Copenhagen occasionally suffers sudden “cloud bursts” (Danish: skybrud), where lots of rain falls within a short amount of time. The morning of 31st August was one such event. I got a few pictures of some flooding in a tunnel under the railway close to where I live. Bear in mind these pictures are after several hours of pumping the water away already, so the pictures probably don’t do the full extent of the flooding justice.
So yesterday I attended a performance by Folklore Tapes at The Old Church in Stoke Newington.
The performance was in three parts, the first being a musician performing on custom instruments like nails, violin bows with electric pickups, metal plates and the like. He used layering of segments to slowly build up a piece of music that sounded to me a bit like Jean-Michel Jarre combined with the music you would get in the “the main character is soon going to die” scene of a horror movie. I’m not quite sure why this segment was so long, but perhaps it was meant to evoke the feeling of Dartmoor and folklore, the subject of the performance. At least for me, I would have appreciated a bit more textualisation and explanation.
So what do you do when you rent a house in the middle of the French countryside, and have an entire week to kill? Explore the surrounding area of course. My previous post mentioned a few of the walks in the local area we did. This post will deal mostly with the day trips slightly further afield by car.
Continue reading “Summer holidays in France: Royal Château of Blois”
My last post concerned the first day we spent in France. This second post will cover the days spent at the gîte in Sarge-sur-Braye.
This year’s summer holiday was spent with my family in France. Partially in Paris, and partially in Sarge-sur-Braye, a small village between Le Mans, and Orleans and Blois (and if you still don’t know where this is, I’d encourage you to just research it yourself. Bonus points if you can find the demographic evolution of the village. Hint: French Wikipedia…).
So I was having a problem with the Windows Store on Windows 8.1. Apps couldn’t install or update, they would give the error 0x80073cf9. After having tried a few of the solutions online, none of which worked, I decided to see whether Microsoft could help. So I went to Microsoft’s site, and eventually arrived at the Answer Desk, where they offer chats with technicians. After a stupid mistake on my part when I accidentally closed the window on the first technician I was chatting with, I ended up reconnecting with Farah V. She was happy to help, and offered to remote into my computer to fix it. I consented, and watched as she typed commands, created folders, renamed folders, rebooted and so on. Below follows the commands she typed and actions she did that eventually fixed the error, in case anyone else is experiencing it.
PLEASE NOTE THAT A LOT OF THESE COMMANDS CAN BE DANGEROUS! ONLY RUN THEM IF YOU’VE TRIED EVERYTHING ELSE. All the standard disclaimers about not bearing responsibility if you break your own system of course apply.
Firstly, in an administrator command prompt, “sfc /scannow” claimed there was file corruption. Then, running the App Troubleshooter claimed that the graphics driver was not up to date. This proved to be a false lead.
She seemed to know where the file corruption might be present, so she navigated to C:\Windows and checked whether the folders “C:\Windows\AppReadiness” and “C:\Windows\AUInstallAgent” were there. One of them wasn’t, so she created it. She then further rebooted into safe mode and renamed “C:\Windows\SoftwareDistribution” to “C:\Windows\SoftwareDistribution.old”. She also renamed “C:\Windows\System32\catroot2” to “C:\Windows\System32\catroot2.old”. One of these folders was difficult to rename, so she had to stop some services to be able to rename them. And furthermore, this caused the programme signatures to go bad, so the publishers of programmes could no longer be verified. Scary. But this fixed itself a few hours later it seemed.
The final thing she did was to reboot again, and first in an administrator command prompt type “dism.exe /online /cleanup-image /restore-health” and in an administrator Windows Powershell type “Get-AppXProvisionedPackage -online | Remove-AppXProvisionedPackage -online”. Finally, the apps in Windows Store would install, and she had fixed it. Well done Microsoft for knowing your way around your system, but this was honestly a bit too difficult a fix to do. I’ve typed out this post because I haven’t seen all these fixes listed on the web previously, and it might be useful to someone out there.
Anway, big thanks to Microsoft for having patient technicians employed like this. But somehow, I’d rather that they listed these commands somewhere so that one could run them one at a time to observe the effects.
Introduction
This post has been sitting around in my drafts for about a year and a half. I have since abandoned this solution, preferring to encrypt my home partition only. But if someone finds it useful, I’ve published it here.
Background
Most solid state disks nowadays proudly claim that data is encrypted in the controller before being written to disk. But if no ATA password is set on the disk, then that encryption is not really of much use. All it does is prevent someone from disassembling your SSD and reading the data off the flash modules without the controller, and ensuring that a secure erase can be performed quickly. This is not much use for me, as I was trying to guard my data on my laptop against theft, while not compromising on performance.
One vital part of a proper security system is protecting “data at rest”, i.e. preventing data on your laptop from being accessed if it is lost or stolen while turned off. For this, Full Disk Encryption (FDE) is generally the best solution, but if your CPU does not support AES-NI, then implementing FDE on the operating system level can cause throughput to be painfully slow (around 40 MB/s through the encryption pipeline on my AMD E2-1800), and CPU intensive. Not ideal for a laptop, and having spent all that money on an SSD, very annoying to have to compromise between speed and security. Step forth the SSD controller, a small chip on your SSD that manages the interface between SATA and flash modules. Samsung’s newest SSDs use a triple-core ARM controller, so wouldn’t it be cool to offload responsibility for FDE to this controller, since it is already doing it?
Leaving aside issues of whether to trust your SSD vendor’s claims about a proper keychain of trust, I at least wanted to use the provided encryption of my solid state disk. The big problem I faced though was that my BIOS did not support setting an ATA password, nor did it support unlocking an already set ATA password (ATA passwords can be set and unlocked using hdparm on linux. But make sure you can boot a live USB disk to unlock it again if your BIOS turns out not to be able to unlock it, otherwise your system may be unbootable).
Solution
After a bit of thinking, my solution turned out to be:
-Ensuring my computer could boot a USB disk if the SSD was locked (check boot order in BIOS)
-Prepare a USB disk which would boot, run hdparm, ask for the password, unlock the SSD, and hand over to the linux installation on the SSD. Henceforth called the drive-unlock-stick (DUS).
-Set the ATA password on my SSD.
-Verify that the setup worked (it does)
-Test for additional problems caused (one big one: Suspend to RAM does not currently work properly, described below)
Preparing the “drive-unlock-stick” (DUS)
Firstly, consider that you will need this disk every time you boot your laptop. Either, you could use this opportunity to implement a form of two-factor authentication (to boot you need both the DUS and your password), or find a USB disk small enough that you don’t mind leaving it in your computer. I chose the latter, and for the added performance benefits of USB 3.0, bought a compact USB disk off amazon.
The DUS must be bootable, so set up syslinux. This involves making sure that the partition on the DUS has the bootable flag set (check with fdisk for example), copying the syslinux MBR onto the DUS, installing the syslinux bootloader, and writing the configuration file.
Next thing you need is a linux kernel and an initial ramdisk environment in which to run hdparm. I’m using Arch linux, so I scripted a hook that would load the drivers to interface with the disk (ahci in my case, but check using lsmod), load the drivers to eventually read the filesystems of my boot and root partitions on the SSD, ask for the password from the user, unlock the drive, do a bit of magic by unloading the driver again and reloading it, freeze the drive security, to prevent setting another password in the operating system, mount the boot and root partitions of the SSD, and hand over control to the original linux kernel on the SSD through a kexec call, from which point normal booting continues. This requires some work to get right, and my current solution still spews a lot of errors when the ahci module gets confused, and I think it has a 5 second timeout somewhere that slows it down quite a bit, but it works.
Since writing this post back in 2013, I seem to have lost the configuration files. But the above descriptions seem to sum the method up nicely.
This post details my time in Tokyo and returning to Singapore via Kuala Lumpur in January 2013. It has taken a long time to find the time to finish off the writing, but it is finally ready. So without further ado, the post begins in earnest:
The trip from Kanazawa to Tokyo was nice, if a bit long. At the station where we changed to the Shinkansen, we had an hour wait, because the first train to pass was very full for rush hour. Commuting inter-city must be a pretty arduous routine, but people in Japan seemed to do it.
This post is a bit different from my previous posts, but I thought it was interesting enough to post, and it might help someone in the future.
The issue at hand is to get music onto my iPhone 4 running iOS 6, using only a Linux machine. Unfortunately, the iTunesDB on the phone is encrypted on iPhone 4 and up, and the excellent libgpod team have not been able to reverse-engineer it yet, so USB syncing of music is not possible natively on Linux. From this there are two obvious workarounds: jailbreak your phone, and use some of the programs available on Cydia to enable adding music to the iTunesDB, or somehow get your iPhone talking with a real iTunes installation.
I chose the second option, but iTunes does not work very well on wine currently, so I chose to install windows on a virtual machine. I had a Windows 7 OEM license bundled with the laptop, so I set up Virtual Machine Manager and Qemu, and installed iTunes on top of this. This works very well with the RedHat virtIO drivers for networking and virtual storage, highly recommended.
To allow the iTunes on my virtual machine to see my music stored on my linux box, I set up a Samba share, restricted to the virtual network. iTunes 11 no longer has the option to add an entire folder to your library from the menu, but you can still drag and drop folders from Windows Explorer into iTunes, which took a while, but worked.
I was able to get USB passtrough to the virtual machine working for a short while, long enough to get the iPhone recognised in iTunes, but this was painfully slow. I ticked the box for enabling wifi sync in iTunes, and left it for the next day.
The wifi sync feature requires a Bonjour connection between iTunes and the iPhone, but unfortunately Bonjour cannot bridge from the virtual machine over virtIO, and the other virtual network devices I tried did not work well. Finally, i found mdns-repeater a small program that does exactly what I want: it runs on my Linux machine, and forwards Bonjour packets from the virtual network between the host and virtual machine, and the wireless network on which my iPhone and Linux host are both connected. Using this, iTunes and the iPhone can see each other, and I am syncing with around 10 Mbit/s, much faster and more reliably than with the USB passtrough solution.
If anyone finds this useful, feel free to ask questions if you need a step or two fleshed out. I’ll be happy to help. 🙂
(Note: This blog post will be a bit more terse, since there is so much to cover)
January the first dawned cold and clear. We were in Hiroshima, and decided to visit the Atomic Bomb Museum, as it is unofficially known. The museum is very tasteful and respectful, while also being informative, and promoting the worthy idea of global nuclear disarmament. Outside the museum is the Peace Memorial Park, which also incorporates the iconic A-bomb dome, the building closest to the blast that remained standing (barely), largely due to the bomb actually exploding above it. A very sobering way to start 2013.
Continue reading “Japan part 3: Whistlestop tour of the Land of the Rising Sun”
jpamills 