Taking over Qcontrol upstream When I took over the qcontrol package in Debian, back in October 2012, I was aware that upstream hadn't been active for quite a while (since late 2009). I figured that would be OK since the software was pretty simple and pretty much feature complete. Nevertheless since I've been maintaining the package I've had a small number of wishlist bugs (many with patches, thanks guys!) which are really upstream issues. While I could carry them as patches in the Debian package they would really be better taken care of by an upstream. With that in mind I mailed the previous upstream (and original author) Byron Bradley back in February to ask if he would mind if I took over as upstream. Unfortunately I haven't yet heard back, given how long upstream has been inactive for this isn't terribly surprising so having waited several months I have decided to just go ahead and take over upstream development. Thanks Byron for all your work on the project, I hope you don't mind me taking over. Since it is unlikely that I will be able to access the old website or Subversion repository I have converted the repository to git and uploaded it to gitorious:

• https://gitorious.org/qcontrol/qcontrol/
• git://gitorious.org/qcontrol/qcontrol.git

I don't expect I'll be doing an awful lot of proactive upstream development but at least now I have a hat I can put on when someone reports an "upstream" issue against qcontrol and somewhere which can accept upstream patches from myself and others. I'm still deciding what to do about a website etc. I may just enable the gitorious wiki or I may setup an ikiwiki software site type setup, which has the advantage of being a little more flexible and providing a neat way of dealing with bug reports without being too much overhead to setup up. In the meantime its been almost 5 years since the last release, so... New Release: qcontrol 0.5.0 This is a rollup of some changes which were made in the old upstream SVN repository but never released and some patches which had been made in the Debian packaging. What's here corresponds to the Debian 0.4.2+svn-r40-3 package. The 0.4.2 release was untagged in SVN, but corresponds to r14, new stuff since then includes:

• Support for more hardware (TS-119, TS-219, TS-41x, all by Martin Michlmayr)
• Support auto power on feature (by Martin Michlmayr)
• Support for the A125 LCD on TS-419P devices (by Bernhard R. Link)
• Support for a daemon mode, including syslog (Byron Bradley)
• Support for disabling the watchdog on TS-219P II and TS-419P II (Helmut Pozimski)
• Various other fixes (Lo c Minier, Martin, Bernhard, Byron)

As well as the change of maintainer I think the addition of the daemon mode warrants the bump to 0.5.0. Get the new release from git or http://www.hellion.org.uk/qcontrol/releases/0.5.0/.

I was a bit busy (mostly in pleasant ways) during the last two weeks, so this reports covers a longer period of my RC bug activities:

• #632443 kst-data: "kst-data: missing Breaks+Replaces: kst-bin (<< 2.0.3)"
  add missing Breaks/Replaces, upload to DELAYED/5
• #671297 libcapi20-dev,isdnutils-base: "isdnutils-base and libcapi20-dev: error when trying to install together"
  add missing Breaks/Replaces, upload to DELAYED/5, then fixed in a maintainer upload
• #677786 libwmf: "libwmf: Please add multiarch support"
  sponsor NMU from Helmut Grohne, upload to DELAYED/7
• #677861 src:lftp: "lftp: FTBFS[kfreebsd-i386]: error: conflicting declaration 'typedef __int32_t gl_intptr_t'"
  sponsor NMU by Ivo De Decker, upload to DELAYED/2
• #682752 src:cups-filters: "cups-filters: debian/copyright is misleading/incomplete"
  try to get debian/copyright closer to reality, upload to DELAYED/2
• #684633 jless: "jless: hangs with 1MB file, and should consider its future"
  do a manual versioned close
• #688891 psad: "psad: modifies conffiles (policy 10.7.3): /etc/psad/psad.conf"
  upload NMU (fix in preinst) with maintainer's approval
• #694554 apt-build: "Installation fails on ARM - config script fails"
  sponsor QA upload by Dominique Lasserre
• #694557 apt-build: "APT paths aren't built properly"
  sponsor QA upload by Dominique Lasserre

I must say that I do like free groups. At least whenever I play around with some theorem provers, I find myself formalizing free groups in them. For Isabelle, my development of free groups is already part of the Archive of Formal Proofs. Now I became interested in the theorem prover/programming language Agda,so I did it there as well. I was curious how well Agda is suited for doing math, and how comfortable with intuitionalistic logic I d be.
At first I wanted to follow the same path again and tried to define the free group on the set of fully reduced words. This is the natural way in Isabelle, where the existing setup for groups expects you to define the carrier as a subset of an existing type (the type here being lists of generators and their inverses). But I did not get far, and also I had to start using stuff like DecidableEquivalence, an indication that this might not go well with the intuitionalistic logic. So I changed my approach and defined the free group on all words as elements of the group, with a suitable equivalence relation. This allowed me define the free group construction and show its group properties without any smell of classical logic. The agda files can be found in my darcs repository, and the HTML export can be browsed: Generators.agda defines the sets-of-generators-and-inverses and FreeGroups.agda (parametrized by the Setoid it is defined over) the reduction relation and the group axioms. Here are some observations I (disclaimer: Agda-beginer) made:

• Fun fact: Free groups exist not only in classical logic.
  
• Without any automation as in Isabelle, even simple things get quite complicated. A simple substitution of an equality with subst requires me to specify not only the equality and the term I want it to apply, but also to repeat the common part of the terms. Or when using the associativity of list concatenation, I have to pass all three sublists to the lemma. Maybe I am a bit spoiled by Isabelle, but I d be worried that this would prevent large proofs.
• The levels are also annoying. Although my theory stays within one level, I have to annotate it everywhere. I d expect the type inference to figure this out for me.
• Equality reasoning with begin ... is quite nice and surprisingly well readable.
• Besides the additional work, it is nice to be able to do the proof in almost all detail. There is a limitation, though, as some steps are done automatically (if they happen to occur when evaluating/normalizing a term) and the others, even if similar-looking, are not.
  
• It d be great if one would be free in the choice of editor, but vim users generally have a hard time in the field of theorem provers.
  

If I were to extend this theory, there are two important facts to be shown: That there is a unique reduced word in every equivalence class (norm_form_uniq), and the universal property of the free group. For the former (started in NormalForm.agda) I m missing some general lemmas about relations (e.g. that local confluence implies global confluence, and even the reflexive, symmetric, transitive hull is missing in the standard library). For the latter, some general notions such as a group homomorphism need to be developed first. I planned to compare the two developments, Isabelle and Agda. But as they turned out to show quite things in different orders, this is not really possible any more. One motivation to look at Agda was to see if a dependently typed language frees me from doing lots of set-element-checking (see the mems lemma in the Isabelle proof of the Ping-Pong-Lemma). So far I had no such problems, but I did not get far enough yet to actually tell. Thanks to Helmut Grohne for an educating evening of Agda hacking!

Flattr this post

Today, I had some business in Bonn, so Janis Voigtl nder invited me to hold a guest lecture in his advanced functional programming course, maybe telling the students more about real world use of Haskell, given that he teaches mostly the theoretical foundations. I chose to discuss an experience I made while implementing SAT-Britney, namely that for the sake of good runtime and memory performance, it may be neither ideal to evaluate a list fully lazily, nor fully strict, but to have something in between. For the talk, I demonstrated this by a small example, showed how to use the GHCi debugger to get some insight in the evaluation order of things, how to benchmark the program and read the ghc statistics and a profiling chart, and finally how to get the most out of GHC s List Fusion. I wanted to also touch on QuickCheck, but skipped it to finish in time. The full text of my talk (including graphs) is available, but in German; if you want an English version convince your prof to invite me for a guest lecture as well. Afterwards I sat down with one of the students of the course, Helmut Grohne, who happened to take part in the Debian bug squashing party last weekend and had filed a release critical bug against the Haskell grammar generator frown (no better link available, homepage seems to be down) to debug the problem. It quickly became clear that the bug was introduced by me (can you spot it?) when trying to make it compile with a modern GHC slightly embarrassing for me.

Flattr this post

A bug-fix release RQuantLib 0.3.8 is now on CRAN and in Debian. RQuantLib combines (some of) the quantitative analytics of QuantLib with the R statistical computing environment and language. Thanks to Helmut Heiming who noticed a side-effec t from the DiscountCurve functions: the Quantlib-global variable determining the evaluation date was overriden; this could affect subsequent curve-related pricers. This is now fixed, and we added a new function setEvaluationDate to set this date from R too. We added this call in some of the examples in the manual pages. Otherwise two very minor build system tweaks were added, but no other changes were made Thanks to CRANberries, there is also a diff to the previous release 0.3.7. Full changelog details, examples and more details about this package are at my RQuantLib page.

I'm at the European Geosciences Union (EGU) General Assembly, 2010, the biggest gethering of European geoscientists, in Vienna, May 2-7. This is my first time here and its huge: over 9000 participants. Merely finding the talks and posters is a challenge (they supply a USB stick with the abstracts and agendas as they can't print them all! The first day I spent mostly at the exoplanet stream (and putting up my own poster). Some neat stuff on show: summaries by Borucki on Keplers findings (on the Hot Jupiters they found :" these things glow like a blast furnace; forget life"). He points out that when they look for Earth sized planets, radial velocity confirmation would take 1000s of hours on 10M telescopes - so it won't happen. hmm. Steve Unwin on SIM: neat astrometric mission for planet hunting and galaxy measurement. A targeted mission list, unlike the Gaia survey; to fly in 2016 if the Decadal survey says yes. 20% of time available under the general observer program, so get proposals ready ? Nestest poster idea: Anomalous night-time temps on Mars, Gonzales et al.. Finding hot spots on Arsia Mons, a volcano. Explained by air rising from 100km long lava tubes. We've seen pit entrances to caves on Mars with HiRISE, etc. here they model heat output from a pit entrace/exit and imply 100km caves. Oh to go exploring... Tinetti points out that we lack proper spectra, both experimental and theoretical, for high temperature and pressure gases such as methane, etc. Hmm, I know a group in Galway that might be able to help ... Helmut Lammer raised an interesting point at the poster session, that many groups ignore the stellar wind when looking at H2 atmospheres around exoplanets. Theis grossly inflates the apparent H2 atmosphere. Without taking this into acount it would be easy to mistake H2 detections with a Neptune-like atmosphere. He points to a 1.7M UV telescope that the Russians are planning to launch that would help do UV measurements when Hubble is gone. Lena Noack gave a talk on convection in tidally-locked planets (with related poster Low-lid formation on Super-Earths and implications for the habitability of Super-Earths and Sub-Earths). They argue that no covection can be expected in the mantle, and hence no geodynamo or magnetosphere. This could be a problem for holding an atmosphere. Time to check for planetary magnetic fields. Break out the polarimeter ? Oh, and it seems that That Damned Volcano is closing Irish airspace on Tuesday. Might be an idea to go to the meeting about it. Hope it clears by Friday ... Tags conference, astronomy

I'm at the European Geosciences Union (EGU) General Assembly, 2010, the biggest gethering of European geoscientists, in Vienna, May 2-7. This is my first time here and its huge: over 9000 participants. Merely finding the talks and posters is a challenge (they supply a USB stick with the abstracts and agendas as they can't print them all! The first day I spent mostly at the exoplanet stream (and putting up my own poster). Some neat stuff on show: summaries by Borucki on Keplers findings (on the Hot Jupiters they found :" these things glow like a blast furnace; forget life"). He points out that when they look for Earth sized planets, radial velocity confirmation would take 1000s of hours on 10M telescopes - so it won't happen. hmm. Steve Unwin on SIM: neat astrometric mission for planet hunting and galaxy measurement. A targeted mission list, unlike the Gaia survey; to fly in 2016 if the Decadal survey says yes. 20% of time available under the general observer program, so get proposals ready ? Nestest poster idea: Anomalous night-time temps on Mars, Gonzales et al.. Finding hot spots on Arsia Mons, a volcano. Explained by air rising from 100km long lava tubes. We've seen pit entrances to caves on Mars with HiRISE, etc. here they model heat output from a pit entrace/exit and imply 100km caves. Oh to go exploring... Tinetti points out that we lack proper spectra, both experimental and theoretical, for high temperature and pressure gases such as methane, etc. Hmm, I know a group in Galway that might be able to help ... Helmut Lammer raised an interesting point at the poster session, that many groups ignore the stellar wind when looking at H2 atmospheres around exoplanets. Theis grossly inflates the apparent H2 atmosphere. Without taking this into acount it would be easy to mistake H2 detections with a Neptune-like atmosphere. He points to a 1.7M UV telescope that the Russians are planning to launch that would help do UV measurements when Hubble is gone. Lena Noack gave a talk on convection in tidally-locked planets (with related poster Low-lid formation on Super-Earths and implications for the habitability of Super-Earths and Sub-Earths). They argue that no covection can be expected in the mantle, and hence no geodynamo or magnetosphere. This could be a problem for holding an atmosphere. Time to check for planetary magnetic fields. Break out the polarimeter ? Oh, and it seems that That Damned Volcano is closing Irish airspace on Tuesday. Might be an idea to go to the meeting about it. Hope it clears by Friday ... Tags conference, astronomy

The strongly connected set of the GPG keys graph contains a bit more than 40000 keys now (yes, that’s a lot of geeks!). I wondered what was the biggest clique (complete subgraph) in that graph, and also of course the biggest clique I was in. It’s easy to grab the whole web of trust there. Finding the maximum clique in a graph is NP-complete, but there are algorithms that work quite well for small instances (and you don’t need to consider all 40000 keys: to be in a clique of n keys, a key must have at least n-1 signatures, so it’s easy to simplify the graph — if you find a clique with 20 keys, you can remove all keys that have less than 19 signatures). My first googling result pointed to Ashay Dharwadker’s solver implementation (which also proves P=NP ;). Googling further allowed me to find the solver provided with the DIMACS benchmarks. It’s clearly not the state of the art, but it was enough in my case (allowed to find the result almost immediately). The biggest clique contains 47 keys. However, it looks like someone had fun, and injected a lot of bogus keys in the keyring. See the clique. So I ignored those keys, and re-ran the solver. And guess what’s the size of the biggest “real” clique? Yes. 42. Here are the winners:

CF3401A9 Elmar Hoffmann
AF260AB1 Florian Zumbiehl
454C864C Moritz Lapp
E6AB2957 Tilman Koschnick
A0ED982D Christian Brueffer
5A35FD42 Christoph Ulrich Scholler
514B3E7C Florian Ernst
AB0CB8C0 Frank Mohr
797EBFAB Enrico Zini
A521F8B5 Manuel Zeise
57E19B02 Thomas Glanzmann
3096372C Michael Fladerer
E63CD6D6 Daniel Hess
A244C858 Torsten Marek
82FB4EAD Timo Weing rtner
1EEF26F4 Christoph Ulrich Scholler
AAE6022E Karlheinz Geyer
EA2D2C41 Mattia Dongili
FCC5040F Stephan Beyer
6B79D401 Giunchedi Filippo
74B11360 Frank Mohr
94C09C7F Peter Palfrader
2274C4DA Andreas Priesz
3B443922 Mathias Rachor
C54BD798 Helmut Grohne
9DE1EEB1 Marc Brockschmidt
41CF0322 Christoph Reeg
218D18D7 Robert Schiele
0DCB0431 Daniel Hess
B84EF12A Mathias Rachor
FD6A8D9D Andreas Madsack
67007C30 Bernd Paysan
9978AF86 Christoph Probst
BD8B050D Roland Rosenfeld
E3DB4EA7 Christian Barth
E263FCD4 Kurt Gramlich
0E6D09CE Mathias Rachor
2A623F72 Christoph Probst
E05C21AF Sebastian Inacker
5D64F870 Martin Zobel-Helas
248AEB73 Rene Engelhard
9C67CD96 Torsten Veller

It’s likely that this happened thanks to a very successful key signing party somewhere in germany (looking at the email addresses). [Update: It was the LinuxTag 2005 KSP.] It might be a nice challenge to beat that clique during next Debconf ;) And the biggest clique I’m in contains 23 keys. Not too bad.

It has recently been announced that Debian had a serious bug in the OpenSSL code [1], the most visible affect of this is compromising SSH keys - but it can also affect VPN and HTTPS keys. Erich Schubert was one of the first people to point out the true horror of the problem, only 2^15 different keys can be created [2]. It should not be difficult for an attacker to generate 2^15 host keys to try all combinations for decrypting a login session. It should also be possible to make up to 2^15 attempts to login to a session remotely if an attacker believes that an authorized key was being used - that would take less than an hour at a rate of 10 attempts per second (which is possible with modern net connections) and could be done in a day if the server was connected to the net by a modem. John Goerzen has some insightful thoughts about the issue [3]. I recommend reading his post. One point he makes is that the person who made the mistake in question should not be lynched. One thing I think we should keep in mind is the fact that people tend to be more careful after they have made mistakes, I expect that anyone who makes a mistake in such a public way which impacts so many people will be very careful for a long time… Steinar H. Gunderson analyses the maths in relation to DSA keys, it seems that if a DSA key is ever used with a bad RNG then it can be cracked by someone who sniffs the network [4]. It seems that it is safest to just not use DSA to avoid this risk. Another issue is that if a client supports multiple host keys (ssh version 2 can use three different key types, one for the ssh1 protocol, one for ssh2 with RSA, and one for ssh2 with DSA) then a man in the middle attack can be implemented by forcing a client to use a different key type - see Stealth’s article in Phrack for the details [5]. So it seems that we should remove support for anything other than SSHv2 with RSA keys. To remove such support from the ssh server edit /etc/ssh/sshd_config and make sure it has a line with “Protocol 2“, and that the only HostKey line references an RSA key. To remove it from the ssh client (the important thing) edit /etc/ssh/ssh_config and make sure that it has something like the following: Host *
Protocol 2
HostKeyAlgorithms ssh-rsa
ForwardX11 no
ForwardX11Trusted no You can override this for different machines. So if you have a machine that uses DSA only then it would be easy to add a section: Host strange-machine
Protocol 2
HostKeyAlgorithms ssh-dsa So making the default configuration of the ssh client on all machines you manage has the potential to dramatically reduce the incidence of MITM attacks from the less knowledgable users. When skilled users who do not have root access need to change things they can always edit the file ~/.ssh/config (which has the same syntax as /etc/ssh/ssh_config) or they can use command-line options to override it. The command ssh -o “HostKeyAlgorithms ssh-dsa” user@server will force the use of DSA encryption even if the configuration file requests RSA. Enrico Zini describes how to use ssh-keygen to get the fingerprint of the host key [6]. One thing I have learned from comments on this post is how to get a fingerprint from a known hosts file. A common situation is that machine A has a known hosts file with an entry for machine B. I want to get the right key in machine C and there is no way of directly communicating between machine A and machine C (EG they are in different locations with no network access). In that situation the command “ssh-keygen -l -f ~/.ssh/known_hosts” can be used to display all the fingerprints of hosts that you have connected to in the past, then it’s a simple matter of grepping the output. Docunext has an interesting post about ways of mitigating such problems [7]. One thing that they suggest is using fail2ban to block IP addresses that appear to be trying to do brute-force attacks. It’s unfortunate that the version of fail2ban in Debian uses /tmp/fail2ban.sock for it’s Unix domain socket for talking to the server (the version in Unstable uses /var/run/fail2ban/fail2ban.sock). They also mention patching network drivers to add entropy to the kernel random number generator. One thing that seems interesting is the package randomsound (currently in Debian/Unstable) which takes ALSA sound input as a source of entropy, note that you don’t need to have any sound input device connected. When considering fail2ban and similar things, it’s probably best to start by restricting the number of machines which can connect to your SSH server. Firstly if you put it on a non-default port then it’ll take some brute-force to find it. This will waste some of the attacker’s time and also make the less persistent attackers go elsewhere. One thing that I am considering is having a few unused ports configured such that any IP address which connects to them gets added to my NetFilter configuration - if you connect to such ports then you can’t connect to any other ports for a week (or until the list becomes too full). So if for example I had port N configured in such a manner and port N+100 used for ssh listening then it’s likely that someone who port-scans my server would be blocked before they even discovered the SSH server. Does anyone know of free software to do this? The next thing to consider is which IP addresses may connect. If you were to allow all the IP addresses from all the major ISPs in your country to connect to your server then it would still be a small fraction of the IP address space. Sure attackers could use machines that they already cracked in your country to launch their attacks, but they would have to guess that you had such a defense in place, and even so it would be an inconvenience for them. You don’t necessarily need to have a perfect defense, you only need to make the effort to reward ratio be worse for attacking you than for attacking someone else. Note that I am not advocating taking a minimalist approach to security, merely noting that even a small increment in the strength of your defenses can make a significant difference to the risk you face. Update: based on comments I’m now considering knockd to open ports on demand. The upstream site for knockd is here [8], and some documentation on setting it up in Debian is here [9]. The concept of knockd is that you make connections to a series of ports which act as a password for changing the firewall rules. An attacker who doesn’t know those port numbers won’t be able to connect. Of course anyone who can sniff your network will discover the ports soon enough, but I guess you can always login and change the port numbers once knockd has let you in. Also thanks to Helmut for advice on ssh-keygen.

• [1] http://www.debian.org/security/2008/dsa-1571


• [2] http://blog.drinsama.de/erich/en/linux/2008051401-consequences-of-sslssh-weakness.html


• [3] http://changelog.complete.org/posts/714-Thoughtfulness-on-the-OpenSSL-bug.html


• [4] http://blog.sesse.net/blog/tech/2008-05-14-17-21_some_maths.html


• [5] http://www.phrack.org/issues.html?id=11&issue=59


• [6] http://www.enricozini.org/2008/tips/ssh-host-key-fingerprint.html


• [7] http://www.docunext.com/blog/2008/05/14/my-security/


• [8] http://www.zeroflux.org/cgi-bin/cvstrac.cgi/knock/wiki


• [9] http://www.ducea.com/2006/07/05/how-to-safely-connect-from-anywhere-to-your-closed-linux-firewall/

Share This