Inspirated

This morning I woke up to one of the most pleasant surprises I have had in years. I received an email from my 7-year old nephew:

Subject: my first program in scrach :)
Attached: kitty-playing.sb

Since I had never talked with him about Scratch before, I immediately wanted to know how much help he received from his parents for this achievement. In words of his mother: “We both tried Scratch first and then helped him. In fact in few things Sharun helped us to understand.” The fact that he is self-motivated to explore and learn about Scratch made me even more ecstatic about his work.

Here’s his code in action:

(Click on the thumbnail for larger version.)

Most of the people I’ve known as code-lovers remember their first ever computer programs. While my first program pales in comparison to the complexity and fun of Sharun’s Scratch creation, I do remember going crazy over the infinite loop. Here’s to hoping he doesn’t end up turning off his PC to put an end to:

10 PRINT "hello world"
20 GOTO 10

In any case, given that I was 14 at the time and my nephew is only half that age I cannot wait to see what he produces in the upcoming years.

The great thing about a command line application is being able to SSH into the thing from anywhere and with anything. Nevertheless, the general public appeal of GUIs has always remained undeniable. After all, over the decades one of the favorite pass times of Steve Jobs — the man who knows a thing or two about public appeal — has been suing and/or getting sued for patents related to GUI. It’s not to say that we are planning an iTorMonitor for App Store (you still have iSSH if you’d like), but a graphical interface shall hopefully go a long way for attracting newbie relay operators.

The first items to be ported to GUI were the bandwidth graphs. After a thorough discussion on #tor-dev regarding how to achieve graphing with respect to feature sets, packaging issues and wheel reinvention; cagraph was chosen as the way to go (among Matplotlib and drawing directly to GDK surfaces). I took screenshots of both interfaces running side-by-side in order to judge how accurate the graphs were and the results look fine:

(Click on the thumbnails for larger version.)

Next up were the log messages dispatched by arm or Tor. While Damian would not be entirely happy with the fact that I’m not terribly innovative with the UI translation ;-) , I did stumble upon an interesting side-feature of using timestamp based sorting. The user can sort the entries in ascending order and he’ll always see the recent-most entry as it pops up in the view, or he can revert the order and see old entries at his leisure while the new entries populate elsewhere below.

(Click on the thumbnail for larger version.)

One other aspect I noticed while designing the UIs was that I have atrocious color selection skills. The color scheme of the entire application isn’t consistent and might even invite a backlash once it goes public. Therefore I plan on discarding all hardcoded colors in favor of theme colors from GTK+ itself — lest the GUI be packaged into a separate arm-trippy once it makes to major distros.

Xavier graciously invited me to BBC’s Islamabad Studios again today for discussing the recent developments on the cyber crime landscape. You can listen to the podcast directly or use the player below to stream the audio:

The first thing that comes to mind after seeing “curses” and “Python” in the same sentence is “go away or I shall taunt you a second time”. After spending a while trying to write text-mode interfaces, it only starts ringing truer.

Coding period for Google Summer of Code 2011 officially began last week. Because of exams and some subsequent issues involving my university I had been lagging behind my intended schedule. With help from Damian Johnson though I was able to get my feet wet quickly and start integrating menus in arm. Luckily, the arm codebase was very well-written and neatly organized which simplified my task and allowed me to end up with a functional implementation by the end of first week:

(Click on the thumbnail for larger version.)

The code can be accessed via my Git repository at Tor Project. In addition to that I also now own a shiny krkhan@torproject.org email address which is currently setup to forward messages to my primary mail.

Menus still needs a bit of polishing as the controls are not completely intuitive and I still need to bug-hunt thoroughly on varying screen sizes. For the time being they work well enough to control all aspects of arm except for quitting or resetting Tor, which I shall be fixing after figuring out a few quirks.

“As a child my family’s menu consisted of two choices: take it or leave it.” — Buddy Hackett

“Give me your tired, your poor,
Your huddled masses yearning to breathe free,
The wretched refuse of your teeming shore.
Send these, the homeless, tempest-tost to Xfce!”

I was invited to BBC’s Islamabad studios today to participate in their World Have Your Say program regarding Sony’s Playstation Network being hacked. It was really fun, and while I was a little nervous about going on-air live on BBC World Service I tried to explain the difference between PSN and console-homebrew hackers as well as the importance of educating the users about their security. You can listen to the podcast directly or use the player below to stream the audio:

After completing my project for last year‘s Summer of Code my degree was delayed for a while because of flunking a few courses. Glass half full, this gave me the chance to participate once more before I finally graduate this summer — Deo volente.

In a repeat of last year I once again became a duplicate student as my proposals for both Fedora and Tor projects ended up in top slots. Both organizations were really nice in the de-duplication process and inquired about my preference which inclined towards Tor since it allowed me to contribute to fields of privacy and anonymity. In words of Free Software Foundation:

Using free software, Tor has enabled roughly 36 million people around the world to experience freedom of access and expression on the Internet while keeping them in control of their privacy and anonymity. Its network has proved pivotal in dissident movements in both Iran and more recently Egypt.

This by no means implies any lesser significance for Fedora in my life and I would have been as much enthused had it been my mentoring organization for the summer instead of EFF. However, since I had to make a choice I went for the option where I would be contributing more directly to privacy enhancing technologies.

My project this summer revolves around improving the excellent Anonymizing Relay Monitor (arm) which is used by the Tor community to monitor and control bridges and relays. The complete proposal can be read here (or via the original PDF). It contains nitty-gritty details of my summer aspirations as well as non-technical stuff like why I want to contribute to this particular field.

I Know What I Did Last Summer, and I’m looking forward to doing it again. Quoting myself from FLOSS Manuals:

“Summer of Code is about much more than just code. The sheer fun of integrating with the open-source community and your mentoring organization can in fact outweigh the gratification of actual coding. “

Just spotted this comment on Gnome Bugzilla:

I would like to extend my thanks to the gnome team/community for a great last
moment with my dad.

Adrian Hands (my father) wrote the patch above to improve the usability of
gnome for himself and others. You see my dad was suffering from ALS and his
hands were so crippled he could no longer use a keyboard. Thus we used a Darci
usb morse code keyboard emulator to help him type. Even the morse code device
was a struggle as the sensitivity adjustment and positioning of the nice two
paddled key would fall out of whack. I rigged up a pvc cage that wrapped around
his knee and fixed remote switches to the cage so that he could use the
remaining strength in his legs to operate the Darci morse code device. He used
this last bit of body movement to write this patch.

My father passed away yesterday. I went back through my email to find our last
correspondence (he was in India for treatment, and I live in Raleigh). I would
like to share the email with you.

On Sun, Jan 30, 2011 at 12:16 PM, Adrian Hands <handsadrian@gmail.com> wrote:

> ACCEPTed
> COMMITed
> RESOLVEd
> BOO-YAH!
>
> commit 0b209b1ff16e863e60a1d86413aa57c5fbde76b0
> Author: Adrian Hands <handsadrian@gmail.com>
> Date:   Fri Dec 31 14:34:58 2010 +0100
>
>    Add Copy Image and Copy Path to clipboard functionality
>
>    Fixes bug 78514.
>
>  data/eog-ui.xml  |    9 +++++++
>  src/eog-window.c |   63 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 72 insertions(+), 0 deletions(-)

I have the coolest Dad in the world!

I am so glad that my last comment to my Dad was something like this.

Adrian Hands loved free software / open source. I do as well.

Thanks so much for the great software, and a new great memory.

(Click on the thumbnail for larger version.)

“A hundred times every day I remind myself that my inner and outer life are based on the labors of other men, living and dead, and that I must exert myself in order to give in the same measure as I have received and am still receiving.” — Albert Einstein

Smolt is a hardware profiler for Linux distributions which makes it easier for end-users to report back their machine configurations to a centralized database. Mike McGrath provides an excellent backend for developing Smolt GUIs which I have coupled with GTK+ for GSmolt:

(Click on the thumbnails for larger versions.)

The script can be found at the gsmolt repository on GitHub. Things on todo list include profile reporting in a separate thread and better error handling. I’ll provide RPM and Deb packages when the code is ready for a public release.

As a side note, this is the first project I have tracked using GitHub (as opposed to Launchpad + Bazaar). While Launchpad has its added advantage of PPAs which make it easier to push out public releases for Debian derivatives, I’m liking the Git experience so far. Hopefully some day Copr shall mature to a point where it can be the end-all, be-all Launchpad alternative for Fedora users.

After a day of extensive Wireshark voyeurism I was finally able to connect to PSN on my 3.55 custom firmware through my Fedora box. This guide documents the procedure I used.

Requirements

The PC side of things:

• Fedora 14. Any other Linux distro or even Windows machines can work, but since my primary OS is Fedora that’s what the guide shall be focusing on.
• Internet connectivity on a separate interface than the one you’ll be connecting PS3 on. For example, my laptop connects through internet wirelessly while the PS3 is connecting to laptop through Ethernet.

The console side of things:

• A custom firmware installed without level 2 patch. kmeaw is recommended.

Basic familiarity with Linux can be helpful. Please note that the guide requires you to mess with the flash memory of your PS3. If you aren’t paying attention you can end up with a FUBAR clinker.

Setting up the firewall

On Fedora, go to “Administration” > “Firewall” and provide the root password. In “Trusted Services”, enable the following:

In “Other Ports”, click on “Add” and select port 8888 for tcp.

Setting up a shared connection between Fedora and PS3

On Fedora:

1. Connect to your wireless network.
2. Right click on the Network Manager icon in the system tray and click on “Edit Connections”.
3. Under the “Wired” tab, click on “Add”.
4. Under the “IPv4 Settings” tab, select “Shared to other computers” as the method.
5. Ensure that the “Connect automatically” box is checked.
6. Click on apply.

On PS3:

1. Under XMB, go to “Settings” > “Network Settings” > “Internet Connection Settings”.
2. Select “Custom”.
3. Select “Wired Connection”.
4. Select “Auto-Detect for operation mode.
5. Select “Automatic” for IP Address Setting.
6. Select “Do Not Set” for DHCP host name.
7. Select “Automatic” for DNS Setting.
8. Select “Automatic” for MTU.
9. Select “Do Not Use” for Proxy Server.
10. Select “Enable” for UPnP.
11. Connect the Ethernet cable and test the connection.

At this point, you should get the following result:

Obtain IP Address: Succeeded
Internet Connection: Succeeded
(A system software update is required. Go to [Settings] > [System Update] and perform the update.

To verify everything is working correctly, go to “System” > “Network Settings” >”Settings and Connection Status List”. You should see the following:

IP Address: 10.42.43.10
Subnet Mask: 255.255.255.0
Default Router: 10.42.43.1

Similarly, if you right click on the Network Manager icon in Fedora and click on “Connection Information”, you’ll see the following information for the shared connection:

IP Address: 10.42.43.1
Broadcast Address: 10.42.43.255
Subnet Mask: 255.255.255.0

As one last step for verification launch the Internet Browser on PS3 and see if it works.

Installing the proxy server

1. Login as root.

   $ su -

   $ su -

2. Download Charles for Linux.

   $ wget http://www.charlesproxy.com/assets//release/3.5.2/charles.tar.gz

   $ wget https://www.charlesproxy.com/assets//release/3.5.2/charles.tar.gz

3. Extract the tarball:

   $ tar xvzf charles.tar.gz

   $ tar xvzf charles.tar.gz

4. Change into the binary directory for Charles and add execute permissions to the launcher script:

   $ cd charles/bin/ $ chmod a+x charles.sh

   $ cd charles/bin/ $ chmod a+x charles.sh

5. Launch Charles:

   $ ./charles.sh

   $ ./charles.sh

6. Cancel the Firefox proxy configuration dialog. It isn’t needed for PS3.
7. Go to “Tools” > “Proxy Settings” and ensure the HTTP Proxy is listening on port 8888.

On PS3:

1. Launch “Settings” > “Network Settings” > “Internet Connection Settings” again.
2. Use the same settings as before but under “Proxy Server” specify 10.42.43.1 as the address and 8888 as the port number.
3. Test the connection. Charles should display a prompt about PS3 accessing the Internet, select “Allow”.

Just like before, ensure you can use the Internet Browse on PS3.

Finding the addresses of authorization and update servers

Restart your PS3 and try to sign in on PSN. Under the “Structure” tab in Charles you’ll see a server your console has communicated with during the process. For example, the “authentication” server is https://auth.np.ac.playstation.net:443/. In the list you’ll find the “update” server for your console (which differs from region to region). In my case, the update server was https://feu01.ps3.update.playstation.net/. Fire a console and find the IP addresses for both of these servers:

$ dig auth.np.ac.playstation.net

; <<>> DiG 9.7.2-P3-RedHat-9.7.2-5.P3.fc14 <<>> auth.np.ac.playstation.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8848
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;auth.np.ac.playstation.net. IN A

;; ANSWER SECTION:
auth.np.ac.playstation.net. 2893 IN A 199.108.4.73

;; Query time: 46 msec
;; SERVER: 203.82.48.3#53(203.82.48.3)
;; WHEN: Mon Feb 14 00:45:40 2011
;; MSG SIZE rcvd: 60

$ dig feu01.ps3.update.playstation.net

; <<>> DiG 9.7.2-P3-RedHat-9.7.2-5.P3.fc14 <<>> feu01.ps3.update.playstation.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16539
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;feu01.ps3.update.playstation.net. IN A

;; ANSWER SECTION:
feu01.ps3.update.playstation.net. 3600 IN CNAME a01.cdn.update.playstation.org.edgesuite.net.
a01.cdn.update.playstation.org.edgesuite.net. 54582 IN CNAME playstation.sony.akadns.net.
playstation.sony.akadns.net. 300 IN CNAME a192.d.akamai.net.
a192.d.akamai.net. 20 IN A 195.95.193.10
a192.d.akamai.net. 20 IN A 195.95.193.100

;; Query time: 952 msec
;; SERVER: 203.82.48.4#53(203.82.48.4)
;; WHEN: Mon Feb 14 00:49:07 2011
;; MSG SIZE rcvd: 203

Jot down the server names and their IP addresses:

Configuring the proxy server

In Charles:

1. Goto “Proxy” > “Reverse Proxies” and add two entries like this:

   
   (Click on the thumbnail for larger version.)

2. Download a spoofed ps3-updatelist.txt.
3. Goto “Tools” > “Map Local” and add the following entry (“Local Path” should point to the ps3-updatelist.txt you downloaded in the previous step):

   
   
   (Click on the thumbnails for larger version.)

4. Goto “Tools” > “Rewrite”, check “Enable Rewrite” and add a new set.
5. Use the following settings for location:

   

6. And the following for rules:

   
   (Click on the thumbnail for larger version.)

7. The rewrite settings should now look like this:

   
   (Click on the thumbnail for larger version.)

8. Go to “Proxy” > “Proxy Settings” > “SSL” and add the entry auth.np.ac.playstation.net in locations table.

Rebuilding Network Manager to mask PSN IPs

This can be a PITA for Linux newbies. Network Manager uses dnsmasq but hardcodes the configuration. Leaving us without any way of affecting the shared connection’s behavior without recompiling the RPM. If people are really having trouble with this part I’ll upload the patched RPMs.

1. Login as root:

   $ su -

   $ su -

2. Install build dependencies for Network Manager:

   $ yum-builddep NetworkManager

   $ yum-builddep NetworkManager

3. Download and install the source RPM for NetworkManager:

   $ yumdownloader --source NetworkManager

   $ yumdownloader --source NetworkManager

4. Install the source RPM:

   $ rpm -ivh NetworkManager-0.8.1-10.git20100831.fc14.src.rpm

   $ rpm -ivh NetworkManager-0.8.1-10.git20100831.fc14.src.rpm

   This will create a rpmbuild directory under the home directory for root.

5. Go to the SOURCES directory and download the patches:

   $ cd ~/rpmbuild/SOURCES/ $ wget https://inspirated.com/uploads/nm-applet-remove-dialog-sep.patch $ wget https://inspirated.com/uploads/nm-psn-access.patch

   $ cd ~/rpmbuild/SOURCES/ $ wget https://inspirated.com/uploads/nm-applet-remove-dialog-sep.patch $ wget https://inspirated.com/uploads/nm-psn-access.patch

   The first patch is a minor bugfix which causes compile errors. The second patche spoofs the authentication server’s IP address to 10.42.43.1 instead of 199.108.4.73. If you got a different IP address for auth.np.ac.playstation.net earlier with the dig command edit the second patch accordingly.

6. Download and build the spec file:

   $ cd ~/rpmbuild/SPECS/ $ wget https://inspirated.com/uploads/NetworkManager.spec $ rpmbuild -ba NetworkManager.spec

   $ cd ~/rpmbuild/SPECS/ $ wget https://inspirated.com/uploads/NetworkManager.spec $ rpmbuild -ba NetworkManager.spec

   If everything goes fine, the built RPMs shall appear in ~/rpmbuild/RPMS/<arch> directory.

7. Install the RPM:

   $ cd ~/rpmbuild/RPMS/x86_64/ $ rpm -Uvh --force NetworkManager-0.8.1-10.git20100831.fc14.x86_64.rpm

   $ cd ~/rpmbuild/RPMS/x86_64/ $ rpm -Uvh --force NetworkManager-0.8.1-10.git20100831.fc14.x86_64.rpm

8. Restart Network Manager:

   $ service NetworkManager restart

   $ service NetworkManager restart

Installing the spoofed certificate on PS3

The spoofed certificate Charles uses to intercept SSL traffic is in the docs directory of the tarball (charles-proxy-ssl-proxying-certificate.crt). Rename it to CA02.cer, put it on a USB stick and then head over to your console.

1. Install the AsbestOS installer and Comgenie’s Awesome Filemanager.
2. Restart your PS3, launch the AsbestOS installer.
3. The installer shall quit with an error about lack of level 2 access, press X to exit to XMB.
4. Launch Comgenie’s Awesome Filemanager. You’ll see a new device called /dev_rwflash which is providing read/write support to PS3’s internal flash.
5. Move to /dev_flash/data/cert, backup CA02.cer on your USB drive and replace it with the Charles certificate.
6. Restart your PS3.

Gluing it all together

So far:

• Fedora is sharing the Internet connection with PS3.
• PS3 is using Charles as the proxy server.
• Charles is all set to replace ps3-updatelist.txt as well as rewrite authentication headers.
• NetworkManager is patched to mask the authentication server’s IP address to 10.42.43.1.
• The CA02.cer certificate on PS3’s flash has been replaced by Charles’ spoofed certificate.

Try signing in to PSN now. You should see ps3-updatelist.txt file being mapped to the local version and 03.55 being replaced with 03.56 in the auth.np.ac.playstation.net header. If everything goes according to plan, this will be the result:

(Click on the thumbnail for larger version.)