Karol Krizka

Over the winter holiday, the power supply on my main computer died. Since the computer also had some very old parts, I decided to do a full upgrade. All of the parts were bought at NCIX Coquitlam, and they also put it together.  Everything seems to work on Linux without a hitch.

Since my original post proved to be very useful when I forgot what parts I put in, I decided to remake it.

AMD Bulldozer FX-8120 (3.1 GHz, 8 cores)
EVGA GeForce GTX 560 Ti Graphics Card
Kingston HyperX KHX1600C9D3K2/8GX DDR3 4GB Memory (x2)
Gigabyte 990FXA-UD3 Motherboard
Corsair H60 CPU Cooler System
Antec Truepower 650W Power Supply
Belkin F5D7050 Wireless G USB Adapter *
LG L226WTX-BN 22IN Widescreen LCD *
Antec Nine Hundred Gamer Case *
Seagate Barracuda 250GB Hard Drive *
Samsung Spinpoint F1 Series HD103UJ 1TB Hard Drive *
Western Digital WD20EARS Caviar Green 2TB (x2) *
Samsung SH-S183A DVD Drive *
Cordless Desktop MX5500 Revolution Keyboard and Mouse *

The parts that are marked by a star (*) came from the old computer.

One quandary I came across was whether this constitutes a new computer and should receive a new name. In the end, I decided that it should still be considered as the old computer, since the main hard drive (containing the files I would have to change to rename it….) is still present.

This has to be one of the funniest things I’ve seen in a long time.

[vie japscrota]

I have been running the Maverick Meerkat version of Ubuntu for the last couple of months on my ThinkPad X61 Tablet. That means that an updated post about works and what does not work is required. Well, sort of an update. As for previous releases of Ubuntu, nothing has changed when it comes specifically to the hardware of the X61T. But I did find out about some new, simpler, ways to fix the existing problems.

Just as a reminder, my model is the one with the SWGA screen and does not have finger-touch capabilities. I do not know about the status of the touch-wacom drivers, so you are on your own for that topic. I suggest you checkout the X61T pages on ThinkWiki or Ubuntu docs. Those are great resources! As for other hardware, the tablet also has 2 GB of memory and a Core 2 Duo processor running at a maximum of 1.6 GHz. The processor also supports other frequencies, like 800 MHz and 1.2 GHz. The frequencies can be changed using the standard Linux tools right away.

My reports on previous versions of Ubuntu can be found in my blog’s archive. Here are the links:

Wireless

The wireless on the X61T works great out of the box, including during installation. No further steps are necessary.

For those interested, the module being used is iwlagn.

Touchscreen (Pen Only)

The touchscreen works out of the box using the Wacom pen. I don’t know about finger-touch support, since I do not have that capability.

To take advantage of it, I suggest that you try out xournal for note taking and cellwriter (my tips and tricks) for handwriting recognition. Both are available in the official Ubuntu repositories, but are not installed by default.

Extra Buttons/Screen Buttons

All of the extra keyboard buttons work out of the box, with the exception of the zoom button (Fn+Space). The buttons that work are the volume buttons, the ThinkVantage button and all Fn buttons. The buttonson the screen are the rotate button, the toolbox button, the escape button and the arrow buttons.

By work, I mean they report a valid symbol to X.Org. For some of them, you have to bind them to an action to make them do something useful.

Middle Button Scrolling Using TrackPoint

For the first time ever, you can scroll with the TrackPoint (hold down the middle button and move the track point) out of the box. I did not have to create an addition to xorg.conf at all.

Suspend/Hibernate

Suspending your computer to RAM works without any trouble. I just close the monitor and the tablet suspends automatically.  Hibernate to disk did not use to work, but it seems to have been mostly fixed by now. The tablet enters hibernation mode properly, but sometimes does not resume. It just hangs there with a black screen. But it does work from time to time.

Hard Drive Accelerometer

The hard drive accelerometer (hdaps) module still does not work out of the box and most likely never will because of political reasons (at least as far as I understand the situation). To get it working, one needs to install it from the tp_smapi sources manually. The simplest way to do this is by running the following commands (posted by Derek in comments):

Using the tp-smapi-dkms package will take care of rebuilding the module after every kernel upgrade automatically.

There are two additional packages that I recommend installing. The first package is the hdapsd daemon (available from the official Ubuntu repositories) that stop your disk from spinning when you are moving around. As you can imagine, this is good for the health of your drive. The second package I recommend is my AutoRotate daemon.

Fingerprint Scanner

The scanner does not work out of the box. And even after manual configuration, you can only go so far. While the hardware is supported, the software that uses it isn’t that great. You can configure PAM to allow you to login via fingerprints, but it cannot identify the based on the fingerprint and it always asks for a specific finger at a time.

The best software for this is fprint. I have written a tutorial on how to configure fprint. However you no longer have to add the PPA in it, since fprint is now part of the official Ubuntu repository.

Another choice is thinkfinger. I have also written a tutorial for it.

Over time, I have worked on a lot of small personal projects. Most of them are versioned locally using GIT, so I can track any changes that I make. However when I release them, I do it as a tarball meaning that all of the change history is lost. Also these periodic releases mean that – Of course, I could setup a public GIT repository with GitHUB (and I have for the AutoRotate Daemon), but most of these projects are very small and depricated soon. Going through the entire setup of creating a GitHUB repository for such quick projects just takes too long. For this reason I’ve looked into ways to host GIT repositories on this website, which is powered by GoDaddy’s shared hosting plan. This post is a step-by-step guide as to how I accomplished it.

My configuration is not perfect, mainly because my hosting plan is designed to host web sites and not GIT repositories. To summarize, the repository is available to the public through the HTTP protocol in a read-only fashion. Nothing special is required here. However the developer needs a read-write access to it, so it can be updated with the latest version of the code. This is done through the SSH protocol, since GoDaddy does allow secure shell access to your website.

But this access is limited, which is where the “hacky” part of my configuration starts. First of all to update a git repository through SSH, one needs the git-upload-pack and git-receive-pack commands installed on the server. GoDaddy’s servers do not have them, which means you need to install them in your home directory. But your home directory is not in the PATH variable of a non-interactive bash shell (used by GIT) and it is impossible to change this. I’ve come up with two ways to get around this.
First solution is to specify the full path to git-upload-pack and git-receive-pack commands through the remote.origin.uploadpack and remote.origin.receivepack variables in the configuration of the private repository (local machine).
The second solution is to use the command option in .ssh/authorized_keys and source the .bashrc files and update the PATH variable through it. Of course, this only works if you are using SSH keys for authentication.
If you come up with alternate solutions, feel free to leave a comment below.

Requirements

Setup GIT Binaries On GoDaddy’s Servers

As the first step, you need to install the GIT binaries on the server. This will be done by unpacking a pre-compiled binary of GIT that I provide.

export GIT_BIN=${HOME}/git
export PATH=${GIT_BIN}/bin:${PATH}
export LD_LIBRARY_PATH=${GIT_BIN}/lib:${LD_LIBRARY_PATH}
export GIT_EXEC_PATH=${GIT_BIN}/libexec/git-core

Publish The Private Repository

In this section, you will create a “bare” public repository and publish it on your web server. As an example, I will use my private repository of my AutoRotate Daemon project as a base.

Let Local GIT Know About Remote GIT

In the previous section, you have created a public repository that can be read by anyone. Now you have to setup write access to it through SSH. This is done in two parts. First you have to add a remote repository to your private repository. And then you have to tell it where to find the git-upload-pack and git-receive-pack commands. As mentioned in the introduction, I found two ways to accomplish this. I prefer the second method, because I only have to do stuff once per computer. With the first method, you have to do stuff once per repository clone.

Method 1: Tell Local GIT Where To Find Binaries

Method 2: Use SSH Forced-Commands

If you are using SSH keys for authentication (tutorial on how to do this), then it is possible to change the command that will be run remotely. In our case, we change the command to be “read .bashrc; eval requested command”.

command="if [[ \"x${SSH_ORIGINAL_COMMAND}x\" == \"xx\" ]]; then /bin/bash; else source ~/.bashrc; eval \"${SSH_ORIGINAL_COMMAND}\"; fi; "

Try to push your changes now. Everything should work now. A full list of my public GIT repositories is available at http://git.krizka.net/

References:

I am currently taking the Optics Lab course up at SFU, which means that I have to take some data and then fit some function to it. The preferred way to do that is using MATLAB’s Curve Fitting Toolbox. However I only have limited access to that software on the slow computers in the common room. To work more efficiently, I’ve looked into alternatives that I can run on my laptop. The best choice that I’ve found is GNU/Octave. Octave is mostly compatible with MATLAB, so I can share the bulk of my code with rest of the class. The only issue is that Octave does not have it’s own “Curve Fitting Toolbox”, but instead relies on a single function, found in the optim package, called leasqr. Since there aren’t many examples of using this function, I decided the write one.

The following script creates a set of data following a line and adds some Gaussian noise. Then it fits a line to it, prints out the results including the fit parameters (m,b), covariance matrix and calculated chi square. At the end, it displays the plot of the data points, fitted line and the residuals.

clear all; clf;
 
% Function that will be fit
function [y]=line_func(x,par)
  y=par(1)*x+par(2);
end
 
% Generate a line
m=2;
b=1;
x=[0:0.1:10]';
y=m*x+b;
 
% Add some noise to the line
sigma=0.1;
weights=ones(size(x))/sigma;
y=y+randn(size(x))*sigma;
 
% Perform the fit
pin=[m,b];
[f,p,cvg,iter,corp,covp]=leasqr(x,y,pin,"line_func",.0001,20,weights);
 
% Print out the results
p
covp
sum((y-line_func(x,p)).^2.*weights.^2)
 
% Plots
subplot(2,1,1)
hold on;
errorbar(x,y,1./weights);
plot(x,line_func(x,p));
 
subplot(2,1,2);
errorbar(x,y-line_func(x,p),1./weights);

I won’t go through the code line-by-line, but I want to make a few key points.

sqrt(diag(covp))

sum((y-line_func(x,p)).^2.*weights.^2)

This is a follow up to my tutorial about setting up a secure shell server on an iPhone. The problem with the first tutorial is that you have to type in your password everytime you want to login. This is can get annoying, especially if you connect a lot. For example, you would have to type in your password everytime you sync your iPhone over WiFi or do debugging on it (more on that later). In this tutorial, I will show you how you can set it up in a way such that you won’t have to type in the password. This tutorial should also work with any SSH server (as long as it is not explicitly disabled), not just on an iPhone.

Passwordless login is very good for convenience and it is relatively secure. It works by generating a private-public key on your Linux PC and copying the public key to the iPhone. Then when you connect, the SSH server checks your private key against the public key, and if they match, it lets you in. You cannot compare a public key with another public key, so if someone steals your iPhone, they won’t be able to get in. Heck, you can even post your public key on your website and let others download it. However if someone steals your private key, then they will be able to get in. So make sure to project your private key! To read more about private-public key authorization, read the Simple Wikipedia page.

Requirements

Instructions

sudo aptitude install openssh-client

ssh-keygen -t rsa

ssh root@"mkdir -p ~/.ssh && echo `cat ~/.ssh/id_rsa.pub` >> ~/.ssh/authorized_keys"
192.168.1.111 

ssh root@192.168.1.111

One of the advantages of having a jailbroken iPhone is that it is possible to setup a Secure SHell server (SSH) on it. SSH gives you access to the underlying Unix system. If you do not know what that means, then probably you do not need it. However, it is a very useful tool for programmers like me. This guide goes over how to setup a OpenSSH server on the iPhone and connect to it from either a Linux, Windows or Mac OS X based computer. In the future, I plan to write a guide on how to setup passwordless login, meaning you don’t have to type in your password every time and still have a level of security.

I originally wrote this tutorial before iOS4 came out, using iPhone OS 3.1.3 running on my iPod Touch 2G. However I’ve also tested this tutorial on iOS4 and none of the steps have changed.

Warning: Make sure to change the default password after you setup the SSH server!!! The default password is ‘alpine’ and is well known. The first iPhone worm exploited the fact that people didn’t change the default password!

Requirements

Setup SSH Server Instructions

Locate Cydia on your iPhone and start it. Click on the Search tab. Click on the search bar on top, and type in openssh. There should be only one result, as shown below.  Select it. Click the Install button in top right corner. Click the Confirm button and wait. After the SSH server is downloaded and installed, you can click the Return to Cydia button on the bottom of the screen. Do not exist Cydia yet, because we need to install one more tool. Now that we have installed the SSH server, we need to install a convenient way to turn it on and off. I prefer to use SBSettings, which is a drop-down menu that allows you to toggle SSH, WiFi and Bluetooth ON/OFF, and lists some useful informations. To install SBSettings, continue from the previous step by clicking the Search button to return to the search menu. Type in SBSettings and scroll down until you see the entry that just says SBSettings, as shown in the picture below. Select it. Click the Install button in the top right corner. Click the Confirm button and wait. After SBSettings is downloaded and installed, you need to restart your iPhone. This will start up SBSettings. Do so by clicking the Reboot Device button. (On iOS4.0, the button will say Reload SpringBoard. You do not have to reboot your device.) After your iPhone starts up again, place your finger in the top left corner of the screen, and slide it from left to right. SBSettings will pop down, listing all of the information. The best thing is that you do not have to be on the home screen to do this. You can do it while running any application. There are two important pieces of information that you see in the SBSettings window. The first is the SSH button in the top right corner. You can click it to toggle the SSH server on and off. Make sure it is in the On position. The second piece of information is the WiFi IP Address. This address is what you use when you connect to your iPhone, so write it down. It will be used in the next few steps. You can hide the SBSettings window by clicking the X button in the top left corner. The next few steps will show you how to connect to your iPhone from a computer. When you try connecting, make sure that the iPhone is turned on or otherwise it will be disconnected from the Internet. I suggest that you turn Autolock off.

Connecting From Linux

sudo aptitude install openssh-client

ssh root@192.168.1.111

Connecting From Windows

None of the Windows versions come with an SSH client. However there are numerous free options that you can install. I prefer to use the PuTTY client, which is what I’ll be using in the following steps

Download PuTTY from the download page (direct link to 32-bit version). The latest version at this moment is 0.60-beta. The file you should download is putty.exe, which is the program itself. No installation is required. Find the downloaded program (putty.exe) and double-click it. Take a look at the screenshot below to see what the icon of the program looks like, to make it easier to locate it. The dialog displayed below should pop-up. Type the IP address of your iPhone into the textbox under Host name (or IP address) label. Also make sure Connection type is set to SSH (should be by default). When you are done, click the Open button to connect. The IP address I wrote into the picture below is different from that you see in the SBSettings picture, because I took this screenshot while connected to a different network. You should still use the IP address that you found via SBSettings. A dialog box, displayed below, will pop-up asking you to accept a new fingerprint. Just click Yes to skip it. This just means that you haven’t connected to this server before and it wants to make sure that it is the correct one. You will be asked for a username. Type in root. You will be asked for a password. The default password is alpine, but make sure to change it after you login! If everything went right, you should see the prompt as displayed below.

Connecting From Mac OS X

The instructions for connecting to the SSH server from Mac OS X are the same as for Linux. Except you don’t have to install OpenSSH (Mac OS X comes with it) and you type the commands into the Terminal application.

Open the Terminal application by searching for it via Spotlight.

ssh root@192.168.1.111

Connect to the iPhone using the following command. This will connect to the iPhone at IP address 192.168.1.111 (make sure to change it to what you wrote down before) using the root account. You will be asked for a password. If this is your first time logging in, type in alpine. This is the default password, and we’ll change it in the next step. If you typed in the correct password, you should see a prompt. Any commands that you type in will be executed on your iPhone!

Changing Password

passwd

exit

A few days ago I’ve managed to stumble across another problem with using fingerprint authentication on my X61 Tablet. The screenshot below summarizes it the best.

If you run any command that asks you for your password over SSH, then it will ask you to swipe your finger. This is a problem because if you are SSH’ing into your computer, then it most likely means that you are not physically present and so you cannot swipe your finger. The good news is that you don’t have to swipe your finger to actually login via SSH, so this isn’t as big of a problem. Only if you plan to use the sudo or su commands.

So what is the solution? I don’t think there is a good one. I did come up with a proposal for one, but it is not perfect since it doesn’t even work yet with my driver of choice (fprint). The best solution would be for the fingerprint driver to guess if it is being called from a remote machine or local machine, and fail based on that. However that is not possible yet. What I would propose instead is to prompt a user for a fingerprint, allow him to cancel it via a keyboard and then prompt him for a password.

This might not seem like a very good solution, since maybe you want your computer to be very secure and always want a biological identification. Asking for a password then defeats the purpose. If this is what you want, then I suggest you watch this video. Fingerprints readers aren’t very secure and can be bypassed. I think the purpose of having a fingerprint reader is to provide a balance between security and practicality. Swiping a finger is much faster and easier than typing a long password. This is especially true when you are using a tablet and do not have access to a keyboard. And it is relatively secure, since an average person would not probably be able to bypass it. It does require a bit of work and equipment.

Before I begin, I will go over how the fingerprint drivers plug into the standard Linux authentication framework, PAM. This background information is not very throughout, since I have just learned it myself this morning. But it should give you enough knowledge to understand why this fingerprint problem is present and maybe to come up with alternate solutions. Please leave a comment if you do.

When a program wants to authenticate a user, it talks to PAM. PAM asks the program for a username and what service to authenticate for. The reason it asks for a service is that different services might have different rules for authentication. The rules for the service are stored in the file /etc/pam.d/service-name, where service-name is the name of the service. This file contains a list of rules, one rule per line. Comments start with the # symbol and are included. Each rule has the following syntax:

type control module

The type field is the type of the rule. There are different types. For example, the auth type is used to authenticate a user by prompting him for a password. The control field determines what action should be taken if the rule fails or succeeds. For example, a required control means that the rule must succeed for the user to be authenticated. On the other had, a suffiecient control means that if the rule succeed then the user is authenticated and if it fails, then the other rules will be tested. The module field is just a reference to which module will be used to test the rule. The pam.d manpage contains a list of possible values for the type and control fields.

PAM starts by evaluating the rules in order. If the first rule tells it that the user is authenticated, then it finishes. If the first rule tells it that the user is not authenticated, then it proceeds to the next rule (or finishes) based on the value stored in the control field. A quirk is that a required rule is not always tested. For example, if the first rule is sufficient, then the user is authenticated whether any consequent required rules would fail or succeed.

If you followed my tutorial (or one of the many countless tutorials on the web) to setup your finger print reader, then you added the following set of lines to the file /etc/pam.d/common-auth. This file is the set of rules that is included in almost every service defined in the same directory.

auth sufficient pam_fprint.so
auth required pam_unix.so nullok_secure

This means that PAM first asks for a fingerprint. If that fails (wrong finger, reader not present or hardware error…), then the first rule fails. Since the rule is only sufficient, then PAM proceeds to the next rule. The next rule is the rule for standard Unix password authentication. What I would like fprint to do is to fail (causing it to proceed to password prompt) if I hit a certain key. For example according to the ThinkWiki page, the properiaty bio_api driver already does this with the Ctrl+C key combination. This way I could choose whether to use a fingerprint or proceed with typing in a password.

Of course, some people you use the keyboard more than the fingerprint reader. In that case, you can replace those two lines with the following.

auth sufficient pam_unix.so nullok_secure
auth required pam_fprint.so

This means “try password first, then fingerprint”. You can always cause the password prompt to fail by hitting Ctrl+C.

I have been using my ThinkPad X61 Tablet on Ubuntu Lucid Lynx for about a month now, so I think I am comfortable in writing an update about how well those two work together. To make a long story short, most items are unchanged since Ubuntu Karmic Koala. What worked before still works, what didn’t work before still doesn’t work. The one thing that changed is that to get the scrolling via the TrackPoint to work, you have to create a new file. Read on to see what needs to be changed.

Further documentation is available on the X61T’s Lucid ThinkWiki page and the Ubuntu Wiki. However at the time of writing, neither has been updated for Lucid.

Before I start talking about Ubuntu Lucid Lynx, I want to write a quick summary about the hardware. My tablet is the one with the SWGA screen and does not have finger-touch capabilities. You have to use the cheap pen, included with the tablet, for input. The tablet also has 2 GB of memory and a Core 2 Duo processor running at a maximum of 1.6 GHz. The processor also supports other frequencies, like 800 MHz and 1.2 GHz. The frequencies can be changed using the standard Linux tools right away.

Wireless

The wireless connection works out of the box. It uses the iwlagn kernel module.

Touchscreen (Pen Only)

The touch screen works out of the box using the Wacom pen. I don’t know about finger-touch support, since as I do not have that capability.

I recommend that you instal xournal for note-taking and cellwriter (my tips and tricks) for handwriting recognition. Both are available in the official Ubuntu repository, but are not installed by default.

Extra Buttons/Screen Buttons

All of the extra keyboard buttons work out of the box, with the exception of the zoom button (Fn+Space). The buttons that work are the volume buttons, the ThinkVantage button and all Fn buttons. The buttonson the screen are the rotate button, the toolbox button, the escape button and the arrow buttons.

By work, I mean they report a valid symbol to X.Org. For some of them, you have to bind them to an action to make them do something useful.

Middle Button Scrolling Using TrackPoint

You cannot use the TrackPoint as a scroll button out of the box. In Karmic, you had to create a file, such that HAL would know to enable this feature. However Lucid no longer uses HAL, instead it reverted back to X.org’s own device configuration system. So you have to create a file for X.org. The contents are still the same, only the syntax changed.

To create this file, run the following command to open a text editor:

sudo gedit /usr/lib/X11/xorg.conf.d/20-thinkpad.conf

And place the following text into it:

Section "InputClass"
Identifier "Trackpoint Wheel Emulation"
MatchProduct "TrackPoint"
MatchDevicePath "/dev/input/event*"
Driver "evdev"
Option "EmulateWheel" "true"
Option "EmulateWheelButton" "2"
Option "Emulate3Buttons" "false"
Option "XAxisMapping" "6 7"
Option "YAxisMapping" "4 5"
EndSection

Save the file and restart X.org. After that, you can scroll by holding down the middle mouse button and moving your TrackPoint up-and-down at the same time.

I stole these instructions from Phil Sung, who stole them from Samson Yeung.

Suspend/Hibernate

Both work out of the box without any problems.

Hard Drive Accelerometer

The hard drive accelerometer STILL does not work out of the box. It will report the position (0,-3) regardless of the real position. My understanding is that there are some political problems (legal, ideal?) as to why it hasn’t been fixed yet.

To get the accelerometer to work, you have to compile it manually from the tp_smapi package. I’ve already documented how to do this for Karmic, and the same steps apply to Lucid.

Of course, you still have to install some packages to make it do something useful. I suggest that you install hdapsd, which will spin down your disk when motion is detected. This prevents it from being damaged.

sudo aptitude install hdapsd

Also my AutoRotate daemon is quite cool. It rotates your screen automatically based on orientation.

Fingerprint Scanner

The scanner does not work out of the box. And even after manual configuration, you can only go so far. While the hardware is supported, the software that uses it isn’t that great. You can configure PAM to allow you to login via fingerprints, but it cannot identify the based on the fingerprint and it always asks for a specific finger at a time.

The best software for this is fprint. I have written a tutorial on how to configure fprint. However you no longer have to add the PPA in it, since fprint is now part of the official Ubuntu repository.

Another choice is thinkfinger. I have also written a tutorial for it.

Today I took some time to update the AutoRotate daemon to work with Ubuntu Lucid. There were a few small changes that I had to make, so I decided to slightly increment the version of the package. You can download the source code here. Also Ubuntu users can install it automatically from my PPA.

Change Log

The next addition I am planning to work on next is to write a simple indicator menu to control the daemon. I’ve created a post on the Ubuntu Forums asking for suggestions.