Archive for July, 2008

Building Embedded Linux Systems – Second Edition

Thursday, July 31st, 2008

So without further ado, I give you Building Embedded Linux Systems – Second Edition, written by several talented authors, and also yours truly. I take overall responsibility for this edition, and I hope that you enjoy reading it.

The book is going to be hitting bookstores “really soon now”, just as soon as it’s done being printed. The update includes lots of changes to upstream kernel and embedded components that have happened since 2003, brand new material on the Real Time patchset and related technologies, as well as various other changes. It’s intended to be an overall insight into embedded Linux rather than a programmer’s guide – for that, you want to be reading the other O’Reilly books on the Linux kernel and Linux Device Drivers – but it will get you pointed in the right direction, even if you’re coming from a non-Linux background. If you know Linux, but don’t know much about embedded Linux and its unique constraints, you will enjoy this book.

Buy a copy, and make my day!

Ben Nevis, Ireland, and other random craziness

Monday, July 28th, 2008

So I’m trying to shoehorn an ascent of Ben Nevis into next week’s brief visit to the UK. I could do with knowing who else of my friends are actually interested in doing it – hence the wide circulation blog spam. Read on for some options.

Driving from London to Fort William is about 500 miles, which is reasonable in the US but totally insane on UK roads. Therefore, it makes more sense to fly from London to Glasgow and drive/take the coach. There are flights with EasyRyan (RyanAir in this particular case) that are inexpensive, and a coach with Scottish City Link, and a hostel in the local area with a couple beds left. Alternatively, rental (hire) cars run at about 80-90GBP with insurance for a day from Glasgow to Glasgow. Either way, it winds up being an overnight – e.g. fly late Sat (9th) return late Sun (10th). Still, that potentially gives time to find a distillery while we’re in the area, or just do some touristy things with the extra time. The ascent takes 8 hours if you’re in good shape, so I’ll totally understand if nobody else actually wants to do the mountain itself but perhaps even just come for the ride ;)

If you’re interested in this random craziness, and/or visiting Ireland for the day on August 11th, then drop me a line. This latter trip is largely whimsical and I haven’t yet booked anything. But I’m planning on taking at least one actual day off aside from weekends, and the idea of going to Dublin for some Guinness is appealing, as is visiting Ireland rather than flying over it for a change.

Later,

Jon.

Visiting the UK

Friday, July 25th, 2008

So the cat’s out of the bag, and since I’m no longer able to surprise my mother with my impending visit, I might aswell let everyone know that I’m visiting for a few days next week. I’ll be around on and off between August 1-14.

I’m in the country on business but I also have weekend plans. These include potentially hiking Ben Nevis, and swinging by London, Cambridge, Reading, Winchester, the Isle of Wight, and a few other places. I will start harassing people about meeting up, but in the mean time, feel free to harass me via email if you’re around. It’s also quite possible that I’ll ditch the UK a few days into my second week and spend a day or two in another European country – Ireland is on the list, but so is France, or Belgium, or Germany, or a few other places.

Jon.

Brave New Jon – Animoto Video

Sunday, July 13th, 2008

So I’ve been playing around with Animoto recently, and thought I’d make a video showing some of my escapades over the past 1 year, 2 months, and 28 days since Project Brave New Jon officially commenced.

Brave New Jon started over a girl, but it turned into a giant self re-invention exercise that has seen me go from an inactive size 38″ to a size 29″, and turn into a hiker, climber, and many countless other things that I’ve done over the past year or so of my life. But now may be the time for me to finally accept that the reason for BNJ – the girl involved – is really gone. It’s sad that she’ll never really know what I did over how I felt about her, but that’s life. I wish I knew why it ended, but I’m clearly not supposed to ever know.

High Resolution version: Brave New Jon

Jon.

Stupid Apple iPhone 2.0

Friday, July 11th, 2008

So Apple released the 2.0 iPhone update today…yada yada yada…where’s the Terminal App in the App Store? Where are /any/ useful apps?

Now, before you tell me “but you could just write one and add it to the store” – really? If that’s the case, then where are the countless other apps that have already been written to tweak the iPhone, run a terminal, get remote SSH access, and the like? I suspect Apple has no interest in graciously allowing people to actually use the iPhone like that. Or am I wrong?

This is annoying, but until the App Store has something useful in it, I think I actually have to keep my existing iPhone on a 1.1.3 release. I just hope someone is able to convince King Jobs to add a terminal, or more likely, there’s a crack released for 2.0 that makes it actually useful.

Jon.

My Mazda Miata MX-5 – One year on…

Thursday, July 3rd, 2008

Photos: A year with my Mazda MX-5.

So, this time last year, I was fairly pissed off with the world (mostly over a particular girl) and decided to cheer myself up with retail therapy. After various other craziness, I found myself in a car dealership one afternoon, looking at MX5s.

Now I’d never had a (full) driver’s license in the UK. I’d learned to drive, but never really sorted out the final getting-the-license bit. I relied on friends, family, and UK public transportation for 24 years. But there’s only so long that this lasts you in the US (I’m talking about the ability to drive, even a rental car for an afternoon, not even owning a car), where many activities require some form of vehicular transportation – for example, getting to the office (before the shuttle service we have now existed), which is 37 miles outside of Boston. It was inevitable that I would learn to drive “on the right side of the road” sooner or later, all I needed was a little impetus to get that moving.

The impetus was being really pissed off with the world, over a girl (as begins many a story in life). Within 3 days of her randomly deciding not to see me again for no reason, I’d had a few lessons on US driving, and one week later, I had the passed the testing (no silly many months of waiting list like in the UK, though the standards here are shockingly lower than in the UK – conversely, there the DSA (Driving Standards Authority) is overly anal, out of touch with reality, poorly (mis)managed, and generally a giant government was of time). The first time I drove alone was on a roadtrip to New York in a rental car. The second time was an extreme amount of Californian coastal highway driving, including 74 miles of twisting, winding mountainous roads. That was April.

By June, I was still pretty pissed off with the world (I’d even briefly considered whether to leave the country and go somewhere else entirely – I can now completely sympathize with a certain hacker who moved to Australia), had spent a few weekends tearing up the Californian countryside in rental cars, and decided I needed to get a car. Initially, I planned to be fairly sane, and buy something like a Prius, or an older (but dirt cheap) used car. Then I discovered two things:

1. Insurance in Massachusetts is regulated by the State of Massachusetts (there are changes underway this year, but it’s all largely cosmetic), and auto insurance would cost me at least 3K/year, regardless of my vehicle.

2. There are some surprisingly affordable cars in the US, when you’re used to UK prices – my car in the UK retails for around twice as much as I paid for it, which isn’t particular atypical, though most of the time it’s slightly less.

So, if I was going to pay through the nose, I might aswell have fun while doing it. I started looking at MX5s. Initially, I was looking at older used models, with the older pre-2006 design. But there was really something about the complete redesign for the 2006 model year that did it for me. This model had more class, more leg room, and more cup-holders (everyone knows you should always judge a US car by the number of cup holders). I rented one in California and took it for a spin up the route 1 highway. I liked it. A lot. Even if it was an automatic rental. So, that pretty much made the decision for me. I planned on getting a standard one, 5 speed, with regular interior, which I was almost about to do when at the dealership I noticed another vehicle:

* 2006 Mazda MX-5.
* Under 10K miles.
* 6 speed manual.
* All the extras.

And let’s not forget I’d committed the carnal sin of being super pissed off with the world, and simultaneously being in a car dealership at the same time. These things are known to be bad in combination. I picked it up in time to drive up to OLS last year. Then I had some fun registering the license plate “RED HAT”, because, well, it was available and nobody else had thought to get it first. It amused me.

Last summer was an interestingly, terrifying, Boston driving experience. I was a newly qualified driver, in a almost new car, surrounded by crazy Boston drivers. This meant I never drove in town, would only go to specific places, and I tried to avoid doing anything that would get me lost. Still, I had a lot of fun with the freedom that vehicle ownership gives you – especially a convertible in a New England summer. I drove to the beach (a lot, especially at 4 or 5am to watch the sunrise, and sometimes also in the evening for the inverse), went to my first ever drive-in movie, and did some other local trips like Blueberry picking. I also drove up to Canada the day after getting it.

Time passed, the fall came, and I bought a GPS (complete with optional, extremely pretentious over-done stereotype-in-a-box British accent – not that one, before you think so). This changed my driving experience considerably. Now I didn’t have to be so worried about dying constantly and could just focus on avoiding the maniacs on the road, rather than trying to navigate. And if you don’t think Boston drivers are insane, well, you’ve probably never seen the contrast between American and British drivers first hand. There’s no cup-of-tea niceness here, only bloodthirsty vengeance, a constant need to cut people up, and a desire never to use signals. I started going to other places I hadn’t previously tried to get to in my car – New York, other States, even eventually driving around town, although I still like to avoid doing that – the MBTA “T” is actually far more effective, in many cases.

With the passing of the fall, winter came in, and it was harsh. My low profile sport tires really weren’t much of a match for New England snow, but I was determined to live my Californian driving lifestyle. I’m probably the only person I know who drives around with the top down in January, when it’s -10 outside, wearing mountain gloves. While that’s perfectly possible, and clearing snow from the car to achieve that takes under 30 minutes, driving on snow turns out to be sufficiently more difficult than I had anticipated. I probably had a number of near-calls, and certainly need to look into snow tires for this year’s winter weather craziness. I’ve upgraded my gloves, too.

Anyway. After a year of owning this thing, and my first annual inspection (and insurance renewall…), I’ve decided I made the right choice in a car. Mazda pretty much got this right. Sure, it’s not the S-2000. And yes, that is a very lovely car, but it’s also nearly 20K more than the Mazda, and I’m not sure really whether it’s worth that. The car interior is almost as close to ideal as one could get – though the door cup holders might be better placed. It’s small, but well laid out, the controls are done right, the soft top release is much improved on the older model (to the point where you can put the top down, in moving traffic, using one hand), and even the trunk size is ok, just so long as you advise guests in advance not to bring huge suitcases when they fly in.

On the whole, I’d thoroughly recommend the MX5. I went to my first ever auto show this year also, and saw the latest model before it really started to hit the roads. They’ve really only made a few cosmetic changes – though they do now have Active Stability Control as standard on my model (well, one presumes), the access control is improved, and they’ve slightly tweaked a few cosmetic items…but on the whole, it’s still just about right. Don’t buy it if you’ve got a family or ever like to travel with more than an overnight bag ;)

Jon.

I love SELinux (part IV)

Wednesday, July 2nd, 2008

So I’ve been writing about a couple of weeks as a user of SELinux on Fedora. I thought I’d give an update about the experience.

After a week as a user of SELinux in enforcing mode, I had learned a few things. I had learned that it isn’t always possible (without using command line utilities) to download a CD image and use it to install a virtual machine, or to use an alternate location for virtual machine images, and a number of other (minor) issues. By this, I mean that none of these things can be done trivially by end users or developers who don’t know about commands like chcon, and their use. To many end users, this simply means these (seemingly quite straightforward) activities are now “impossible”, since they simply will not properly understand why they are not working in the way they had intended. In this case the appearance of us being secure has trumped over general functionality.

Late last week, I decided to allow my laptop to apply the latest Fedora updates. I rebooted into the updated environment (new kernel image) and tried to connect to my corporate VPN using VPNC. Although it was able to connect, the connection script generated repeated errors trying to run commands like “ip” and “ifconfig”. So, I spent roughly 6 hours on Sunday night reading SELinux documentation, books, whitepapers, commands, and the Fedora SELinux “targeted” policy itself. I concluded that the update had disallowed the VPNC domain access to the sysnetwork domain in which those various networking commands exist.

Without getting into specifics too much (BZ453236 has my analysis attached), NetworkManager is able to start VPNC because it runs in a system context (which has a specific policy item to allow access to network commands), whereas regularly started tty incantations of VPNC will run unconfined. In that case, audit2allow suggested adding:

role unconfined_t types ifconfig_t

Which was actually in a pending update to the policy (it hadn’t made the changelog so I hadn’t noticed it when skimming recent koji builds). I installed the new build, and lo-and-behold my VPNC worked again. I wasn’t particularly bothered by this experience – I learned a lot about SELinux policy, the different files, and how it all goes together that I’m sure has changed since I looked at this stuff nearly a decade ago. But I’m not blogging about this because of me, I’m thinking about the end-user experience. The user facing this problem might have filled a Bugzilla, and they might even have realized this was due to SELinux (no AVC denial messages given) and tried fixing the problem for themself. But they probably instead decided that something was broken with Fedora and just went away frustrated. Security trumped over functionality of a generic laptop system.

All I can do is hope that, in time, the community will realize the many uses that SELinux has, and the many that it does not. It’s great if you work for the NSA, have lots of servers to protect from the Interwebulous Tubes of the Internet, or are just a paranoid type. In those cases, SELinux has many advantages – especially if you’re running a timesharing system and distrust all of your users, to varying or equal amounts. This is one of many compelling justifications for SELinux to exist in Enterprise Linux products, and as an optional installation item on various other spins of Fedora – for example, for server targets. These are also good reasons to offer end users the option of turning on SELinux, if they desire.

But for the average Desktop user (you know, the type that we, as a community occasionally like to encourage…) SELinux often ostensibly gets in their way. You don’t have to choose to believe this if you don’t want to, but it can’t be managed graphically (that’s where most people will give up), the policy is highly complex (I’ve read bits of it), and what exactly does the average laptop user sitting behind a firewall with only a few non-external-facing Desktop applications need it for anyway? To protect them from themself? In case the guy in Starbucks is a l33t h4×0r? To protect them from a relatively minor subset of possible security attack vectors unlikely to be used against them at home? I’m still waiting to be convinced that it should *always* be on by default.

As a final note, remember that I’m not criticizing the Fedora community, SELinux developers, or other individuals. I’m saying that the end user experience is lacking in a few fixable ways. Mainly by bringing back an obvious option during installation that explains why Fedora offers this feature, and gives users who don’t want it a choice of turning it off.

Jon.