Sep 192007

Hi all… Two issues to raise here:

binutils-config and the missing ldscripts/elf64btsmip.xr reference

It seems this problem seems to be happening to quite a few people. If you follow the Gentoo/MIPS handbook to-the-letter with the present version of binutils-config, you wind up with this:

moosehead linux- # make vmlinux.32 modules CROSS_COMPILE=mips64-unknown-linux-gnu-
CHK include/linux/version.h
CHK include/linux/utsrelease.h
Checking missing-syscalls for N32
CALL scripts/
Checking missing-syscalls for O32
CALL scripts/
CALL scripts/
CHK include/linux/compile.h
LD init/mounts.o
mips64-unknown-linux-gnu-ld: cannot open linker script file ldscripts/elf64btsmip.xr: No such file or directory

The fix… update to binutils-config-1.9-r4 or newer, then run binutils-config –mips && . /etc/profile before trying your kernel build again. For further details, see bug #171486. Gentoo 2007.1 (next release) will fix this issue.

Heads Up

As some of you may know, I’m nearing the end of my double degree (Bachelor of IT/Bachelor of Electronic Engineering), and part of that involves getting 60 days industrial experience. I’ve applied to a number of companies — some of these positions will take me to rural locations where I may not have a permanent internet connection (or even reliable dialup).

Thus, during this upcoming summer break (between mid November through to late February), I may wind up going on a temporary hiatus from Gentoo. None of this is definite at this stage, nobody that I’ve contacted has gotten in touch to line up an interview however I figure I may as well post this here now so that the me disappearing doesn’t come out-of-the-blue.

The plan if I do wind up temporarily moving: I’ll try and get 2007.1 pushed out the door before I leave. This will focus on newer stages for MIPS1 and MIPS4 little-endian targets. I’ll set up both Lemote boxes here so that other Gentoo devs can gain access to them whilst I’m away. If I can get any internet service at all, I’ll be around to answer queries, and maybe do some limited work via SSH, but testing X or audio apps are out of the question.

As I say, none of this is definite, and I may wind up getting my experience somewhere here in Brisbane (ideal case). That said… given my stress levels lately, they say a change is as good as a holiday… maybe a few months living in a country town is just what I need.

Aug 312007

Hi All… figured I’d thank you for the support, and better explain my emotional ramblings (as I lie here trying to wind down and sleep, battling a 15″ CRT that wants to emulate a disco light).

A little about my personal life. I certainly realise I’ve had it a lot easier than some, but I’ve had some rough moments.

This includes witnessing a marriage breakup of my parents back in the early 90’s. (Being the ham in the sandwitch is no fun at all.) Bullying both verbally and physically over my years at school, not just from individuals, but from entire classes. Even some sexual abuse (from a female student, more on that later).

So it’s little wonder that I am sometimes a bit on the fragile side. Am I looking at blaming others for my problems? Well no. I’ve moved on for the most part.

This includes the one case of sexual abuse. Without going into details, it was back in 1992, and involved a year 7 female student at my primary school. I’m not planning on hunting her down though. If I do happen to come into contact, I only wish to know two things:

  • Has she committed the same act on others?
  • (most important) Has she gotten help for her psychological condition?

What I’ve heard… this kind of abuse starts when the abuser themselves, is abused in some manner. I’m willing to forgive (not forget) the act if the guilty party is willing to, or has, undergone some rehabilitation & councelling on the matter.

As for the bullying… the worst of it occurred in 1995. I don’t exaggerate when I say I had a good 20 or so students from the year 6 class ganging up on me. I don’t recall every incident, but I do recall getting surrounded and screamed at.

It didn’t help that I didn’t get along at all with my teacher at the time. The problem solved itself however… the main ring leader wound up switching to BBC and the group kinda collapsed. The teacher also wound up switching schools if I recall, not sure of the exact reasons.

So yeah, I carry a bit of baggage around with me. I don’t let it stop me with what I’m doing now… and it has very little to do with my outburst a few days ago — which was brought on by more recent issues.

Right now… I’ve been trying to wrap my head around some telecommunications topics for an exam I have on Tuesday. (I’m repeating the subject from last year — so I really want to pass this time.)

Progress has been slow however, since I haven’t completely grasped all the concepts. My apathy/laziness and a sub-optimal teaching method (for me, not everyone learns the same way) are likely to blame there.

Needless to say, I’ll be looking forward to the upcomming Christmas/New Year break. I’ll like it even better if I can put these engineering skills of mine to some constructive use.

Aug 272007

Well… now that I’ve redirected most of the major viewers to a safer feed, I can now drop a few bombshells and let off some steam without making Linux distributions look bad.

The last 12 months have been a bit of a roller coaster ride for me. Specifically, it has been events at university, and the stress brought on by these events that have lead to me getting burned out. No longer have I any interest in persuing a career in IT or electrical engineering, or continuing with life in general.

Early last year, I was looking forward to finishing my degree, and ideally working with some embedded systems, as that was what I seemed to enjoy. The idea of getting useful software onto an embedded computer (with limited memory, storage and CPU power), then stuffing that computer inside some package appealed to me.

In a way, it kinda still does… but not to the same extent. See, my big problem is that I’m not able to play the social game, and have no desire to. While some are not happy unless they’re chattering away with the big boys in the posh end of town — I’m more comfortable sitting back in a quiet space working on whatever projects interest me at that moment in time.

I do have quite a few technical abilities, and some social qualities that are considered highly valuable by many employers — however, what they get is a package deal, and it’s some of my personal traits that could make it a deal breaker at the interview. Put simply, interviews do not suit me or people like me. Which is a shame, since it’s people like this, that gave us many of the advances we have today including AC power generation and modern computers.

My situation at the moment is this. Make no mistake right now, I am in a suicidal state mentally. I however, don’t want to put undue stress on those that I’m working with within the university… thus I won’t be enacting on any plans until next year. If things don’t go well this year, I may well be a corpse around March next year.

Essentially, my problem revolves around the fact that I see no worthwhile future at this moment in time. If I can’t gain employment, then I’ve got no means to support myself — I’ll wind up on the streets. I’d rather jump now whilst I have some dignity, then wait until I sink to the bottom of society.

I’m in talks with various medical people at the moment… so far this has largely been a waste of time and money. I’ve been following the advice given, but so far haven’t had any real resolution to the issues that I face. My biggest problem, is that not being a socialite, more or less means that my skills are not in an easily accessible form. Thus, people conclude that I have nothing to offer them.

They see me as an ordinary person who should understand the unwritten rules of social behaviour. I mention that I have AS, the usual retort is, “You look fine to me…” Yes, I do look fine. I have good vision (slightly myopic, but acceptable), good hearing, etc. I have both arms and legs fully intact and operational. I have no mobility problems and my mental abilities are fine. But this does not mean that I react the same way as everybody else. It’s this total lack of understanding for people like myself that has me on the brink of suicide.

And no, pills aren’t the answer here … not unless you want to try and medicate 6.1 billion people who have the lack-of-understanding disease. Indeed, it’s not just AS, it’s other conditions too: being of a particular ethnicity, various forms of disabilities (mental, physical and social/communicative), demographics… you name it.

It’s something that really gets up my nose about society today. The bigger we get, the less we care. If this is how the world is going, then count me out — this is not a world in which I wish to participate.

May 112007

Hi All…

Here at uni (Room S825, S-Block, QUT Gardens Point) someone started a drawing of some penguins getting alarmed at a Windows Vista logo on one of the whiteboards. Over time, this little cartoon has evolved, and thus I figured I better get a shot of it before it disappears. It symbolises the battles between various operating systems — mainly the OS zealots. Of course, things aren’t really quite like this, there is quite a bit of co-operation between the various platforms, with a few notable exceptions.
Anyway… here it is… enjoy. 🙂 As always, click the image for an enlarged version.

War of the operating systems

Mar 242007

Hi All…

I know many of you are in the web development and security arenas… I figured I’d throw this idea up for everyone to have a look at.

Authenticating users on a website can be quite a challenge at times.  Sometimes, HTTP Basic authentication is all that’s required, re-sending the password with each request.  But the problem with this; is that someone can intercept the username and password, thus knows everything needed to establish a new session.

HTTP Digest authentication is good; but MD5 isn’t as strong as other hashing algorithms available, and more importantly, it assumes the server knows the exact password.  But what if you’re hashing the password?  Also, this doesn’t necessarily solve the issue of session hijacking.

Thus what I have come up with, is “Challenge-Response Digest Authentication”.  My rationale for this method of authentication and session management is as follows:

  1. Remove the need for the cleartext password to be stored or transmitted.  Using CRDA, only the hash of the password needs to be stored.
  2. The remote user still needs to demonstrate knowledge of the password (or rather, its hash)
  3. Various aspects of the client, such as the IP address and user agent, are used when generating the hash, making session hijacking more difficult.

So, how does this actually work?  Well, in a web application scenario, it requires JavaScript on the client side to implement the hashing algorithm (in my case, I’ve settled on SHA1).  The initial authentication phase works as follows:

  1. Remote client makes a request to log in by requesting the login form.
  2. The server generates a session ID, which is the hash of the following (in this order):
    • IP Address of client (from the server’s perspective)
    • Client User Agent
    • A random salt string
  3. The server responds by sending back the requested form; Included on the page in the JavaScript code, are values for a random salt and the IP address of the client.  A cookie containing the session ID could also be included — or on more advanced clients, could be determined by the client.
  4. On submitting the form, client side JavaScript takes the information provided, and generates a hash of the following data (in this order):
    • IP Address of client
    • User Agent in use
    • The random salt given
    • The username
    • The hash of the password

    The cookie generated earlier is passed back to the server as well so it can look up the salt value.

  5. The server receives the session ID (via cookie) as well as the username and response (via HTTP POST), looks up the salt for that session ID, then checks the following:
    • The session ID is valid for the given IP and user agent
    • The response is valid

If successful, the server generates a random nonce value, and passes this back to the client.  The session key to be used from this point forward, is the hash of the following information:

  • IP Address
  • User Agent
  • Random Salt
  • Nonce value

The nonce is then updated at regular intervals.  On an intelligent client, the raw nonce value could be passed back right at the start, and stored — the client incrementing it when told by the server.  On a simpler client, the key may get passed back and forward.

For each request after this initial authentication step, a cookie should be passed to the server containing the following string: “SessionID:SessionKey”.

Anyways… those are my ideas.  I know there are problems with this; most notably, is the effectiveness of hashing when you hash something twice.  I know that SHA1 is less effective in this instance — but the question is, how much less effective?  I figure it’s not really enough to be worried about, but then again, I know there are people who work in this field, and thus will know more about it than me.

I’m still tinkering at this stage, I’ve got a small proof-of-concept webapp going that utilises this scheme at a basic level, and I’ll keep poking at it for now, but I’d be interested in hearing other people’s thoughts on whether this would be effective against preventing session hijacking and keeping a site secure.

Mar 112007

Hi All…

At the moment, stresses are running high.  Exactly why, I’m not sure, but it seems everyone is on edge.  And I don’t just mean the Gentoo Development community — I mean elsewhere too.  Everyone seems to be edgy for reasons I cannot fathom.

I’m not going to speculate about what could be causing this stress… I know in my case, the tense atmosphere has had an impact.  I’m nowhere near the point of doing anything irrational like suicide (I know this will create more problems than it will solve), but I am noticing that I’m not in my usual “stable” mental state.  I think in my case, there are a few factors in play…

  • At university, I’m doing a subject entitled “Core Project Initiation”, which heavily depends on groupwork.  We have to form groups of 5 people or so, choose a project, find a project supervisor (typically other lecturers at QUT), then work towards implementing a prototype.  The first assessment item, is due this Friday, and more or less requires the group to be formed.  After having two attempts at forming a group fail, I’ve been in contact with the lecturers and am in urgent need to get into a group.  Basically, if by Wednesday, I’m not in a group — I’ll pull out of the subject, it’s just not going to be viable for me to continue.
  • Last semester was rather stressful, having had two major stuffups by the university (in one case, a lost exam paper; in a second, a breech of examination procedure), and winding up failing a telecommunications subject for seemingly unknown reasons.  A total lack of feedback was a big factor — there was nothing to suggest I was offtrack, yet, I got a 2 (7-point scale) as my grade for the subject in question.
  • I’m still looking around for work.  I’m quite conscious that I’m basically living out of my father’s back pocket — have been for some time now.  This has been playing on my mind a lot lately.  I know that without any work, I can forget passing my degree, I can forget moving out of home at some point.  And luxuries like attending LCA2008 are definitely out of the question.  I’ve applied to several positions over the last few months without success.
  • The weather has been rather hot and humid lately, enough to shorten the fuses of most people.  Add to that the fact that Brisbane (like much of Australia) is in drought, and that the dam levels are dropping to alarmingly low levels.
  • Then there’s the censorship debate that’s been raging on for the past fortnight on both gentoo-dev and gentoo-core.

Some of these problems are aggrivated by communications issues stemming from my Asperger’s Syndrome.  Stress is not something I handle well, with depression being quite common in such circumstances.  I’m in the happy position that I haven’t needed any medication to keep things under control however — I intend to keep things that way if I can.  Right now, I’ve just detected abnormalities in my behaviour, and thus know something is up.
At this point, I’m certainly not planning on resigning from Gentoo.  My builds for MIPS1 (little endian) are progressing, having just started Stage 2 this evening.  There’s no major issues to deal with at this time, and I hope to have these out soon.  I’ve also picked a fight with µClibc trying to bash out updated stages — managed to mess something up rather badly there, but I’ll hopefully get that straightened out and have some netboot images for you.

Presently, I’ve got stuff in my personal life that needs my attention first.  Thus, I’ll be “away” for the next fortnight whilst things settle down locally.  I’ll be contactable by email, and may be on IRC sporadically — but I don’t expect to be doing a hell of a lot.  I need some time to reduce some of the external pressure, get myself mentally ontrack again.  Hopefully when I return, not only will things have calmed down around here, but people within Gentoo, and perhaps others globally, might have settled down too.

In short, I’ll be around, just laying low for a while.

Sep 172006

I mentioned in a previous post that I was looking for a web applet for playing FLAC audio. This search still continues, however, in the meantime I’ve gone ahead and set up the site to use a browser plugin instead, with a fallback letting people download the files manually.

So now, we’re now open for business, and seeking people with good hearing and some time to spare, to help us out in this survey.

This is part of a group project for university. I intend to keep the project running as long as I can. For the purposes of this assignment, I need some data by Friday, the 22nd of October. I intend to make the results of this survey publically available.

To do the test, you’ll need:

  • A player or browser plugin supporting the MP3, Vorbis, AAC and FLAC formats. (Such as mplayerplug-in with the FLAC support patch)
  • A broadband internet connection (if streaming)
  • A decent sound system
  • Low/no ambient noise

Those wishing to participate, please see the project homepage.

Sep 072006

Hi All…

As part of my university studies, I’m doing a bit of statistics work (you know… normal distributions, Kolmogerov-Smirnov tests, ANOVA…etc.). As part of this subject, we all have to do a group project, the subject of which being chosen by us.

The three of us have put our heads together, and have decided to do a formal study to compare 3 audio codecs: AAC, MP3 and Ogg/Vorbis. I’ll announce the full details on this project closer to the date.  Put simply, it’s a study I’ve been wanting to do for a while, and university has basically given me an excuse to go ahead with it. 🙂
The plan, is to conduct listening tests online, by constructing a variety of audio samples — half encoded using a lossy codec, the rest left as-is, and asking the listener to rate the quality level. In order to prevent skewing of the results though, these samples need to be distributed in a lossless form. And here, lies a problem.

There are a couple of options, the obvious one is to not compress the samples at all, but to leave them as plain AIFF or WAV, but that’ll be wasteful. The other, is to use a lossless codec such as FLAC, and in here lies my problem.

Most Linux users, will have little problem playing FLAC audio, that isn’t the issue. On Gentoo, set USE="flac", and Portage pretty much looks after it from there. However, I suspect many of the people will be using Windows, and may not be in a position to install a codec pack (such as the OggDS codec pack). So the ideal, would be to use some sort of java-based or flash-based player (with the option there to allow external playback).

My question… Does anyone know of a decent web-based FLAC player applet, that I can use to embed FLAC audio on a web page?

Aug 272006

Yep… now almost 3 years into my double degree… it’s comming high time that I actually got out there, and did some Electrical Engineering work for people. Needless to say, I had a crash course today in writing CVs, cover letters, and using LaTex. That said, I’m happy with the results so far, and having submitted an application to 3 companies, it’s now a case of waiting for a response, and looking around for other companies to pester.

Employers in the Brisbane area: If you’re after an extra pair of hands for the upcomming summer break, let me know. As part of my university studies, I need to do 60 hours work experience in the Electrical Engineering field. Ideally, I’m after some work doing telecommunications, digital design, embedded systems development or control systems, as these are the areas I’m most comfortable with. My CV is here … if I look like a good candidate to fill a position, shoot me an email, and we’ll negotiate. 🙂