Mini Software review: TrueCrypt

June 3, 2005 ~ Enno ~ 2 Comments

I originally had a category for software in this blog because I wanted to rant and rave about little-known software that I use, and I seem to have forgotten about that lately.

So this post here is dedicated to TrueCrypt. Truecrypt is a Windows program lets you encrypt drives on your PC so they can only be accessed after entering a keyphrase, very much like PGPdrive, only better and free.

Why do I need something like this? To tell the truth, not everything on my work PC is work-related, there’s quite a bit of private information on my PC. Why should that priate stuff be readable for anybody who can get my computer? I’ve taken over computers from previous employees myself, and found their personal data still on the hard drive.

TrueCrypt has two different ways of drive encryption. You can either create a virtual drive inside a large file in the regular filesystem and mount it, or encrypt an entire partition (which is what I do). It offers a wide range of encryption methods, and even lets you create hidden volumes which provide you with plausible deniability.

Final Rating: 6 points.

Using TrueCrypt drives is very smooth. They are a little slower than regular hard disk access, but I’m not storing swap files there, so it doesn’t really matter at all. The only thing I would like is remounting of drives after login, and a way to keep shared folders on the drive shared from one session to the next. Right now, when Windows boots, it finds that the drive no longer exists and removes the share.

[ media | Ananda Shankar – Snow Flower ]

Blog upgrades

May 21, 2005 ~ Enno ~ Leave a comment

One of my avatars I’ve added gravatar support to the comments section, so if you have a registered avatar at that site and use the same email in the comments section, your image will show up. Of course, my own avatar is still in the review process, so I can’t see it. I’m also playing with Technorati and del.iciou.us, but I find myself wishing for more support from w.bloggar.

You can tell that I haven’t got a lot to do this weekend. I was working on implementing an old tabletop strategy game earlier today, and figured out the boost serialization library for that. Very nice. Now I need to write out XML reports, which is tedious work, and nothing new. So I’m taking a little time off from that.

It’s a disease, and they’re all green

May 19, 2005 ~ Enno ~ Leave a comment

I’ve just spent two days cleaning up Pia’s computer from all the spyware and viruses she collected. It was quite a job. My slightly dated version of Ad-Aware found over 600 dialers, spyware toolbars and other malware. Spybot S&D found another 500 after I updated it to the current definitions file. Then I installed Kaspersky Antivirus, which took out 36 viruses. I usually don’t like Kaspersky, but it did a good job here.

All this happened to her PC while Norton Antivirus was running. I know an antivirus software that I will never recommend again. Instead, I recommend installing Spybot S&D on all new computers, and making sure it gets run frequently. I’m not sure it’s possible to educate some people. The average internet user doesn’t have what I would consider the minimum requirements to be on the net, but it seems there’s no way to stop them, either.

Get off my network if you can’t update your computer!

April 3, 2005 ~ Enno ~ 2 Comments

By now, we all know that the main reason there are so many viruses and spam going around these days are Zombie PCs. These are Windows machines which heir owners did not upgrade, and which got attacked by one of the many exploits for Outlook Express, Outlook or Internet Explorer.

Why do these people not update Windows? Because to them, there doesn’t seem to be a problem, not until it’s too late. So let’s tell them – reject email from Outlook/Express if it’s not one of the latest versions. Some people might want to reject all Outlook email, but I wouldn’t go that far, yet.

There are two good ways to go about this: at SMTP time, or in your mail filter. I’m using Exim 4 and procmail for my two examples here, YMMV but you’ll get the point.

To make exim reject old Outlook versions, we can write a system filter. In general, this is sotred in /etc/exim/system-filter.exim. Your rule could look something like this:

if $h_x-mailer: contains "Outlook"
   and ( $h_x-mailer: matches "5\.[50]0\." or $h_x-mailer: matches "6\.00\.2[678]" )
then
    fail "<> \
         This message has been rejected because it was sent from an \n\
         unsafe computer.\n\
         If you intended to send us email in the future, please go to \n\
         http://windowsupdate.microsoft.com/ and install any available \n\
         security updates."
    seen finish
endif

This rule will reject mail from versions 5.0, 5.5 and from older 6.0 versions at SMTP time (so the mail never really makes it into your system) and send a failure message back to the server. You can easily extend it to cover more versions. If you want to know which version of Outlook / Outlook Express is currently considered “safe” by Microsoft, you can find them on this page.

You may not have access to your system mail filter, or may not want to go so far as to reject the mail – maybe a warning is all it takes? And maybe you don’t have exim on your system. Then you can try combining a procmail recipe with a script. In your .procmailrc file, simply add these lines:

:0 ihc:oe.lock
* ^X-Mailer: Microsoft Outlook Express \/.*
| $HOME/bin/oewarn.sh $MATCH

The oewarn.sh bash script is a wrapper around a python script doing the detection, that will send a reply in case we don’t like the version. It looks like this:

#!/bin/sh
SENDMAIL="/usr/sbin/sendmail"
$HOME/bin/oewarn.py "$1" || ( formail -r -I"Precedence: junk" -A"X-Loop: eressea@eressea.upb.de" ; \
  cat $HOME/bin/oewarn.txt ) | $SENDMAIL -t

The text file oewarn.txt contains your nastygram message – what you want the sender to receive. The python script oewarn.py contains the magic to decide what version we have and whether we like it:

#!/usr/bin/env python
from sys import argv, exit
from string import split

def verify(versionstr):
    version = split(versionstr, '.')
    if len(version)==4:
        try:
            major, minor, release, build = map(lambda x: int(x), version)
            if major < 6 or release < 2800 or build < 1123:
                return 1
        except:
            pass
    return 0

exit(verify(argv[1]))

In my case, the message you receive would read like this:

Your computer is a danger to the Internet!

You are running a severely outdated version of Outlook Express (and possible
Internet Explorer). These two programs are the main reason the Internet is
clogged with spam and viruses today. Using Outlook Express is bad enough;
but failing to install critical updates is criminal negligence.

You will be given up to 3 warnings before we refuse to accept further emails
from your account. If you want to continue sending email to this address,
please update your software. Or even better, use a modern, safe Mail
program: http://www.mozilla.org/projects/thunderbird/

If you have a question regarding this policy, please contact
postmaster@eressea.de

Fun Code

March 18, 2005 ~ Enno ~ 2 Comments

I’ve been going through a lot of the 3 million lines of Anarchy Online code the past months, and seen several bits that make me, as a programmer, laugh. These are completely unfunny for non-programmers, of course. And they aren’t representative for most of the AO code, because that runs pretty well these days.

Here’s a good one, from the just-in-case department:

return this?m_nValue:0;

Found the same one in the Miranda MSN plugin. Note the informative comment.

  if ( this == NULL )  // :)
    return 0;

Then there’s the gratuituos memory leak (props to André who showed me this one today):

void foo(const char * s, int v, std::map& amap) {
  char * p = strcpy(malloc(sizeof(s)+1), s);
  amap[p] = x;
}

Here’s a redundancy that I wasn’t certain about, but I checked the standard, delete NULL is allowed:

if (p) delete p;

My favourite though:

void foo(int i) {
  char b[11];
  sprintf(b, "%d", i);
 ...
}

This bombed. Signed integers require 12 chars to represent, including the trailing space. But that’s not the funny part. The funny part is that I checked who did it, and it turns out the previous person that touched the code must have found a similar error. The diff he comitted was this:

- char b[10];
+ char b[11];

How long should we wait?

WaitForSingleObject( MyThread_c::GetInstance()->m_hThread, INFINITE ); // wait max 2 seconds

Like I said, none of this is funny if you’re not a programmer. And I probably forgot some of the better ones. So, have you got any code stories of your own?

New and sexier URL!

February 25, 2005 ~ Enno ~ Leave a comment

The URL of my blog has been dependent on the machine it was on for a long time, because I was afraid of change. But I figured there simply aren’t that many people reading it anyway, so who cares if the location changes. The new URL is http://enno.homeunix.net/.

Technically, homeunix.net is one of the domains available for users of dyndns.org. You can have a subdomain for free, and they take care of the DNS magic for you. All you have to do is tell them what IP your server is using. It doesn’t matter that it already has another name. It can even change its IP frequently. Mine doesn’t, but at some point, I might move the whole site, and all I need to do then is update the IP at dyndns.org.

The apache server on eressea.upb.de that hosts my web pages was told to react differntly to requests for enno.homeunix.net, via Virtual Hosts. This has become a breeze to configure with the Apache2 in Debian. All I had to do was create a new file in /etc/apache2/sites-available, insert a few lines, and link it from /etc/apache2/sites-enabled.

Finally, I also made a quick mod_rewrite rule so requests to old urls stay valid but get sent to the new address. And while I’m aware none of this is magic, I’ve just never done it before and I’m surprised how easy it was.

What computer language should we teach?

February 22, 2005 ~ Enno ~ 2 Comments

Young people occasionally ask me whether language X is something they’ll need to make computer games, or what they should learn if they want to become programmers. And what language should we teach in school?

I learned UCSD Pascal in school. When I came to university, freshmen were taught C++, and by the time I was in a teaching position myself, the language of choice at almost all universities had changed to Java, so that’s what I taught.

Last year opened my eyes a bit, though. I was interviewing prospective new employees, and several people fresh from school. A lot of candidates were weeded out because they admitted to knowing only Java – and despite numerous claims that this would happen, we still don’t make games in Java, and neither does 97% of the rest of our industry. C++ is the language.

While that was expected, the next group of people we weeded out were the ones that said they knew C++, because they’d taken it for extra credits in school, but still wrote most of their own stuff in Java. Some of them managed to get through to the interview, and failed our C++ test. And that’s where I realized, C++ is so significantly different from Java that it might be a really bad thing for us to teach students Java in school. It’s easier to be a good C++ programmer and then learn Java – beacuse in terms of things you can fuck up, C++ is the bigger problem, but if you master it, Java comes quite easy.

Schools like Java because they can skip over the whole issue of pointers, memory, headers, makefiles, templates and the general nastiness that comes with it. But frankly, if you never hear about memory allocation, pointers and makefiles, it’ll come as a huge surprise to you, which you then treat in one of two ways: you avoid it, and go back to Java, or you try to ignore it, and end uop with really, really bad C++.

Personally, I’d teach people some C first. The pure stuff. I can avoid talking about objects in lesson one (because printf is quicker to explain then std::cout and it’s crazy syntax). Something happens really fast in your program. Memory allocation, headers an Makefiles will appear just like they do in real life. And then, when that’s understood, I’d introduce C++, and when I then explain about templates, containers and classes there will be a collective sigh of relief, just like we sighed it when C++ first appeared. But the students will know that underneath, memory allocation still happens, linked lists are still linked by pointers, templates mean big, big headers, and Makefiles are a bloody pain.

Two things that Java doesn’t do well: Staged delivery of the concepts (instead you get them all at once just for a Hello World) and an understanding of the inner machinations.

Software for my precious

February 21, 2005 ~ Enno ~ 2 Comments

I spent this weekend organizing a high-speed game of Eressea, and the noise from the PC running all day long drove me crazy. I have a fan to replace the loud one with, but couldn’t bother putting it in (it needs soldering).

So I shut it down and booted my precious instead. It’s an old Pentium 166 with 64 MB of RAM, and it’s super-silent, with just one tiny little fan.

Of course, it doesn’t run any decent software anymore. When I bought it eight years ago for what would now be now 2100 Euros, it came with Windows 95, and that worked fine for a long time, but we all know the expiry date has long gone, and Microsoft says you should be running XP instead, only we’re sorry, it won’t work. So I installed Debian on it. I got drivers for everything in there (well, no sound, but that’s not a driver fault, that’s the stupidity of the Linux sound systems). And hey, playnig mp3s on it would probably suck up 70% of the cpu anyway.

So, what software do you run if you have almost no CPU power, very little memory and an 800×600 LCD screen? Is there software for that? In fact, yes. The first thing I tried was Gnome, Thunderbird and Firefox. Jesus. Gnome takes forever to load, Firefox sucks up all that Memory, and Thunderbird renders its GUI so slow that I want to switch to another application and multitask while it does that, but of course I can’t, because it also hogs all the memory. I still do it reflexively, so there’s only kswapd running, really.

So I did some searching for alternatives. Here’s what I came up with:

Window Manager: IceWM. At university I used this on Sparc4 workstations, which were significantly less powerful than my precious, and it didn’t let me down now either: It’s absolutely no-fluff, just multiple desktops, taskbar, tray with a clock and windows. Very little RAM usage, very fast rendering.

Browser: Links2. It uses 4 MB of RAM, it renders quite fast (it uses SDL), and the layout is acceptable. It does not understand CSS, which makes some pages (like this one) look very different, but readable. Only problem for me is that Der Spiegel does not render very well at all. I can always fall back on Firefox, but for 95% of my browsing, I don’t have to. HTML is great stuff.

Mail: Sylpheed. My requirements for mail are support for IMAP4, GnuPG and SSL, and it supports all three. I have only started it twice so far, so the real verdict is still out, but it is definitely faster than Thunderbird and looks promising enough.

ICQ: gaim. It’s heavy-weight, really, but not as heavy as kopete, which is the only working alternative I found. Ickle didn’t understand server-stored userlists, which makes it useless. I miss Miranda, and I wish there was a Linux port for it.

And that’s all the new software I am using, and it cut my memory usage down so I actually have space left, and don’t need to swap. That harddrive is terribly slow, as you can probably imagine. The one thing I didn’t find (at all) was blog software for Linux. Something like w.bloggar, and that works with nucleus. I need some advice there, I think.

New Look

February 17, 2005 ~ Enno ~ 2 Comments

Yes, it was time to change the look of the blog. I was getting tired of the bloghaus skin.

Since I am no web designer, and have better things to do than creating skins, I looked for free ready-made nucleus skins. There aren’t many. There are even fewer good ones. This one is one of the best (which means you’ve probably seen it in lots of other places, too). I want to customize it more, I just added the ‘Recent Entries’ list on the left, but I’m not happy with the grey colors, so they’ll have to go next.

I also need to find a way to tell the Smart Breaks plugin not to mess up my source code. This blog will always contain code that’s meant to be formatted, and I’ve got to have a way to make it not mess with <pre>. Another day.

9 women can give birth in 1 month.

February 13, 2005 ~ Enno ~ Leave a comment

I am constantly surprised at how many people seem to believe that. When I see a software project where people are added to the team on a massive scale just months before it’s supposd to go into beta, for example. But that’s not the only case of misunderstanding the way programmers work.

When you’re given the choice of making a product in 4 years with 20 people, or 2 years with 40 people, the latter will always give you worse results. As a programmer, my efficiency increases with time as I massage the code and get acquainted with it. As an example, coming to Anarchy Online it took me a week to fix the very first small bug I had been assigned. Today, it takes me a few minutes to find the cause and make a fix for an obscure bug, becasue I know the code so well, and I have experience from the myriad of other bugs I’ve seen over the years. My productivity is at least ten times what it was 4 years ago. In some cases maybe a hundred times.

You cannot hire enough people to compensate for that. Letting a good programmer go before the end of the project and replacing him with two new people is almost always a bad trade. On a project with a four year development cycle, you will see the best work being done in the last year, and the least efficiency in the first year. If you cut the time down to two years, you don’t get a more efficient first year, but you lose the very productive last two.

This point is surprisingly difficult to drive home when you work with investors that want to make a quick buck.

I am now in my fifth year at Funcom, and I’m back working with Anarchy Online, where I started. A freind asked me whether doing “maintenance programming” wasn’t boring. I really don’t like the term, it sounds like janitor’s work. And I told her that I really thoroughly enjoy what I do now. I am on really familiar ground, which lets me excel at what I do. I go home with a feeling of achievement every day, because the day is finally long enough to get things done. And I get to finish things properly, because there’s no “we need this, this, and this done before E3” sword hangin over me all the time.

Enno Rehling

Softwareentwickler in Norwegen

Software