Posted by Douglas Robertson
Tue, 06 May 2008 16:45:00 GMT
In a recent post Chris Soghoian of slight paranoia fame talks about crossing international borders and protecting your privacy. Specifically Chris is talking about your privacy when it comes to data stored on a notebook computer.
The simplistic solution is to ensure your data is encrypted in some fashion, which you should be doing regardless to protect your data against loss or theft of your notebook. On a notebook running Mac OS X encryption is as easy as enabling FileVault. But as Chris points out, if you refuse to disclose your decryption password or key, you can be refused entry, fined or thrown in jail depending on where you are.
A better solution, at least on a Mac, is to encrypt your main account with File Vault and then create a second dummy account which is what you will use to login when asked by the border guard. However, for this to work and seem at all plausible, you will need to do a little prep.
First, under System Preferences -> Accounts -> Login Options, make sure that Automatic Login is disabled, which I believe it must be in order to use File Vault.
Next, also on the Login Options section, select ‘Name and password’ as the display method for the login window. With this method, you will need to enter in your username and will not disclose any usernames to the person inspecting your computer.
We also need to turn off fast user switching on the Login Options section as that shows a drop down list of users on the computer. If you use this feature on a regular basis, perhaps to lock your computer on the login screen, then you can do this step just before crossing the border; but DON’T forget.
Now add your dummy user to the system. Make sure the name is your full name and that the shortname (ie. login username) is something plausible and doesn’t reveal that this is a dummy account. So, for example, using myself as an example, if my ‘real’ account username is ‘douglas’, I would choose something like ‘doug’ or ‘dougr’ as my dummy account. After creating the account it is critical that you uncheck the box labelled ‘Allow user to administer this computer’. This will prevent the person inspecting the computer from running the ‘sudo’ command and running any revealing commands as the root user. If asked about this restriction you can plausibly deny anything saying that it’s your company’s corporate policy to not allow users to have admin access.
Finally, you need to make your dummy account look like it’s used on a regular basis. How you do this is up to you but I recommend that you spend a weekend using this account only for anything that isn’t important to you in terms of privacy. So surf the web and look for movies to rent, check the hours of your local market, whatever. Make sure you add some bookmarks and download some files. Customize your desktop background and basically make the account look like it belongs to you.
You are now ready to book a trip across an international border. But before you go, there are a couple things you need to do. first, if you haven’t turned off fast user switching (as mentioned above), do that now. You also need to log into your dummy account and freshen things up. Visit some websites so your browser history seems recent, some website cookies and cached files have been freshened and download a couple files. Make sure you log out of your ‘real’ encrypted account; otherwise, it will be sitting in a visible and decrypted form on your computer. And finally, to prevent anything from residing in memory, shut down the computer completely (ie. don’t put the computer into standby mode). Now, you’re ready, for the most part anyway.
It’s worth noting that this method will likely fool ninety-nine out of one hundred regular border guards. The possibility still remains that there my be a border guard with a technology background or specialized training and that they may or may not know what to look for and where to look for it. If you’re worried about that potential outcome then either don’t take your notebook or follow Chris’ advice and wipe your laptop clean.
Posted in Technology | Tags encryption, privacy | no comments | no trackbacks
Posted by Douglas Robertson
Mon, 10 Mar 2008 23:58:00 GMT
For the past few years my flying has been limited to a handful of airports. I love flying but for the most part my flying is limited to ‘flying with purpose’. That is, I tend to fly when I have a reason to go somewhere and flying there in my Cherokee Six makes sense. For example, it’s a 14 hour drive to visit relatives in Manitoba or it’s a four hour flight in the plane. I did a lot of flying friends and family around ten years ago when I got my license so that desire to show off or expose others to the world of aviation is mostly worn out; the exception being my yearly participation in the local Young Eagles day.
But lately, I’ve been trying to build up flying time and don’t want to limit myself to trips with a purpose anymore. So my last two flights have been to various airports around southern and central Alberta. I don’t really have a goal in mind but I do want to make an effort to visit at least one new airport with every flight, if at all possible. In the US I think this is a little easier as there seems to be airports all over (especially on the east coast) but that just means that as I run out of airports I will have to increase the distance I’m willing to go.
The next logical question then is, what qualifies as a visit? Do I need to taxi on to the apron, shut down and go into the terminal, building, shed or whatever structure is located on the airport or is a stop-and-go enough?
Posted in Flying | no comments | no trackbacks
Posted by Douglas Robertson
Sun, 10 Feb 2008 18:53:00 GMT
Welcome to Typo. After three or so years using Roller as my blogging server software, I’ve decided to move to something a little more lightweight and RESTful. And in keeping with my terrible habit of basing choices on the language I prefer to use, I’ve landed on Typo. I don’t remember where I read it, but there was a great article on why you shouldn’t choose a piece of software based on anything but it’s functionality. This is mostly true. But that said, when you are administering a server, you tend to want to consolidate the pieces that you look after. So, if possible you choose software that can run on your database, middleware, web server and platform of choice. So for me, that means if I can find a blog system that runs on Linux using Ruby, Apache and PostgreSQL, and it has most of the features I want then it’s the software for me. And Type fits all those criteria.
I’m still going to have to administer an Apache Tomcat system for the remaining Java Servlet-based applications I run, but I expect Typo to be much less of a hassle to maintain and update so in this case I don’t mind that the apps aren’t consolidated. As it turns out, Typo has way more features and themes than Roller does and the Typo community seems much more active too so overall it’s a good move.
For anyone who regularly reads this blog or subscribes to the feed, you will want to update your bookmarks. In the meantime (and probably forever), I’ve set up my webserver to forward any incoming requests as best as it can. I’ve also managed to import all my old posts reasonably well, complete with comments.
Posted in General, Software | Tags blog | 1 comment
Posted by Douglas Robertson
Thu, 22 Nov 2007 16:56:00 GMT
There’s no silver bullet when it comes to software, hardware, operating systems or complete systems. Fanatics, especially Mac fanatics, will tell you that Mac is that silver bullet, but truly smart people know better. Take this brief blog entry about installing Leopard. That doesn’t sound like a great user experience; not at all. That doesn’t sound like something my Mum would be able to get through without help.
This isn’t a dig on Mac or Apple. I agree that more often than not, things work when dealing with a Mac. But the same is true of Linux. And Windows for that matter. The point is that you can’t judge an entire technology because of one person’s experience. More so when that person is using a laptop with recently released hardware on a beta version of an operating system. If you were so quick to judge, then you certainly wouldn’t ever install Leopard given the number of people who have encountered issues when upgrading.
But I won’t stoop to such hasty judgment because I truly believe in using the right technology for the right job. And to figure out what the right technology is, you need to be unbiased and approach everything with a clarity not found within fanatics.
Posted in Technology | no comments
Posted by Douglas Robertson
Wed, 21 Nov 2007 21:10:00 GMT
Since purchasing my share of a Piper Cherokee Six earlier this year, I’ve been trying to build time flying in it. I haven’t really been trying hard as it’s been a rather busy year between changing jobs, trips to Africa and other exciting places like South Carolina, San Francisco and Montreal and regular life business. But last weekend I did a day trip to Edmonton City Centre (CYXD) to visit with a friend who lives up there and pick up another friend for the return trip.
This was my first flight to CYXD, which is right in the heart of the City of Edmonton. But it wasn’t the extreme crosswind on final for Runway 30 that made this trip memorable but the fact that I now have more time in the PA-32 than I do in the Cessna 182 family. The 182 was my aircraft of choice until I started dating the Piper Cherokee, so it is a fairly big milestone. Next in line to be passed, at slightly more than twenty flight hours away, will be the Cessna 172, which was my aircraft of choice until I discovered the Calgary Flying Club’s Piper Warriors.
On a side note, while in Edmonton I visited the Alberta Aviation Museum. The museum has thirty or so aircraft on display including two of my favourites, a DC-3 and a de Havilland Mosquito, inside a gigantic hanger. If you have a few hours to kill and are remotely interested in aviation I highly recommend a visit.
Posted in Flying | Tags PA32 | no comments
Posted by Douglas Robertson
Tue, 06 Nov 2007 20:36:00 GMT
I went down to the new Alberta Court House building in Calgary on 5 Street SW this afternoon to pay an overdue parking ticket (don’t get me started on parking tickets – it wasn’t mine). The building is very modern looking on the outside and is even more so on the inside. But the big surprise was that in order to get past the lobby, you needed to go through a security check similar to those found in airports.
Before I continue let me note that I fully support additional security where the powers that be feel it is warranted. Is it warranted at a Provincial Court House? I don’t have an answer for that and I wouldn’t presume to know the answer but it is worth noting that the old court house, in use up until only just recently, had nothing more than a Commissionaire sitting at an open information booth.
The new court building is a different matter. There is an x-ray machine, which you have to put your coat and electronics through as well as a metal detector, which failed to pick up my belt (though perhaps that’s because it’s newer and more sensitive than the detectors found at airports. You can read a few more details about the building on Wikipedia. Despite all the security it seems that if you have some sort of electronic pass, you can put the pass into a turnstile-type machine and bypass the security check. I would have assumed that this bypass would be for law enforcement personal, since removing their firearm and such would be a pain, but interestingly enough I saw a short, plain clothes women use it which makes me wonder about the security process. But like I said, I wouldn’t presume to know about the security setup – just found it odd. In any case, when paying your parking ticket, make sure you leave your firearm at home.
Posted in General | no comments
Posted by Douglas Robertson
Tue, 25 Sep 2007 20:03:00 GMT
The last 24 hours for me have been an emotional roller coaster, for a variety of reasons – some work, some personal, and some very personal. But the reasons that relate to this post are a result of my time in the Army. Yesterday afternoon I received a large package from National Defense Headquarters (NDHQ) containing a letter and certificate thanking me for my 14 years of service in the Canadian Forces. I was excited to have finally completed the clear out process from the Army, as a gradual shift in priorities (in combination with an aging body) made remaining in the Army no longer feasible. At the same time I felt torn as I had met a lot of great people, most of whom I still call friends, and as a result have nothing but good memories of my time.
And then it was great sadness that I read about the death of Cpl Nathan Hornburg, a soldier from the King’s Own Calgary Regiment (RCAC), the Army regiment I spent most of my time with. The death of any Canadian soldier is tragic, more so when it is someone from your own regiment. For me it is extra hurtful as Nathan was assigned to my troop when he first joined the Regiment and was a part of my tank crew.
My thoughts go out to Nathan’s family. And to the other members of Regiment who remain overseas, keep safe and carry on what Nathan started.
Posted in General | no comments
Posted by Douglas Robertson
Tue, 21 Aug 2007 19:47:00 GMT
I managed to get sound working using Ubuntu 7.10 (Gutsy beta) on my Dell Latitude D830 a few weeks ago but hadn’t documented it. I didn’t document it because I basically hacked out a solution that involved compiling a kernel of my own and including the Intel HDA driver in the kernel (rather than as a module like it is by default). This also meant that wireless and such didn’t work which was actually okay because during the day I wanted sound to listen to music but at night at home, I didn’t need sound but required wireless. So essentially i had a big hack that involved me choosing the right kernel to boot from at startup. Not an ideal solution.
But I see now from this bug report that the problem was indeed with the ALSA driver and it’s now been fixed upstream. Unfortunately there’s no update to the Ubuntu packages as of yet but at least now there is a fix that is much less of a hack.
First, grab the latest snapshot source from the ALSA site and extract the file. I grabbed the August 21, 2007 snapshot.
% wget ftp://ftp.suse.com/pub/projects/alsa/snapshot/driver/alsa-driver-hg20070821.tar.bz2
% tar xvpjf alsa-driver-hg20070821.tar.bz2
Then change into the new directory, configure the build and install the driver files. It is important to note that until this is fixed, you will likely have to do this everytime the Ubuntu kernel is updated.
./configure --with-cards=hda-intel
make
sudo make install
After the drivers are installed, reboot and sound will now magically work.
Posted in Linux | Tags ubuntu | no comments
Posted by Douglas Robertson
Thu, 16 Aug 2007 16:48:00 GMT
I finally got around to installing the new version of Apache Roller (formerly called Roller Weblogger), which has now been accepted as an Apache Software Foundation project. The new version has a bunch of new features but the most noticeable of these features is the ability to tag entries. Tagging is a feature available to most other bloggers for quite a while now so it is nice to be able to join the masses. I’m not sure if I will bother going back in time and tagging all my past entries but perhaps I will tag some of the better entries I’ve written.
Update: Of course, none of the themes (either the defaults or the extra, downloadable ones) have support for tags so in order to display the tags for an entry, a tag cloud or a search box for finding entries by tag I will have to manually modify my current theme. Sigh.
Posted in Software | no comments
Posted by Douglas Robertson
Wed, 11 Jul 2007 23:03:00 GMT
I got a new Dell Latitude D830 laptop for work last week and decided that Kubuntu was what I would run on it. However, to date there seems to be little in the way of documenting their install of Linux on the D830, so here’s a start. And I’ll try to update the entry as problems are solved. And I’ll assume that you are familiar with apt-get or the Adept Manager programs and other aspects of managing a Ubuntu-based Linux distribution.
First, the executive summary: I successfully installed Kubuntu Gutsy Gibbon (7.10) Tribe 2 on my Dell Latitude D830, with a few problems. I tried Kubuntu Feisty Fawn (both desktop and alternate) and had little success. And in doing some research it seemed that I would likely run into more problems than it was worth with Feisty given the new leading edge hardware within the D830.
Second, what’s not working? At this point, sound is not functioning whatsoever for me. And I’ve run into problems with some software packages, such as VMware Workstation 5.5 and OpenOffice. But at this point, the software issues seem more to do with the unstability of Gutsy than to do with the D830.
Here’s a look at my Dell D830. It’s a stock Latitude D830 with WUXGA (1920x1200), an Intel wireless network card (rather than the Dell wireless options) and built-in Bluetooth support.
% lspci
00:00.0 Host bridge: Intel Corporation Mobile Memory Controller Hub (rev 0c)
00:02.0 VGA compatible controller: Intel Corporation Mobile Integrated Graphics Controller (rev 0c)
00:02.1 Display controller: Intel Corporation Mobile Integrated Graphics Controller (rev 0c)
00:1a.0 USB Controller: Intel Corporation 82801H (ICH8 Family) USB UHCI #4 (rev 02)
00:1a.1 USB Controller: Intel Corporation 82801H (ICH8 Family) USB UHCI #5 (rev 02)
00:1a.7 USB Controller: Intel Corporation 82801H (ICH8 Family) USB2 EHCI #2 (rev 02)
00:1b.0 Audio device: Intel Corporation 82801H (ICH8 Family) HD Audio Controller (rev 02)
00:1c.0 PCI bridge: Intel Corporation 82801H (ICH8 Family) PCI Express Port 1 (rev 02)
00:1c.1 PCI bridge: Intel Corporation 82801H (ICH8 Family) PCI Express Port 2 (rev 02)
00:1c.3 PCI bridge: Intel Corporation 82801H (ICH8 Family) PCI Express Port 4 (rev 02)
00:1c.5 PCI bridge: Intel Corporation 82801H (ICH8 Family) PCI Express Port 6 (rev 02)
00:1d.0 USB Controller: Intel Corporation 82801H (ICH8 Family) USB UHCI #1 (rev 02)
00:1d.1 USB Controller: Intel Corporation 82801H (ICH8 Family) USB UHCI #2 (rev 02)
00:1d.2 USB Controller: Intel Corporation 82801H (ICH8 Family) USB UHCI #3 (rev 02)
00:1d.7 USB Controller: Intel Corporation 82801H (ICH8 Family) USB2 EHCI #1 (rev 02)
00:1e.0 PCI bridge: Intel Corporation 82801 Mobile PCI Bridge (rev f2)
00:1f.0 ISA bridge: Intel Corporation Mobile LPC Interface Controller (rev 02)
00:1f.1 IDE interface: Intel Corporation Mobile IDE Controller (rev 02)
00:1f.2 IDE interface: Intel Corporation Mobile SATA IDE Controller (rev 02)
00:1f.3 SMBus: Intel Corporation 82801H (ICH8 Family) SMBus Controller (rev 02)
03:01.0 CardBus bridge: O2 Micro, Inc. Cardbus bridge (rev 21)
03:01.4 FireWire (IEEE 1394): O2 Micro, Inc. Firewire (IEEE 1394) (rev 02)
09:00.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5755M Gigabit Ethernet PCI Express (rev 02)
0c:00.0 Network controller: Intel Corporation PRO/Wireless 3945ABG Network Connection (rev 02)
The desktop CD of Gutsy Gibbon didn’t work properly, due to the Intel video card from what I understand, but the alternate install CD worked like a charm. After the install is complete and you’ve booted off your new Kubuntu-based laptop, you should find that X starts up just fine though at this point it will be using the vesa driver rather than the Intel one. To install the Intel driver, which should bring improved graphics as ability to run OpenGL based stuff better, you need to install the ‘xserver-xorg-video-intel’ package. Then you need to edit your /etc/X11/xorg.conf file and change your ‘Device’ section to use the Intel driver and then restart your X Server.
Section "Device"
Identifier "Intel Video Card"
Driver "intel"
BusID "PCI:0:2:0"
EndSection
If you want to control your touchpad, which works out of the box, from within KDE you need to install the ‘ksynaptics’ package and then change your /etc/X11/xorg.conf file, adding a ‘SHMConfig’ option.
Section "InputDevice"
Identifier "Synaptics Touchpad"
Driver "synaptics"
Option "SendCoreEvents" "true"
Option "Device" "/dev/psaux"
Option "Protocol" "auto-dev"
Option "HorizScrollDelta" "0"
Option "SHMConfig" "on"
EndSection
Suspend and hibernate also worked out of the box, once I changed the ‘When Laptop Lid Closed’ option to ‘Suspend’. To change that, click on the battery icon in the system tray which will bring up the Power Manager options. Frequency
scaling also works perfectly out of the box.
Unfortunately, the sound does not currently work which, according to this bug, appears to be related to the current version of the ALSA driver (version 1.0.14). The error I see in the logs is as follows:
[ 21.400000] hda_intel: azx_get_response timeout, switching to polling mode...
[ 22.404000] hda_intel: azx_get_response timeout, switching to single_cmd mode...
[ 26.100000] hda_codec: No auto-config is available, default to model=ref
[ 33.508000] hda-intel: no codecs initialized
I’ll update this page as I encounter more details on the sound problem. Also, at this point I have not tested the Firewire or Bluetooth functionality as I do not have any devices to try out. Bluetooth, however, does appear to be working from a KDE perspective so if I can find someone at work with a Bluetooth device, I’ll see if I can make it do something.
As I mentioned, I ran into some issues with some software packages but I will document those issues in separate entries.
Posted in Linux | Tags ubuntu | no comments
