Sad Day Indeed

I’ve been using Firefox since before it was Firefox, and having checked up on Wikipedia just now, that would have been around 2002.

ffOver the years, the developers have made some decisions which I disagreed with, although often there were user-developed extensions which restored lost functionality or appearance. Probably the worst faux pas was dropping the universally-familiar search dialog box for the unergonomic bottom bar.

Being paranoid cautious about internet security, I’d installed blocking extensions and rules, so that my Firefox was very tightly tied down. That meant that some sites didn’t work until I fiddled with the rules, or sometimes didn’t work at all. For the latter case, I always had an alternate browser I could run up, rather than waste time debugging a site I probably wouldn’t visit again.

I’m also a fussy old bugger, and I like web sites to look the way I want them, not the way the idiot designers did. For this, uBlock Origin, the ad-blocker, has “cosmetic filtering” where it will suppress display of some elements of the page. I also installed Greasemonkey, which can actually rearrange the page via CSS.

Google’s Chrome browser now has, by far, the largest “market share” in desktop browser software — about a factor of three over Firefox in second place. But Chrome is a notorious snooper, reporting everything you do back to Google. I would never use it.

Chromium, the open-source core of Chrome, is somewhat less intrusive, but still “phones home” with some data. The derivative I have installed as my alternative browser is Iron: Chromium with the spying ripped out.

But I still stuck to Firefox for most browsing. Some stuff is just easier to do, compared to the Chrome family.

That was up until yesterday, when I installed the latest Firefox release, 52.0, and found that it had a problem. The Linux version no longer supports the native Linux sound subsystem. Instead, the developer has decided to route sound from the browser to a third-party sound application called PulseAudio.

Now, a lot of Linux systems come with PulseAudio pre-installed, so it may not be a problem for many users, perhaps the majority. Applications, such as movie players, usually try PulseAudio first, and if it’s not running, fall back to the native sound subsystem, ALSA, and everything works fine. Firefox used to do that too, but although the code is still there, the developer has disabled it. He says it’s “too hard” to maintain.

I don’t have PulseAudio on my systems, for a couple of reasons. One; it’s designed badly: it’s architecturally wrong. And two; it doesn’t do anything useful.

The original concept for PulseAudio was that it would be a totally new sound architecture for Linux, from the user’s software to the hardware. It never happened. When they found out that sound drivers were difficult to write, and that there was a huge diversity of hardware, and that there were hundreds of working ALSA drivers anyway, the decision was made to put PulseAudio “on top of” ALSA, with PulseAudio interfacing to the software, but ALSA driving the hardware.

Supposedly a temporary measure, it’s actually stayed that way for years. To have a working PulseAudio, you have to have a working ALSA subsystem, so in my opinion, you might as well use ALSA directly.

It’s a long time since I even tried to get PulseAudio working, but I’ve heard that some people have had problems, from no sound at all to stuttering, to unacceptable latency. (PulseAudio has a solution for applications which only work with ALSA: they’ve written a translation layer which translates the ALSA API to PulseAudio. Then PulseAudio translates it back to ALSA and sends it to the device drivers. Latency? – there’s your problem.)

As is often the case when people make a stupid decision, the Firefox developers have closed ranks and become stubborn, and it looks as though ALSA support is gone for good. Imagine if they did the same in Firefox for Windows: dropping support for native Windows sound in favour of a third-party product. “Most people have it installed, and if not, they can install it, and if they can’t… well, tough.”

I’m typing this into WordPress via the Vivaldi browser. I’ve only been trying it for about half a day, but it seems all right. I’ve installed uBlock Origin and Tampermonkey and have imported my blocking rules and my scripts from Firefox. And Vivaldi was able to import all my settings from Firefox itself. I think it’s going to be OK.

(My blog titles are often song titles. It’s Leatherface this time.)

 

Advertisements

Faster, Pussycat

babbageWhen a Linux system starts up, it calculates the processor speed. (I don’t know why. I can’t imagine timing loops going on in the kernel.)

In the early days of ‘mini’ computers, manufacturers invented the term “MIPS” — “million instructions per second” — for marketing purposes. “Or processor does more MIPS than yours, nyaah nyaah nyaah.”

Commentators pointed out that the number of instructions per second meant different things on different processors. One company’s machine could easily be faster doing real work than another’s which had a higher MIPS rating. One response was to try to compare speed to a specific standard, for example “VAX MIPS” after Digital Equipment Corporation’s VAX mini.

More cynical observers simply redefined MIPS to mean “meaningless indication of processor speed”.

Another feature of that heady period of computer innovation was the language. I don’t mean Pascal and Ada; I refer to the spoken language of nerds as documented in the “Hacker’s Dictionary“. There were useful terms. For example, software might not be working because it is “broken” — contains a bug — or it might not be working because it is “brain-damaged” — designed wrongly from the start.

I still tend to use some of the words (in my head, at least), one of which is “bogus”. In normal English, it means counterfeit or fake, but in Hacker there’s a wider meaning, including useless or incorrect. “Man, your hashing algorithm is totally bogus.”

(I think I remember Bill and Ted using “bogus” in the Hacker sense. This and other Hacker terms leaked into Californian slacker culture. Excellent!)

The Linux indication of processor speed, printed out on startup, is “bogomips”.

(I’m trying to resurrect a tiny laptop I pulled out of a skip a number of years ago. A 300MHz Mobile Pentium MMX processor, coming in at 600.84 bogomips. In comparison, my everyday computer has two processor cores, each rated at 4991.12 bogomips.)

A Whiter Shade of Pale

I don’t much like Google’s data-slurping, and have set my default search engine to DuckDuckGo, but I’ve continued to use Google’s maps. (I do also use Openstreetmap, and even Bing Maps sometimes.)

But, maybe it’s my old eyes, but Google’s map colour scheme is now so washed out that I find it almost unusable. Road edges are light grey on a white background, for example. I’d imagine that someone who is genuinely vision-impaired would find the product totally useless.

firefox-google-maps

To check that the problem wasn’t with some “feature” of Firefox, I tried Chromium (the slightly-less snooping-enabled version of Google’s Chrome) but the maps looked the same. However, my internet searches revealed that there is a High Contrast extension for Chrome, and it works perfectly.

chromium-google-maps

I couldn’t find a similar add-on for Firefox. There are configuration settings for Accessibility, but they affect all sites, and only work if you have a high-contrast desktop theme. Firefox is adopting a new framework for extensions, supposedly compatible with Chrome, so maybe High Contrast will become available.

But the question remains: what do the Google map developers think they’re playing at?

Trust Us, We’re the Government

The Transportation Security Administration in the USA licenses two companies to design luggage locks which can be opened without damage by TSA agents if they need to search a case. The TSA has a set of master keys — the correct one to use should be indicated on the lock, for example, saying “TSA002”. If the agents need to open a case which has an unapproved lock, they will break in.

I have no idea how many master keys have been issued, but they are in use at 450 airports, so the number must be in the thousands. And are all TSA employees so well-rewarded and motivated that they are incorruptible? No.

TSA-lockTherefore, I imagine that professional criminals got copies of the keys as soon as they were issued, if not before. But then the Washington Post innocently published a photo of the master keys, which allowed smart amateurs to code up a 3-D printer file. You can now download it and print your own, working, master keys.

Now, anyone with an interest in security would have predicted this exact outcome when the idea of a “secret” key for everyone’s baggage was suggested. A security mechanism with a “back door” which can be opened by officials can always be opened by criminals too.

And guess what the security agencies are always asking for? A “back door” into secure computer products. Of course, they say, access would only be granted to highly-trusted officials. Nobody else would know the secret codes. Absolutely not.

The lock on your luggage is supposed to prevent the contents being stolen, or at least, to keep them private. (One TSA agent was sacked after he left a note in a passenger’s suitcase, congratulating her on her ‘sexy” underwear.) The little lock icon in your browser’s address bar indicates the same purpose: you can reduce the risk of criminals stealing from you, and you can keep your browsing private.

For some people, it’s more than that, a matter of life and death. If you lived in, say, Saudi Arabia, you would really, really want your communications to be secure. They crucify or behead bloggers there.

Every time the CIA or GCHQ or the like try to lobby politicians, asking for back doors to be made legally compulsory, security experts point out the stupidity of the idea, and the weakness of the argument in favour of them, which usually amounts to “Wooo! Terrorists!”. Just the other day, the French government responded to their spooks to say that back doors were out of the question. But they always come back.

In the UK, there’s a new government-approved standard — Secure Chorus — for voice encryption. And guess what: it doesn’t so much have a back door as a gigantic back hangar door that you could fly a jumbo jet through. It’s not compulsory though. Yet.

Traditional intelligence and policing work is hard. It can work, but it needs time, manpower and loads of money. The intelligence agencies will keep asking for back doors because they think it would make their job easier. Collateral damage to citizens is not a consideration. Just look at the tens of thousands of thefts per year in American airport baggage handling.

Who Am I?

I wanted on line access to my income tax records, so I had to register with a commercial identity verification service. Of the ones in the scheme, I chose the good old Post Office, because Prime Minister Corbyn is going to re-nationalise it, as in civilized countries like France and Germany.

The Post Office web-based process is simplest, because you only need to prove you have a mobile phone (for two-factor authentication); a credit or debit card in your own name; a passport; and a UK driving licence. For the banking bit, they charge 0p to the card to ensure that it exists, but for the passport and driving licence, they can look them up in the government databases.

Except they can’t. The system doesn’t accept a licence issued in Northern Ireland, although it looks as though they might have thought about it: there’s an “Issuer” field, but it’s disabled.

qrcode.annaghvarnPlan B, then, was to use the Post Office Android app. It worked, but it all seemed… odd. First, you use the app to read a QR code which the website shows you. Then, the app brings up a camera window, which you use to photograph your passport. Finally, another camera with a head-and-shoulders outline, which you use to frame a selfie. Or two, rather, because it wants you to move in a three-dimensional manner between shots to prove you aren’t a flat photograph.

Then it uploads the results, and some humans (probably) in an office somewhere try to read your passport details and compare the selfie with the passport photo. Mine failed the first time because the passport image wasn’t good enough. Passports won’t sit flat, so the next time I put it under a sheet of glass.

With the app, you only need the passport, not the driving licence, because it’s a “more secure” process. Hmmm. Maybe.

linux, elephant, penguin

Something Rotten In The State Of Linux

I can’t remember how SunOs 4 startup worked, but it’s certain that I was first exposed to the “System V” system with SunOS 5, marketed as “Solaris” from its release in 1991.

Right from the beginning, I thought it was absurd. I was OK with the concept of “run levels”, representing “single user”, “multiple users”, “graphical interface”, and so on, but each run level was implemented by a set of scripts accessed by symbolic links, the name of which defined its activation and order of execution.

As an example, if I look at this current Linux laptop wot I’m typing on, /etc/rc3.d/S13networking does whatever is needed to get the machine’s network working. But that isn’t a real file, it’s a link to /etc/init.d/network but the init system needs to know to start it before /etc/rc3.d/S15nfs-common (a link to /etc/init.d/nfs-common) because network files can’t work before the network is up.

The same real file /etc/init.d/network is also linked to /etc/rc1.d/S13networking and /etc/rc5.d/S13networking in order to start the network in these different run levels. That means you need to remember that changing the real file to fix something affects all run levels, or changing the prefix because something else needs to run first will have to be done separately for all run levels.

It’s a rats nest, and many people don’t like it, so there have been many ideas for different schemes. But the fact that my Linux machine in 2015 still uses the same system is evidence that none of the replacements was significantly successful.

Until now. An init system called “systemd” is beginning to be implemented in most major varieties of Linux.

And it’s an abomination, worse in many ways than the ancient System V init. All software has bugs, but some software is designed wrong, and systemd is one of those, because the thinking behind it is wrongheaded. A key strength of Unix-style operating systems has always been the loose coupling of functions, encapsulated in the idea that programs should “do one thing, and do it well”.

Systemd tries to do many, many things. From a developer’s perspective, that inevitably makes it big and complex and difficult to maintain. And some of the things it wants to do are actually operating system functions. It’s clear that what the originators of systemd have in mind is an operating system on top of an operating system. Systemd will control users. Systemd will control devices. Systemd will control security.

linux, elephant, penguinThe thing is, a Linux system already has all of those functions. Loose-coupled, with software that “does one thing, and does it well”, so that any bug is localized, and easy(-ish) to isolate and fix.

So why has systemd been widely adopted if it’s obviously not fit for purpose? Well, it’s actually one of its worst flaws which has propelled it to success. The monolithic nature and lack of separation mean that you can’t have just a bit of systemd, you have to eat the whole elephant.

The Gnome project, for example, has adopted the “logind” part of systemd to manage the different users logged in, thus making systemd what developers call a “dependency”: you can’t easily have a recent version of the Gnome desktop unless you have systemd installed. (“Wait a minute,” you may say, “Different users logged in? I have a laptop with one user: me.” Well, exactly. The dependency on systemd is to handle a situation that doesn’t apply to the majority of users, but you still have to have it, or else the whole thing won’t work.)

Another project with a dependency on systemd is udev, the Linux process which looks for hardware changes and makes the device available to other software. For example, plugging in a USB hard drive will allow the folders in it to be accessed. Part of that process is handled by udev.

It’s udev which is bending my brain at the moment. I was lying when I talked about the whole elephant; or, rather, being foresighted. The current version of udev only needs one software library from systemd, but the project development has been merged with systemd, and it looks certain that the whole elephant will return, angrier than ever.

My current Linux systems use udev, and thus are contaminated by systemd, even though I don’t use it as the init system, and never will. The basic graphical interface, xorg, depends on udev to tell it about mice and keyboards (which means you can plug in, say, a second mouse and have it work immediately. But how often do you do that?) but I’ve discovered how to configure xorg to use separate drivers, and that’s working fine.

The other essential thing that isn’t working yet without udev is network devices, ethernet and wifi, which will take more work. And not absolutely essential, but nice, would be the USB drive thing. It would be easy to set it up as a fixed device, but having it appear and disappear will require some programming.

If you found this blog by desperate internet search, wanting to get your Linux system working properly and efficiently, well, I’m only a seeker too. I have no definite answers, but what I do may well incorporate the “mdev” element of busybox, or maybe “eudev” from the Gentoo project. Go search.

Sold

I’ve just been reading about eBay’s security breach, in which names, dates of birth, phone numbers, physical addresses, email addresses, and “encrypted” passwords were copied from servers. Naturally, the company is trying to put a brave face on things — while asking users to change passwords “as a precaution”.

(I say “asking users” but they haven’t asked me. The only information I have is from the press.)

But when you do log on to eBay to change your password, you’ll find that there is a 20-character limit on its length. A minimum password length is fine, but a maximum rings alarm bells, raises red flags, and causes other miscellaneous symptoms of concern. Here’s why.

The proper way to do passwords is to use a hashing function. This is a mathematical process whose most important feature is to be one-way. That is, you can transform a password into its hash, but you can not transform the hash back into the password.

If that’s hard to understand at first sight, think of a system where the password is a 4-digit number, and the hashing function is “add up the digits”. So 1234 transforms to 10, but you can’t get the digits back if all you know is 10. (In reality, a hashing function shouldn’t give the same hash for different passwords, so anything like this one would never be used.)

In real systems, a new password is put through the hashing function and the hash is stored. Then when the user tries to log in, the supplied password is put through the hashing function and the result compared with the stored one.

When you design computer systems for millions of customers, the amount of storage which you need is a concern. You don’t want to waste space: it costs money and slows things down. In the case of eBay’s database, the analyst or designer would have specified maximum lengths for the data — for example, you know the maximum size that a phone number can be.

So just 20 characters for the password, then? No, but wait! You aren’t storing the password. You are storing the hash, which is a fixed-length number, regardless of how long the password was.

Why the 20-character limit then? The worrying possibility is that eBay are storing the password itself. It’s not clear if their wording implies this, in saying that the stolen data contained “encrypted” passwords, or if they were simplifying to avoid having to explain what hash functions are.

There are online systems (e.g. Tesco) which do store the users’ passwords, encrypted with a reversible algorithm, allowing the password to be easily recovered. This is universally recognized to be very, very poor security practice, because if (when) the data is stolen, the hackers can very quickly generate a full list of passwords. (Most of them will be “password” anyway.)

If a database of password hashes is stolen, it’s not impossible to recover the passwords, but it’s difficult, and likely to require massive amounts of computation. That’s why GCHQ & the NSA have supercomputers. A basic hashing function is rarely used on its own either, with features added (such as “salt”) to make it more difficult to crack.

The typical attack on a hash is to take a list of possible passwords (e.g. “password”) and try each one in turn. First, you’ll use a dictionary of common words (e.g. “password”), or maybe a list of known passwords from elsewhere (e.g. “pa$$word”. You thought you were so clever.) If you run out of ideas, there’s nothing for it but to exhaustively try all combinations of letters and symbols allowed, starting at aaaaaa, then aaaaab and so on, all the way up to ZZZZZZZZZZZZZZZZZZZZ.

That’s why it’s a fundamental law of computer security that a long password is a good password. The computation for the hackers trying to crack it increases exponentially for every additional character. A 20-character limit on eBay is bad in itself, but could also be hinting at a deeper problem.

xkcd on password strength