The Armchair Politician

Normally, I’m comfortable with Gnome. It’s a great desktop environment, is reasonably useable (moreso than its competitor, KDE), and is acceptably pretty. The tools just work.

At least, that is, until things break.

Apparently, a recent update to Debian’s X.org broke compatibility with my video card driver, preventing me from logging into my desktop. Normally, I would use command-line tools to connect to the Internet, fix it, and resume my daily life. Such is the beauty of Linux: when things break, you can always go one step before the broken part, and fix it. Only, recent additions to Gnome have made things far more difficult than they need to be.

Firstly, in order to download fixed versions of the packages, I need to be connected to the Internet. Gnome provides a tool called NetworkManager which automagically detects wireless networks around you, connects to ones you’ve told it to allow, and generally stays out of your way. It’s a pretty damned useful tool, and is a lot nicer than how Windows handles wireless/wired network connectivity.

The problem is, I’m on the Georgia Tech campus. Which requires a WEP key to access their network. NetworkManager stores the key, so I don’t need to remember it (and it’s a random hexidecimal value as opposed to an easily-remembered word). But there don’t appear to be any command-line tools to manipulate NetworkManager, which means I can’t have it connect for me. I’ve got to find that WEP key.

Well, Gnome provides a keyring, which stores all of your passwords in one centrally-managed area. This way, you only have to remember one password which unlocks your keyring, and the keyring is responsible for providing specific applications with the correct username and password required. Also a great idea: in a world where we can have dozens if not hundreds of usernames and passwords (and rightly so, reuse of passwords can be extremely dangerous, since someone discovering one can have virtually unlimited access to anything that password goes to), it’s a great way of keeping the things you have to remember low, while still maintaining good security.

Only, there’s no command-line tools for it either. It encrypts the passwords before placing them on disk, and it appears that there’s no way to retrieve these passwords from the file without running the GUI application. The file-format is documented, which is great, but it’s virtually useless for quick, command-line retrieval of passwords. Bad.

The net of it was that I ended up having to bum the key off of some other student, then get to actually fixing my display driver. It should have been as easy as something like

nm-connect <essid>

or

gnome-keyring-retrieve --program network-manager <essid>

Writing sky-high abstractions like desktop environments and the tools to navigate them is great, but please provide shell tools so we can access things that aren’t in a plaintext config file (i.e., encrypted passwords), or manipulate running daemons (i.e., network-manager). Examples of this are, respectively, gconftool (allows easy command-line access to the gconf configuration daemon) and gnome-screensaver-command (lets you manipulate the gnome-screensaver from within a script). More tools like these are sorely needed.

I went to the orientation for graduate students at Georgia Tech today. The campus is incredibly neat; you hardly feel that you’re in the city.

I’m glad I finally got a lot of this stuff sorted out. Finally had my student account (and thus email, etc.) activated, so I can finally catch up on departmental stuff I’d missed so far. Which, apparently isn’t much because they’d forgotten to add me to the mailing list for incoming Computer Science graduate students. So far, I apparently missed the fact that I’ll need to go back Thursday and Friday for the CoC orientation. At least I found out in time, no?

They have a campus-wide wireless network, obviously. However, it can be slightly annoying to use for anyone with NetworkManager under Linux. Thankfully, NM is somewhat easily configured to connect seamlessly.

First, the Georgia Tech wireless ESSID is hidden. This normally isn’t a problem, but they have a parallell service being offered whose ESSID is broadcast. However, this is a pay-for service meant for campus visitors only. The problem is, if you’ve connected to it (which is somewhat necessary in order to find the ESSID and WEP key for LAWN, the service provided free for students), NetworkManager prioritizes this network over the one you truly want.

Not too tough to get around, just slightly annoying. To remove NetworkManager’s memory of the network, run the following command (which purges it from gconf).

gconftool --recursive-unset /system/networking/wireless/networks/FASTPASS

Now that that’s out of the way, we need to do a few more things. First, NetworkManager detects that a network with a hidden ESSID exists based on its AP MAC address. Since multiple access points cover the campus network, you’ll need to have all of these added to the network profile so it reliably detects the network all around campus. If all of these are not set, you’ll have to re-enter the ESSID and WEP key whenever you’re in an area of campus you haven’t been before. This will likely mean another trip to the pay-for network, where you can (for free) look up these values. But, you’ll have to purge the information from gconf again, with the command above.

My current list of access points is:

• 00:03:93:ED:EC:B8
• 00:0F:8F:3D:D7:81
• 00:0F:8F:3D:D8:31
• 00:0F:8F:3D:D9:D1
• 00:0F:8F:3D:E4:11
• 00:0F:8F:3D:E4:51
• 00:0F:8F:3D:E4:61
• 00:0F:8F:3D:E4:D1
• 00:0F:8F:40:7B:D1
• 00:0F:8F:40:7E:C1
• 00:0F:8F:40:7F:81
• 00:0F:8F:40:82:D1
• 00:11:20:4B:FB:01
• 00:11:20:4C:01:B1
• 00:11:20:52:C9:01
• 00:11:5C:A1:B2:A1
• 00:11:5C:A1:B4:11
• 00:11:5C:A1:B4:41
• 00:11:5C:A1:B4:81
• 00:11:5C:A1:B5:01
• 00:11:5C:A1:B5:11
• 00:11:5C:A1:B5:41
• 00:11:5C:A1:B5:D1
• 00:11:5C:A1:B5:F1
• 00:11:5C:A1:B6:11
• 00:11:5C:A1:BE:E1
• 00:11:5C:A1:BF:31
• 00:11:5C:A1:BF:41
• 00:11:5C:D4:7E:A1
• 00:13:5F:55:15:91
• 00:13:5F:55:17:61
• 00:13:5F:55:17:E1
• 00:13:5F:55:18:D1
• 00:13:5F:55:19:F1
• 00:13:5F:55:2C:A1
• 00:13:5F:55:34:31
• 00:13:5F:59:17:C0
• 00:13:5F:59:2C:80
• 00:13:7F:BB:40:21
• 00:13:7F:BB:41:A1
• 00:13:7F:BB:41:B1
• 00:13:7F:BB:41:D0
• 00:13:7F:BB:44:81
• 00:13:7F:BB:44:F1
• 00:13:7F:BB:45:71
• 00:13:7F:BB:45:B1
• 00:13:80:94:43:31
• 00:13:80:94:47:91
• 00:13:80:94:52:71
• 00:13:80:94:52:A1
• 00:13:80:94:5D:51
• 00:13:80:94:5E:51
• 00:13:80:94:5F:51
• 00:13:80:94:60:61
• 00:15:2B:42:50:81

I’ll (hopefully) add more as I come across them later on.

The gconf command to insert these is

gconftool --set /system/networking/wireless/networks/GTwireless/bssids -t list --list-type string "[00:13:5F:55:18:D1, 00:13:5F:55:19:F1, 00:13:5F:55:15:91, 00:13:7F:BB:40:21, 00:0F:8F:40:7E:C1, 00:0F:8F:3D:D7:81, 00:11:5C:A1:B5:D1, 00:11:5C:A1:BE:E1, 00:13:7F:BB:44:F1, 00:11:5C:A1:B6:11, 00:11:5C:A1:BF:41, 00:11:5C:A1:BF:31, 00:13:5F:55:34:31, 00:13:5F:55:17:61, 00:11:5C:A1:B5:01, 00:11:5C:A1:B2:A1, 00:0F:8F:3D:D8:31, 00:0F:8F:3D:E4:51, 00:13:80:94:60:61, 00:13:7F:BB:45:71, 00:13:7F:BB:45:B1, 00:0F:8F:3D:E4:61, 00:0F:8F:40:7B:D1, 00:0F:8F:3D:E4:D1, 00:13:7F:BB:41:D0, 00:11:5C:A1:B5:11, 00:0F:8F:40:7F:81, 00:11:5C:A1:B4:11, 00:0F:8F:3D:E4:11, 00:0F:8F:40:82:D1, 00:03:93:ED:EC:B8, 00:11:5C:A1:B5:41, 00:11:5C:A1:B5:F1, 00:11:5C:D4:7E:A1, 00:11:5C:A1:B4:81, 00:13:7F:BB:41:A1, 00:13:80:94:5E:51, 00:13:7F:BB:44:81, 00:13:80:94:43:31, 00:13:7F:BB:41:B1, 00:13:80:94:5F:51, 00:13:80:94:47:91, 00:15:2B:42:50:81, 00:11:20:4C:01:B1, 00:13:80:94:52:71, 00:11:20:52:C9:01, 00:13:5F:55:2C:A1, 00:13:5F:55:17:E1, 00:13:5F:59:2C:80, 00:13:5F:59:17:C0, 00:11:5C:A1:B4:41, 00:11:20:4B:FB:01, 00:13:80:94:5D:51, 00:0F:8F:3D:D9:D1, 00:13:80:94:52:A1]"

Note to any Georgia Tech staff reading my page: this will not give you campus access. It will only ensure that NetworkManager detects the wireless connection in the areas serviced by these access points.

We’re almost done. If you’ve connected to LAWN and fired up your web browser, you will find that you’re redirected to a login page, where you have to enter your student account name and password. This is easy enough to do, but we can automate it, so you never have to see this page again. Thankfully, the folks at Georgia Tech who set this system up were kind enough to give a few niceties to Linux users, and include an easy API over the command-line, through tools like curl or wget. I prefer wget, so the script I use to automate this login uses it. However, instructions to use cURL are on the LAWN information page.

NetworkManager lets you drop scripts into /etc/NetworkManager/dispatcher.d/ which get run whenever it brings up an interface. I’ve attached the script I wrote to automate this login process. It’s nothing complicated, but it does ensure that an exit status of 0 is set when access is granted or when you’re doing anything other than bringing up the Georgia Tech wireless network (i.e., it does nothing when you’re connecting to other networks), and it returns 1 upon failure. This is opposite from the return values they give you, but oh well.

Drop this script into /etc/NetworkManager/dispatcher.d/99gtwireless. Once you’ve done so, run

sudo chmod 700 /etc/NetworkManager/dispatcher.d/99gtwireless

This will allow it to be executed, and prevent it from being read by other users on the system. Second, replace the USERNAME and PASSWORD variables with your personal Georgia Tech student account information. Yes, these will be saved in plaintext on your hard drive. However, the earlier chmod to 700 should be sufficient in preventing normal users from accessing its contents. Make your own decision about the potential security implication of storing passwords on your hard drive. For me, I consider this relatively little risk. I’m the only user of my laptop, and the aforementioned chmod is enough to prevent casual users from stumbling upon it. But, to each his own.

Using unstable, I recently upgraded to CUPS 1.2. Suddenly, printers I’d been able to see exported over my company’s network are suspiciously missing. And any time I try and add a printer, I see no drivers available (yes, I have cupsys-drivers-gutenprint installed). What a pain.

It’s a little hard to get paid when I can’t print out my timesheets

In a few weeks, I’ll be starting graduate-level Computer Science courses at Georgia Tech. Tuition will be a few thousand dollars, plus I’m trying to save up to move into campus housing next semester.

None of this, however, sits well with the fact that I like to spend money.

I make enough at my job so that this doesn’t end up being too much of a problem, but I’m not a very good saver. I need goals, or something to motivate me to put money away. Graduate school is probably as good a reason as any, so I’m giving GnuCash another whirl. This isn’t my first time using it, but I’ve kept up for a month now, so with any luck I’ll be able to stick with it.

Basically, GnuCash is your standard accounting program, similar (I assume) to Quicken, Quickbooks, and the other bevy of personal accounting software. Only, GnuCash is available for Linux.

It’s got a ton of useful features. Standard, of course, is double-entry bookkeeping. When you enter an expense, for example, you tell it that the expense comes from some Asset of yours (i.e., a bank account or wallet) or adds to a liability such as a credit card. This way, any expense you make or income you receive is automatically synchronized between the two places. It becomes trivial to then monitor your expenses and income while still keeping accurate records of your financial situation.

More cool things include the ability to automagically track stock and mutual fund prices over the Internet, calculate tax liabilities (although admittedly, I still have to actually set this up…), present charts, graphs, and diagrams for things like expenses and net worth, plan budgets, reconcile your accounts, and so on.

Already I’m noticing places where I can tighten my belt a little, like eating out. At work, I go out for lunch almost daily, which adds up to a few hundred every month. Cutting back on that should significantly increase the amount I can save. I’m also rather prone to impulse purchases — mostly books and games. I don’t think I’ll stop with that, but at least I can monitor how much I’m spending on these types of purchases, and ensure it doesn’t go over a reasonable amount. It’ll also hopefully encourage me to hold off on some borderline impulse buys, if I see I’m hemmorhaging money.

At any rate, by using it I’ve already been saving up a lot more money than I had previously. This, incidentally, saved my ass when I got a notice from the IRS that I’d miscalculated on my taxes. I’ll leave it as an exercise to the reader to figure out in which direction.

From the debian-devel mailing list:

Package: wnpp
Severity: wishlist

* Package name : apt-gentoo
Version : 0.0.1
* URL : http://www-jcsu.jesus.cam.ac.uk/~mma29/apt-gentoo/
* License : GPL version 2 or above
Description : enhanced package installation

apt-gentoo enhances the Debian package installation experience to make it fully competitive with newly-popular source-based distributions.

As packages are installed, apt-gentoo automatically downloads their build logs from the buildd network. The logs are then slowly scrolled past on the user’s terminal to simulate building the software on the local machine.

apt-gentoo optionally, and by default, gives increased realism by spinning the CPU in a tight loop between build log lines, and writing large files to disk.

An additional utility apt-gentoo-benchmark is included to tune the delay loops for your hardware by finding the length of time taken by typical compiler and linker runs. (On slow or low-memory hardware we recommend leaving these values at their defaults.)

A preliminary package of apt-gentoo is available at http://www-jcsu.jesus.cam.ac.uk/~mma29/apt-gentoo/

I really can’t think of anything additional to say that could in any way compliment the amount of wonderful that this post was.

I did something useful. I’ve written a script called findproxy which will automagically find an open, highly anonymous proxy server that accepts connections to a specified host on a specified port.

For instance, my place of work blocks AIM access. No problem; just configure the script to try and connect to AIM’s login server (login.oscar.aol.com) on the AIM port (5190) and let ‘er fly. It will output a list of proxy servers which are up and allow forwarding to that port. Configure AIM to use that proxy, and you’re done.

It’s for the bash shell, so it it will not work for you Windows users out there.

Well, in addition to school, work, being a research assistant, Model UN, the Pump it Up pad, and all my other ventures, I’ve decided to make an attempt at becoming a Debian Developer. Debian is a distribution of my operating system of choice, Linux, and is always looking for more volunteers committed to writing high quality free software.
Continue Reading »