FSOSS 2013 Robots Competition

Comments Off
April 16th, 2014 Open Source, Safe For Seneca

By Andrew Smith

Took me a half a year to finish this video. It’s my first exercise in video editing. Enjoy!

It took me this long because:

  • The only program I had any idea how to use was Windows Movie Maker. But I didn’t want to use it for several reasons that should be obvious to you.
  • My wife edits video all the time but she uses a mac. iMovie works for her but I have no desire to become a mac user.
  • I didn’t really want to learn Adobe Premiere or the like because that kind of software costs too much money.
  • Linux is.. as interesting when it comes to video editing as it is in many other ways.

I’ve decided to invest the time into learning Cinelerra. It’s the most serious video editing tool on Linux, has been around for a while, and has a paid supported version which means it’s more likely to survive for a while still.

It was a large investment in time, editing video is very different from any other kind of editing, but hopefully it will pay off longterm.

Ridiculous PayPass/PayWave

Comments Off
March 28th, 2014 Safe For Seneca

By Andrew Smith

Both of my credit cards have been replaced (without any request from me) with new versions which have a wireless, authentication-less, confirmation-less, and protection-less systems called either Mastercard PayPass or Visa PayWave.

I’ve never understood the old american system where your card number alone can be used to take money from you. Yes – it is your money and not the bank’s since the burden of noticing and proving that you weren’t at fault was ultimately your responsibility.

Finally in Canada we got a better system (catching up with the europeans) where (shock!) entering a pin is required to allow someone to take money from your account.

And then we went back an era in security time to a system where your card doesn’t even need to be visible, information is wirelessly read from it and used.. however the reader wants to use it, with some limits like 100$ per transaction. I will dare presume this was done because a typical moron is too lazy to insert a card, type in a pin, and wait for verification.

Not only that, but it turns out that your name, credit card number, and expiry date can apparently be read from your card using a 10$ device. Shockingly stupid.

More shocking? Read through this or this thread. It’s incredible how many people will claim (clearly without thinking it through) that this system is more secure! Trying to understand how they arrive to that conclusion and doing some research I figured it out:

  1. They don’t understand that chip&pin and PayPass/PayWave are unrelated technologies, and they assume that you must have both or else go back to the magnetic stripe. Clearly false, and I know that for a face because for at least 2 years I had credit cards from both companies that had chip&pin but no radio functionality at all.
  2. They take the bank’s word for “you will not be held responsible for fraudulent transactions”. Really? Have you read a credit card statement recently? How many of the transactions on there can you tell with certainty where they came from? I recall once my card number was used fraudulently (without the PIN of course, why would you require a pin) at York University. I happened to work at Seneca, at the campus shared with York university. It took me a long time to figure out that I really didn’t pay 75$ at the admissions office there, partially because the bank insisted it could have been for something not admissions-related such as parking.
  3. They also parrot the MasterCard and Visa statements that “this technology is extremely secure and the information such as your name and credit card number is useless to thieves”. Aha? Another time when my credit card was misused (again, without a PIN, cause who needs that) someone bought over 1000$ worth of furniture and Caribbean trips from Sears. The bank noticed and I wasn’t held responsible but my card had top be destroyed and I spent about an hour on the phone with them and it took a lot of arithmetic over a couple of statements to confirm that I didn’t get charged for this misuse. Stress on top of stress.

Credit cards generally are a retarded idea. They allow you to spend money you don’t have. Extremely convenient – pay online and anywhere else, interest-free for a month, with no transaction fees, but do you know why is so convenient? It’s because of the incredible number of poor schmucks who end up buying too much stuff with money that’s not their own and end up paying nearly-illegally-large interest fees on it.

In principle I don’t necessarily mind that some dumbass is paying for my convenience, but I do mind when the card makers force an incredibly insecure payment system down my throat.

What can I do about it? Cancel all my cards? You know perfectly well that would mean I would not be able to rent a car or a pair of skis or do a number of other things that really have nothing to do with credit. I have to accept that some otherwise-perfectly-reasonable companies were sold the idea that a credit card should be requirement even when no credit is needed.

So what I’ll probably do is: try to find a good RFID-blocking wallet and use the credit card even less than I’m using it now (i.e. almost never). It will be hard because I’m quite picky about my wallets, they looked like the same leather wallet for the last 20 years, but there are a number of options available and the credit cards aren’t the only RFID concern, so I’ll deal with it.

I guess that won’t be teaching the companies a lesson, that’s exactly what they want (fewer savvy users and more sloppy spenders), but so be it.

[Gas station] Almost ran out of gas

Comments Off
March 28th, 2014 Safe For Seneca

By Andrew Smith

Parry Sound huge truck gas station

Yep, this guys was actually getting gas at a Petro Canada at the highway 400 rest stop near Parry Sound. See the little man on top? He pulled the hose all the way up there to fill it up. Not sure which of the two – truck or station – ran out of gas :)

Setting up Sendmail on a dynamic IP, part3: DKIM

Comments Off
February 4th, 2014 Open Source

By Andrew Smith

Compared to part1 and part2, DKIM took a lot of effort to understand. The concept is relatively simple but the documentation is shit. It doesn’t help that there are at least three implementations of DKIM, though eventually (after some days) I figured out OpenDKIM is the only one that still matters.

In typical open source way the guides on the website are.. the ASCII readme files that come with the distribution.. which I don’t have a problem with in principle but in practice never works well. Plain text is hard to read in a browser. Anyway, that wasn’t the real problem. The real problem is that the documentation is in bizarre order, is definitely not for newbies, and has very significant parts missing. So as I usually do – I wrote my own notes and I’ll publish them here.

Step1: Install OpenDKIM

OpenDKIM doesn’t come with Slackware, and strangely doesn’t even have a slackbuild on slackbuilds.org. So I had to get the source and compile it myself. Not much of a problem since I’m a slackware user, but yes a problem because I’m a linux user.

Turns out the currently latest version of OpenDKIM (2.9.0) doesn’t compile on linux of any kind, because the code is using some BSD-only functions and the configure script didn’t know to replace them with non-BSD versions. I found a bug report and a guy in there claimed (in a backwards kind of way) that the bug will be fixed in the next version, but I didn’t have the time to wait for that so I got the previous version, 2.8.4, which worked.

I normally don’t mind when new software installs into /usr/local, but I hate when it starts to use ridiculous directories like /usr/local/var. After trying to accept that for a day I went back and started over – making sure it’s installed into /usr instead, here are the commands I used:

./configure --prefix=/usr
make
make install
ldconfig

The the rest of the time was spent figuring out why the instructions in the official readme are so retarded.

Step2: Generate keys

For reference: in the rest of this guide I will use my setup as an example. In this setup my SELECTOR is littlesvr-dkim (it can be any random string, though might as well call it your domain name).

First thing you need to do is generate a public/private key pair. This is actually quite easy because opendkim comes with a tool that will do it. The command sequence I used was:

mkdir /etc/dkim
cd /etc/dkim
chmod 700 .
opendkim-genkey -s littlesvr-dkim
ls -al

Make sure that the dkim directory and the files in it (particularly the keys) are only readable by root. If you’re wondering as I did – opendkim-genkey will generate a 1024bit key by default, which should be good enough for a number of years to come.

The command will generate two files, in my case named littlesvr.ca.private and littlesvr-dkim.txt (the latter is the public key in a DNS record format).

Step3: Configure opendkim

This almost doesn’t deserve its own step. First copy the sample config from /usr/share/doc/opendkim/opendkim.conf.simple to /etc/dkim/opendkim.conf and then the only change you have to make inside is the KeyFile path – it was /etc/dkim/littlesvr.ca.private for me.

Step4: Create a startup script

Usually a startup script is something you make when you’re done, but in this case you really want it to begin with, because the command to launch opendkim is complicated, so take your time now to create the script /etc/rc.d/rc.dkim, use this below as a starting point (replace any references to my server littlesvr.ca with your own server, private key path, and selector:

#!/bin/sh
# Start/stop/restart the domain keys identified mail milter daemon.

# Comma-separated (no spaces) list of the domains you want
# opendkim to work with:
MYDOMAINS=littlesvr.ca
# The name with full path of the private key you generated with opendkim-genkey
PRIVATE_KEY=/etc/dkim/littlesvr-dkim.private
# Your SELECTOR:
SELECTOR=littlesvr-dkim

dkim_start() {
   if [ -x /usr/sbin/opendkim ]; then
     echo "Starting domain keys identified mail milter daemon /usr/sbin/opendkim"
     /usr/bin/logger "Starting domain keys identified mail milter daemon /usr/sbin/opendkim"
     /usr/sbin/opendkim   -l -p local:/var/dkim/dkim.sock 
     -d $MYDOMAINS -k $PRIVATE_KEY -s $SELECTOR
   fi
}

# Stop dkim:
dkim_stop() {
   /usr/bin/logger "Stopping domain keys identified mail milter daemon"
   killall opendkim
   if [ -S /var/dkim/dkim.sock ]; then
     rm /var/dkim/dkim.sock
   fi
}

# Restart dkim:
dkim_restart() {
   dkim_stop
   sleep 1
   dkim_start
}

case "$1" in
'start')
   dkim_start
   ;;
'stop')
   dkim_stop
   ;;
'restart')
   dkim_restart
   ;;
*)
   echo "usage $0 start|stop|restart"
esac

You want to make sure that the script has execute permissions and you run it automatically from rc.local. I expect in most setups it doesn’t matter when it starts relative to Sendmail.

Step5: Set up DNS records

If everything worked so far – you can go ahead and publish the appropriate DNS records. It’s safe to do this now because those records won’t be used until your sendmail is reconfigured (next step).

This is probably what the official setup guide is the worst at. Basically it tells you to go and read the RFC – yeah, thanks.
First you have to create a TXT record for _domainkey.whateveryourserver.ca – which in my case is _domainkey.littlesvr.ca. The value of the record should be “o=-” which means all the outgoing mail will be signed (as opposed to some of it).

The second record you have to create will have your actual key. This is another TXT record, this time for SELECTOR._domainkey.whateveryourserver.ca (in my case for littlesvr-dkim._domainkey.littlesvr.ca) with the value from the .txt file generated by oepndkim-genkey. It looked to me like I had to remove some whitespace and cut out everything from that file between the () brackets, but maybe I didn’t have to. What I ended up using as a value is this (wrapped for the blog):

v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC36RsUh9bccxZAy
2NuOr4nfD3+nxXJQVsGCt3iF/pEwZZjkkqzfiGUkfTDMICviDgfcqES
aQg8GPwFd/IKTSErQy09g2XPtvbro3CtAHnarkjTji4RUqiptcdk3H
K83rKdx5hXH0mVITojobn+dsT1+pqToBt4TTQ0CfY2SyiDVQIDAQAB

These records obviously need to be created in your DNS server. If you have your own – you know what to do. In my case – I went to my dynamic DNS provider’s website and created them there. They are static, and don’t need to be updated as my server’s IP changes.

You can test your changes with dig. I ran these two:

dig _domainkey.littlesvr.ca TXT
dig littlesvr-dkim._domainkey.littlesvr.ca TXT

I couldn’t figure out whether opendkim-testkey didn’t work or it was silently telling me that my setup was correct.

Step6: Update sendmail configuration

Very little needs to be done here, most of the work is the typical pain of updating sendmail config files. But if you’ve set up your own sendmail, you’re probably able to remember which .mc file had your (pre-compiled) configuration. Mine was /usr/share/sendmail/cf/cf/sendmail-slackware-tls-sasl-andrew.mc

I edited it and added these lines right after LOCAL_DOMAIN (but probably doesn’t matter where):

dnl# DKIM Support (added 4 feb 2014)
INPUT_MAIL_FILTER(`dkim',`S=local:/var/dkim/dkim.sock')dnl

Yours will be the same assuming you configured opendkim with the same prefix as I recommended.

To update the actual configuration I ran ./Build sendmail-slackware-tls-sasl-andrew.mc (in that dir) and copied the built sendmail-slackware-tls-sasl-andrew.cf overwriting /etc/mail/sendmail.cf

Before restarting sendmail – double check your DNS settings, and that opendkim is running.

Step7: Test

Once your DNS records are set and your Sendmail is passing emails through OpenDKIM – you’re ready to test it, and you should test it as soon as you can, because if something didn’t work right – you may end up with sent mails that won’t arrive at their destination and you won’t get a bounce message to know it happened.

Luckily testing is quick and easy – just send an email to check-auth@verifier.port25.com (the same service I used in part2).

If you’ve done the same stuff I have in these three blog posts – you should be in awesome shape spam-wise! I should have done this years ago, if only I had a guide like this I would have :)

Setting up Sendmail on a dynamic IP, part2: SPF

Comments Off
January 26th, 2014 Open Source

By Andrew Smith

Even though I had a decent mail server set up and running, other people’s stupid spam filters are starting to cause me headaches, so after looking around for solutions I found two things that may alleviate (and perhaps completely solve) that problem. The first is SPF.

The idea is that the receiving mail server will verify the sending mail server’s IP address to ensure it actually matches the “From:” header, to prevent email address spoofing.

That’s awesome, except that I’m on a dynamic IP and I immediately imagined a time when my IP would be changed while my outbound mail was sitting in someone’s queue. After researching it for a while I decided that’s not a major issue though, since you’re supposed to get a bounce message in case of rejection.

Unfortunately it turned out that my previous spam solution (see part1: ISP’s SMTP) was causing an issue. Since my ISP is sending my email, I can’t get the receiving server to verify it’s coming from my server!

Except that I can. The solution is to use combine the SPF “A” with the “include” mechanism. So my SPF record looks like this:

littlesvr.ca. 600 IN TXT "v=spf1 +a +include:mnsi.net -all"

Which I happily added to my DNS server records. I didn’t need to make any changes to my ddclient configuration since this doesn’t need to be updated with my IP. Neat!

Looks simple, but it took me a while to figure out. You see openspf.org says the forwarding server must itself have an SPF record, which out.mnsi.net doesn’t. But mnsi.net does, and somehow at some point something decided to check the SPF record for mnsi.net even though my messages are going through out.mnsi.net. Don’t know why, but it works.

Of course now anyone sending email via the same ISP as me can still spoof the sender address which annoyed me greatly until I realised that before this setup anyone on the internet could do the same, which reduces the potential spoofers’ pool by 99.somethingridiculous percent.

Now to testing. openspf.org provides a completely useless tester – you can send an email to spf-test@openspf.net and they will send back a bounce message with the results of the SPF check. I sent two emails and didn’t get a bounce back. Got me worried a little and then I realised they are probably sending the bounce to my ISP’s server which doesn’t forward it back to me. Interesting discovery!

Anyway, they also mentioned another service, check-auth@verifier.port25.com which worked beautifully, sent me a reply email with info not only on SPF but also on DomainKeys, DKIM, Sender-ID, and SpamAssasin. DomainKeys and Sender-ID I don’t intend to use, but DKIM is the next part of the series!

Setting up Sendmail on a dynamic IP, part1: go through ISP’s SMTP

Comments Off
January 26th, 2014 Open Source

By Andrew Smith

I’ve been running my own mail (SMTP/IMAP) server for many years now and more recently decided to do something about all the retarded mail servers out there that classify messages from me as spam for no good reason. Typical corporate BS – “you’re not massive corporation like us so piss off”, but at the end of the day I’m the one who has to fix the problem.

The first thing I’ve had to do was make all the outbound email go through my ISP’s SMTP server. That’s because more than half of the receiving mail servers will indiscriminantly refuse anything coming from a dynamic IP. Cause why should you be allowed to run your own mail server from home? Pfft, ridiculous.

Luckily the fix wasn’t hard, a single line in sendmail.mc, which I had to compile into sendmail.cf as usual in Slackware. Here’s that line:

define(`SMART_HOST',`out.mnsi.net')dnl

That solved my problem for most cases and I’ve used the server that way for years and years. I don’t do a lot of business online, am mostly a recipient of email and not a sender. The people I do communicate with have mostly reasonable email servers that either accept my messages from the start or figure it out after the user tells them my mail isn’t spam.

But now I got a full-time job at Seneca College, with an IT department that loves big bad enterprise systems. The bigger the better. Which means many of my emails get filtered by this arcane spam decider as a matter of principle, despite hundreds of HAM messages received from me over years and years.

Hence the next (at least one) post in this series, part2: SPF.

DPS924 Part10: Final notes

Comments Off
December 27th, 2013 Safe For Seneca

By Andrew Smith

The course is over, and I’m happy to say that the whole experiment of taking a course while teaching at the same time was a success in every way that I hoped for.

I learned a lot about a new field (Android app programming). Though I could have theoretically picked it up myself at any time, there wasn’t anything that would drive me to study and learn so I almost certainly would not have learned it. A friend of mine suggested that having to teach a new subject is reason enough to figure it out, but even that I’m not so sure about (having, hm, done that before :)).

By the end of the course I’ve decided that John was right and I overdesigned the database schema for the timetable app. It’s only three tables on the phone, but even that turned out to be more work than I had patience to deal with. So in order to complete the app I’ll have to make some schema changes, which I hope to do in the coming semester.

Also in the coming semester I’m going to be taking the Apple equivalent of DPS924: DPS923, where I’ll be learning iOS programming. I seriously dislike Apple (even more than Microsoft), and I don’t see myself ever writing anything useful for iOS, but I’d like to know what the platform is like and how objective C compares with other languages. Again – something I could figure out myself but won’t unless I have deadlines to work up to. I’ll probably be blogging about that course too, though I forsee many posts ending up like this one, not tagged safe for seneca :)

<<Go back to part9

DPS924 Part9: That wasn’t hard, this is hard!

Comments Off
November 3rd, 2013 Safe For Seneca

By Andrew Smith

A couple of posts ago I talked about how a lab was really hard to do. Good thing it was, it got me ready to do the real work, which was assignment 1.

In this assignment we’re making a timetable app. Nothing too fancy really, just a couple of layouts backed by data in SQLite. But man, that took a lot of work to finish.

I’ve got it done on time, but I was only able to because I started well in advance. Due date was friday. On thursday I spent a few hours on it. On friday I got up at 6 to invigilate a test at 8. Basically all day that day, from 8:00 to 23:30 I’ve spent labouring on this thing.

In retrospective I don’t even know why it took this long. There is no rocket science in any of it. The one semi-fancy feature I added (swipe gesture detection) I’ve done the week before. This was just many cycles like:

  • identify work to do
  • find example online or in course notes
  • think the solution through as much as possible
  • implement it
  • test it
  • fix it
  • at some point above: fix any cascading effects the changes had

At no point did I feel that I ran into a dead end, or found any major surprise. I was even pretty confident most of the way that I’ll be done in time. I took a 2 hour nap in the middle of the day because my brain stopped working, but I was sure I’d get up and finish the job. It was just long, hard work.

Luckily I am pretty excited about this project (the assignment is hopefully the seed of a greater thing) and I’m still committed to learning Android this semester. So it was both fun and rewarding. I can’t wait to get assignment 2 done!

<<Go back to part8 Conitune to part10>>

DPS924 Part8: WTF Retarded Android action bar

Comments Off
October 17th, 2013 Uncategorized

By Andrew Smith

This should be the only post in the series that won’t be marked “Safe for Seneca”. It cannot be, because I am angry, very very angry, and that will result in all kinds of colourful language.

What the bloody hell were the Android people thinking when they came up with this bullshit action bar to be a replacement for the menu button? The four buttons were one of the (admittedly several) reasons I liked Androids over iPhones. As a user I cannot figure out what I’m supposed to do without it. I feel like an idiot, in fact it reminds me very much of when I borrowed someone’s iPhone once and I couldn’t use it to do anything non-obvious on it (i.e. I couldn’t do anything at all).

Being a developer as well as a user I’ve done my research, for the third time now. Apparently this was a deliberate decision made by the Android team (though I’ll guess not by consensus), it was NOT something pushed upstream by device makers, and there is exactly one document that explains the switch, here it is.

That’s it? Stop using the menu button and start using overflow actions? Really? Have you read your own post guys (or is this entirely your doing Scott, in which case I hate your guts)?

It doesn’t actually tell me what I’m supposed to replace my menu actions with! The action bar? Where is that going to go? Do you know how valuable screen space is on a phone? Do you seriously want me to replace 10% of my valuable content with the name of the application and a couple of meaningless buttons?

Yes, meaningless buttons. How many Android app developers can afford to hire someone to design icons for them? And even if they did, a tiny square with almost any of the default action icons means absolutely nothing to me as a user. Have a look yourself at some samples here, for how many of these can you say “I know what that does”?

iconography_actionbar_style

Which one of these means “Find person”? “Check for updates”? “Settings”? “Add person”? “Forward”? “Move”? “Donate”? “About”? “Sort”? “Colour”? “Backup”? I could go on and on and on. And I have perfect example of this stupidity: in K9 mail the icon for Move and the icon for Reply is the same. The same! For completely different operations!

And how’s the overflow menu supposed to be better than the menu button? Even though it looks suspiciously similar? Oh I see, it’s more flexible! I can in fact have two action bars instead of one!

action_bar_pattern_considerations

Cause really, why only waste 10% of the screen on a useless action bar when you can waste 20%!

But don’t worry, the old button bar is still there (still taking up space by the way), and it’s more dynamic! We got rid of two useful buttons (menu and search) and replaced them with an awesome… “switch task” button! Cause that’s what the cool new Android phone is really about, switching from one task to another! I do that all the time, though mostly when I imagine my phone is a laptop with a big screen and a fast CPU and lots of memory, and a keyboard and mouse.

Obviously I’m misunderstanding something. I thought the point of using an Android app is to use the app, but clearly the point is to admire the “patterns” Google came up with. I have to admit when I saw the word “pattern” in the two documents I mentioned above I lost all self-control. This is why I hate design patterns! They are not patterns! They are wannabe patterns! Overdesigned shit that doesn’t make things better for anyone despite its intention to make things easier to use for all. A real pattern emerges from observing the actual use of something, a pattern is not imposed. But what a weak distinction, obviously someone else knows better what’s good for me, how silly of me to question.

Do you think that the person who was too stupid to find the menu button will be smart enough to find the action overflow button? And figure out all the different forms that it takes? It took me (a half-decent engineer) hours to understand it, but the moron you made this idiotic change for will find it more easily? Yeah?

I’m very surprised there wasn’t an outrage about this. There are very few things that make me angry these days, but this one is right up there tickling me in the wrong cavity. I know that after some years good app developers will hack their way around this with varying degrees of success, I’ll get used to the new way, and I’ll fondly remember the menu button as Windows 8 users recall the start button, but right now I’m steaming with anger and wishing there was something other than Apple and Google to choose from.

<<Go back to part7 Conitune to part9>>

DPS924 Part7: Hard work

Comments Off
September 29th, 2013 Safe For Seneca

By Andrew Smith

Interesting. Last week I was saying how I have to force myself to do more work than required, this week I have the opposite worry :)

We got a lab last week that was really hard. I quickly realised that during the lab and tried my best to finish it without distractions, but didn’t manage to. It was just too much stuff, needing way more time than the two hours.

It took me an extra couple of days of hard work to get everything done. It’s still done on time (due next week) but much later than my labs normally are.

As I was sweating through this work I was also wondering about how hard this is. It’s hard. It’s very hard. But is it too hard? Is it unreasonably hard? What’s the problem really?

It felt more like an assignment than a lab, but even though the problem was made up – pretty much all the work I had to do to finish the lab resulted in good learning.

I’ve decided there is no problem. I’m in this course to learn, and even if I were a good grade chaser the little bit of grade associated with a lab wouldn’t do much for me. The real point of the labs is to make sure I learn as much as possible, as soon as possible, hands-on.

I’m glad this lab was so hard for the same reason I took this course in the first place. I want to learn Android programming, and for that to happen I need to spend time (as much time as possible) learning it. In the end it’s really as simple as that!

<<Go back to part6 Conitune to part8>>