My Blog

WiFi Pineapple – First Impressions

No comments

Pineapples know how to party. Pineapples know how to party.

Quite a while ago I received the latest WiFi Pineapple from the Hak5 team.  In fact, I ordered it the day it was announced (back in October, I believe) and received it very shortly thereafter.  I was pretty excited to play around with it and more importantly, to write up a brief review of the packaging, take a few pictures, and relate my initial impressions.

Now here we are in April (6 months later, if you’re keeping track) and I’m finally ready to hit the “Publish” button.  Fortunately, this is a bit of a niche item so it’s still possible no one else has beat me to the punch.  If you’re on the fence about purchasing this little gem hopefully I can provide some resolution to your internal debate.

Packaging

Well, it’s a box.  It’s mostly black with some white and yellow designs.

The scuff marks and dust are optional. The scuff marks and dust are optional.

Inside the box you may find a quick start guide, a small booklet with more robust instructions, and some STICKERS!

I'm particularly fond of the sticker on the left. I’m particularly fond of the sticker on the left.

Once you’ve tired yourself out from those stickers (about 2-3 days by my count), you will finally be ready to dive deeper into the box.  You may discover the pineapple itself covered in a thin plastic film.

Fact: pineapples go down much easier when covered in a thin plastic film. Fact: pineapples go down much easier when covered in a thin plastic film.

When the pineapple is removed from the box and the film, it may look something like this.

Sadly, I had to attach the horns myself. Sadly, I had to attach the horns myself.

Software

Both the quick start guide and informational booklet are very useful, as well as the main page in case something runs amiss.  I did run into problems at first, but all told it probably took about 15 minutes from fixing my error to reaching the local web interface.

During the first startup sequence the pineapple will run through a short setup wizard.

This is pretty basic and primarily serves to set a master password for the device.

Once the system restarts the web page will update to a fancy login screen.

'Sup. ‘Sup.

After logging in you’ll find a screen similar to the following.

The sum of all human knowledge has allowed for this shining example of user interface excellence. The sum of all human knowledge has allowed for this shining example of user interface excellence.

From this point on, it’s pretty simple to get started.  Like really stupid easy.  If you’re in the market to perform some MITM attacks there is probably no better tool available to get started.  This is especially true if you just clicked that link to find out what “MITM” means.

Summary

While I do think this is a cool device, just what purpose does it serve?  Three options come to mind:

  1. Demonstrating a MITM attack and showing how easy it is to perform to a non-security minded individual.
  2. It could potentially be useful during a penetration test, but I feel like there are better tools available.
  3. Actually stealing credentials, etc. for fun and profit as a Black Hat.

Even case #03 seems unlikely.  The type of person that wants to steal information most likely wants a lot of information, not just their neighbor’s password to facebook.  Widespread MITM attacks across the internet (such as this, for example) are probably more attractive and are in no way supplemented by one’s possession of a WiFi Pineapple.

So, for now, it looks like my pineapple will remain as it has in my toolbox for the indeterminate future.

'Sup. ‘Sup.

Rory GarandWiFi Pineapple – First Impressions

Dual Boot on MBP 8,2 w/ Two Internal Drives

3 comments

This tutorial is pretty specific to my latest configuration, but it seems like there might be some people out there who could benefit from my experience.  If you have a [1]  Macbook Pro 8,2 (the 8,3 model should work as well), with [2]  two internal hard drives, and want to [3] dual boot OS X and Arch Linux, utilizing [4]  whole disk encryption in both systems… you’re in the right place!

There won’t be much explanation here because most of the in depth explanation has already been described in previous posts.  They are linked below in case you get lost for reference to provide additional direction in case you get lost.

Part 0 – Preparation

Part 1 – Encryption

Part 2 – Installation

Part 3 – Finishing Touches

 

Part 4 – Boot Loader

Part 5 – Graphics

Preparation

Begin in OS X by downloading the Arch iso.  Depending on your needs you may want to use an entire drive for your installation or create a smaller partition.  I chose the latter option, as shown to the right in Disk Utility.

Note: It’s in your best interest to use Disk Utility, rather than Linux tools, if you desire to partition a drive that will be used for both OS X and Linux.   

This suggestion becomes mandatory if File Vault encryption is enabled for the drive in question (as it is in my case).

After inserting a USB drive large enough to hold Arch, open Terminal and enter:

    diskutil list

    diskutil unmountDisk /dev/diskN
    sudo dd if=<some path>/Arch.iso of=/dev/diskN bs=8192

Remember “/dev/diskN” needs to be replaced with the number for the USB drive (in this case: /dev/disk4).   Also, note the identifier for the partition titled EFI (most likely: /dev/disk0s1) and the partition where Arch will be installed (in this case: /dev/disk1s4).  Note: it probably won’t say “Linux LVM” unless you’ve previously installed Arch, as I have.

Download refind and return to Terminal for installation / configuration.

    mkdir /Volumes/esp
    sudo mount -t msdos /dev/disk0s1 /Volumes/esp
    sudo cp -r <some path>/refind/* /Volumes/esp/EFI/BOOT/
    sudo rm /Volumes/esp/EFI/BOOT/refind_ia32.efi
    sudo mv /Volumes/esp/EFI/BOOT/refind.conf-sample /Volumes/esp/EFI/BOOT/refind.conf
    sudo bless --setBoot --mount /Volumes/esp --file /Volumes/esp/EFI/BOOT/refind_x64.efi

Upon a system restart, you should be greeted with a less sexy version of the following image.  Boot using loader.efi on the ARCHISO_EFI USB drive.

Encryption

After the live Arch USB boots, enter:

    ls -l /dev/sd*

Make note of the Linux style designations for the partitions of interest from above.  In most cases, the Mac identifier “/dev/disk0s1” will match up with the Linux identifier “/dev/sda1“, “/dev/disk1s3” to “/dev/sdb3” and so on.

Now it’s time to format the partition where Arch will live.  I have it installed on the fourth partition of my second hard drive: “/dev/disk1s4” or “/dev/sdb4” as it is now known.  Explicit instructions for using cgdisk are shown in my earlier guide, however only create the lvm partition titled: arch.

    cgdisk /dev/sdb

After creating the lvm partition in cgdisk, enter the next few commands remembering to replace “/dev/sdb4” with the partition you are using.

    modprobe dm_mod
    cryptsetup -c aes-xts-plain -y -s 512 luksFormat /dev/sdb4
    cryptsetup luksOpen /dev/sdb4 arch
    
    lvm pvcreate /dev/mapper/arch
    lvm vgcreate vgroup /dev/mapper/arch
    lvm lvcreate -L 10G -n root vgroup
    lvm lvcreate -l 100%FREE -n home vgroup
    
    mkfs.ext4 /dev/mapper/vgroup-root
    mkfs.ext4 /dev/mapper/vgroup-home

Installation

This next bit is a little tricky, so be very careful!  The last two lines below differ from my original guide.  Rather than creating a separate boot partition and mounting it here, we are going to mount “/mnt/boot” as the partition that currently holds refind.  This really simplifies the process by allowing both Arch and Mac to boot directly from refind.

    mount /dev/mapper/vgroup-root /mnt
    mkdir /mnt/home
    mount /dev/mapper/vgroup-home /mnt/home
    
    mkdir /mnt/boot
    mount /dev/sda1 /mnt/boot

Note: Mounting “/mnt/boot” where you initially installed refind earlier is the critical element for getting this all to work.

Next, follow my earlier guide for editing the ‘mirrorlist’ file, directly connect your computer to your router/modem (your wireless isn’t working yet!), and test the connection.  Once you can see the internet…

    pacstrap -i /mnt base base-devel
    genfstab -t PARTUUID -p /mnt >> /mnt/etc/fstab
    
    arch-chroot /mnt

Now is a good time to check back to my original post for instructions on how to edit the time and locale settings.

Following that, set up the network applications:

    systemctl enable dhcpcd@eth0.service
    pacman -S wireless_tools wpa_supplicant wpa_actiond dialog

Finishing Touches

Check back to my earlier guide for instructions to properly setup pacman, then:

    pacman -Sy

As before, we’re now ready to amp up the security of our fledgling system a bit:

    passwd
    useradd -m -g users -G audio,optical,storage,video,wheel,power -s /bin/bash rory
    passwd rory

You may also wish to look back at my earlier guide for some basic instruction for setting up sudo.

Boot Loader

This section is pretty much entirely different from its respective proto-guide, and is probably where most people ran into issues.  The main change is that we are now booting directly from refind rather than piggy-backing from refind to grub, or gummiboot, or whatever else.

To do this, we need to edit the refind configuration file:

    nano /boot/EFI/BOOT/refind.conf

…look for a section that looks like this:

…and edit the uncommented portion so it reads:

    scanfor external,manual

Scroll down to the end of the file, and add these menu entries:

    menuentry Mac {
        volume "Recovery HD"
        loader /System/Library/CoreServices/boot.efi
        submenuentry "single-user mode" {
            add_options "single"
        }
    }
    
    menuentry Arch {
        loader vmlinuz-linux
        initrd initramfs-linux.img
        options "root=/dev/mapper/vgroup-root cryptdevice=/dev/sdb4:vgroup ro quiet nomodeset"
    }

Note: my installation of Mavericks is encrypted with File Vault and this actually works.  I believe this will work if your OS X installation is not encrypted, but I’m not 100% sure and I unfortunately cannot test it.  

It’s now time to edit the initramfs, as indicated in my previous guide.  Start by editing:

    nano /etc/mkinitcpio.conf

Verify that the lines that begin with MODULES and HOOKS resembles:

    MODULES="ahci libahci ehci-hcd uhci-hcd ext4 vfat i915"
    HOOKS="base udev ... encrypt lvm2 filesystems ..."

Your Arch system will ABSOLUTELY NOT WORK unless the “encrypt” and “lvm2” hooks are included.

Now, generate the initial ramdisk:

    mkinitcpio -p linux

Following a successful build (barring any warnings you might receive), you should be ready to reboot into your new system!

    exit
    umount /mnt/boot
    umount /mnt/home
    umount /mnt
    reboot

After selecting ‘Arch’ in refind, you will probably be presented with the following text:

    i8042: No controller found
    [drm:drm_pci_agp_init] *ERROR* Cannot initialize the agpgart module.
    DRM: Fill_in_dev failed.
    
    A password is reqired to access the vgroup volume:
    Enter passphrase for /dev/sdb4:
    
    irq 17: nobody cared (try booting with the "irqpoll" option)
    handlers:
    [<ffffffffa036be30>] sdhci_irq [sdhci]
    Disabling IRQ #17

Ignore the errors and warnings, and simply enter the passphrase you used to encrypt the lvm volume earlier.  This passphrase may or may not be the same as the password you chose for your users later on in the process.

At any rate, there will not be any indication to let you know that you are entering your password (think: ******).  Rejoice!  This is a security feature that you might not have noticed due to the errors that are seemingly halting your boot process!

After you’ve entered your passphrase the boot process should continue (possibly with more errors or warnings).

Summary

My original guides went further and explained how to load a graphical user interface, but I gave up getting that to work properly without grub.  Fortunately there’s a lot of good information out there to help get that working once your system is up and running.

By now you should have two fully encrypted operating systems running on your Macbook Pro 8,2!  As always, if you run into issues please leave a comment below.  Different people often run into the same problems and can benefit from any discussion resulting from this post.

Rory GarandDual Boot on MBP 8,2 w/ Two Internal Drives

Arch Linux on a Macbook Pro 8,2 – Part 5 – Graphics

5 comments

This particular post may need to be performed directly after Part 0Part 1Part 2Part 3, and Part 4 of this series so please review those first, since certain assumptions will be made here that might not make sense otherwise.  Of course, the usual caveats apply:

Note: I had a Mac install USB drive which doubles as a recovery tool in the event something goes wrong.  Nothing in this guide should brick your machine but please be mindful when executing commands, especially if you don’t have a strong understanding behind what they do.  I strongly recommend keeping a Mac install disc or USB drive nearby while following this guide.

First Things First

If continuing directly after Part 4, you should have been greeted first by the GRUB menu, which will look similar to this image (but it should only have one option: “Arch”)…

…followed by some system post messages and a passphrase prompt to access the encrypted volume (bearing a passing resemblance to this image).

NOTE: The photos in this section are not specific to the configuration in this tutorial, they were included just to give a general idea of how the screens should look.

Unfortunately, it’s fairly difficult to diagnose what may be going wrong if your computer didn’t start as you expected.  My advice is to keep at it, and you will eventually figure it out what happened.  Remember why you want to install Arch in the first place if you become disheartened.

On the other hand, if you’ve made it this far you’re probably home free.  There are plenty of guides on the internet that provide Arch-specific guidance, tricks, etc. that will likely apply to your system now that Arch has been configured and installed correctly.  The rest of this post explains what I would do next with a brand new install.

Set the Hostname

Obviously the first item to tackle is setting the name of your computer.  I have chosen “odin” because all the electronic devices on the home network are named from norse gods.  It seems like there should be a very funny story behind how this naming scheme arose, but I can’t recall when it began.  Maybe I’ll make up a story one day…

    hostnamectl set-hostname odin

On a related note, you may want to check this out for more information on how startup services work in Arch.

Check the Network

Before getting too far along it’s a good idea to make sure the network services are still working as expected.

    ping -c 3 google.com

Sometimes a problem arises where Arch can’t interface with the onboard ethernet card.  The desired output from this command will look similar to this:

    PING google.com 56 bytes of data.
    64 bytes from ...
    64 bytes from ...
    64 bytes from ...
    
    --- google.com ping statistics ---
    3 packets transmitted, 3 received, 0% packet loss, time 2000ms
    rtt min/avg/max/mdev ...

If the output looks more like this…

    ping: unknown host google.com

…then a small fix is required.  My hypothesis is that this problem is unique to certain ethernet card vendors (ex. Broadcom) but I’m really not sure.  At any rate it’s very simple to repair.

    rm /var/lib/dhcpcd/dhcpcd-eth0.lease

Bless GRUB

You may have noticed that it took a very long time for the grub menu to display when your computer recently rebooted.  That’s because in Part 0 we blessed the refind_x64.efi file and directory, which no longer exists.  Since your Mac couldn’t find refind_x64.efi it fell back to the only efi file now present on the first partition: grubx64.efi.  It will go through this process of searching for a valid efi file whenever you start your computer which takes a considerable amount of time.

However, this is easily remedied with a Mac install CD or USB drive (you have one of those nearby, right?).  Insert the CD or USB drive, restart your computer, and hold ‘OPTION’ as it boots.

Select the CD or USB drive which will open the Apple Recovery options.  You will be greeted by a limited OS X interface and the ‘OS X Utilities’ window.  Direct the cursor to ‘Utilities’ in the menu bar and select ‘Terminal.’

Find the correct drive and partition by entering

    diskutil list

The correct drive will have a partition with type ‘Linux LVM’.  After the drive has been identified run the following commands to mount the partition.  NOTE:  This example assumes that Arch is installed on disk0.  Make sure to verify the disk before entering the command, but you should only get an error if it’s incorrect.

    mkdir /Volumes/boot
    mount -t msdos /dev/disk0s1 /Volumes/boot

Finally, bless the mount and efi file.

    bless --mount /Volumes/boot --setBoot --file /Volumes/boot/grub/grub.efi

The time for your computer to start up should now be drastically reduced.

Install a Graphical User Interface (GUI)

I have chosen to show how to install GNOME because I’m more familiar with it, but plenty  of other options exist including other popular choices KDE, Cinnamon, and XFCE.  In fact, one of the great advantages of Arch is that it’s rather agnostic towards any particular desktop environment, which makes it easy to install your preferred look and feel.

Begin by installing alsa, a program that configures sound settings.

    sudo pacman -S alsa-utils

Run the program after it has installed by executing this command

    alsa-mixer

Use the arrow keys to select ‘Master’ and press ‘M’ to unmute the channel.  Press ‘Esc’ to exit and test the settings with this command…

    speaker-test -c 2

…and press ‘Control + C’ when you’re convinced it’s working properly.  Next, install the prerequisite software and drivers for the graphical environment.

    sudo pacman -S xorg-server xorg-xinit xorg-server-utils mesa xf86-video-intel xf86-input-synaptics

Install the X window manager after the prerequisite packages have been installed.

    sudo pacman -S xorg-twm xorg-xclock xterm

Now check that X is working by starting the rudimentary desktop environment.  GNOME will essentially paint over X when it is installed later on, as well as providing all the bells and whistles to which you are accustomed   Assuming this step works you can be assured that all the previous work to accommodate the two graphics cards has been successful.  Pat yourself on the back because you are now truly home free.

    startx

After you’ve checked out X, type “exit” and press ‘Return’ in all open xterm (the terminal) windows.   Now install GNOME with this…

    sudo pacman -S gnome

…enable the GNOME display manager (gdm) service…

    sudo systemctl enable gdm.service

…and you’re ready to go following a reboot.  Enjoy!

Next Time…

You may still run into a few errors or quirks when you poke around in shiny new graphical environment and there’s one item in particular that bothers me.  This is as far as I planned to go when I began this series so now I put it to you:  What additional topics would you like to see covered, as related to Arch?

Rory GarandArch Linux on a Macbook Pro 8,2 – Part 5 – Graphics

Arch Linux on a Macbook Pro 8,2 – Part 4 – Boot Loader

1 comment

notes

This particular post is should be performed directly after Part 0, Part 1, Part 2, and Part 3 of this series so please review those first, since certain assumptions will be made here that might not make sense otherwise.  Of course, the usual caveats apply:

Note: I had a Mac install USB drive which doubles as a recovery tool in the event something goes wrong.  Nothing in this guide should brick your machine but please be mindful when executing commands, especially if you don’t have a strong understanding behind what they do.  I strongly recommend keeping a Mac install disc or USB drive nearby while following this guide.

Select a Bootloader (or “The Illusion of Choice”)

Let me start out by saying that I absolutely love Gummiboot. It’s simple, clean, and doesn’t even have to show its face if you don’t want it to.  Just look at this gorgeous interface!

gummiboot-menu

I tried long and hard to make this work for my configuration, but it just couldn’t be for a very specific reason: Kernel Mode-Setting (KMS).  Macbook Pros famously cycle between two different types of video output cards to provide the very best performance (Nvidia/ATI) or battery life (Intel) in any given scenario.  In OS X, this feature works fantastically and is so transparent most people probably don’t even know that it’s there.

The linux community has caught up to this level of sophistication for Macs that utilize Nvidia graphics, but as you may have assumed by now, this is not the case for the ATI cards used by the series 8 MBPs.  The Intel/ATI graphics drivers get confused about how to display to the screen, they both quit, and nothing happens.  You may have tried to boot your computer with Arch not knowing this, and thought the system was hanging somewhere.  It wasn’t, it just stopped displaying information.  

Talk about frustrating.

The easiest method for setting up a functioning display with a graphical user interface (GUI) is to disable the ATI card very early in the boot sequence.  Unfortunately GRUB is the only boot loader that can access the hardware at an early enough time, and consequently gummiboot is just not an option if you want to eventually install a GUI.

If you just want the shell access, go check out gummiboot.  Seriously, it’s great.  (Can you tell I’m a fan?)

Install and Configure Grub

Being relegated to grub is unfortunate, but it’s still better than no solution at all.  Start by using pacman to install grub.

    pacman -S grub-efi-x86_64
    grub-install

Next, the grub configuration file needs to modified to correctly handle both the system-wide encryption as well as the idiosyncrasies present in the Macbook Pro 8,2.

    nano /etc/grub.d/40_custom

Add the following menu entry after the commented text.  It’s critical to copy this letter for letter, otherwise the display will turn off and there will be no way to know what’s happening.

menuentry 'Arch' {

    load_video
    set gfxpayload=keep
    
    outb 0x728 1
    outb 0x710 2
    outb 0x740 2
    outb 0x750 0
    
    insmod gzio
    insmod part_gpt
    insmod fat
    
    set root='hd0,gpt1'
    
    linux /vmlinuz-linux root=/dev/mapper/vgroup-root cryptdevice=/dev/sda2:vgroup ro quiet radeon.modeset=0 i915.modeset=1 i915.lvds_channel_mode=2 i915.lvds_use_ssc=0 acpi_backlight=vendor libahci.ignore_sss=1
    initrd /initramfs-linux.img
}

NOTE:  This assumes that you will only run Arch on your system.  If you’re multi-booting into OS X, Windows, etc. be sure to make the appropriate changes to “hd0,gpt1″ and “/dev/sda2:vgroup”.  Otherwise the system will hang, and no error messages will be displayed.

Clarification (20 June 2013):  hd# and sdX refer to a disk while gpt# and sdX#  refer to a partition on a disk.   Halogene correctly mentions in the comments that only the partitions need to be changed if using a single disk.  I tend to install different operating systems on separate disks, which is why the “0” and “a” are bolded in the text above.

The next (optional) step is to preemptively clean up the GRUB menu by removing the default linux entries.

    mkdir /etc/grub.d/old
    mv /etc/grub.d/10_linux /etc/grub.d/old/

The only option during the boot sequence will now be the “Arch” entry that was just created.  Finally, create the grub configuration file.

    grub-mkconfig -o /boot/grub/grub.cfg

Prepare the Initial Ramdisk (initramfs)

In a similar vein to the GRUB configuration, the system itself needs to be re-configured to properly handle the encrypted MBP.  Fortunately (for once) this is made simple due to the ‘mkinitcpio‘ program that is conveniently included in all brand new Arch installs.  Begin by editing the configuration file:

    nano /etc/mkinitcpio.conf

This system requires more explicit instructions than what is provided in the default MODULES and HOOKS arrays.   The MODULES array is likely to be completely empty, but if not verify that at least the following modules are included:

    MODULES="ahci libahci ehci-hcd uhci-hcd ext4 vfat i915"

NOTE:   The order of the words is important!  If there were already entries in the list be sure to do some homework regarding which modules should be loaded first, middle, and last.

The HOOKS array tends to be automatically populated with the most recent advancements, however as a rule of thumb add “encrypt” and “lvm2” right before “filesystems”.

    HOOKS="base udev ... encrypt lvm2 filesystems ..."

NOTE:   Again, the order here is important.  If this step is omitted your system will not know that it is encrypted and will never finish booting.  But, GOOD NEWS EVERYONE!  It will probably spit out some error messages to let you know!  However, the accompanying bad news is you now have the arduous task of decrypting the hard drive and mounting the file systems in a Live CD or similar to make the fix.  Moral of the story: be careful.

Finally, generate the initial ramdisk with mkinitcpio:

    mkinitcpio -p linux

In general, warnings are okay but errors will definitely need some attention.  Assuming this works you are now ready to reboot the computer and start digging into Arch!

    exit
    umount /mnt/boot
    umount /mnt/home
    umount /mnt
    reboot

Edit: Also, check out this post for an alternate method of booting in case the grub option mentioned here does not work for you.

Next Time…

Part 5 covers a few post-install nuisances and setting up the graphical user interface.  What else would you like to see covered in a future Arch post?

Rory GarandArch Linux on a Macbook Pro 8,2 – Part 4 – Boot Loader

Duolingo Review

No comments

For at least the past five years I have occasionally decided to learn a new language.  This has usually meant picking out a piece of software or reading about various techniques that aid in the learning process and allocating some time every day towards becoming bilingual.

Well, at least that’s always the plan.  Every day eventually turns into every other day and that migrates off to nothing almost immediately afterwards.  Historically this has happened because whatever technique, program, etc. I was using at the time wasn’t engaging me.  Read: I found no value in continuing.   I regularly found myself wondering if I was I even learning anything.

The Problem

Most second language programs employ a messy combination of:

  • Utilizing an ineffective teaching method
  • Preaching the “wrong” material (ie. uncommon vocabulary / phrases)

The Solution

I have been using the Duolingo app on my phone for the past week and I can say in no uncertain terms that this will keep me going for quite a while.  If I had to pick just one word to explain how Duolingo succeeds where others fail it would be: fluidity.   Allow me to explain…

Downloading the app, signing up for an account, and choosing a language to learn takes about 3 minutes (depending on the speed of the internet).  You will then be greeted with a derivation of the following screen:

Get it on Google Play src=”https://developer.android.com/images/brand/en_generic_rgb_wo_45.png” />

Each section (ie. Basics, Phrases) has several lessons which gradually increase the difficulty of the core concepts that have been selected.  For example, Lesson 1 will familiarize the user with a new word (ex. “crow”) for their vocabulary and then utilize it again and again in different scenarios (ex. “He’s no crow”, “How many crows are at Castle Black?”) until that word is firmly cemented.

The icing on the cake is that it’s not boring; it’s actually a lot of fun!  Several interfaces are provided to figure out the translation which keeps the process varied and challenging, but also limits the amount of frustration that can accumulate.  (Hey, no one said learning a new language was easy…)  Here are a few sample screenshots:

I’m especially fond of two items:

  1. There seems to be equal emphasis on the written and spoken portions of the foreign language.  This is especially useful to me because I feel functionally anti-illiterate when it comes to Spanish: I can read/write it but I can’t speak/understand it.
  2. The health bar up at the top.  The user begins with four hearts and one is removed for each mistake.  After four mistakes the lesson has been failed and it’s time to start over.  Additionally, there are less hearts available in the more advanced sections.

Another cool element is that the app provides a means for the user to track their own progress within a lesson as well as overall proficiency.  I’m currently a Level 4 french language guru, and I sleep considerably well secure in that knowledge.

It’s also worth mentioning that the whole experience is gamified in that the user is given points and achievements for meeting certain objectives, such as completing so many sections, learning so many words, or learning for so many days in a row.

Overall this app has made something I’ve wanted to do for a long time, but have really struggled accomplishing, such a fun and enjoyable experience.  I would much rather spend a few minutes here or there learning with Duolingo rather than blowing up some pig houses (that’s what people do, right?).

The Unbeatable

What I didn’t know until researching this post is, by far, also the most interesting piece of the puzzle.  As hundreds, thousands, or millions of people are learning a new language with this app, they are also translating the internet at large.  Website owners contact Duolingo to translate their site to a different language, pay some fee, and the work is completed via a combination of software and the user base.

As an aspiring entrepreneur, I find this to be simply brilliant.  Everyone is served by this plan: websites are translated and an untold amount of people get to learn a new language for free, forever.

The Alternative

Move to another country, learn a new language, and have a blast!  Immersion into another culture is probably the quickest and most effective means to learn.  However, it’s often not a viable option for most people (even if there’s only a mental barrier).  At any rate, Duolingo is cheap (read: free!) and is a good way to test the waters.  What do you have to lose?

Rory GarandDuolingo Review

Arch Linux on a Macbook Pro 8,2 – Part 3 – Finishing Touches

No comments

This particular post is should be performed directly after Part 0Part 1, and Part 2 of this series so please review those first, since certain assumptions will be made here that might not make sense otherwise.  Of course, the usual caveats apply:

Note: I had a Mac install USB drive which doubles as a recovery tool in the event something goes wrong.  Nothing in this guide should brick your machine but please be mindful when executing commands, especially if you don’t have a strong understanding behind what they do.  I strongly recommend keeping a Mac install disc or USB drive nearby while following this guide.

Configure Pacman

As with most other elements of this installation, the pacman configuration is not *quite* right and needs to be slightly modified.  The config file tells the system which repositories to look at when installing new packages, as well as just keeping the software up-to-date.  By default, the [core], [extra], and [community] repositories are included.  If you’re feeling sassy (brave?), feel free to also include any testing repositories.

However, make sure to uncomment [multilib], which is required for 64 bit computers.

    nano /etc/pacman.conf

Finally, refresh the pacman repository list.

    pacman -Sy

Batten Down the Hatches

So far, everything we’ve done has been completed as the “root” user.  This is fine when you’re just setting up shop, but from a security standpoint it’s wise to move on ASAP.  The first step to hardening your system is changing the password for “root”.  Make sure this is secure (remember this?) and best practices dictate this should be separate from the password used to encrypt the system.

    passwd

Now, make a brand new user account that will be used for everyday use.  Remember to change <username> to your name, or whatever you want!  For example, I chose rory  because I’m just that original.

    useradd -m -g users -G audio,optical,storage,video,wheel,power -s /bin/bash <username>

This command adds a new user with their own home directory (“-m”), with main membership in the ‘users’ group (“-g users”), and also included in the ‘audio’, ‘optical’, ‘storage’, ‘video’, ‘wheel’, and ‘power’ groups (“-G …”), and uses ‘bash‘ for access to shell (“-s /bin/bash”).

Membership in a group gives your user access to any of the resources that are accessible by the group.  For example, the speakers are owned by the ‘audio’ group and if you want to change the volume (or hear anything at all) you need to be part of the group to gain access.

Shell is the interface that provides the command line prompt to the system.  Bash is just one of many options, but is pretty popular across several different linux distros.

The last step is to change the password for the fledgling user.  This bears repeating: make sure it’s secure and different from the other passwords used so far.   (Also, replace your username with <username>).

    passwd <username>

Sudo (Make me a sandwich!)

Now that there is an additional user account, the best practice is to use the program ‘sudo’ in place of ever using the ‘root’ account ever again.  It should already be installed, but if not run the following command.  Note: If you run this command and it is already present on the system, it will just reinstall, so it’s a non-issue.

    pacman -S sudo

As a side note, that’s all there is to downloading any software package that exists in the official arch repositories.  Pacman is pretty sweet.  Also, the AUR provides even more free software which makes Arch and pacman that much better.

Anyways, back to the task at hand.  Unlike nearly every other configuration file you may find, the ‘sudoers’ config file cannot be directly edited for security purposes.  The ‘visudo’ command must be used instead.  If it wasn’t obvious, visudo will drop you into vi (gross) so modify the command as such to use nano.

    EDITOR=nano visudo

Scroll nearly to the bottom and uncomment the following line to give the group ‘wheel’ access to use the ‘sudo’ command.  This privilege will also be extended to your user account since it is a member of this group.  Starting to make sense?

    %wheel ALL=(ALL) NOPASSWD: ALL

From now on, there is no excuse to ever use the root account.  Instead always login with the new user account and type ‘sudo’ in front of any command that can’t be run with your own default privileges.

Of course, you shouldn’t just put ‘sudo’ in front of any old thing!  Be careful and be aware of what you are doing before you execute commands. 

Next Time…

Part 4 explains how to correctly configure the boot loader so the on board graphics will work in a graphical environment.

What topics would you like to see covered in future posts?

Rory GarandArch Linux on a Macbook Pro 8,2 – Part 3 – Finishing Touches

Busy Busy Busy

No comments

It has been quite some time since I posted any updates to this blog.  So much has been going on that it’s been difficult to find the time!  Additionally, I began contributing to another blog that also draws from my writing stamina reserve tank.

At the beginning of March I attended Startup Weekend, which I highly recommend to just about anybody.  Even if you’re not thinking about becoming an entrepreneur, the atmosphere during the event is truly something to experience.  The potent combination of talent, dedication, and grit really latches on and it was inspiring to see the work that the teams put together in roughly 50 hours.  If nothing else, it’s the perfect venue to meet some very smart people

Early on in the event I was swayed by a pitch for a dead-simple subscription tea service, known as Simple Leaf.  We set out to build up the service with a beautiful website and even passed out the Golden Monkey blend (shown above) to the judges during the final “competition.”  They were apparently impressed with our execution and business plan, because they awarded us third place, $500 to use towards founding the company, and a bottle of champagne to top it all off.

We have been spending the past month and a half getting all of our ducks in a row prior to launching 1 May 2013.  As is to be expected, there have been hiccups, road bumps, and even a couple pivots!  But I’m confident we’re going to be in good shape by our deadline.  Friends and family have provided feedback on our blends and there have already been several pre-orders, with no fewer than half brought in by myself.  (Please forgive my shameless boasting, but I’m proud of this!)

hen not working on the tea company (which is often), I have been building furniture, playing soccer, and spending all other waking hours at work or with my family.  That seems odd when it’s spelled out like that and it doesn’t seem to quite encompass the amount of time spent on my projects / hobbies / family.

At any rate, all of this has renewed my inspiration for personal writing.  This blog began as a way for me to keep track of how I had accomplished certain technical hallenges so I wouldn’t have to relearn the solution every time I wanted to change something.  But I don’t want to be limited to only writing technical “howto’s” when I have so many other interests and interesting things to say.  I expect that my current digs will keep inspired enough to keep writing for a while.  At least, I hope so.

Rory GarandBusy Busy Busy

Arch Linux on a Macbook Pro 8,2 – Part 2 – Installation

No comments

This particular post is should be performed directly after Part 0 and Part 1  of this series so please review those first, since certain assumptions will be made here that might not make sense otherwise.  Of course, the usual caveats apply:

Note: I had a Mac install USB drive which doubles as a recovery tool in the event something goes wrong.  Nothing in this guide should brick your machine but please be mindful when executing commands, especially if you don’t have a strong understanding behind what they do.  I strongly recommend keeping a Mac install disc or USB drive nearby while following this guide.

Getting Started

First off, an installation wizard is available (type “/arch/setup” without the quotes) but DO NOT USE it on a Mac.  It’s a very nice application that I became quite familiar over a long period of time.  At the end of my journey with the setup wizard was a brick wall with the words, “This will never, ever work” scrawled across it in blood.  It almost  works but always blows up when it gets to the boot loader phase.  Maybe it will work on Macs one day, but until then follow the fool proof method described below.

Prepare the environment by executing the following commands:

    mount /dev/mapper/vgroup-root /mnt
    mkdir /mnt/boot
    mount /dev/sda1 /mnt/boot
    mkdir /mnt/home
    mount /dev/mapper/vgroup-home /mnt/home

The directories /boot, /mnt, and /mnt/home are now mapped to the partitions that were created in Part 1.  Be aware that it’s possible to screw this up (ex. a typo like “mount /dev/sda1 /bot”) without any sort of indication during the installation process.  If it’s not correct, it won’t boot and there won’t be much indication as to where the problem lies.

Now, I am a big fan of the text editor “vim” but not so much when it comes to the older cousin “vi.”  At this stage it’s just “vi” or “nano” so I’ve chosen the lesser of two evils.  It’s rough, I know, but carry on for the time being.  It will all be over soon.

    nano /etc/pacman.d/mirrorlist

Peruse the list and pick one that seems to be closest to your geographical area.  Against my own advice, I have instead chosen to use the archlinux.surlyjake.com mirror because you can’t go wrong with a name like Surly Jake.  Navigate the cursor to your choice and press Option+6 to copy the whole line.  Navigate to the top of this list and press Control+U to paste the line.  Finally, press Control+X, then Y, and finally Enter to save and quit.

Diving In

Install the base system and development tools by executing the following command.  The development tools (base-devel) are somewhat optional, but it’s included here because they are required by the very useful Arch User Repository.

    pacstrap -i /mnt base base-devel

Accepting all the default options will be fine in almost all cases so don’t worry about this unless you know what you are doing.  Next, generate the file system table (fstab) file to provide a good template to work from.

    genfstab -t PARTUUID -p /mnt >> /mnt/etc/fstab

Open the newly generated fstab file for review.

    nano /mnt/etc/fstab

You should likely be fine leaving everything as is unless you know what you’re doing.  My fstab is shown below, but I made further changes because I’m using an SSD in place of a traditional hard drive.

Next, change the apparent root directory to make the next few steps far easier.   This is a pretty cool trick that puts the shell interface directly into what will be the new Arch installation.

    arch-chroot /mnt

Time

Set the default timezone variables, but change “/America/New_York” to whatever region is nearest to your location.

    ln -s /usr/share/zoneinfo/America/New_York /etc/localtime

Edit and load the following file that maintains the default language to use by issuing these next commands.  There are lots of available options, but this example is for American English speakers.

    echo LANG=en_US.UTF-8 > /etc/locale.conf
    export LANG=en_US.UTF-8

In a similar vein, open /etc/locale.gen and uncomment the line that has the text from the previous step by removing the leading number symbol.  Also uncomment the next line down if the text “ISO-…” is present, as is the case in the example below.

Save, exit, and then run the following command to complete this step.

    locale-gen

And (finally!) set the hardware clock in accordance with all the previous settings.

    hwclock --systohc --utc

Network

Getting this far has means that your fledgling system has had internet access supplied via ethernet throughout this process.  However, this command is required to initialize the ethernet interface for the new installation.

    systemctl enable dhcpcd@eth0.service

The following software is required for wifi to operate properly.  Also install “wifi-menu” if you need to use the wifi from within the terminal.  Be aware that wifi-menu seems to interfere with the built in wireless manager in Gnome, so it may be more trouble than it’s worth.

    pacman -S wireless_tools wpa_supplicant wpa_actiond dialog

Next Time…

Part 3 details the finishing touches for configuring the system.

Rory GarandArch Linux on a Macbook Pro 8,2 – Part 2 – Installation

Macs, Gnome, and the Super Key

No comments

For keyboard champions, one of the first noticeable changes when moving to Linux on Mac hardware is that the ‘Control’ and ‘Command’ keys have opposite functionality compared to OS X.  Remapping the keys seems like it should be trivial from a conceptual level, and indeed there are several methods for customizing the keyboard layout.

The desktop manager KDE apparently makes tweaking the keyboard layout very simple by providing an option within the System Settings menu.  While Gnome appears to employ the same method, it doesn’t really work beyond providing support for other languages.  My thought is that the console keymap needs to be edited directly before Gnome can understand what to do, as opposed to the direct editing that is seemingly going on in the KDE gui.

Even if that assumption is wrong, I believe that editing the actual console keymap is the most attractive option.  This would be nice because all subsequent levels (i.e. X11) are built upon the console keymap.  Meaning that applying the change at this low level will map the keys before any graphical wizardry begins, ready for use at the tty1 console.  The only disadvantage is that I can’t figure out how to do this, to my everlasting shame.  For Arch Linux, I do at least know where to look in case any enterprising individuals want to give it a shot:

    /usr/share/kbd/keymaps/i386/qwerty/

However, the Control-Command mix up doesn’t actually come into play until after X11 starts anyways so getting the console keymap to work as I’d like isn’t imperative.  Instead, Xmodmap can be used to solve the problem.

Configuring Xmodmap

As the name should imply, Xmodmap is a part of the X window manager so this little ‘hack’ will work in any desktop manager that requires X11, such as Gnome, KDE, XFCE, and countless others.  Open up your terminal and create a new file called .xmodmap:

    cd /etc/X11/
    touch Xmodmap
    sudo chmod 755 Xmodmap
    vim Xmodmap

The reason for creating this file in “/etc” rather than in the home directory is so all users on the system can take advantage of the remapping.  There are no other users on my computer so the point is moot for me, but I really just can’t help myself.  For reference, the home directory is often used rather than “/etc” and is actually required if there are multiple users that prefer different keyboard configurations.

To continue, press ‘a’ to enter insert mode and then add the following lines:

    remove control = Control_L
    remove mod4 = Super_L Super_R
    keysym Control_L = Super_L
    keysym Super_L = Control_L
    keysym Super_R = Control_L
    add control = Control_L Control_R
    add mod4 = Super_L Super_R

Press “Esc” to exit insert mode, type ‘:wq’ (notice the colon!) nd press enter to save the new file and quit out of vim.

epending on your Linux distribution, creating that file may be enough to get the keyboard remapped.  In Arch I’ve determined that the system does indeed execute the Xmodmap file upon boot, but apparently reverts the change at some later time.  So, I created a new file “$HOME/.config/autostart/xmodmap.desktop” that looks like this:

    [Desktop Entry]
    Name=Xmodmap
    GenericName=Keyboard Remapping
    Comment=Remap the Control and Command Keys on the MBP 8,2
    Exec=xmodmap /etc/X11/Xmodmap
    Terminal=false
    Type=Application
    Categories=Keyboard;
    StartupNotify=false

Now the keyboard is remapped whenever I log in.  However, there are two problems with this method: (1) The xmodmap.desktop file needs to be added to each users’ home directory and (2) The change doesn’t persist after a system resume.  It goes without saying that manually running the xmodmap command after closing and opening the lid becomes tedious very quickly.

Gnome Tweak Tool

nother option is available if the “mod4” (also known as “Super_L”) hotkey functionality isn’t required.  Pushing this button normally fades the desktop and shows an overlay of all open windows, as well as providing access to the applications grid.  It’s no different than directing the cursor to the upper left hand corner of the screen, assuming the default Gnome theme (gtk-shell) is being used.  To get started, download and install Gnome Tweak Tool.  In Arch:

    sudo pacman -S gnome-tweak-tool

After the installation has completed, open Tweak Tool from the Applications menu and navigate to the ‘Typing’ option.  Click the drop down menu next to ‘altwin’ and select “Control is mapped to Win keys.”

Now, both the command and control keys will be mapped to “Control_L.”

Summary

None of the options presented here are perfect, but they do get the job done depending on what requirements need to be met.  In the future I hope to revisit this subject and present a catchall solution that works for all cases.  Do you have a better way of doing it?  If so, leave a comment below!

Rory GarandMacs, Gnome, and the Super Key

Arch Linux on a Macbook Pro 8,2 – Part 1 – Encryption

1 comment

Part 0 of this series concluded with a shell prompt on a fully functioning live Arch build.  By the end of this post, the system will be prepped and configured for the full install.  On top of that, the entire* drive will be encrypted so even the most paranoid individual should be content! ( *entire? not quite, but this will be expanded upon shortly).

It may be prudent to keep Macbook article from the Arch wiki open in another tab as it is a great source of information.  The wiki also discusses methods for dual or triple booting, as well as other possible configurations which are not included here.

Note: I had a Mac install USB drive which doubles as a recovery tool in the event something goes wrong.  Nothing in this guide should brick your machine but please be mindful when executing commands, especially if you don’t have a strong understanding behind what they do.  I strongly recommend keeping a Mac install disc or USB drive nearby while following this guide.

Preparing the Partitions

The very first step is the biggest.  Following the next few commands any possibility of returning to the currently existing Mac environment will be lost, so proceed with caution!

Even though the system will be encrypted, the beginning portion of the drive must remain unencrypted so the computer can actually boot.  Realistically this does not present many security issues, and the partition doesn’t need to be large so it won’t eat into the available storage.  Execute the following command to partition the drive, however, in case you’d like to use your favorite tool for the job keep in mind that Apple computers require the hard drive to be GPT formatted (ex. cgdisk over cfdisk).

    [root@archiso ~]# cgdisk /dev/sda

Using the arrow keys to navigate around the screen, delete each existing partition one by one until left only with “free space.”  Next, select “New” and follow the prompts to create the unencrypted boot partition.  Just hit <Enter> to use the default entry, but note that it will appear as if nothing was entered at all.

    First sector (## - ##, default = ##): 
    Size in sectors or {KMGTP} (default = ##): 512M
    Hex code or GUID (L to show codes, Enter = 8300): 8300
    Enter new partition name, or <Enter> to use the current name:
    boot

Create the encrypted system partition in a similar fashion.

    First sector (## - ##, default = ##): 
    Size in sectors or {KMGTP} (default = ##): 
    Hex code or GUID (L to show codes, Enter = 8300): 8e00
    Enter new partition name, or <Enter> to use the current name:
    arch

For reference, Arch is on a 256 GB drive on my computer, but once finished cgdisk should look similar to this:

The installation process will change the boot partition later on, so don’t panic if it looks different sometime in the future.  That said, there’s probably little reason to ever do this again.  The risk of accidentally changing the partition table on my completely functional computer to take the screenshot above was unnerving enough…

Navigate to “Write” and type out “yes” when prompted.

    Are you sure you want to write the partition table to disk? (yes or no): yes

Finally, select “Quit” and press enter.

Encrypt the System Partition

Before the partition can be encrypted, the associated linux module needs to be loaded into memory.

    [root@archiso ~]# modprobe dm_mod

The next step is what actually encrypts the system partition.  This is another potential point of no return.  Although the partition table for OS X was recently removed, it would still be possible (difficult, but possible) to restore the contents of the drive prior to executing the following command.

    [root@archiso ~]# cryptsetup -c aes-xts-plain -y -s 512 luksFormat /dev/sda2

You will be prompted for a password, which will eventually be needed to decrypt the drive whenever the computer starts.  While a bit tongue-in-cheek, check out this “guide” for picking a strong password.

Open the newly encrypted partition to prepare it for Arch.

    [root@archiso ~]# cryptsetup luksOpen /dev/sda2 arch

Traditionally, partitions would have been created for the system, users, swap, etc. during the cgdisk steps above.  This is not possible when encrypting the whole drive, but there is a simple workaround provided by utilizing the Logical Volume Manager (LVM).  The basic idea is that LVM creates logical partitions for Arch to use, that are all contained within one physical partition.  The advantages of LVM extend beyond this guide, so I recommend at least checking out the wikipedia article for more information.

    [root@archiso ~]# lvm pvcreate /dev/mapper/arch
    [root@archiso ~]# lvm vgcreate vgroup /dev/mapper/arch
    [root@archiso ~]# lvm lvcreate -L 10G -n root vgroup
    [root@archiso ~]# lvm lvcreate -l 100%FREE -n home vgroup

Be aware that this is the point where a logical swap partition should be added if required.  Since the Macbook Pro 8,2 comes with 4 GB of RAM, including a swap partition is probably unnecessary.  Of course, a swap file can be attached to the system for similar functionality at any time.

Lastly, format the newly formed logical volumes so they can be mounted and used by the system.  I have chosen ext4, which is fairly common for linux, but other options exist as well.  Please note that this guide may break in later steps if you decide to use a different file system type.

    mkfs.ext4 /dev/mapper/vgroup-root
    mkfs.ext4 /dev/mapper/vgroup-home
    mkfs.vfat /dev/sda1

Congratulations!  The system is now ready for installation.  The next post in this series explains the ins and outs of the installation process.

Rory GarandArch Linux on a Macbook Pro 8,2 – Part 1 – Encryption