The Slightly Disgruntled Scientist 7% more viral!

A Hybrid Kali/Debian Wheezy Live Distro

| Comments

There are two things that I particularly love doing: security auditing, and tinkering with live distributions. It is very intriguing to see exactly how weak or strong your own electronic devices are against various attacks, and sometimes very contrary to expectations.

This is, of course, an extension of my usual love of seeing exactly what new and strange things I can get my old electronic devices to do, which brings us to live distributions. Live distros are simply operating systems designed to work from removable media, usually across multiple, different devices. For example, I once turned an old laptop into an ethernet/wireless bridge for my games console, by creating a live distro that ran off a USB stick. Boot with the USB stick: it’s a bridge! Without the USB: it’s my old laptop again! This gets even better if you’re dealing with embedded systems, systems with no permanent storage, etc.

(Live distros are also a gateway drug to stateless distributions, which are absolutely fascinating for repeatable engineering processes, testing, compliance, etc.)

Kali is Amazing

Given these two interests, it’s amazing that I hadn’t heard about Kali Linux until last week. Kali is a Debian-based OS, primarily designed for live usage, that is all about security testing.

So what?

Anyone who has ever tried security testing from their main OS knows what a pain it can be. Patch these drivers. Downgrade these packages. Install this thing from git. Oh no it sprayed random files all over your meticulously managed distro lol oops sorry not sorry…

But Kali gives you a nice, safe live distro, complete with patched drivers, recent kernels, up-to-date software, etc. Run it, mess around, hack on whatever, check to see if the router you bought from that dodgy shop in Ultimo patched a nasty WPS vulnerability, then reboot back into your normal day-to-day OS.

I felt like a ninja. In a tuxedo. WITH POISON DARTS.

There Was But One Problem…

…and that was, Kali didn’t work too well on my machine. When using the virtual consoles (accessed by ctrl+alt+f1), I would have missed or repeated keystrokes. I couldn’t do serial debugging when running under Qemu. There were extra utilities that I wanted to install, and some cruft that I wanted to remove. Then I discovered that Kali actually provides instructions and repositories for building your own Debian-based live image.

At this point I’m just drunk on sheer technological possibility.

I’ve used live-build a lot before, and it’s a wonderful tool. Its major drawback is that it’s a fast-moving target, and Kali seems to be a little behind. Using the instructions on the website proved problematic with the version of live-build (4 point something) in Debian Wheezy (which is what I use for packaging and certain kinds of tinkering).

When I tried simply using live-build with the Kali repos as the main package source (as per their git repo), the live-config hooks didn’t run, which meant the live user wasn’t set up, the serial console wasn’t available, and so on.

Technical Analogies are Usually Garbage

| Comments

Analogies are a hugely important part of science communication. When done well, they can catalyse that “light bulb” moment for students. They can be an excellent way to convey the irreducible, interacting factors in a physical system. They can emphasise the primary point of a lesson. Or they can present an old idea in a new way, that might finally help a student to understand some tricky concept.

And then, there are politicians trying to talk about technology.

And politicians really only bother to talk about technology when they are trying to foul it up.

And when politicians are trying to foul up technology to satisfy an agenda, they will not carefully communicate difficult concepts in an accurate and enlightening way.

Politicians, and those who quote them uncritically, don’t talk in analogies to simplify things. They do it to make their awful agendas seem reasonable. They choose analogies by deciding on the outcome they want to sell, and working backwards to find some contrived situation that fits it.

The elephant in the room is, of course, that not everyone actually understands technology. Shouldn’t politicians do their best to communicate these concepts to a lay audience? But… they’re not doing that. They never are. Reject this premise.

I’ll illustrate this with an example: the Internet.

But I Don’t Know what an Internet is!

Say I want to usher in new laws to enforce mandatory metadata retention by telecommunications companies. What this means is: your internet service provider will be required, by law, to record certain parts of your internet data so that government organisations can inspect it at some later date. But which parts of your data actually qualify as “metadata” and will be recorded? Well, that’s a good question.

The big argument against mandatory data retention is that it is mass surveillance, an invasion of literally everyone’s privacy that can be all-to-easily abused. So if I were a politician, and I wanted to defuse this argument, I would try to sell the idea that there are two classes of internet data: the really personal kind that any patriot might want to keep secret, and the impersonal kind that can only betray you if you’re doing something evil or treacherous.

In other words, I would insist that “metadata” is in a fundamentally different class to “data”, and I would choose analogies to suit this distinction.

The Australian Liberal Party, and in particular Tony Abbott, love the analogy of snail mail. There’s a letter: that’s personal. They won’t look at that. Indiscriminate tampering with the post is widely regarded as taboo amongst even the most ardent security-state-loving conservative voters. But then there’s the writing on the outside of the envelope. That’s pretty safe! No one who is, well, doing the right thing would care about that being read! Or recorded by the post office! Or being accessed by hackers used by police!

You’re A Grown Up, Use Grown Up Words

You know what’s a good way to describe the internet? By describing the internet. There’s a protocol called the internet protocol that’s used to direct small amounts of data (packets) from one computer to another. There’s a protocol called the transmission control protocol that’s used to make sure the packets are assembled and given to the correct application at the destination. And then… there’s… more. A lot more. But these two protocols — together referred to as TCP/IP — are, basically, the internet.

Taxpayers' Money

| Comments

The phrase taxpayers' money is often deployed as the clincher in political discussions where a politician has little other justification for their policies. (So, most discussions.)

We don’t, the MP will say, as they remove their monocle and begin polishing it, want to waste taxpayers' money.

Some will even go so far as to claim that it is a fundamental right, equal in importance to the right not to starve to death.

I am all in favour of rights, the Prime Minister (Tony Abbott) said. I am also in favour of the rights of taxpayers not to have their money abused.

That’s a right now, huh? We’ll come back to that.

It’s interesting that it’s even referred to as taxpayers' money, rather than citizens' money. By definition, once tax is paid, it’s no longer owned by the payer. And when I say by definition, I mean the definition of pay, not of tax. That’s the entire point of paying, really.

And while there isn’t really any fundamental right for taxpayers to avoid having their money abused, there is a widely recognised right that everyone should have representation. And this means that tax revenue is owned by every citizen, to an equal extent — no more by a citizen who pays more tax than one who doesn’t pay any at all.

What this language really means is, we believe that those who pay more tax are entitled to a greater say in public policy, no matter whether it’s sensible or not.

The irony is that invoking taxpayers' money is pretty much always used to justify irrational use of tax, through policies that are emotionally satisfying to the wealthy but end up costing more and being less effective than alternatives. And nonsensical allocation of public funds clearly is an abuse of taxpayers' money, so for all the posturing about it, anyone using this phrase doesn’t actually respect such a right after all.

Punching Above Our Weight: Not Actually a Good Thing

| Comments

There is an oft-repeated phrase you might hear if you hang around disgruntled scientists for long enough, and it’s that “Australian science really punches above its weight.” I certainly heard or read it dozens of times while doing research for science policy, and it was always said in this proud and hopeful tone, like this is a good thing.

I don’t think it is.

Punching above your weight is a colloqialism that refers to boxing. Boxers are typically divided into classes by their weight, and a boxer who punches above their weight is one who is unexpectedly strong compared to others in their weight class. A very similar colloquialism might be “gets more bang for your buck.”

It’s worth noting, then, that Australian scientists tend to use the phrase that evokes the image of an overlooked underdog fighting for recognition, rather than the phrase associated with sleazy sales pitches. It also implies some sort of struggle or competition, as though our scientists are in a violent, high-stakes battle with scientists from other countries. That’s really the opposite of how global science is meant to work.

All it really means though is this: even though we don’t invest much public money in scientific research, we get an unexpectedly high return from it.

So isn’t this a good thing? Why shouldn’t we proudly proclaim this as we dance around the ring?

Ubuntu + Mac: Pure EFI Boot

| Comments

Don't need the wordy tutorial? There's a shorter version.

I recently bought a Mac Mini 6,1 (late 2012 model) to replace the giant tower PC I was using as a household server. Oddly enough for an Apple product, out of all the small-form-factor PCs around with a decent amount of power, it was by far the cheapest.

When I installed Ubuntu Saucy (13.10), I was initially faced with an unbootable system, which I eventually got to work. When Ubunty Trusty (14.04) came out I was hoping things would go better. Sure enough, there was a +mac variant installer available (buried behind several download pages), but ths used legacy BIOS booting. The non +mac variant simply gave me an unbootable system again.

This wasn’t good enough for me! I used Mike Hommey’s Debian EFI boot instructions, and adapted them for recent Ubuntu systems. The result was a Mac Mini that would boot Ubuntu Trusty in pure EFI mode, with no rEFInd and no OS X, and with an Ubuntu entry in the Mac’s bootloader menu.

Thank you Mike. They were excellent instructions.

Note that I’ve only applied this process to my situation: single-booting Ubuntu Trusty (14.04.1) on a Mac Mini 6,1. If you’re knowledgeable enough, you should be able to use this to dual/multi-boot, or boot other Linux distros, or use other Mac devices. But I haven’t tried any of that myself, so be prepared for some surprises.

Why EFI? Why Not rEFInd?

Because I can. Because of aesthetics. Because I’m an engineer, and if there’s a simpler way to make something work, I’ll try to find it.

If the legacy BIOS boot mode works for you, and you don’t want any fuss, use it! If rEFInd works for you, use it! These instructions are for people who just want to try it out, or perhaps for installer developers who want a starting point for a more general process.

Are there any benefits at all then? Sure:

  • I couldn’t actually figure out how to install rEFInd without keeping OS X installed, which meant giving over about 100GB of my 500GB drive to it. No thanks.
  • The Mac bootloader firmware seems to boot about 30s faster.
  • You have access to various EFI-related utilities.
  • You can make yourself a pretty Ubuntu entry in the bootloader menu!