files laying about, don’t do that.  Make frequent and redundant backups, but only back up stuff you really need.

4A) Don’t do incremental backups. Instead, backup all the files you want to keep into a different place and check them against the same files you backed up last time.  In other words, I back up my servers every week, and keep backups from 1,2,3, 5, and 10 weeks ago.  When I do another backup, I check the files against the ones in the previous backup to make sure only the right files have been changed.

5) Don’t keep your logs.  In the past, I ran a circumventor on a network I administered in an attempt to help Chinese dissidents get around the Great Firewall of China.  Clearly, it would not be bright to keep extensive logs of those communications. I have a policy of *not* keeping logs once I’ve scanned them for signs of intrusion.  I monitor my logs every day, and delete them afterwards.  Thus, if my computer is seized, any traffic over a day old will likely not be discovered.  In addition, since I have had that policy for years, it cannot convincingly be claimed that I deleted my logs to obscure one particular event.

5A) This includes, by the way, making sure you clean your cache and delete cookies on a frequent basis (e.g. every time you start or shut down the browser).  Most browsers have a security setting to do this.  Use it.

6) Don’t keep emails.  For the same reason as above.  If you must keep old emails, archive them off your machine.

7) Encrypt your disk. Disk encryption is available on both Windows and Linux.  The courts, at least at the Federal District Appeals level,  have indicated that a person does *not* have Fifth Amendment protections involving encrypted disks and can be forced to provide the passphrase.  However, it will usually mean a delay that will give you time to talk to your lawyer.  The recent stories from the news with the TSA wrongly seizing computers are common stories with the victims being intimidated and giving up their computers under threat of harassment, and not having time to consult their lawyers.  If the disks are encrypted, then even if they make an image of the disk, the data will not be trivially available.  By the time they get back to you and make the demands for the passphrase, you may be in a better position to know if you must give it and no longer be in the “Oh my God ” panic mode.

8 ) Use an anonymization service.  Anonymization services, for the most part, act as middle-men when you surf the internet.  Anybody getting logs of your traffic will only see you going to the intermediate site and anybody looking at the logs of your destination will only see the intermediate site.  Some services will bounce your traffic between multiple machines, so that the logs on your side and the logs from your destination point to different intermediaries.  It’s not perfect — your browser logs will still record where you go and some places have to provide certain information to their governments.  I use JAP, run out of Germany.  When I use that service, the sites I go to think I’m in Germany or Switzerland or France or whatever. The other ig bpopular free service is Tor.

The free services suffer a little from latency issues — bouncing from machine to machine can slow things down. There are also a number of commercial services and JAP has a fee-based service that gives much faster transmission times.

In addition, there are a large number of one-hop circumventors around. I run three on various networks for personal use, and many are publicly available.  These are more useful for bypassing nannyware than privacy, but they are better than nothing.

Note that, depending on what anonymizer you are using, it will only make tracing things harder, but almost never *impossible.*

9) Run a circumventor on your network.  Again, this is a plausible deniability thing.  Just as with having an open wireless, if random other people can use your network, then not all traffic on it can be ascribed to you.

10) Spoof your MAC address. Anonymization services, such as those noted in step 8 will obscure your ip address from outside your local network.  From inside the network, it will obscure the ip address of your final target.  However, it will *not* obscure the fact that you were using the anonymization service to someone monitoring your local network.  The reason is that, just as web sites are identified by ip addresses, individual machines are identified by “MAC” (Machine Address Code).  This allows the local network to associate your particular machine to an ip address. MAC addresses are hard wired into your network card, and uniquely identifies your machine.  Someone who has access to your local network can identify what your particular machine is doing by looking at this association.

However, you can fake (or “spoof”) your MAC address.  In Linux, it is a very simple command, and there are simple scripts to make you fake being a different kind of network card, etc.  In Linux, the most common tool is called macchanger.

For some cards it’s a lttle more complicated, but not much.  In addition, not all cards support it equally well.  I have a usb wireless card that I use on my laptop instead of the internal card, both because of range and because it’s easier to spoof.  In any case, whatever my MAC address is at the moment will be gone forever the next time I boot up.

11) Automatically delete files you don’t use.  It’s easy to write a script that will delete any personal file not accessed in, say, a month.  If you don’t need them on your laptop, don’t keep them.  If you need them, they’ll be backed up, after all.

12) Keep your backup drives in a hidden place.  Keep your network storage in a non-obvious place — the attic, behind a wall, whatever.  It won’t stop a real search, and it won’t stop someone who bothers to do a network scan, but again, it will slow down the average “let’s go into his office and take whatever we happen to see” kind of search.  And, again, encrypt them.

13) If you are on the road and in a hotel, use another hotel’s wireless.  Most of the time, when I go on the road, my wireless card will pick up networks not only from my hotel, but the five or six nearby hotels or other places with free wireless– particularly if I’m using my external card and attach it to a window.  Many of these (though fewer all the time) do not require login or ask if you are actually staying at that hotel.  Unless I have to, I never use the wireless from my own hotel.  This is getting increasingly difficult, but I have found a place in most cities that i go to frequently that will fit the bill.  Note that I’m *not* advocating breaking into wireless networks that put up barriers, even lousy WEP encryption, or who have screens saying that they are not open and only guests should use the service.  I do not advocate breaking the law, and I am not a lawyer.  I only do this with truly free and open services.

In some cases, particularly Mariott hotels, they charge for wireless and seem to make it hard to get to other nets.  Worse, when you pay, they tie it to the MAC address of your laptop.  Obviously in those cases, don’t use your “real” MAC address,  but save the spoofed on at least for the day you use it, and be sure to use a circumventor and/or anonymizer.

14) Spoof your user agent in your browser.  When you surf the internet, your browser announces what kind of browser it is (Firefox, IE7, Safari, Konqueror, Opera, whatever) as well as the Operating system and even kernel version you are running.  This is done to tell webservers what kind of page to provide — pages build for IE may not work perfectly on Firefox and vice versa.  In addition, some web servers will send you to different places depending on your browser — for instance, many newspapers that do the nagging ask-for-free-registration-password thing will not stop a browser that identifies itself as a Googlebot

Firefox has a plugin that allows you to spoof your identifier. Use it.  Here are some instructions for other browsers with respect to Googlebot. I suggest that you don’t use Googlebot all the time.  There are some sites that block it or send you to wacky places.  For instance, Sitemeter.com always sends googlebot to its home page, regardless of where you try to go, as far as I can tell.

15) Don’t run java or javascript or other downloaded controls/software (including ActiveX) by default on your browser.  This is a tough one, since so many pages use them.  However, they allow holes that provide identification of who you are.  It is always a security risk to run code from a website.  Know the pages you allow this from.  Again, your browser should have easy settings for this.

Configuring Mandriva 2010 linux for ATI Radeon HD 3200 graphics card

I recently upgraded to Mandriva 2010 linux on my HP dv7-1287cl laptop.  I did a clean install rather than upgrading the existing 2009.1 distro because I customize my box a fair amount.  It went quickly and without a major problem.

UPDATE 4 (9 JUNE 2010) : Just installed 2010.1 RC2 — Everything works out of the box.  Move to 2010 Spring in a couple of weeks, and ignore the rest of this post.

There was only one smalll hassle.  It correctly recognized my graphics card (ATI Radeon HD 3200), and asked me if I wanted to install the proprietary driver rather than the open source xorg driver.  I hit yes.  When I started X, it came up a black screen.  When I backed off and instead installed the xorg radeonhd driver, it worked fine but compositing did not work (someone at the Mandriva forums indicated that this would happen if I didn’t have gfx mode turned on).

So I went to the AMD/ATI site and downloaded the proprietary driver from there (file: ati-driver-installer-9-10-x86.x86_64.run ).  It installed without a hitch and worked fine.  The only thing to be careful about is to make sure you save the xorg.conf file immediately, and if you want to turn compositing on and off, do it manually by adding
Section “Extensions”
Option “Composite” “Enable”
EndSection

(or, of course, “Composite” “Disable” to turn it off).

Doing it in XFdrake to turn things on and off will screw things up, since it will try to load the drivers it knows about.  In order to back out, you need that original xorg.conf.  Thus, I save an xorg.conf.composite_on and xorg.conf.composite_off right after installing the downloaded driver, and use those.  If you to the “aticonfig –initial” it will overwrite the xorg.conf file in a manner that does not preserve the explicit monitor resolutions.  So don’t lose that original xorg.conf that works if you feel the need to play with it…

UPDATE 1:  A couple people emailed and wanted my xorg.conf file.  Here it is.  This is derived from first installing the Mandriva driver (hence the stuff about XFdrake), and then installing the downloaded ATI driver, which modified but did not rewrite the xorg.conf file.  The last bit about compositing was added by hand.

%cat  < xorg.conf.conposite_on

#File generated by XFdrake (rev )
# **********************************************************************
# Refer to the xorg.conf man page for details about the format of
# this file.
# **********************************************************************

Section “ServerLayout”
Identifier     “layout1″
Screen      0  “aticonfig-Screen[0]-0″ 0 0
EndSection

Section “Files”
EndSection

Section “Module”
Load  “dbe” # Double-Buffering Extension
Load  “v4l” # Video for Linux
Load  “extmod”
Load  “glx” # 3D layer
Load  “dri” # direct rendering
EndSection

Section “ServerFlags”

#DontZoom # disable <Ctrl><Alt><KP_+>/<KP_-> (resolution switching)
# allows the server to start up even if the mouse does not work
Option      “DontZap” “False” # disable <Ctrl><Alt><BS> (server abort)
Option      “allowmouseopenfail”
Option      “Xinerama” “off”
EndSection

Section “Monitor”

# modeline generated by gtf(1) [handled by XFdrake]
Identifier   “monitor1″
VendorName   “Generic”
ModelName    “Flat Panel 1440×900″
HorizSync    28.8 – 90.0
VertRefresh  60.0 – 60.0ModeLine     “1440x900_120″ 229.8 1440 1552 1712 1984 900 901 904 965 -hsync +vsync
ModeLine     “1440x900_100″ 187.6 1440 1544 1704 1968 900 901 904 953 -hsync +vsync
ModeLine     “1440x900_85″ 156.8 1440 1536 1696 1952 900 901 904 945 -hsync +vsync
ModeLine     “1440x900_75″ 136.5 1440 1536 1688 1936 900 901 904 940 -hsync +vsync
ModeLine     “1440x900_60″ 106.5 1440 1520 1672 1904 900 901 904 932 -hsync +vsync
ModeLine     “1440x900_50″ 87.4 1440 1512 1664 1888 900 901 904 926 -hsync +vsync
ModeLine     “1280x800_120″ 181.2 1280 1376 1520 1760 800 801 804 858 -hsync +vsync
ModeLine     “1280x800_100″ 147.9 1280 1376 1512 1744 800 801 804 848 -hsync +vsync
ModeLine     “1280x800_85″ 123.4 1280 1368 1504 1728 800 801 804 840 -hsync +vsync
ModeLine     “1280x800_75″ 107.2 1280 1360 1496 1712 800 801 804 835 -hsync +vsync
ModeLine     “1280x800_60″ 83.5 1280 1344 1480 1680 800 801 804 828 -hsync +vsync
ModeLine     “1280x800_50″ 68.6 1280 1336 1472 1664 800 801 804 824 -hsync +vsync
EndSection

Section “Monitor”
Identifier   “aticonfig-Monitor[0]-0″
Option      “VendorName” “ATI Proprietary Driver”
Option      “ModelName” “Generic Autodetecting Monitor”
Option      “DPMS” “true”
EndSection

Section “Device”
Identifier  “device1″
Driver      “radeonhd”
Option      “DPMS”
EndSection

Section “Device”
Identifier  “aticonfig-Device[0]-0″
Driver      “fglrx”
BusID       “PCI:1:5:0″
EndSection

Section “Screen”
Identifier “screen1″
Device     “device1″
Monitor    “monitor1″
DefaultDepth     24
SubSection “Display”
Depth     8

EndSection

Section “Screen”
Identifier “screen1″
Device     “device1″
Monitor    “monitor1″
DefaultDepth     24
SubSection “Display”
Depth     8
Modes    “1440×900″ “1280×800″
EndSubSection
SubSection “Display”
Depth     15
Modes    “1440×900″ “1280×800″
EndSubSection
SubSection “Display”
Depth     16
Modes    “1440×900″ “1280×800″
EndSubSection
SubSection “Display”
Depth     24
Modes    “1440×900″ “1280×800″
EndSubSection
EndSection

Section “Screen”
Identifier “aticonfig-Screen[0]-0″
Device     “aticonfig-Device[0]-0″
Monitor    “aticonfig-Monitor[0]-0″
DefaultDepth     24
SubSection “Display”
Viewport   0 0
Depth     24
EndSubSection
EndSection

Section “Extensions”
Option      “Composite” “Enable”
EndSection

#**************************************

UPDATE 2:  I have noticed that Blender will not work with compositing on.  The rendering is OK, but the *menus* don’t work.  Go figure.  If you do what I did and use blender, you will have to turn compositing off when  you use it.

UPDATE 3: Turns out that if you use drakconf to change the display to allow compositing, it rewrites the xorg.conf file as I stated above.  However, if you simply turn it off in the KDE control GUI (i.e. “Configure Your Desktop -> Desktop -> Configure Desktop Effects “) you can turn off compositing in KDE, not change the xorg.conf file, and allow Blender to work.  Thus, at least for Blender, I don’t have to keep copying the different versions of xorg.conf over.

Does Bing favor Microsoft Software?

I’ve been playing with Bing a bit, but have found that it’s not as useful at finding resources about Linux and Unix issues as I would have hoped. For instance, I did a search asking the question “How to delete a range of messages in Alpine?” Alpine is a text-based mail reader from U Washington, and the successor to the famous “pine” reader. It is popular among *nix folk.

The Google results took me right to an answer (click on the image to get the full size):

google_screenshot

Note that a pointer to the answer is right there on the first line.

Kartoo gets it on the first screen.

Now look at Bing:

bing_screenshot

No such luck. The first hits all point to Microsoft software that have nothing to do with Alpine. The fifth hit at least went to U Wash and referred to the right software, but discusses usenet news articles, not email messages. No usable answer is found in the first four pages of searching…

I hope that Bing isn’t going to ignore Linux in its search efforts.

What hath Apple wrought? Dealing with the client-error-not-authorized error

My wife managed to wean herself from Microsoft a couple years ago.  Not quite ready to jump to Linux, she decided on a Mac, and has generally been pretty happy with Mac OS X.  I’ve been pretty happy with it since even though it’s not Linux, it’s BSD under the hood, and I can fix many of the problems she has.

But then she “upgraded” to Leopard.  Man, was that a mistake.  The first thing that has happened is that her MacBook can’t maintain wireless connection.  She can get on our local home network, but AirPort drops signal every few minutes, has to rescan, and after a few minutes will pick up again.  This makes web browsing almost impossible.  I’ve tried all the tricks I could find on the net, but it just can’t keep stable.  Apple really screwed up Airport with Leopard, at least in terms of compatibility.  I hope the new Snow Leopard fixes this, because I haven’t figured out how to do it myself.

There’s another problem, though — her machine can no longer recognize the wireless HP PhotoSmart C8180 printer — which worked fine before the upgrade.  The *original* way I added the printer was by going to System Preferences -> Print&Fax -> +  to add a printer, choose “JP Jetdirect” as protocol, add the ip address, choose the driver from the list, and there you go.  Unfortunately, this time, the printer is not found, and the driver defaults to “Generic Postscript.”  When I try to add the printer manually, I get an no connect error with the error message “client-error-not-authorized error.”

I’ve tried every permutation on the books.  Finally I decided to bypass the OS as much as possible and use CUPS (the underlying printer setup system) directly.  To access that, go to http://127.0.0.1:631.  That brings up the CUPS administration page for the local box.  Choose “Add printer” and follow the directions.  The only trick is that for the URL, you need to actually specify the socket, i.e. instead of “http://whatever” you type “socket://xxx.xxx.xxx.xxx:9100″ where xxx.xxx.xxx.xxx is the ip address of the printer.  This added the printer fine, and it showed up in the list when I went back to system prefs.  Go figure.

Good luck, and I hope Snow Leopard fixes this.

UPDATE:  A friend of mine told me that there was a more simple solution.  Apparently if you **log in** as the administrator and add the printer (as opposed to just putting in the admin name and passwd when the requestor comes up when you try while logged in as a regular user) it will work.  I tried it on my wife’s mac.  I can add the printer, but it doesn’t find it automatically, so I still have to enter everything by hand.  Go figure.  But it might be easier to try this before going directly to CUPS.

Getting rid of the Google Toolbar in Firefox — Linux

Well, it’s been awhile since I’ve blogged.  Got caught up in life.  But I found something that pisses me off almost as much as our Looter-in-Chief and his rush into tyranny.  What is almost as intrusive as a GS-7 health nazi working for the Obamacracy telling old people that it’s their civic duty to shut up and die for the greater good?  The freaking Google toolbar that comes pre-installed with Firefox 3.0.8 in Mandriva Linux 2009.1.

Like Obama, Google’s promises all have time limits, and like Obama, the claim of “First do no evil” has pretty much gone by the way.  So I’m not really thrilled with the assurances that Google won’t track what I do.  I decided to delete the Google toolbar.  I try the usual Tools->Add Ons  and see the Google toolbar, but “Uninstall” is greyed out.  Thanks a lot.

So then I go to the toolbar and try the Settings->Help->Uninstall, and that uninstalls the thing– but it reinstalls automatically the next time I fire up Firefox!

This is now officially malware.  Anything that I can’t delete put in by a large corporation for its own marketing is a Bad Thing, and violates a number of the basic principles of going non-Microsoft for my apps.  Bad mozilla. No treat for you!

So what can I do?

Well, I tried this, and it has seemed to work.

1) Uninstall the toolbar using the Settings->Help->Uninstall on the toolbar itself.

2) Quit Firefox and open up a terminal window.  Log in as someone with admin privileges.

3) cd to ~/.mozilla/firefox/*.default  (go to wherever it is firefox keeps its config status)

4) rm -fr GoogleToolbarData

5)  edit extensions.rdf.  Find the section that looks like:

<RDF:Description RDF:about=”urn:mozilla:item:{3112ca9c-de6d-4884-a869-9855de68056c}”
NS1:installLocation=”app-global”
NS1:version=”3.1.20090119L”
NS1:optionsURL=”chrome://google-toolbar/content/options.xul”
NS1:aboutURL=”chrome://google-toolbar/content/about.xul”
NS1:iconURL=”chrome://google-toolbar/skin/icon.png”
NS1:name=”Google Toolbar for Firefox”
NS1:description=”Take the power of Google with you anywhere on the Web!”
NS1:creator=”Google Inc.”
NS1:homepageURL=”http://www.google.com/”
NS1:userDisabled=”needs-disable”>
<NS1:type NC:parseType=”Integer”>2</NS1:type>
<NS1:targetApplication RDF:resource=”rdf:#$XjnOg3″/>
</RDF:Description>

Delete all that.

6) Start Firefox again.

I don’t know whether setps 4 *and* 5 are necessary, or just one of them, but that worked for me.

Get your own number! Sue others for using it!

Not too long ago, the key for hacking AACS Blu-Ray and HD-DVD disks was discovered and published.  It’s a simple 128-bit number: 09F911029D74E35BD84156C5635688C0

(It’s a hexidecimal number, where the numbers go from 0-15 rather than 0-9).

When this number was published, the AACS threatened 1.8 million sites saying that it owned the number and any use of it was a copyright violation.

This is probably the first time in US history that a group has claimed ownership of a number.  It is also the first time in history that a law (the
DMCA — Digital Millenium Copyright Act) allows a company to censor the use of a number by mere threat.  The law states that a person must stop
using it merely if a complaint is made, not if a real violation is proven.

This is clearly a bad law, and has implications in all professions that use numbers.  To show this, another group is giving away ownership of
other numbers.  Mine is:

71D2314105C515ADAAB43494E0F1E221

I wanted “5”, but apparently it was taken.

I suggest you get your own.

Hat tip BoingBoing