Weird OSX Lion bug :mini DVI prevents boot/reboot

Today I just could not connect to my MacMini which was displaying a screensaver when I turned the screen off this morning. Usually it works fine when I come back home and turn it back on, but this time it only showed up a black screen, meaning the screen was connected and it was resuming from sleep.

So let’s investigate this

Before trying anything else, back to the basis : it replies to ping - good, so OSX hasn’t crashed.

ssh and Screen Sharing (VNC) also work - so I click on Apple/Retart, all the windows clause but nothing else happens. The VNC connection is not closed.

Weird. I try the same by ssh : sudo then reboot - but reboot also fails with :

/ is busy updating; waiting for lock

Weird. Let’s check /var/log/system.log:

May 23 18:30:57 macmini com.apple.kextcache[41843]: Lock acquired; proceeding.

May 23 18:30:57 macmini com.apple.kextcache[41843]: /: helper partitions appear up to date.

May 23 18:30:59 macmini AppleFileServer[41769]: _Assert: /SourceCache/afpserver/afpserver-585.2/afpserver/../afpserver/SharePointSyncTask.cpp, 215 (4294967253)

May 23 18:31:25: —- last message repeated 1 time —-

May 23 18:31:25 macmini com.apple.backupd[41859]: Starting standard backup

May 23 18:31:25 macmini com.apple.backupd[41859]: Error -35 while resolving alias to backup target

May 23 18:31:35 macmini com.apple.backupd[41859]: Backup failed with error: 19

Weird. After some googling, I see hackintosh users have the same problem with a wrong ACPI VGA kext, but maybe backupd is causing the problem? A killall -9 backupd later :

May 23 18:31:52 macmini com.apple.launchd[1] (com.apple.backupd[41859]): Exited: Killed: 9

Let’s try again to reboot

May 23 18:32:06 macmini reboot[41874]: rebooted by guylhem

May 23 18:32:06 macmini reboot[41874]: BOOT_TIME: 1337812326 786930

Yey, it works ! Maybe it is completely unrelated to ACPI/VGA kext. But then I get nothing but the same black screen at reboot. WTF? Now I can’t even ssh!!

Time for some deep thinking - so I remember about anything I may have done this morning - but I only did one unusual thing : I cleaned my desk. How could it be related??
Some deep thinking later - what if it was due to a loose cable? After unplugging/replugging the Mini DVI cable, everything works again !!!

Morale of the story: in OSX there can be weird bugs too. A misconnected mini DVI cable *can* apparently cause backupd to fail, while still powering the display to wake it up from suspend, but causing reboot problems and preventing a normal boot due to the kext - just like on a hackintosh. 
Hardware bug of software bug, whatever it may be, that’s still strange. Hopefully someone with the same weird problem will find this solution thanks to google.
Big kudos to the hackintosh forum - they can be very helpful, even for vanilla macs runnning the vanilla latest stable version of OSX.

N900 widgets vanish bug

I have a strange bug with my N900 : sometimes when I add a desktop-cmd-excec widget, all my widgets vanish. A reboot does not help. Then when the calendar alarms occur, it takes between 30s to 1 minute after clicking on them to make them go away. Restoring the widgets from the gconf values + the ~/ filesystem helps, until I try to add them back-  then they disappear again. 

So today I took some time to investigate the issue : apparently, this is due to a bug  : when a 3rd party widgets has a memory leak or stops while waiting for some data (ex: lack of connectivity), it results in high CPU usage (unresponsiveness) then takes hildon-home along with it - which then removes all widgets to prevent a reboot loop. The bug is a WONTFIX since it requires a major feedservice change.

See http://talk.maemo.org/showthread.php?t=56340 and https://bugs.maemo.org/show_bug.cgi?id=8723

Apparently, banning python widgets is the standard solution - since they tend to be leaky (so now I know why I hate python :-)

apt-get remove —purge hildon-desktop-python-loader

But on my device, it looks like a desktop-cmd-exec bug, since it happens when I add a custom script!

The only workaround so far is to run as the standard user:

dsmetool -k /usr/bin/hildon-home
dsmetool -t /usr/bin/hildon-home

Here are some scripts I use to save my widgets status before restarting the widget framework, to avoid adding them manually:

~ $ cat widgets-store.sh 
set now=`/usr/local/bin/date +%Y%m%d_%H%M%S`
gconftool-2 —dump /schemas/apps/osso/hildon-desktop/applets > widgets.xml
tar zcvf .widgets-$now.tgz widgets.xml .config/hildon-desktop/home.plugins
rm widgets.xml
~ $ cat widgets-restore.sh 
gconftool-2 —dump /schemas/apps/osso/hildon-desktop/applets > /tmp/w.cur
gconftool-2 —unload /tmp/w.cur
tar zxvf widgets.tgz widgets.xml .config/hildon-desktop/home.plugins 
gconftool-2 —load widgets.xml
rm widgets.xml /tmp/w.cur

I will also add timeout to my custom scripts which depend on network connectivity, which obviously could trigger this bug.

bugs.maemo.org

Yey to IPV6

While playing with an experimental distribution for the Fritzbox 7390 I may soon release, I added some DHCP/IPv6 integration. Just 5 minutes ago I was very pleased to notice that this integration was already working well, even if I had not fully tested it.

On my git repo, root@crosscompile.localdomain is usually the author - because I test stuff on a VM I use for crosscompilation, and couldn’t care less about where I git push from.

But now that the DHCP/IPv6 integration is working, all the machines on my lan ask for an IPV6, get it *AND* the Fritzbox (which is also my DNS server and has authority on the IPv6 subnet) then adds a AAAA and a PTR linking the IPv6 address to the dhcp name at my domain name.

So my crosscompilation VM became debian.guylhem.org, which is quite cool since it’s also routable - at least while the VM is active. I could even host my files right there - but the IPv4 only folks would cry, so I’ll keep using git instead ;-)

code.google.com

Adding OTP to telnetd

Playing with busybox and openssh, I have had times when I almost got myself locked out of my machine while working remotely. Why? Because telnetd is not listening on port 23. Why? Because I fear for the safety of my machine should I lazily use telnet for a quick reboot  (also compromising my password at the same time) and forgot to change this damn password.

But why? Telnet was once very popular. You’ll say that now SSH plays the same role with the bonus of encryption, but this will turn into a circular argument.

Yes, SSH encrypts the commands you type and the answers they give you, but your password is usually more important than that! I couldn’t care less if someone knows I have typed “reboot” as long as I know that they won’t be able to login with my password.

IMHO, telnet got replaced by SSH because of a main weakness : the password is transmitted in clear text, and thus vulnerable to sniffing and replay (basically anything between you and your server is dangerous - from a tcpdump/wireshark sniff to a hardware or software keylogger at a cybercafe). 

Yet RFC 2289 proposed something nice : a One Time Password, or OTP for short.

Basically, an OTP is a password that can be used only once, which means it is useless for anyone who gets it. It can not be reused. That is also useful if you try to SSH from an unknown machine- you don’t want to expose your password.

How does it work?

An MOTP is generated from the MD5 of the concatenation of :

  1. the epoch (unix time) divided by 10, 
  2. a randomly generated pin made of digits
  3. a known shared secret

The pin is presented to the client, which must reply with the valid OTP. If the client fails, another pin is generated - and so on. Ideally, the pin should be sent by a different communication channel.

If you have configured google or facebook 2-way auth, and if you type the numbers you receive by SMS instead of your password to login, you are already using MOTP!

If you entrust your facebook account to MOTP, why not use MOTP for other things, such as telnet or the quite interesting shellinabox, which gives you a way in with just a browser- but like telnet also exposes your password?

That’s where things got complicated. On my VPS, like on my DSL modem, I use busybox to save RAM. OPIE on PAM is only an option for a full-fledged /bin/login.

So on friday night, instead of watching smackdown I took vi and coded a replacement for busybox correct_password.c

Get the goodie on my git repository, code.google.com/p/guylhem/ : simply put the replacement correct_password in libbb/, recompile and you’re good to go.

On the same repository, you will also find a very crude implementation I made as a prototype, motp-standalone.c (ugly), along with a motp-gen.c (worse), a command line MOTP generator that I didn’t even try to compile yet but that might work. Meanwhile, you should rather use one of the various MOTP apps for android or ios, or otp for the n900.

Both use BSD MD5 (apt-get install libbsd-dev if you are using GNU/Linux) which behaves a little bit differently than busybox MD5.

I had some fun creating a nice function to generate a random PIN of non repeating numbers (Floyd algorithm followed by Knuth shuffle) but that’s not where I spent most of the time when I wrote the final correct_password. In fact, most of it was lost to MD5 : basically BSD MD5End reinitializes the md5_ctx, while Busybox md5_end does not. I am ashamed I spent nearly an hour of my life wondering why the md5 didn’t match, thinking first about endianness issues and other weird stuff :-)

Now what will I do with my saturday night instead of watching SNL ? :-)

code.google.com

guylhem.org : php vulnerabilities scan

In my error log I see many people I trying to access my home website - mostly spambots I guess, because the value of 0wning a MIPS box seems quite low to me

What’s quite interesting is the URL they are trying to access - here’s a short list. Most of there are php URL, I guess to try to log is with a default admin password.

My conclusion: if you are running phpmyadmin, mysql or anything else that’s standard, steer clear of the “traditional” paths.

/MyAdmin/scripts/setup.php

/admin.php

/admin/index.php

/admin/phpmyadmin/index.php

/admin/pma/index.php

/appConf.htm

/db/index.php

/dbadmin/index.php

/images/TrophyComposite2small.jpg

/index.php

/manager/html

/manager/status

/muieblackcat

/myadmin/index.php

/myadmin/scripts/setup.php

/mysql/index.php

/mysqladmin/index.php

/openldap

/php-my-admin/index.php

/phpMyAdmin-2.2.3/index.php

/phpMyAdmin-2.2.6/index.php

/phpMyAdmin-2.5.1/index.php

/phpMyAdmin-2.5.4/index.php

/phpMyAdmin-2.5.5-pl1/index.php

/phpMyAdmin-2.5.5-rc1/index.php

/phpMyAdmin-2.5.5-rc2/index.php

/phpMyAdmin-2.5.5/index.php

/phpMyAdmin-2.5.6-rc1/index.php

/phpMyAdmin-2.5.6-rc2/index.php

/phpMyAdmin-2.5.6/index.php

/phpMyAdmin-2.5.7-pl1/index.php

/phpMyAdmin-2.5.7/index.php

/phpMyAdmin-2/index.php

/phpMyAdmin/index.php

/phpMyAdmin/scripts/setup.php

/phpadmin/index.php

/phpmyadmin/index.php

/phpmyadmin/scripts/setup.php

/phpmyadmin1/index.php

/phpmyadmin2/index.php

/pma/index.php

/pma/scripts/setup.php

/recordings/index.php

/remote.php

/resources/trail_building/images/downhill_1.jpg

/typo3/phpmyadmin/index.php

/user/soapCaller.bs

/vicidial/project_auth_entries.txt

/vtigercrm/modules/com_vtiger_workflow/sortfieldsjson.php

/w00tw00t.at.blackhats.romanian.anti-sec:)

/web/index.php

/web/phpMyAdmin/index.php

/websql/index.php

/xampp/phpmyadmin/index.php

Fritzbox 7390 kernel modules

Now that kernel 2.6.28.10 is being used on the Fritzbox 7390 with the latest 84.05.21 firmware  (ftp://ftp.avm.de/fritz.box/fritzbox.fon_wlan_7390/firmware/english/FRITZ.Box_Fon_WLAN_7390.en-de-es-it-fr.84.05.21.image), your custom modules should be recompiled.

You can either fetch the source from http://gpl.back2roots.org/source/fritzbox/7390_5.20/GPL-release_kernel.tar.gz and run this modified compile scripts (adds a make modules and make modules_install to /tmp/lib/modules of your crosscompile box) or grab the binaries from http://dl.dropbox.com/u/984275/fritzbox/kernel/2.6.28.10.tgz

I used a very simple .config, only adding support for USB audio and video, Bluetooth and netfilter (ipv4+ipv6). The .config is available on http://dl.dropbox.com/u/984275/fritzbox/kernel/config.txt and a backup of the AVM sources on http://dl.dropbox.com/u/984275/fritzbox/kernel/GPL-release_kernel.tar.gz 

With that, you can for example run a webcam on your fritzbox!

If you don’t want all the modules, simply get http://dl.dropbox.com/u/984275/fritzbox/kernel/videorec.tgz, modprobe uvcvideo then run http://dl.dropbox.com/u/984275/fritzbox/v4l2grab from Tobias Müller to get a result like that (v4l2grab on the fritzbox requires approx 2 minutes to compress the picture into a jpg)

v4l2grab example

(live demo hosted on a true Fritzbox 7390 - MIPS 24Kc, 128M Ram)

Modified compile script:

#!/bin/bash

# Adopt this to your cross-compiler-path

CROSS_COMPILE=/usr/bin/mips-linux-

# The following exports are required for avm_init_scripts

export FRITZ_BOX_BUILD_DIR=`pwd`

export KERNEL_BUILD=linux-2.6.28

KERNEL_BUILD_DIR=${FRITZ_BOX_BUILD_DIR}/${KERNEL_BUILD}

export INSTALL_MOD_PATH=${KERNEL_BUILD_DIR}/filesystem

KERNEL_CONFIG=${KERNEL_BUILD_DIR}/.config

TMP_DIR=${FRITZ_BOX_BUILD_DIR}/tmp

################################################################################

####

# This function runs avm_init_scripts 

####

function run_avm_init_scripts () {

init_scripts=’./drivers/dsl/init_dsl ./drivers/char/avm_new/init_avm ./drivers/char/avm_net_trace/init_net_trace \

./drivers/char/ubik2/init_ubik2 ./drivers/char/avm_power/init_power \

./drivers/char/flash_update/init_flash_update ./drivers/char/Piglet_noemif/init_Piglet \

./drivers/char/Piglet_noemif/init_Piglet_noemif ./drivers/char/dect_io/init_dect_io \

./drivers/char/audio/init_audio ./drivers/isdn/isdn_fon5/init_isdn_fon2 \

./drivers/isdn/isdn_fon5/init_isdn ./drivers/isdn/isdn_fon5/init_isdn_fon4 \

./drivers/isdn/isdn_fon5/init_isdn_fon6 ./drivers/isdn/isdn_fon5/init_isdn_fon3 \

./drivers/isdn/isdn_fon5/init_isdn_fon ./drivers/isdn/isdn_fon5/init_isdn_fon5 \

./drivers/isdn/capi_codec/init_capi_codec ./drivers/isdn/avm_dect/init_avm_dect \

./drivers/isdn/capi_oslib/init_capi_oslib ./drivers/usb/musb/init_usb_host20 \

./drivers/usb/misc/usbauth/init_stick_and_surf’

echo Running avm_init_scripts:

for i in ${init_scripts} ; do 

if test -e ${i} ; then

if ! test -x ${i} ; then

chmod +x ${i}

fi

echo ———— Running ${i} ———-

script=`realpath ${i}`

( cd `dirname ${i}` &&  ${script} 26 )

fi

done

}

####

# Compile the kernel 

####

function compile_kernel() {

make TARGET_CPU=ikanos CROSS_COMPILE=${CROSS_COMPILE} ARCH=mips menuconfig

make TARGET_CPU=ikanos CROSS_COMPILE=${CROSS_COMPILE} ARCH=mips -j 16

make TARGET_CPU=ikanos CROSS_COMPILE=${CROSS_COMPILE} ARCH=mips -j 16 modules

make INSTALL_MOD_PATH=/tmp TARGET_CPU=ikanos CROSS_COMPILE=${CROSS_COMPILE} ARCH=mips -j 16 modules_install

}

####

# Link cpmac files

####

function setup_cpmac() {

echo setup cpmac

CPMAC_DIR=${KERNEL_BUILD_DIR}/drivers/net/avm_cpmac

cp ${CPMAC_DIR}/linux_avm_cpmac.h ${KERNEL_BUILD_DIR}/include/linux/avm_cpmac.h

cp ${CPMAC_DIR}/linux_adm_reg.h ${KERNEL_BUILD_DIR}/include/linux/adm_reg.h

cp ${CPMAC_DIR}/linux_ar_reg.h ${KERNEL_BUILD_DIR}/include/linux/ar_reg.h

cp ${CPMAC_DIR}/Makefile.26 ${CPMAC_DIR}/Makefile

}

####

# Main

####

cd ${KERNEL_BUILD_DIR}

run_avm_init_scripts

setup_cpmac

compile_kernel

guyllhem.org

Mechanical turk experiment with extreme narcissism

A few weeks ago, I discovered Amazon Mechanical Turk and decided to try to play with it, to see what it could used for.

Digging for stupid ideas, I found my inspiration after reading a post on narcissism: basically, I uploaded a HIT asking workers to write a compliment on my official facebook page in exchange for money. How vain is that? 

The HIT description was :

 YOU MUST HAVE A FACEBOOK ACCOUNT AND BE LOGGED IN TO DO THIS !

1) Click on the facebook page link

2) Click on the “Like” button

3) Write a compliment of at least one phrase of good english, ex: “He is very helpful and good looking”.

4) Do you see anything already close to what you want to post ? Then edit your compliment to avoid duplicate data !

5) Press enter

6) Copy/paste the compliment you wrote in the following box

In order to avoid turning this lame experiment into an abuse of facebook, the scope was limited to 20 request. Also, to be fair with the workers who were not told in any way that this was an experiment, I offered $0.10 for each task since it required multiple actions, creativity and a final copy/paste of their results in a form for subsequent analysis.

The results are very interesting : every single worker *did* what was requested and wrote a compliment. The compliments are also at the bottom of this message. Since it was work for hire, I guess I’m clear with the copyrights!

I laughed my ass out after reading the comments - some were just so funny, and at least one was very cleverly worded and genuine enough to pass for what would be an actual client feedback (other applications: if you feel down, for less than $3 bucks you can have a good laugh!)

Of all these comments, only 4 i.e. less than 20% were caught by facebook antispam filter - the grammar was not perfect in these 4 comments, but what seemed the most important factor was that the worker had not uploaded a picture.

Also, every single worker did like the facebook page as requested in step 2, which is more shocking. Not a single one did unlike it after the experiment.

The implications are very simple : when playing a “popularity contest”, as some companies do, all it takes is $10 for every 100 votes, with 0% loss on the likes, and 20% loss if you care about having compliments published on a facebook without any action on your part.

I didn’t want to be a cheapskate, hence my “generous” offer by Mechanical Turk standards. However, due to the very short time it took - 1 day before being completed, the price could obviously be reduced - even more if the task was simplified into just pushing “like”.

Let’s take a conservative hypothesis and estimate that Amazon default price of $0.05 will do. To get a million like would require around $250k. Try to reduce the default price by half, say by only asking for the press of “like” and you could reach $100k per million like.

How many companies have more than a million likes on facebook? Do you think a mere $100k in advertising budget would give you that? Can criminals operating spambots match the price?

Besides the fact that many people will find such an offer good enough or need the money bad enough, I’m appalled by the conclusions for any fair player of the social game.

I wonder how prevalent is such an abuse in the social media world, following the rumors of widespread pay-for-like abuse on Apple iTunes, where the popularity of an applications can make the difference between success and failure.

The compliments were:

  • He is looking smart and very clever.
  • It should be helped for the future.
  • Really nice information is given in english on the website. Thanks.
  • I found this page very useful. it provides me lot of  good information.
  • he is friendly and looking attractive.
  • This guy is looking smart and has a lot of positive energy. Looks very confident
  • Very handsome and working in a good company
  • If you are facing any problem starting from medical field to embedded programming - your one stop solution is Guylhem, a helpful person by all means!
  • he is good and concerning indeed…
  • He has good personality and interesting.
  • He is very innovative about himself.
  • He is intelligent, charming and really good looking besides having a likeable personality.
  • He is very handsome and also educated well
  • NICE GUY WITH GOOD LOOKING
  • this would be very helpful
  • He seems smart and very talented
  • He looks beautiful in sky blue shirt.
  • Hai Guylhem Your very hansom
  • He is a very kind hearted and honest person.
  • He is handsome and good looking person
  • I’m a fan of yours Guylhem :) Thanks for all that you do! :)

Take note on how one took some time to do a google search, found out I was in health-IT and wrote the comment around that.

This was disclosed to facebook, along with the following suggestions in an email exchange where they pointed out proxies:

Of course they could ask user to set up proxies, but this would create
another step and add a risk of failure. More steps raise the price per
HIT, which would require a much bigger budget and reduce the potential
number of abusers.

In this case, either they would ask the user to set up a given proxy
or a machine they control, or setup a full range of IP with proxies -
you could then catch the abuser by IP match or IP range.

Alternatively, they could ask users to set up a random proxy from a
public list, but most of these proxies are busy and finding a good one
usually requires trying 5 to 10 candidates - also increasing the
number of actions and thus reducing user compliance for a given price,
or raising the price.

The silver bullet would be monitoring Mechanical turk HIT jobs for
keywords like facebook, or match facebook URL to trigger or weight the
spam filter.

There is no perfect solution unless you can strike a deal with Amazon
to serve a cookie to HIT workers. You can only increase the price of
the abuse, try to detect it by IP match or monitor the HIT jobs to
feed the spam filter.

I don’t know your internal structure so I can’t advise you on the most
cost-effective way. By default, I would go to HIT jobs monitoring.

Guylhem

Getting rid of the old ovi.com stuff on the N900

As mentionned in many places, ovi.com services are being removed, little by little.

Only the ovi store is still barely usefull in 2012 on a N900.

So it’s time for a spring cleaning! My suggestion for the CSSU : let’s get rid of ovi.com crap, if only so that it doesn’t disturb people who wonder what it is.

Simply type as root (sudo gainroot)

apt-get remove —purge sharing-service-ovi  ovi-promotion-widget rtcom-accounts-plugin-nokiachat

rm /usr/share/osso-rtcomm/voip-support/nokiachat.profile

Now if only we could remove the “Ovi store” advertisement in “Preferences/Sharing accounts” the N900 would be fully ovi-free!

Since it’s hardcoded in libsharing.so, I guess it might be a little more complicated, but nothing a good hexedit can’t do

[Flash 9 is required to listen to audio.]

20 plays

My new sounds: Special track of Mardi Gras 2012 - get the Creole vibe with a full hour of TANBOU BÔ KANNAL

SoundCloud / guylhem

Fritzbox incoming caller-id by Growl

I hate having to get up in order to look for the %$# dect phone only to decide from the caller-id that the call is not important and not worth answering

There is a not-so-simple solution on wehavemorefun depending on php+an outdated growl-network protocol, but thanks to gntp-send we can do the same much more easily with a modern (1.3+) Growl supporting gntp.

Simply telnet on your fritzbox and create the following /var/calllog (which must be chmod +x), where I’m supposing your Mac is on 192.168.178.11 and Growl is configured to accept network notifications with password “yourpasswd”

#!/bin/sh

/var/media/ftp/gntp-send -a Fritzbox -s 192.168.178.11 -p yourpasswd “Call from” “$1”

To get the binary :

cd /var/media/ftp/ && wget http://dl.dropbox.com/u/984275/fritzbox/gntp-send && cd ..

That’s all - no reboot required of course! Ain’t that much simpler ?