JMP offers VoIP calling via XMPP, but it's also possibly to use the VoIP using SIP. The underlying VoIP calling functionality in JMP is provided by Bandwidth, but their old Asterisk instructions didn't quite work for me. Here's how I set it up in my Asterisk server.

Get your SIP credentials After signing up for JMP and setting it up in your favourite XMPP client, send the following message to the cheogram.com gateway contact:

reset sip account

In response, you will receive a message containing:

• a numerical username
• a password (e.g. three lowercase words separated by spaces)

Add SIP account to your Asterisk config First of all, I added the following near the top of my /etc/asterisk/sip.conf:

[general]
register => username:three secret words@jmp.cbcbc7.auth.bandwidth.com:5008

The other non-default options I have set in [general] are:

context=public
allowoverlap=no
udpbindaddr=0.0.0.0
tcpenable=yes
tcpbindaddr=0.0.0.0
tlsenable=yes
transport=udp
srvlookup=no
vmexten=voicemail
relaxdtmf=yes
useragent=Asterisk PBX
tlscertfile=/etc/asterisk/asterisk.cert
tlsprivatekey=/etc/asterisk/asterisk.key
tlscapath=/etc/ssl/certs/
externhost=machinename.dyndns.org
localnet=192.168.0.0/255.255.0.0

Note that you can have more than one register line in your config if you use more than one SIP provider, but you must register with the server whether you want to receive incoming calls or not. Then I added a new blurb to the bottom of the same file:

[jmp]
type=peer
host=mp.cbcbc7.auth.bandwidth.com
port=5008
secret=three secret words
defaultuser=username
context=from-jmp
disallow=all
allow=ulaw
allow=g729
insecure=port,invite
canreinvite=no
dtmfmode=rfc2833

and for reference, here's the blurb for my Snom 300 SIP phone:

[1001]
; Snom 300
type=friend
qualify=yes
secret=password
encryption=no
context=full
host=dynamic
nat=no
directmedia=no
mailbox=1000@internal
vmexten=707
dtmfmode=rfc2833
call-limit=2
disallow=all
allow=g722
allow=ulaw

I checked that the registration was successful by running asterisk -r and then typing:

sip set debug on

before reloading the configuration using:

reload

Create Asterisk extensions to send and receive calls Once I got registration to work, I hooked this up with my other extensions so that I could send and receive calls using my JMP number. In /etc/asterisk/extensions.conf, I added the following:

[from-jmp]
include => home
exten => s,1,Goto(1000,1)

where home is the context which includes my local SIP devices and 1000 is the extension I want to ring. Then I added the following to enable calls to any destination within the North American Numbering Plan:

[pstn-jmp]
exten => _1NXXNXXXXXX,1,Set(CALLERID(all)=Francois Marier <5551231434>)
exten => _1NXXNXXXXXX,n,Dial(SIP/jmp/$ EXTEN )
exten => _1NXXNXXXXXX,n,Hangup()
exten => _NXXNXXXXXX,1,Set(CALLERID(all)=Francois Marier <5551231234>)
exten => _NXXNXXXXXX,n,Dial(SIP/jmp/1$ EXTEN )
exten => _NXXNXXXXXX,n,Hangup()

Here 5551231234 is my JMP phone number, not my bwsip numerical username. For reference, here's the rest of my dialplan in /etc/asterisk/extensions.conf:

[general]
static=yes
writeprotect=no
clearglobalvars=no
[public]
exten => _X.,1,Hangup(3)
[sipdefault]
exten => _X.,1,Hangup(3)
[default]
exten => _X.,1,Hangup(3)
[internal]
include => home
[full]
include => internal
include => pstn-jmp
exten => 707,1,VoiceMailMain(1000@internal)
[home]
; Internal extensions
exten => 1000,1,Dial(SIP/1001,20)
exten => 1000,n,Goto(in1000-$ DIALSTATUS ,1)
exten => 1000,n,Hangup
exten => in1000-BUSY,1,Hangup(17)
exten => in1000-CONGESTION,1,Hangup(3)
exten => in1000-CHANUNAVAIL,1,VoiceMail(1000@internal,su)
exten => in1000-CHANUNAVAIL,n,Hangup(3)
exten => in1000-NOANSWER,1,VoiceMail(1000@internal,su)
exten => in1000-NOANSWER,n,Hangup(16)
exten => _in1000-.,1,Hangup(16)

Firewall Finally, I opened a few ports in my firewall by putting the following in /etc/network/iptables.up.rules:

# SIP and RTP on UDP (jmp.cbcbc7.auth.bandwidth.com)
-A INPUT -s 67.231.2.13/32 -p udp --dport 5008 -j ACCEPT
-A INPUT -s 216.82.238.135/32 -p udp --dport 5008 -j ACCEPT
-A INPUT -s 67.231.2.13/32 -p udp --sport 5004:5005 --dport 10001:20000 -j ACCEPT
-A INPUT -s 216.82.238.135/32 -p udp --sport 5004:5005 --dport 10001:20000 -j ACCEPT

Outbound calls not working While the above setup works for me for inbound calls, it doesn't currently work for outbound calls. The hostname currently resolves to one of two IP addresses:

$ dig +short jmp.cbcbc7.auth.bandwidth.com
67.231.2.13
216.82.238.135

If I pin it to the first one by putting the following in my /etc/hosts file:

67.231.2.13 jmp.cbcbc7.auth.bandwidth.com

then I get a 486 error back from the server when I dial 1-555-456-4567:

<--- SIP read from UDP:67.231.2.13:5008 --->
SIP/2.0 486 Busy Here
Via: SIP/2.0/UDP 127.0.0.1:5060;branch=z9hG4bK03210a30
From: "Francois Marier" <sip:5551231234@127.0.0.1>
To: <sip:15554564567@jmp.cbcbc7.auth.bandwidth.com:5008>
Call-ID: 575f21f36f57951638c1a8062f3a5201@127.0.0.1:5060
CSeq: 103 INVITE
Content-Length: 0

On the other hand, if I pin it to 216.82.238.135, then I get a 600 error:

<--- SIP read from UDP:216.82.238.135:5008 --->
SIP/2.0 600 Busy Everywhere
Via: SIP/2.0/UDP 127.0.0.1:5060;branch=z9hG4bK7b7f7ed9
From: "Francois Marier" <sip:5551231234@127.0.0.1>
To: <sip:15554564567@jmp.cbcbc7.auth.bandwidth.com:5008>
Call-ID: 5bebb8d05902c1732c6b9f4776844c66@127.0.0.1:5060
CSeq: 103 INVITE
Content-Length: 0

If you have any idea what might be wrong here, or if you got outbound calls to work on Bandwidth.com, please leave a comment!

First of all, let me all wish you a happy new year, with all my wishes of health and succes. I sincerely hope this year will be simpler for most people as last year ! For the first post of the year, I wanted to show you how to take advantage of Ruby, the programming language embedded in QSoas, to make various things, like:

• creating a column with the sum of Y values;
• extending values that are present only in a few lines;
• renaming datasets using a pattern.

Summing the values in a column When using commands that take formulas (Ruby code), like apply-formula, the code is run for every single point, for which all the values are updated. In particulier, the state of the previous point is not known. However, it is possible to store values in what is called global variables, whose name start with an $ sign. Using this, we can keep track of the previous values. For instance, to create a new column with the sum of the y values, one can use the following approach:

QSoas> eval $sum=0
QSoas> apply-formula /extra-columns=1 $sum+=y;y2=$sum

The first line initializes the variable to 0, before we start summing, and the code in the second line is run for each dataset row, in order. For the first row, for instance, $sum is initially 0 (from the eval line); after the execution of the code, it is now the first value of y. After the second row, the second value of y is added, and so on. The image below shows the resulting y2 when used on:

QSoas> generate-dataset -1 1 x

Extending values in a column Another use of the global variables is to add "missing" data. For instance, let's imagine that a files given the variation of current over time as the potential is changed, but the potential is only changed stepwise and only indicated when it changes:

## time	current	potential
0	0.1	0.5
1	0.2
2	0.3
3	0.2
4	1.2	0.6
5	1.3
...

If you need to have the values everywhere, for instance if you need to split on their values, you could also use a global variable, taking advantage of the fact that missing values are represented by QSoas using "Not A Number" values, which can be detected using the Ruby function nan?:

QSoas> apply-formula "if y2.nan?; then y2=$value; else $value=y2;end"

Note the need of quotes because there are spaces in the ruby code. If the value of y2 is NaN, that is it is missing, then it is taken from the global variable $value else $value is set the current value of y2. Hence, the values are propagated down:

## time	current	potential
0	0.1	0.5
1	0.2	0.5
2	0.3	0.5
3	0.2	0.5
4	1.2	0.6
5	1.3	0.6
...

Of course, this doesn't work if the first value of y2 is missing.

Renaming using a pattern The command save-datasets can be used to save a whole series of datasets to the disk. It can also rename them on the fly, and, using the /mode=rename option, does only the renaming part, without saving. You can make full use of meta-data (see also a first post here)for renaming. The full power is unlocked using the /expression= option. For instance, for renaming the last 5 datasets (so numbers 0 to 4) using a scheme based on the value of their pH meta-data, you can use the following code:

QSoas> save-datasets /mode=rename /expression='"dataset-# $meta.pH "' 0..4

The double quotes are cumbersome but necessary, since the outer quotes (') prevent the inner ones (") to be removed and the inner quotes are here to indicate to Ruby that we are dealing with text. The bit inside # ... is interpreted by Ruby as Ruby code; here it is $meta.pH, the value of the "pH" meta-data. Finally the 0..4 specifies the datasets to work with. So theses datasets will change name to become dataset-7 for pH 7, etc...

About QSoas QSoas is a powerful open source data analysis program that focuses on flexibility and powerful fitting capacities. It is released under the GNU General Public License. It is described in Fourmond, Anal. Chem., 2016, 88 (10), pp 5050 5052. Current version is 3.0. You can download its source code there (or clone from the GitHub repository) and compile it yourself, or buy precompiled versions for MacOS and Windows there.

The KDE Bugzilla handles a lot of projects and they often match with the repo name, but not always. For instance we have ancient products and components at Bugzilla, as projects have a lifecycle from playground into Release Service, or Frameworks, sometimes with a change of name. So you may end up searching Bugzilla quite awhile for the correct product and component to be able to confirm or create bug reports against an application. Let's have a look at KPeople, and see why the situation is complicated. You find two products in KDE Bugzilla: kpeople (the repository's name) and on the other hand Frameworks have the scheme of a "frameworks-" prefix: frameworks-kpeople. From the data displayed even I as a developer am unable to tell which is the correct product to add new bug reports. Both have bug reports this year that got fixed and the number of bug reports is too low to get a clear picture of which to choose. This is not only a problem of KDE; it is a general problem in different communities that it is hard for newcomers to find the correct place to search and add new bug reports. That's why Debian added the bug report information for every package. This should help users to search the upstream bug reports or create new ones (Bug-Submit and Bug-Database): https://wiki.debian.org/UpstreamMetadata#Fields While I was collecting this information for Frameworks and KDE PIM, I wondered why KDE does not have links between each project and Bugzilla. After some searching and discussions it became obvious, that KDE does not have this information that can be processed. Okay let's fix this. The obvious place to reach this information is the Project API available under https://projects.kde.org/api/. To reach this goal I began adding Bugzilla information to the data source of the Project API named Git Repo Metadata. Then a merge request later the Project API is able to generate the links to Bugzilla invent:sysadmin/projects-api!2. Where you should search for bugs in kontact? Go to https://projects.kde.org/api/v1/identifier/kontact:

• bug_database: https://bugs.kde.org/buglist.cgi?product=kontact&resolution=---
• bug_submit: https://bugs.kde.org/enter_bug.cgi?product=kontact

After implementing the needed bits I found out that Nicolas Alvarez had the same idea, to store Bugzilla information in Git Repo Metadata invent:sysadmin/repo-metadata@085d878ea. Fortunately I can say that since June the information are used by Project API. So now, back to my task to add upstream metadata to Debian packages. After I filled the needed information to Repo Metadata I created a script to update the links in Debian salsa:qt-kde-team/pkg-kde-dev-scripts/function_collection/functions_plasma.py:addMissingBugMetadatafields. This should hopefully help to always point to the correct Bugzilla links in future. A random list came to my mind of places that may benefit from the Bugzilla information in Git Metadata Repository:

• Links from API documentation directly to the Bugzilla.
• We can use this information in scripts that adds the new version to Bugzilla (e.g. invent:sdk/releaseme/plasma/plasma-add-bugzilla-versions has currently a static list of Bugzilla products).
• For DrKonqui this information may also useful. The mapping binary -> bugzilla is currently handcrafted in invent:plasma/drkonqi/src/data/mappings. This is NOT the low hanging fruit, but maybe someone feels inspired to play with the available data and who is checking each handcrafted entry in that file to still be correct? The mapping repo -> binary we get by our CI, because when we build the stuff, we know what we built.

The truth is, that Nicolas is right that adding the Bugzilla links are a manual task. But on the other hand, let's add this information once at one place and than we can use it at several places. Please help adding this information; it is simple a yaml file. If you see the data missing example commit and create a merge request. Or you can also give me the data and I'll add it.

The following contributors were added as Debian Maintainers in the last two months:

• Chirayu Desai
• Shayan Doust
• Arnaud Ferraris
• Fritz Reichwald
• Kartik Kulkarni
• Fran ois Mazen
• Patrick Franz
• Francisco Vilmar Cardoso Ruviaro
• Octavio Alvarez
• Nick Black

Congratulations!

Ren Carmille (8 January 1886 25 January 1945) was a French humanitarian, civil servant, and member of the French Resistance. During World War II, Carmille saved tens of thousands of Jews in Nazi-occupied France. In his capacity at the government's Demographics Department, Carmille sabotaged the Nazi census of France, saving tens of thousands of Jewish people from death camps.

Gino Strada (born Luigi Strada; 21 April 1948) is an Italian war surgeon and founder of Emergency, a UN-recognized international non-governmental organization.

Il morbo di K una malattia inventata nel 1943, durante la Seconda guerra mondiale, da Adriano Ossicini insieme al dottor Giovanni Borromeo per salvare alcuni italiani di religione ebraica dalle persecuzioni nazifasciste a Roma.[1][2][3][4]

Stage races

I wish I had known about that quote from Michael Graves before now. I would have perhaps had an answer to some recent visitors to makespace.

There are regular scheduled visits to makespace where people can come and view our facilities, and perhaps start the process of becoming a member if they decide they like what they see.

However, we sometimes get people who just turn up at the door. If a member feels charitable they may choose to give a short tour rather than just turn the person away. I happened to be in one Friday afternoon recently varnishing a folding chair when two such people rang the doorbell. There were few other members about and because watching varnish dry was dull I decided to be helpful and do a quick tour.

I explained that they really ought to return for a scheduled event for a proper tour, gave the obligatory minimal safety briefing, and showed them the workshops and tools. During the tour it was mentioned they were attending a certain local higher education establishment and were interested in makespace as an inexpensive studio.

Before they left I was asked what I was working on. I explained that I had been creating stools and chairs from plywood. At this point the conversation took a somewhat surreal turn, one of them asked, well more demanded, who my principle influence had been in designing with plywood.

When I said that I had mainly worked from a couple of Google image searches they were aghast and became quite belligerent. They both insisted I must have done proper research and my work was obviously influenced by Charles and Ray Eames and Arne Jacobsen and surely I intended to cite my influences in my design documents.

My admission that I had never even heard the names before and had no design documents seemed to lead to a distinctly condescending tone as they explained that all modern plywood design stemmed from a small number of early 20th century designers and any competent designers research would have revealed that.

At this point in proceedings I was becoming a bit put out that my good deed of showing off the workshop had not gone unpunished. I politely explained that I designed simply by generating a requirement in my head, maybe an internet search to see what others had done, measuring real things to get dimensions and then a great deal of trial and error.

I was then abruptly informed that my "design process was completely invalid and there were well established ways to design furniture correctly and therefore my entire design was invalid" and that I was wasting time and material. I thanked them for their opinion and showed them out, safe and well before anyone gets any ideas.

I put the whole incident out of my mind until I finished writing up the final folding chair post the other day. It struck me that perhaps I had been unknowingly influenced by these designers. It was certainly true I had generated ideas from the hundreds of images my searches had revealed.

I did some research and it turns out that from the 1930s to the 1950s there were a string of designers using plywood in novel ways from the butterfly stool by Sori Yanagi through formed curvy chairs by Alvar Aalto and eero saarinen.

While these designers produced some wonderfully iconic and contemporary furniture I think that after reviewing my initial notes that two more modern designers Christian Desile and Leo Salom probably influenced me more directly. Though I did not reference their designs beyond seeing the images along with hundreds of others, certainly nothing was directly copied.

And there in lies an often repeated observation: no one creates anything without being influenced by their environment. The entire creative process of several billion ape descendants (or Golgafrincham telephone sanitisers if you prefer) is based on the simple process of copying, combining and transforming what is around us.

I must accept that certain individuals at points in history have introduced radical improvements in their field, people like Socrates Galileo Leonardo Newton Einstein. However, even these outstanding examples were enlightened enough to acknowledge those that came before. Newtons quotation "If I have seen further it is by standing on the shoulders of giants" pretty much sums it up.

In my case I am privileged enough to live in a time where my environment has grown to the size of the world thanks to the internet. My influences, and therefore what I create, is that much richer but at the same time it means that my influence on others is similarly diminished.

I have joined the maker community because I want to create. The act of creation teaches me new skills in a physical, practical way and additionally I get to exercise my mind using new techniques or sometimes things I had forgotten I already knew. I view this as an extension of my previous Open Source software work, adding a physical component to a previously purely mental pursuit.

But importantly I like that my creations might provide inspiration for someone else. To improve those chances in the wider world I force myself to follow a few basic rules:

Release

Possibly one of the hardest things for any project. I carefully avoided the word finish here because my experience leads me to the conclusion that I always want to improve my designs.

But it is important to get to a point in a project where you can say "that is good enough to share", this is more common in software but it really applies to any project.

Share

If your aim here is to improve your society with your contribution sharing your designs and information is important. I think there is nothing better than someone else taking one of your designs and using it and perhaps improving on it, remember that is what you probably did in one way or another better to make it less hard for that to happen.

Ensure your design files are appropriately licensed and they are readily accessible. I personally lean towards the more generally accessible open source licences like MIT but the decision is ultimately yours.

Licencing is important, especially in the current copyright happy society. I know it sounds dull and no one takes that seriously, right? Sorry, but yes they do and it is better for you to be clear from the start, especially if there is a software component to your project. Oh one personal plea, use an existing well known licence, the world simply does not need another one!

Write about it

The blog posts about the things I have made sometimes take almost as much time as the creation. The clear recording on my thoughts in written and photographic form often gives me more inspiration for improvements or other projects.

If someone else gets pleasure from the telling then that can only be good. If you do not do this then your voice cannot be heard and you wasted an opportunity to motivate others.

Feedback

If you do manage to get feedback on your creation, read it. You may disagree or not be interested for the current project but the feedback process is important. In software this often manifests as bug reports, in more physical projects this often becomes forum or blog comments.

Just remember that you need a thick skin for this, the most vocal members of any society are the minority with inflammatory opinion, the silent majority are by definition absent but there is still useful feedback out there.

Create again

By this I simply mean that once you are satisfied yourself on a project move on to the next. This may sound a little obvious but once you have some creative momentum it is much easier to keep going project to project than in you leave time between.

Also do not have too many projects ongoing, by all means have a couple so you do not get stuck waiting for materials or workshop time but more than three and four and you will never be able to release any of them.

Those students were perhaps somewhat misguided in how they stated their opinions, but they are correct that in the world in which we find ourselves we are all influenced. Though contrary to received wisdom those influences are more likely to be from the internet and our peers in the global maker society than historical artists.

Is Asperger Syndrome a Disability? Some people tell me that I m disabled. Usually it s an unstated implication such as referring to Asperger Syndrome as a disability with the assumption that I ll agree. One time I had someone assume that I had never had a paid job because they knew I m an Aspie, maybe I should boast more about my career successes. One interesting take on this is represented by Maco s bost about Disablism/Ablism where she says Vocab note: A person has an impairment. Society s treatment of that impairment is what disables the person [1]. The same concept is presented by BRAINHE in their Social Model of Disability document [2]. The Wikipedia page on Ableism says The ableist worldview holds that disability is an error, a mistake, or a failing, rather than a simple consequence of human diversity, akin to race, ethnicity, sexual orientation or gender [3]. This is fairly close to the position that Neurodiversity [4] advocates take on Autism. Jaarsma P and Welin S wrote an interesting paper titled Autism as a Natural Human Variation: Reflections on the Claims of the Neurodiversity Movement [5] which considers these issues in depth and comes to the conclusion that High Functioning Autism (for which Asperger Syndrome is generally regarded as a synonym) is a difference while Low Functioning Autism is a disability. I think that generally we should accept the opinion of the person in question. Someone who is unable to communicate or is too young to make an informed decision could have their disability status determined by carers. But anyone who is capable of making an informed decision and communicating it should have their opinion respected. I am not going to argue with any of the people who claim that they are disabled due to an Autism Spectrum Disorder. But I don t think that I am disabled and I think that people shouldn t argue with me about this. Over Pathologising Lynne Soraya wrote an interesting article for Psychology Today about one aspect of the supposed over-diagnosis [6]. She responds to Paul Steinberg, a psychiatrist who made a number of claims about Asperger Syndrome which lack evidence. Paul s main idea seems to be that anyone who has social problems but who seems to be successful regardless shouldn t have an Autism Spectrum diagnosis and he claims that such people should be regarded as having a social disability instead. His main idea seems to be that having a diagnosis is a bad thing, but his idea of having a social disability diagnosis instead doesn t seem so great. In many other discussions I ve seen people claim that a large number of diagnosis of anything is a problem. Their idea seems to be that the vast majority of the population shouldn t have a diagnosis for anything and that whenever a significant number of people are diagnosed with a psychological condition (and 1% of the population seems to be a significant number) then it s a problem. I don t think that having a large portion of the population diagnosed is necessarily a problem, I think that it would be OK if the majority of the population was diagnosed with something. The issue is not whether people are diagnosed but what happens after the diagnosis. When a child is diagnosed their parents can help them deal with whatever the issues are this may or may not require further involvement with psychologists or special schools. For the milder cases (of Autism, ADHD, and other conditions) merely knowing what areas will cause difficulty and teaching kids how to deal with them will be enough to solve many problems. When someone is diagnosed as a child but doesn t have obvious symptoms as an adult that is more likely to be an indication that they were taught good coping mechanisms and protected from bad situations as a child not that the diagnosis was wrong. There are some serious issues with special schools and psychiatric drugs, but diagnosis doesn t necessarily imply mistreatment and avoiding a diagnosis is not the correct way to avoid such mistreatment. When someone is diagnosed as an adult they have to learn to deal with it. The general lack of psychologists (waiting times as long as 6 months are common) and the fact that most psychologists won t do any good for someone on the Autism Spectrum is a real problem. But merely knowing the source of your problems is a major step towards alleviating or solving them. One of the arguments that is commonly used against so-called over-diagnosis is that adults don t show apparent symptoms. The issue here is that with some effort and planning adults on the spectrum can act like NTs. Acting like an NT doesn t imply being an NT, it usually requires a lot of ongoing effort that could be applied to other things if society didn t expect us to act like NTs all the time. Conclusion I wish people would stop telling me that I m either disabled or too high functioning to be on the Autism Spectrum. I will never think like an NT and I don t want to, so I ll always be an Aspie. By most objective measures I m at least as successful as the general population in all things that require social skills, so unless something like always losing at Poker is considered a disability I don t think that it s reasonable to consider me to be disabled. It would be nice if I could lock the people who claim that Autism is always a disability in a room with the people who think it s over-diagnosed and let them debate it, no matter which side lost the debate the result would be good! Update: I removed a broken link to a Youtube video, I published this post from a 3G connection and didn t test that the Youtube link still worked. For some reason the author had marked it private since the last time I visited it.

• [1] http://ubuntulinuxtipstricks.blogspot.com.au/2011/05/blogging-against-disablism-day-asl.html
• [2] http://www.brainhe.com/TheSocialModelofDisabilityText.html
• [3] http://en.wikipedia.org/wiki/Ableism
• [4] http://en.wikipedia.org/wiki/Neurodiversity
• [5] http://www.imh.liu.se/avd_halsa_samhalle/filarkiv1/1.264263/JaarsmaWelin2011Autismasanaturalvariation.pdf
• [6] http://www.psychologytoday.com/blog/aspergers-diary/201202/is-aspergers-overdiagnosed

Related posts:

1. Autism vs Asperger Syndrome Diagnostic Changes for Autism Spectrum Disorders Currently Asperger Syndrome (AS)...
2. Is Asperger Syndrome a Good Thing? A meme that keeps going around is that Asperger Syndrome...
3. Autism Awareness and the Free Software Community It s Autism Awareness Month April is Autism Awareness month, there...

Part of our work to make it possible to use UEFI Secure Boot on Linux has been to improve our EFI variable support code. Right now this has a hardcoded assumption that variables are 1024 bytes or smaller, which was true in pre-1.0 versions of the EFI spec. Modern implementations allow the maximum variable size to be determined by the hardware, and with implementations using large key sizes and hashes 1024 bytes isn't really going to cut it. My first attempt at this was a little ugly but also fell foul of the fact that sysfs only allows writes of up to the size of a page - so 4KB on most of the platforms we're caring about. So I've now reimplemented it as a filesystem[1], which is trickier but avoids this problem nicely.

Things were almost working fine - I could read variables of arbitrary sizes, and I could write to existing variables. I was just finishing hooking up new variable creation, but in the process accidentally set the contents of the Boot0002 variable to 0xffffffff 0xffffffff 0x00000000. Boot* variables provide the UEFI firmware with the different configured boot devices on the system - they can point either at a raw device or at a bootloader on a device, and they can do so using various different namespaces. They have a defined format, as documented in chapter 9 of the UEFI spec. At boot time the boot manager reads the variables and attempts to boot from them in a configured order as found in the BootOrder variable.

Now, obviously, 0xffffffff 0x00000000 is unlikely to conform to the specification. And when I rebooted the machine, it gave me a flashing cursor and did nothing. Fair enough - I should be able to choose another boot path from the boot manager. Except the boot manager behaves identically, and I get a flashing cursor and nothing else.

I reported this to the EDK2 development list, and Andrew Fish (who invented EFI back in the 90s) pointed me at the code that's probably responsible. It's in the BDS (Boot Device Selection) library that's part of the UEFI reference implementation from Intel, and you can find it here. The relevant function is BdsLibVariableToOption, which is as follows (with irrelevant bits elided):

BdsLibVariableToOption (
  IN OUT LIST_ENTRY                   *BdsCommonOptionList,
  IN  CHAR16                          *VariableName
  )
 
  UINT16                    FilePathSize;
  UINT8                     *Variable;
  UINT8                     *TempPtr;
  UINTN                     VariableSize;
  VOID                      *LoadOptions;
  UINT32                    LoadOptionsSize;
  CHAR16                    *Description;
  //
  // Read the variable. We will never free this data.
  //
  Variable = BdsLibGetVariableAndSize (
              VariableName,
              &gEfiGlobalVariableGuid,
              &VariableSize
              );
  if (Variable == NULL)  
    return NULL;
   

So so far so good - we read the variable from flash and put it in Variable, Variable is now 0xffffffff 0xffffffff 0x00000000. If it hadn't existed we'd have skipped over and continued. VariableSize is 12.

  //
  // Get the option attribute
  //
  TempPtr   =  Variable;
  Attribute =  *(UINT32 *) Variable;
  TempPtr   += sizeof (UINT32);

Attribute is now 0xffffffff and TempPtr points to Variable + 4.

  //
  // Get the option's device path size
  //
  FilePathSize =  *(UINT16 *) TempPtr;
  TempPtr      += sizeof (UINT16);

FilePathSize is 0xffff, TempPtr points to Variable + 6.

  //
  // Get the option's description string size
  //
  TempPtr     += StrSize ((CHAR16 *) TempPtr);

TempPtr points to 0xffff 0x0000, so StrSize (which is basically strlen) will be 4. TempPtr now points to Variable + 10.

  //
  // Get the option's device path
  //
  DevicePath =  (EFI_DEVICE_PATH_PROTOCOL *) TempPtr;
  TempPtr    += FilePathSize;

TempPtr now points to Variable + 65545 (FilePathSize is 0xffff).

  LoadOptions     = TempPtr;
  LoadOptionsSize = (UINT32) (VariableSize - (UINTN) (TempPtr - Variable));

LoadOptionsSize is now 12 - (Variable + 65545 - Variable), or 12 - 65545, or -65533. But it's cast to an unsigned 32 bit integer, so it's actually 4294901763.

  Option->LoadOptions = AllocateZeroPool (LoadOptionsSize);
  ASSERT(Option->LoadOptions != NULL);

We attempt to allocate just under 4GB of RAM. This probably fails - if it does the boot manager exits. This probably means game over. But if it somehow succeeds:

CopyMem (Option->LoadOptions, LoadOptions, LoadOptionsSize);

we then proceed to read almost 4GB of content from uninitialised addresses, and since Variable was probably allocated below 4GB that almost certainly includes all of your PCI space (which is typically still below 4GB) and bits of your hardware probably generate very unhappy signals on the bus and you lose anyway.

So now I have a machine that won't boot, and the clear CMOS jumper doesn't clear the flash contents so I have no idea how to recover from it. And because this code is present in the Intel reference implementation, doing the same thing on most other UEFI machines would probably have the same outcome. Thankfully, it's not something people are likely to do by accident - using any of the standard interfaces will always generate a valid entry, so you could only trigger this when modifying variables by hand. But now I need to set up another test machine.

[1] All code in Linux will evolve until the point where it's implemented as a filesystem.

comments

A while ago I received a new desktop machine (8 cores, 8Gb of memory ...) at work. Since for the moment I kinda happy to work on my laptop using an external screen, I decided to put the hw to a good use and to explore a bit more some more exotic (at least for me) xen features. In particular I spend half a day playing with different xen network settings. The bridge model, that should work out of the shelf, is the easiest one. To setup this up, you basically need to specify a couple of options in the xend-config file and you're done. This is the "default" network configuration and is should work out of the box in most situations. Using this method, since all VMs' interfaces are bridged together (surprise !) with the public interface, your network card is left in promiscuous mode (not a big problem if you ask me...). Once your VMs are up, you can then decided to use your default dhcp server, autoconf your VMs with ipv6 only, or do nothing as you please. An other popular method, albeit a bit more complex, is to setup a natted network using the script network-nat (this one is an evolution of the third method that is 'network-routed') . I played with it, but since I wanted to have all my DomU on the same subnet, this setup wasn't satisfying for me. In particular, by default, 'network-nat' assigns a different subnet to each DomU. Using the natted set up you can also configure a local dhcp server to give private IPs to your VMs all done transparently by the xen network scripts. I've noticed that there is a bug in the xen script that does not make it very squeeze friendly. Since the default dhcp server in squeeze is isc-dhcp and few configuration files got shuffled in the process (notably /etc/dhcp3.conf is not /etc/dhcp/dhcp.conf) , the script needs a little fix to work properly. I'll report this bug sometimes soon... Goggling around I found a different setup that is called brouter, that is a hybrid between a bridge configuration and a routed configuration. This is the original (??) article well hidden in an old suse wiki.

I've done few modifications here to add natting. So basically, all virtual interfaces connected each to one DomU are linked together by a bridge (xenbr0). The bridge with address 10.0.0.1 is also the router of the subnet. All DomU are configured to used dhcp that assigns a new ip and specifies the router of the subnet. The dhcp server is configured to answer requests only on the xenb0 interface avoiding problems on the public network... routing is configured using iptables : Note that since the dhcp server is configured to give addresses only on the virtual network, we need to restart it after creating the bridge interface, otherwise isc-dhcp-server will refuse to run. Mum says that I should configure the bridge in /etc/network/interfaces to make the dhcp server happy at startup, but I felt a bit lazy, so I let to task to xen... In the next episode, I'll add ipv6 connectivity to the virtual subnet and then start playing with puppet... ipv6 is almost done, puppet... I started with the doc... The complete script from the suse wiki and with my modifications is below (only lightly tested):

I love this guy. He plays in Times Square and is totally into his synthesizer. I can watch him for hours. One day I will ask whether he was a professor and if yes, of what (music? philosophy? both?). If only I could retire by performing in a subway station with a keyboard and dancing dolls. . . Thanks to the update left in the comments, you can watch him in action and find out what type of professor he was/is.

I love this guy. He plays in Times Square and is totally into his synthesizer. I can watch him for hours. One day I will ask whether he was a professor and if yes, of what (music? philosophy? both?). If only I could retire by performing in a subway station with a keyboard and dancing dolls. . . Thanks to the update left in the comments, you can watch him in action and find out what type of professor he was/is.

This Sunday, we celebrate already 5 years since the initiation of the successful Save Carol Park civic action. Back then, the park and the mausoleum were in danger of being destroyed to make room for a cathedral, in spite of special status of the park, the already too low green spaces per capita ratio, in spite of the legal status and in spite of public opposition.

Nice to see it will be celebrated Sunday, 15th at 13:00 at Arenele Romane, and regular people being invited there (linked page in Romanian):

http://remuscernea.ro/2009/11/sarbatorim-5-ani-de-la-salvarea-parcului-carol/

I'll certainly be there!

<iframe frameborder="0" height="350" marginheight="0" marginwidth="0" scrolling="no" src="http://www.openstreetmap.org/export/embed.html?bbox=26.091198,44.41135,26.09513,44.414235&amp;layer=mapnik" style="border: 1px solid black" width="400"></iframe>
View Larger Map

This morning started with a call from my mom. She was calling to let us know that my grandmother had apparently taken a turn for the worse, and we didn t know how much time was left. Terah, Jacob, and I got dressed and went to the hospital to visit. Grandma had been in a partial coma that left her able to hear, nod, and hold hands, but unable to speak. Apparently she came out of it overnight, and was talking and even singing with my mom and aunt some. She seemed happy, loved to hear the old German prayers she grew up with. She said some memorable things I ll have to write about later too. By the time we got there, she wasn t that active anymore, and was about like she was yesterday. She could see us, and give our hands a squeeze, maybe nod occasionally. She drifted asleep often. One time when I saw she was awake with her eyes open, I lifted up Jacob to where she could see him. Immediately her face brightened, and I saw the biggest smile on her face that I d seen in days! She smiled and waved to him, and with a small bit of coaxing, he waved back. Then she wiggled her foot, and when Jacob noticed, he wiggled his foot back at her. He s 92 years younger than her, and they still managed to communicate just fine. Grandma held my hand for awhile this morning; she loves to have a hand or two to hold. My cousin showed up for a visit, and I was going to get up to let her sit down, and when grandma felt my hand leaving, she grabbed on tighter. I went around to the other side of the bed and held the other hand. In the last couple of days, grandma s hearing has become much sharper than before, and I m pretty sure her memory has too. When it was time for us to leave and go to church, I was holding her hand, looking into her eyes, saying goodbye, and how much I loved her. I got a hand squeeze, and saw a few tears at her eyes the first I can remember seeing that. As I pulled my hand away to leave, she once again grabbed tighter and was still looking at me. I think she thought this was the last time she d see me, and didn t want the moment to pass too quickly. But that also guaranteed that I d be back in the afternoon. It was Palm Sunday in church today, and as every year, the Palm Sunday celebration ends with Bill singing I walked today where Jesus walked while Dale carries in a heavy cross. Right when Bill is singing I climbed the hill on Calvary, where on the cross He died! , Dale is climbing the steps to the stage and laying the cross there. Hardly a dry eye in the room at that. For lunch, my parents were still hosting their monthly college student get-together/home cooking event which we usually attend too. After that, I dropped off Terah and Jacob at home, and went back to the hospital. By the time I had left, grandma had 27 visitors just today. When I arrived, my great uncle (her brother) and aunt were there, along with her pastor and a deacon from her church, plus my mom and my aunt. More people came and went throughout the afternoon, and I enjoyed visiting and hearing stories about the family and grandma all afternoon. She was sometimes awake and able to look at people, and sometimes deeply asleep. I heard her say God bless you to several people. It was awhile before I had a chance to go be with her, and when I did, she was asleep, so I sat beside her bed and held her hand for quite awhile, maybe an hour, while visiting with family in the room. At one point, a nurse came in to give her some more morphine by IV. I got up to get our of her way, but the nurse said, Don t think of it; I can work around you, and what you re doing is more important than what I m doing anyway. Some of her old friends from church came by, and prayed with her in German, and recited the words to some German hymns and poems, which I think she really enjoyed. Her eyes were closed through most of it, but when they got to the end of each item, they opened, saying thank you, I believe. Eventually things calmed down, and it was time for me to head home. Grandma was awake by then, and I looked at her and said goodbye, and that I was glad I got to see her again. We gave each other a final hand squeeze, and then she let go of my hand this time. I m glad I came back for sure. They say sometimes that people that are dying feel like they need permission to die, before they will let themselves go. I wondered if grandma was feeling that way today. But then I hear that my uncle, who is driving in from 8 hours away through wintry weather, called and ask that she be given this message: Tell mom that I m coming, but if Jesus gets there first, she should go with him. That might not work on everybody, but for her, it s the best way I could think of to give her permission.

Last saturday around 2100 (UTC-0400) some people started joining the #debian-ve IRC channel at OFTC, in order to participate on the very first Venezuelan Bugsquashing Party. We had a lot of people interested not only in squashing but also developing for Debian and other topics. Some DD’s were around, specially An bal Monsalve Salazar (anibal) who has been very helpful on testing and uploading packages. Both me and Jos Luis Rivas (ghostbar) made a couple of NMU’s (in his case, xfe and divine; in mine, sdr and orca), fixing six RC bugs. Jos Luis is like 17 or 18 years old and has proven to be a very energetic Debian collaborator. Other maintainers from Debian Venezuela (actually, we’re eleven persons as of last week) were around but couldn’t make a NMU at the time of the event. Others weren’t even present. It was a very small BSP indeed, but we learned lots of things and hopefully our work will help improving the quality in Debian a little bit. It also settles our desires as a group to improve our knowledge and work together to improve the Project without disrupting the overall ecosystem. By the way, the Venezuelan Debconf is definitely going to happen between October 17th. and 21st. Hopefully we’ll have Benjamin Mako Hill, Enrico Zini, Alvaro Lopez Ortega (OMG! Cherokee!) and Randal Schwartz sharing a nice time with people from all parts of Venezuela and the rest of South America. Some local Debian maintainers will set up some nice workshops and demonstrations, ranging from Xen and LTSP in Debian to QA and the local GNU/Linux distribution projects. This local Debconf is part of a larger event, the World Forum on Free Knowledge, which some people at Debian Venezuela help to make. Returning to the BSP topic, I was looking out at a couple of bugs out there, but I lack the hardware and the experience to handle them. One of this is #333915 and other orca bugs, and other one is #385078 regarding a Debconf script in xserver-xorg. The morning before the BTS I was testing the MBONE tools with a friend of mine, and we were quite unhappy by the fact that sdr was almost unusable (passing the mouse cursor over some buttons resulted in annoying notices). So, if you use sdr, please test the last NMU I sent, which fixes two bugs. Just for reference, the webpage where I keep my Debian-related work is here. The case where I learned most was #386938, regarding xserver’s FTBFS in s390. Events like BSP are a great way to motivate people to participate in the Project: while trying to learn anything about this bug I ended reading documentation from IBM, asking advice from someone with an S/390, sending a couple of emails to debian-s390@lists.d.o, browsing at a DD patch in upstream, looking at buildd logs, searching the Web for opcodes lists… usually trying to explain how all this pieces join in a sane way (most times; well, some times, well, seldomly) is quite difficult for someone who tries to promote Debian, but technical events like the BSP provide a really accurate way to see how things work in and around Debian.

My stay in Madrid has come to an end and I'm currently sitting at Ralf Treinen's place in Paris. I had a pretty good time in Madrid. Basically, I just did the usual stuff (i.e., too much Debian, too little work for my research) but there are a number of nice guys in the group I was working in and we had lots of fun. Earlier this week, we went to Teo's place who has this massive swimming pool. He recently organized a BBQ, which was good as well, with lots of Sangria... A few weeks ago, Diego (at whose place I stayed), Alvaro and his cute girlfried Yaiza went bowling. It was really good fun and it turned out that Diego is a real master, scoring several strikes after each other! Now that summer is coming, a number of people are leaving for other places. Israel went to Canada for three months a few weeks ago, Gregorio left for the UK a few days ago and my stay is over too. Overall I had a pretty good time, even though I'm not particularly happen that I didn't manage to go to the beach once even though I was in Spain for three months... The last time I was here at Ralf's place in Paris was just before DebConf1 in Bordeaux in 2001, which feels like eons ago. Anyway, I'm heading out to take a look at Notre Dame.

Tolimar, liw: Just to give an extra bit of ease, I know Alvaro Lopez, one of the talk's proponents. I am to some extent an instigator for this talk - Alvaro is definitively a Free Software guy. I know him for several years already. He has been as careful as possible, and told me about his frustration when the whole Nexenta mess erupted. As far as I can say, the cooperation intentions are as serious as you can expect from such a beast as Sun is - I cannot judge more, and I won't say more in this regard. I just assure you that this talk will not be a presentation on why Solaris is better than Hurd or anything like that. I trust Alvaro (and, transitively, I should also trust Simon). I do hope we get something interesting out of this talk.
[update] Alvaro has answered. I'm linking it here as he is not syndicated in Planet Debian.

I think I don't need to mention the usual suspects like Kurt Pfeifle and LinuxPrinting Tim. And even one I just flamed for not delivering his paper for DebConf in time: Alvaro Lopez Ortega. As already mentioned, he'is quite interested in creating a best of both worlds system. OpenSolaris kernel and Debian userland / tools. Encouraged him to continue and got some tipps for sun protection for Mexico in return ;)

Alvaro Lopez Ortega comments on my explanation of why I don't want the OpenSolaris panel talk at Debconf6. He misses the point: I am not objecting to OpenSolaris itself, but to having a talk about it at Debconf6. From my entry: "I [...] questioned the fact that Debconf6 will have a talk on OpenSolaris, when there are good Debian related talks rejected." I think that for a Debian development conference, having a talk about Debian is much, much more important than discussing OpenSolaris, or even co-operation between Debian and OpenSolaris. That is the core of my objection: OpenSolaris is not about Debian, and the talk is crowding out a talk about Debian. As a smaller issue, I do also happen to dislike the OpenSolaris license (the CDDL), and this makes me dislike having the OpenSolaris talk (instead of a Debian one) even more. I have sufficient grounds for disliking it in the fact that it is Yet Another License. More importantly, it seems to be incompatible with the GPL, which causes all sorts of unpleasant complications if Debian wanted to use OpenSolaris code. Further, it seems unclear that the CDDL fills the requirements of the Debian Free Software Guidelines. The result: there is little room for co-operation between Debian and OpenSolaris. This doesn't mean OpenSolaris is evil or that it needs to be shunned. I'm perfectly happy with non-free software, but not in the Debian context. The license issue can, however, be disregarded completely, when arguing about having this talk at Debconf6, as far as I care. I want to see a Debian conference concentrate on making Debian better, and not on making OpenSolaris better. If there were free slots in the conference programme, I wouldn't mind, but there aren't. All slots are full, and Debian specific talks have been rejected in favor of the OpenSolaris talk. That is what irks me. Note also that I'm not criticizing the people who want to give this talk (or hold the panel, or whatever), only the Debconf6 talks committee. And I did that in private, I didn't drag it into public.

Tolimar, liw: Just to give an extra bit of ease, I know Alvaro Lopez, one of the talk's proponents. I am to some extent an instigator for this talk - Alvaro is definitively a Free Software guy. I know him for several years already. He has been as careful as possible, and told me about his frustration when the whole Nexenta mess erupted. As far as I can say, the cooperation intentions are as serious as you can expect from such a beast as Sun is - I cannot judge more, and I won't say more in this regard. I just assure you that this talk will not be a presentation on why Solaris is better than Hurd or anything like that. I trust Alvaro (and, transitively, I should also trust Simon). I do hope we get something interesting out of this talk.
[update] Alvaro has answered. I'm linking it here as he is not syndicated in Planet Debian.

After many hours capturing some videos from DebConf-es II, i realize that the inaguration act is not recorded. The tape is as virgin as originally. Aggggh!!! The hardware will be hot this cold night recoding audio and video.

In my new computer, a HP nx8220, i have failed for the third time trying to load the wifi card firmware. I though this wouldn't be a problem, in my old acer i had it running almost without problems. Alvaro, my companion, has obtained it in the same portatil some hours ago. I have lost ;-)