IT Archives - Stefano Ottolenghi's Place

Setup OpenWRT on Raspberry Pi 3 B+ to avoid data trackers

I am definitely not an expert in networking, so take all of this with some salt. Still, I found it valuable to have my home internet powered by open source software as much as possible, rather than some shitty closed black-box provided by my ISP.

There are already lots of valuable resources on setting up OpenWRT on a Raspberry Pi as a home router. To cite some:

Raspberry Pi as a home router
OpenWrt Raspberry Pi 3 B+ page
OpenWrt Raspberry Pi 3 B+ snapshots page (there is a stable compatible version, but does not support WiFi 2.4 Ghz, which makes the signal quite stronger)
OpenWrt forum topic discussion on Raspberry Pi 3 B+

Upon first setup, I had issues connecting the Raspberry to my Ubuntu laptop and make the first setup. Only later did I learn that I could have simply edited the config file on the microSD and avoided the pain, but anyway, I was able to have it work through ethernet on my laptop by setting the ethernet interface to be unmanaged.

I found the wifi adapter of the Raspberry do be strong enough to cover a 3-room apartment, and also go outside. When all the confi was right, I just disable DHCP on my ISP router, enable DMZ to the Raspberry (which had a static address by then), and let the Raspberry be the only DHCP server in the network.

You can check if the Raspberry really is the only DHCP server by running the command udhcpc -n -q -s /bin/true -t 1. You should get udhcpc: no lease, failing as last line of output; if you don’t, then there is still another DHCP server active in the network.

Ads and trackers blocking through dnsmasq

I then wanted to block ads and data trackers through a DNS filter. Starting from this, I eventually ended up using the first of these lists as DNS blacklist, with a handy bash script that would update the list on a regular basis. Note that data in /tmp is lost on reboot, and data not in /etc is lost on firmware re-flashing.

Continue reading “Setup OpenWRT on Raspberry Pi 3 B+ to avoid data trackers”

A fix for broken (physical) buttons and dead touch area on Android phones

My old Android smartphone fell too many times and had its physical buttons (back, home, recent apps) not working, which was problematic to do anything. You can go back with in-app buttons most of the times, but there is no way to switch app or to go back to the desktop.

One good fix is to use an app that will put the back and home button functions as touch gestures, for example swiping from the borders of the screen. To this avail I suggest Fluid Navigation Gestures. In case you absolutely needed to trigger the home button, for example, you can connect the phone to the computer, enable ADB, and trigger any key you would like with it.

Navigation gestures are a good fix until you realized that not even the spacebar (or the whole lower row of keyboard keys) would not work. So in the end, the real solution is to prevent Android from drawing anything in the bottom part of the screen (or, at any rate, the broken part, wherever it is — as long as it is on some side and not central). And it turns out it is actually possible to resize the screen area in Android!

Continue reading “A fix for broken (physical) buttons and dead touch area on Android phones”

FOSS Android Apps and my quest for going Google free on OnePlus 6

A while ago I decided I did not want to be a product anymore, and start paying for services. I started by breaking free from all the free-but-commercial company services such as Dropbox and Gmail, and ultimately ended up ditching all non open source software on my phone, doing away with anything that was Google-run.

There is an alternative: follow through as we embark on the journey of moving to Free and Open Source Software (FOSS) for Android.

Easy replacement for essential services

The problem with non-open source software is that they have to keep building new features into their products, or the market will tag them as dead. They have to keep moving, and some occasional bugfixing is not enough. On the other hand, open source software does often not have this drive. These projects’ maintainers just tend to make sure their software runs smoothly and that it has all it should have.

So, after Dropbox kept implementing useless features and, most of all, would force me to move my folder to a partition formatted with ext4 instead of ntfs, I was fed up. My first step was thus to self-host an instance of Nextcloud. I chose self-host because I wanted control and because I already had a server to host it on, but there are options where you can rely on someone else’s instance and register for a share, pretty much as Dropbox does.

And Nextcloud is really, by all means, a valid alternative to Dropbox. There are clients for all operating systems, including mobile ones, with all the needed features, and they are actively maintained. Actually, it’s more than an alternative to Dropbox! I started with just file hosting, but there are countless apps that can boost your Nextcloud instance. I added Notes and did away with Google Keep, but most importantly Contacts and Calendar so that I could sync my phone contacts and meetings not with Google, but with my own server (using the DAVx Android app, freely available on F-Droid). I also tried the Passwords app to ditch Lastpass, but the Firefox addon was not working super well (end thus ended up signing up for Bitwarden instead). I switched to Bitwarden in the end.

I then scouted for (paid) privacy-focused email services. First to grab my interest was Tutanota, but after using it a few days it was clear to me that they were still far from being something one could rely on as a power user (no conversations, no option to receive mails from other domains, and more missing). I then went with ProtonMail, which I am very happy with — true, some features miss there as well, but they are minor. I now have a primary protonmail address, and (as a paying user) I could link my other addresses so I handle all from one dashboard. It came with a subscription to ProtonVPN as well, but commercial VPNs for privacy are just nono. And so Gmail was gone as well.

Continue reading “FOSS Android Apps and my quest for going Google free on OnePlus 6”

FEniCS differences between Function, TrialFunction and TestFunction

The FEniCS project allows for simple solution of partial differential equations. However, getting started from examples is so quick, it is easy to miss how the inner-workings of it behave. This should not happen (especially if it is a PhD project). There are three vital pieces of the puzzle that it might not be clear what they are for, and the documentation does not help here: the functions TrialFunction, TestFunction, and Function.

The thing is that, in the usual Finite Element Methods, we only have the distinction between the trial function $u \in V_h$ and test function $v \in V$ , and even then the distinction is often blurry. In fact, technically, the spaces $V_h$ and $V$ can be different. However, most of the time we take them to be the same (for example, the same discrete space of piecewise linear functions). The names we give them is just to have clearer in our heads what role they play in the game, but we could as well say “two functions in $V$ “. Then why would FEniCS have even a three-fold difference? You can quickly check for yourself that, for example, if you swap the TrialFunction for a Function, FEniCS will complain.

There is no documentation on the topic as far as I have found, so these are my (maybe mistaken) deductions.

The meaning of the TrialFunction is to let FEniCS know what function we are solving for. In fact, when we call

solve(A, u_.vector(), b)

1	solve(A, u_.vector(), b)

FEniCS expects to find a TrialFunction in A, which is supposed to be the function we are looking for. On the other hand, u_ is the symbol in which the result will be stored, and this needs to be a Function (not Trial, not Test, just a regular Function).

Continue reading “FEniCS differences between Function, TrialFunction and TestFunction”

Troubleshooting the installation of IRAF on Ubuntu

So, found myself installing IRAF on a friend’s laptop running Ubuntu. There are some decent tutorials online about the general steps: for example, this one, and the official one. However, they all skip all possible issues that could come up (or at least, that popped up in my case). This is another good resource about the setup, config and usage (but skip the Ureka parts).

The community-maintained version of IRAF allows easy installation on some systems, such as Ubuntu.

The thing is that IRAF is a jumble of stunningly old pieces of software working together on primitive terminals and on peculiar conditions.

In random order, possible issues/tips are:

If the packages iraf-all pyraf-all stsci show as non-existent, you have not added the astroconda channel. The command should be
conda config --add channels http://ssb.stsci.edu/astroconda
You will still need to manually install ds9:
sudo apt install saods9
You do not need to change the default shell to tcsh, although you need it to be installed:
sudo apt install tcsh
If xgterm does not execute with error File not found, although the file is clearly there, make sure you have installed 32 bit dependencies:
sudo apt-get install libc6:i386 libz1:i386 libncurses5:i386 libbz2-1.0:i386 libuuid1:i386 libxcb1:i386 libxmu6:i386
If conda commands do not work, make sure you have activated the Python environment containing the iraf packages:
cd /path/to/iraf source activate iraf27

In the end, the exact set of commands that got the whole environment working has been: Continue reading “Troubleshooting the installation of IRAF on Ubuntu”

Install Windows 7 on a modern, Intel 8th generation computer

I spent a good week trying to get Windows 7 to work on a modern laptop, having an Intel i3 8th generation CPU and other recent components, such as a NVMe SSD. What I did not know in the first place, is that officially, Windows 7 does not support Intel CPUs later than 6th gen. Moreover, it does not support UEFI boot (not GPT partition tables). For reference, we are talking of a PC Specialist Ultranote IV 14″. Up to now, everything works almost flawlessly but the wifi/bluetooth adapter.

I am not gonna provide a full tutorial on how to install Windows 7 on a modern computer, but I am going to list here all the relevant resources that helped me succeed in the mission, as the research turned out to be quite exhausting.

The main issue is that the installer will stop quite soon and abruptly, stating that “A required CD/DVD drive device driver is missing“. Clearly, this is bullshit, as the laptop does not even have an optical drive and the installer was running from USB.

Continue reading “Install Windows 7 on a modern, Intel 8th generation computer”

Meltdown – Overview of a security vulnerability (Slides)

Here is the pdf slides of my presentation about Meltdown, the security vulnerability. First are full slides, then real presentation slides (with stops when asking questions/pausing and pondering). Free for re-use, but nice to cite.

Continue reading “Meltdown – Overview of a security vulnerability (Slides)”

Endless Christmas X-MAS CTF Writeup

This is a writeup for the Endless Christmas challenge, md5 hash 866c92038d6e9fc47db4424f71f6167a (download binary). It appeared in the X-MAS CTF, and it’s a Reverse challenge.

Using afl with Radare we can see there are calls to write and execve, both happening in main, a sign that this program creates (and maybe executes?) something else.

Putting a breakpoint just before the execve happens will reveal what file is being loaded (looking into the rax register).

I went down 60 rabbit holes disassembling this binary further, but the best thing we can do at this point is change point of view, step out of Radare, and launch the binary by itself – it certainly doesn’t seem to be doing anything nasty up to this point.

It takes some time before any output is shown, so this may be a sign that some decoding happens. The program creates a good number of other binaries which all look identical, albeit different from the original one (as their size shows), but that are actually different upon closer inspection with their md5 hashes.

Continue reading “Endless Christmas X-MAS CTF Writeup”

On knowing when to stop in software development

One of the very few things I learnt in art class is what the role of Jackson Pollock was in his art. Because, we were asked, what is the role of the artist, if the only thing he does is let paint drop on a canvas? His role is to decide when the work is complete.

This is something we most often overlook in computer science: there comes a time when a project, or a feature, is complete, and any more improvements, any more work put into it is likely to decrease its value and ruin all the good work. Too often we want progress in our applications, without realizing that it’s actually destroying them. Sometimes it’s just better to move on and work on something else. Even if a solution is 10 years old, it doesn’t mean it has to be updated because progress requires it.

Let me present a couple examples.

The Gutenberg editor in WordPress

WordPress 5 introduced the new Gutenberg editor, a project that has been rated with 2 stars out of 5 with a total of around 2000 reviews at the time of writing. It’s a product that is so buggy and un-usable that it is bewildering that it made it into Core, but whatever (in 10 minutes of usage, I found 7 crucial and unreported bugs just 4 months prior to release – see my review).

Let us pause and ponder why it was introduced. Any apology of Gutenberg will say that is because the classic editor felt old. It looked so much like Office 2003, and it’s 2018, they say! You see, they say, 15 years in computer science is a huge deal!

But, you see, what is the main purpose of an editor? To write. And to that it must be apt. Gutenberg shifted the focus from writing content to designing a page, effectively forcing a progress in the wrong direction. Not much has changed in writing since Office 2003 came around: we still use bold, italic, headings, text alignment and little more. Anything else requires the careful crafting of a designer and writing of some HTML, as it should be. Nothing else is needed, really, when it comes to writing. But, they say, you cannot even create a table with the classic editor! And I say, that’s right, it should be possible! But that doesn’t require trashing a whole editor and building a cumbersome React-y thing just so that we can have tables, does it?

But, they say, this way you don’t need a designer to design your pages anymore. Of course, people must be really stupid if they have been paying web-developers/designers to put up their websites for the last 25 years, of course! So stupid of us! There, instead of hiring a professional photographer to shoot at your weeding, just give a compact camera to your uncle, since technology and progress have enabled you to do so. Because it really is just the same. When I was a kid, websites designed with Dreamweaver were looked down on, and anybody who wanted a real site should have hired a professional. Not it looks like everybody can do everything – expect that, uhm, they can’t.

Too often the right questions are not asked and carefully considered. Those are the most basic ones: do we really need this thing? How difficult is it to build it? Is it really worth it? What is the impact it will have on users/market? Does it add something really useful and needed without breaking anything else?

Continue reading “On knowing when to stop in software development”

Tasks un-owned are task that go forgotten

If you are a tech company, and your people commit code, then you probably have some code review policy. And if you do not, you definitely should: you want to have an extra pair of eyes on the code that goes live. You certainly do not want a mistake to break things. And that is why you do pull requests to contribute to GitHub repos, and why Google employees must have a certain degree of maturity to commit code without review.

BUT, as long as that is a good idea, we must be careful to implement it the right way. Just enforcing reviews is not enough. You want to make the time between the code is sent for review and the code is deployed as short as possible. The longer the review time span is, the more work will be needed when the review comes. That is because:

Who wrote the code simply does not have it fresh in their mind anymore. The context switch between the current task and the code he wrote days/weeks ago is just more demanding;
Conflicts are more likely to arise, and then more work is needed in solving them;
Other issues may depend on the code being held for review. Other people may spend (waste) time debugging an issue for which a solution is already available;
If the repo is public, it makes more difficult for other to jump in and contribute, because they also have to be aware of all the pending code.

The right way to implement a code review system in a tech company

I think the best way to implement a code review system is to:

Assign each code review to a particular member of the team. If everybody owns a task, then nobody does as well. That is why you want that particular review to be a responsibility of someone specific. An automated system can randomly assign a review to a team member.
Each code review comes with a deadline. That’s it: code reviews are as important as any other task – basically because every other task often generates a code review at some point, so if we lag on those, nothing gets carried to the end and we are getting no work done at all! We may have different priorities associated with different deadlines, but we want each review to expire at some point (with the longest being a couple days)!
Team members can turn down their assignments, but only if they have a good reason to. Again, if code does not get reviewed, it cannot go live, and thus the work has been done for nothing. Reviews are important and must be considered as such.
Then just track how it goes: who is turning down most assignments? Is the weight uniformly distributed across the team?