mcbridematt.dhs.org

libnfc is a library for communicating with ISO14443 RFID tags. You might know these things for their use in smart card ticketing systems such as Oyster, Octopus, Snapper and myki. But they are also present in other forms such as photocopy cards, student ID's, building access controls* and passports. Two forms of ISO14443 dominate: Felica, which debuted in Hong Kong's Octopus RFID ticket and spread across Asia soon after, and Mifare, which dominates just about everything else.

Full tutorial below the fold

A double post for today.

Wednesday

Thursday

• Keynote: Glyn Moody

  Discarding data for fun and profit

  Yubikey authentication in a mi4>d-sized organization

  So you moved the graphics drivers to the kernel, so what? i can haz ponies

  Tux on the moon: FOSS hardware and software in space

On my list for today:

• Keynote: Gabriella Coleman
• System admin: Weta Digital: Challenges in data centre growth
• System admin: System deployment and bare metal recovery with Clonezilla
• Data storage: Relational vs Non-Relational
• Data storage: How to create a full text search solution with MySQL
• Sys admin: Linux containers, virtualization with out strange patches
• Sys admin: Being lazy in a large organization - documentation by wiki
• Data storage: Build your own dropbox

Read on for my reviews

Welcome to my liveblog of linux.conf.au 2010, in Wellington NZ. I hope to do a round up at the end of each day, and post my presentation picks at the start of the day.

For Monday, the 18th:

• OPLM: Haskell and the wonderful things it doesn't let you do
• OPLM: Introducing gearman: the distributed server for all languages

• Open business: Getting your personal financial house in order with gnucash
• Arduino: Flex and the arduino
• Open wave: Google wave and web 2.1
• Hackers, Crackers and Security basics
• Arduino: Memory architecture of AT mega CPUs
• Arduino: The RepRap, Arduino in 4D

Hit "Read more" for my impressions of these talks

I used to be a prolific blogger, having blogged almost every third day for a number of years. Unfortunately, that slowed since 2006, for a number of reasons, mostly time, software and the rise of "social networking"

Not anymore.

For three months on and off, I have been building the Really Awesome Blogging Software Solution™ I wanted something that suited my vision, and now its here

Hit 'more' to read about what powers this new website

This blog was the first C++ project I have done from scratch (as opposed to hacking on existing projects like I have done before), that served a functional purpose.

One of the features of C++ is that it gives "choice"; one could write programs in either procedural or object oriented style. Object oriented is popular: Java, C++, Python, Ruby, C# and Objective-C just to name a few are object oriented languages. Meanwhile, C (which C++ extends) is a procedural language.

Lesson #1: "Pick a side"!
Writing parts of the software outside class objects simply broke my work flow later on, trying to context switch between two different modes of operation. Sure, in these cases the functions involved had no need to be wrapped in objects, but it proved better to make them into static class methods.

There isn't anything wrong with procedural programming in general, it just makes it easier for you to shoot yourself in the foot. A well designed procedural API makes it easy to create and do operations of data. One well designed example is CFString in Apple's CoreFoundation which really beats working with C's <string.h> any day of the week

Lesson #2: Abstract early and often
This is probably the most important lesson out of all. Early on I had built the blog post and comments view by simply extracting data from the DB at those points. No attempt to wrap the data in an object was made. Then I had to access that data elsewhere within the application, sometimes operating on one object or operating on several. So I finally built an OOP interface there. Had I done it right away in prototype stage I would've saved time.

The object models proved much better to work with in the end

Lesson #2.1: Model-View-Controller rules. Use it
This goes with the above, once Model and Controller are sorted, adding more functionality (i.e different ways to get data) by creating more views is trivial.

Myki is supposed to be Victoria's new contact-less public transport ticketing system, uniting various solutions in use across Victoria (Metcard, V/Line, regional bus tickets)

It has been rolled 'outside-in' from Geelong and other regional centres. The physical aspects have been around for a long time (metal posts at train stations, 'brochure holder' stubs on trams and busses), but the project is only being delivered to the public now

While I look forward not having to rummage around for a coins yet alone keeping a flimsy paper ticket when using the bus in Geelong, I've heard so far the hardware hasn't been reliable at all times. Hopefully the hardware showing up in Melbourne has bugs fixed.

And now, for the technical aspects:

• The letter I got with my card claims they don't hold any personal data beyond 30 days from ordering, unless I register it on their website
• A flimsy Short term ticket exists
• Myki is based on Mifare hardware, which is industry standard (good since the state could switch to another supplier). Reportedly, Myki is based on the newer DesFire version, not the Mifare classic which has been cracked several times in recent years
• Contact-less ticketing using similar (MiFare) hardware exists in places like London (Oyster), Perth (SmartRider), Queensland (TransLink Go). Sydney tried with Tcard, and failed due to complexity. Hong Kong has had a contact-less system (Octopus) since 1997
• A vendor report regarding a pilot conducted with McHarry's Buslines in Geelong, April 2008 reveals some technical details about the Myki system in an appendix regarding issues raised during the pilot:
  • Rather standard mobile hardware has been used in the buses (and probably trams). WiFi is used to transfer data back at the depot, the driver console runs some variant of Windows (probably CE) and the storage is CompactFlash
  • Some rather interesting issues raised as a result of network issues( DHCP), application crashes ('BDC.exe'), application freezes, pulling circuit breakers to reset the entire system (no 'big red button' exists apparently), Windows based webservers
• Everything seems to be connected to some big private Myki network. Shots of myki related network hardware: 1 (from calt of RP), 2 (from Marcus Wong) - hmm, thats some old Cisco kit, plus several in this Seven News story (anyone got a HD capture?)
• Hope those guys have WPA on. And I guess every single loading transaction online/from the phone is going to be synced to every single Bus/Tram console every night - how long will that take (probably more processor intensive), what happens if data is not synced properly? Having the stored value of Myki under say $10 may be risky
• There is fibre along each rail line in Victoria, generally used for signalling, presumably what the Cisco gear and big steel cabinents linked earlier are connected to, along with the train station scanners. (picture from cookies930 of RP). Will all this connected gear operate autonomously in case of network outage? What will happen at Flinders Street in peak hour if an outage happens?
• (In Singapore they sell a USB card reader so people can top up their cards instantly. I wonder how that goes for security?)
• According to Victorian Fare policy manager Adrian Web, 7-11's point of sale hardware already has the appropriate MiFare hardware in for reloading Myki, negating the need for additional hardware (see link below)

Additional reading:

• Railpage Australia Forum - Myki, Includes some posts from Victorian fare policy manager Adrian Webb ("Revenue"). Pictures above (apart from the two at the start) have been sourced from there
• Marcus Wong's gallery
• MiFare Classic attacks (not relevant to Myki, but give idea of how Myki could be cracked if we ever get hardware fast enough to crack DES):
  • Walk up to reader or 'bum-sniff' user attacks (Youtube video) and report (PDF)
  • CCC 2007 presentations
  • "A practical attack on Mifare Classic" - Gerhard de Koning Gans
  • Public transport cracking in general: the DEFCON 08 presentation that was stalled by Boston's Public transport operator in court (they use Mifare). Details social engineering, Mifare attack, brute force, physical access to network hardware (hmm.. Myki)
  • Vendor statement on Mifare classic attacks

You can send SIGQUIT (kill -3) and the JVM will produce a stack trace of all threads in the JVM. Sweet!

Last month marked the release of the Groupware sync server distribution of Funambol which contained goodies such as the GroupDAV Connector (calendar sync) and Citadel connector (push email for Citadel). Stefano - Funambol's Community manager demanded to know why I'm not worshipping Steve, and the resulting interrogation has been posted on the blog of Funambol CEO Fabrizio Capobianco.

The following script demonstrates how to access Outlook from Java, using the Groovy language dialect. In this example, we get an existing Calendar event and add an attendee

Requirements: Groovy with Scriptom on Windows.

import org.codehaus.groovy.scriptom.*;
import org.codehaus.groovy.scriptom.tlb.office.outlook.*;

def application = new ActiveXObject('Outlook.Application');
def namespace = application.GetNameSpace("MAPI");
def folder = namespace.GetDefaultFolder(OlDefaultFolders.olFolderCalendar);
folderItems = folder.Items();
item2 = folderItems.Item(2);
print ("Event name: " + item2.Subject() + "");
recipients = item2.Recipients()
/* You have to set the email address in the name field. 
Suprisingly, the COM interface only seems to 
enforce read-only on Recipient.Address */
newRecipient = recipients.Add("Another recipient <eple@example.e>")
/* Can be set to olOptional, olRequired
 or olResource. olOrganizer is available but Outlook
 won't let you change the organizer on an existing object
*/
newRecipient.Type = OlMeetingRecipientType.olOptional 

newRecipient.Resolve()
item2.Save() // You need this.

The home made blog code on mcbridematt.dhs.org is getting old, having not been touched since I replaced the WordPress front end with some Java servlets running in a hacked CGI container last year. So I bring you blojsom! Its currently running off my box at home here (comalies.citadel.org). Considering this connection is now 512/512, hosting it off here is more viable.
The full archive will come back in due course, and the site will regrow off that.

Optus has formally announced its wholesale ADSL2+ service, which will allow other ISPs to offer 24Mbit speeds and phone services via ULL later this year.The integration systems are currently being tested by Exetel, iseek and Internode, though currently only Exetel is publicly offering the service.

-- Whirlpool article.

Dear Simon,

I'll ship a tonne of Krispy Cremes right to your office if you get me off this craphole Telstra DSLAM now

The posts on this website are in the professional capacity of me as an individual and do NOT represent any views of any organization I am affiliated with in any way whatsoever.

I applaud Google's refusal to listen to self-righteous whingers without a law suit. So what if its racist? Welcome to Aussieland where people whinge about every minor misworded speech because we've been raised that way. Below is a video which clearly illustrates what people should do instead.

Turns out Telstra (as Telecom) had 6 mbit ADSL running 10 years ago. WTF!!? Maybe I'll be on Internode via Optarse at the end of this year. Until then I'm going to argue the Real Soon Now guy is costing me $10 a month (the difference between 512/512 and ADSL2+).

And in addition to fire hazard batteries.. looks like I've smegged the hard drive in the PowerBook down to crawl speed. Still more reliable than the Acer 270 POS thats now running as one of my servers though. Horray for warranty.Don't we all pine for the factory fresh plastic smell that comes from opening computer packaging ....

If you came here looking for what error code 2STF/8/3 in Apple Hardware test means, it means, your hard drive, like mine, has been used to its full potential and its pissed that no QA test in the factory could prepare it for you/me

I'm going to be deploying OpenAFS soon on my network here. OpenAFS, an AFS implementation, has some interesting location-independence features which sound good, and hopefully the tangled web of network file systems in use here can be reduced. Heres an overview:

• NFS. WHY THE FUCK DO ADMINISTRATORS STILL INSIST ON USING IT? I spent one afternoon once trying to tune nfs to deliver decent bandwidth over the wire. Yet still it provides me ADSL speeds on 100mbit Ethernet. Sadly, using Samba for network file sharing on Unix systems is better than using NFS.
• SMB/CIFS/'Windoze'. Not bad, but configuring permissions for it is crappy. Few mates coming over to a LAN? Forget using Windoze file sharing for your warez if your boxen are on a domain
• Direct Connect. Not a network file sharing system, but a centralized p2p one. Apart from the crappy hash process, well, its less painful than any of the others here
• AFP (AppleTalk Filing protocol). Apples done some nice work on this one. Runs on TCP/IP, but can tunnel over SSH. Wish 3rd party OS intergration wasn't so painful though.

Arj Barker, an American comedian whos toured around Australia a lot as of late, is coming to Geelong on November the 7th. w00t!

It looks like Arj Barker's Geelong performance has been sold out for quite some time now. Damn

Krispy Kreme has another outlet in Melbourne in Collins St, across from Southern Cross station and opposite the Collins/Spencer St tram stop. I was around there 3pm saturday and there was a queue there! Boo, don't have time for that

Stupid me didn't factor daylight savings into account so I didn't head down to Docklands to do HDR shots. Damn.

Hint Hint! If you want push email with Citadel this Christmas, order your Windows Mobile 5 devices and get your full blown data plan NOW! BionicMessage.net, and therefore, the Funambol GroupDAV connector will be the "full time" occupation for me over the holidays.

And finally, They killed the Glasshouse! You barstards!!.

For those of us who multitask a lot in Windows, particular juggling multiple consoles, try Console. I've found it useful when I need to run multiple servers in console mode.

I finally set up Ubuntu on my Opteron workstation box here, after a year of running Windows x64, and I have to say, its not bad. I actually tried Kubuntu first, being a loyal user of KDE in the past, and went running to download the plain Ubuntu ISO ASAP after a few minutes. The major reason why I installed Ubuntu is that XP x64 chews memory up quickly; good single app performance, but multi tasking sucks. Ubuntu is going quite nicely in the multitask department, despite the fact I can't overclock my CPUs the extra 300MHz (1400MHz -> 1500@FSB-> 1800@Clockgen in WIndows).

However, it seems, Linux developers are still detached from reality.

Its nice to know, 12 months after I stopped using Linux, that Linux audio is still in 1990. Ubuntu ships with ESD on, ALSA with no dmix by default. And of course, the answer, as always, is to use piece of crap hack aoss/etc. to work around.

Seriously, thats the most stupid solution ever. I'm sure someone can get good 'ole OSS emulation to properly non block /dev/dsp tomorrow if the demand was there (ALSA OSS emulation includes a non block option, but it doesn't work..). Instead, five years ago, ALSA was introduced into the equation, and apart from replacing a half-proprietary audio driver solution, did nothing to fix the problem.

AMD64 Linux also depends on stupid solutions such as copies of both 32 bit and 64 bit libs for both to function on the same system. Pfft.

Microsoft solved this problem in 1994 with WoW (Windows On Windows), which serves us today as WoW64, giving x64 Windows users seamless access to 32 bit apps.

Steve Jobs solved this long ago to, well before NeXT and Jobs came back to Apple, by way of the Mach binary format. OS X binaries can contain any combination of ppc, ppc64, ia32 and AMD64 binaries.

and Linux? ./configure --target=64 && make && make install && make distclean && ./configure --target=32 --prefix=/usr/lib32 && make && make install.

I was hoping to get a Macbook Pro to replace my 12 month old PowerBook 12" and become my main machine. Since I don't have the cash to do that, once the PowerBook's warranty expires next month, I'll be taking it up to max RAM and a fast HDD with big cache. I might be getting a BenQ FP92W, and I might actually dock it to the PowerBook instead of my Opteron box here!

... the i-mate JASJAM, bought it to retire my Treo 600, and eventually implement push email for a certain project. And guess what it can do...

It can download faster via HSDPA (max 1.8Mbps) vs my home ADSL connection - 512/512.
I predict Internode will offer DSL2 over Optus when Nodephone 2 (attack of working inbound numbers) arrives. But hell, right now, I'm being ripped off a thousand times over.