Octopodial Chrome

I’d be interested to know what my Greek friends think of Napoleon Linardato’s take on the Greek economic situation. It certainly seems very unhealthy for one in four workers to be State employees.

Thanks to Mom for forwarding this clip of a submarine rescuing airmen some seventy miles off the coast of Japan. Neat seeing it in colour too.

This is abso-frickin-lutely insane: a woman in Texas was convicted of a felony for spanking her daughter. She didn’t use a belt. She wasn’t (apparently, from anything I’ve read on the case) beating the girl; she just spanked her. Judge Jose Longoria told her, you don’t spank children today, and sentenced her to five years of probation. As it’s a felony, she’ll never be permitted to vote or own a firearm again.

It’s conceivable of course that she really did overstep the bounds, but I doubt it: from the facts as reported in multiple sources, I suspect this whole thing was really a ploy for her ex’s mother to get the kids. Well, the grandmother has them now, and the mother’s life is ruined.

I wonder if the judge has kids, and if so exactly how rotten they are.

No, Judge Longoria, one does spank a child today, if he or she needs it.

I just discovered this wonderful Who’s Who of Isaac Asimov’s Foundation and Robots series. Very good to have on hand if you, like me, discovered Asimov at an impressionable age and devoured every single thing you could get your hands on.

Jeffrey Goldberg marks this Fathers’ Day with a story about Thomas Woude, a man who died saving his son. I’ve no doubt that my own father would have done the same for us—fortunately, it has never come to that.

I just discovered Lightweight Portable Security a Linux distribution released by the US Air Force. The idea is that it’s a system which boots from a CD or flash drive and works entirely in volatile memory—thus any malware is unable to survive a reboot.

They even have an LPS-Remote Access which is the only way to access government systems without government-furnished equipment. That’s pretty cool!

It’s a nifty idea, particularly for folks who have to travel and use unknown hardware a lot. Of course, a true paranoid would develop his own version of LPS, not use one from the Air Force.

Well, today marks a centuury since International Business Machines was founded. I know we employees like to complain a lot, but it really is an amazing company—and has paid my wages for over a decade. Here’s to another hundred!

One of the few things I miss about Fedora when using Ubuntu and related GNU/Linux distributions is the ease of setting up fairly complex disk partitioning schemes. I’m a big believer in disk mirroring (to protect against hard drive failure) and in encryption (to protect against data loss due to hardware theft), and Ubuntu requires use of an alternate, text-based installer while Linux Mint doesn’t even do that much.

Fortunately, this is Linux, which means I have all the tools I need to get this to work. Many thanks to this guide from 2008, which provided the base instructions.

Note that I do not set up software RAID (mirroring) in this case, as these instructions are for a laptop. If you want mirroring, my advice is to build two partitions on each mirror, one for /boot and one for the mirror volume, then build an encrypted volume atop the mirrored volume; add that encrypted volume to a volume group; and finally build logical volumes in that volume group.

A note about naming: throughout these instructions I refer to rootvg as the root volume group. This is fine for small installations; however, if you ever move disks between computers that also have their own group called rootvg, this causes trouble (generally, failure to recognise the new physical and logical volumes). For that reason, in practice I usually name my volume group with some unique name, perhaps related to the hostname.

1. Boot from Linux Mint Katya DVD
2. Open the terminal from the menu (lower left-hand corner). Install the Logical Volume Manager with sudo apt-get install lvm2.
3. If this drive has previously held unencrypted data:
   1. Open a web browser and visit some site to generate some entropy; install and play some games too.
   2. sudo dd if=/dev/urandom of=/dev/sda bs=1M & sleep 5; while sudo pkill -USR1 dd; do sleep 60; done (make sure to continue web browsing and playing games—when unattended, leave some music or videos playing)
4. Format the hard drive: sudo fdisk /dev/sda. Create a 512M primary partition 1 for /boot (no BIOS that I’m aware of supports booting from an encrypted disk, so your boot partition must be plaintext) and then an extended partition 2 for the rest of the disk, with a logical partition 5 filling it. I’m sure there’s a GUI to do this too, but the command-line is easier and quicker.
5. Create an encrypted volume: sudo cryptsetup luksFormat -c æs-cbc-essiv:sha256 -s 256 /dev/sda5 (if you get an error, run sudo modprobe dm-crypt; sudo modprobe æs-i586 to install the crypto modules)
6. Activate the new volume: sudo cryptsetup luksOpen /dev/sda5 cryptpv
7. Create an LVM physical volume on the encrypted volume: sudo pvcreate /dev/mapper/cryptpv
8. Create a LVM volume group: sudo vgcreate rootvg /dev/mapper/cryptpv
9. Create a logical volume for your swap (virtual memory): sudo lvcreate -L 4G -n swaplv perique (where 4G is twice your RAM).
10. Create a logical volume for your root filesystem: sudo lvcreate -l 100%FREE -n rootlv rootvg
11. Format your boot partition: sudo mkfs.ext2 /dev/sda1
12. Format your root partition: sudo mkfs.ext4 -j /dev/mapper/rootvg-rootlv
13. Install Linux Mint as usual; the installer should detect the partition and logical volumes. Make sure to use the advanced partitioning tool. Format /boot as ext2; format / as ext4 (the reason for formatting them earlier is so that the installer doesn’t get confused; I reformat in case the installer uses any special options). Do not use the swap as swap; the installer will be confused and believe that it is a physical volume. If others will have unsupervised login access, consider encrypting your home directory as well.
14. Mount the new root on /mnt: sudo mount /dev/mapper/rootvg-rootlv /mnt
15. Mount the new /boot: sudo mount /dev/sda1 /mnt/boot
16. Change root (this makes the current process think that /mnt is /—which is another way of saying that it makes it appear that you’re working inside the freshly-installed system): sudo chroot /mnt
17. Mount special filesystems: mount -t proc proc /proc; mount -t sysfs sys /sys; mount -t devpts devpts /dev/pts
18. Update the list of available software: apt-get update
19. Install LVM2 on the freshly-installed system: apt-get install lvm2
20. Update the cryptography table: vi /etc/crypttab

    cryptpv /dev/sda5 none luks

21. Update the filesystem table: vi /etc/fstab

    /dev/mapper/rootvg-swaplv none swap 0 0

22. Updated the list of modules installed in the boot-initialisation ramdisk (this may actually be overkill nowadays): vi /etc/initramfs-tools/modules

     
         dm_mod dm_crypt sha256_generic æs-i586 
    

23. Build the new initramfs: update-initramfs -k all -c
24. Unmount the special filesystem: umount /dev/pts; umount /sys; umount /proc
25. Exit the chroot jail: exit
26. Unmount the boot filesystem: sudo umount /mnt/boot
27. Unmount the freshly-installed root filesystem: sudo umount /mnt
28. Format the swap logical volume: sudo mkswap -L swap -f /dev/mapper/rootvg-swaplv
29. Reboot: sudo shutdown -r now

After following these instructions, you should have a fully-encrypted root volume running Linux Mint.

A star in the constellation Scorpio has been named after Saint Afanasy of Kovrov, who was persecuted under the Soviet union. I think naming objects after great heroes—whether of the Church, of the State or of the Academy—is a splendid idea.

Babbage, over at The Economist, explains why mobile phones can’t cause cancer. It’s a basic principle, really: they simply don’t emit enough energy to produce free radicals.

Granted, it could be that wearing them causes shifts in how one moves, and that might conceivably cause certain health issues like osteoporosis. But that would apply equally to other things one wears (like pistols or purses). And of course it’s not cancer.

In today’s edition of The World is Doomed, we review a case wherein cops who claim children under ten years are only allowed in their parents’ yard.

Now, this is on the face of it absurd. Almost exactly four years ago I mentioned a story about children losing the right to roam which featured a great-grandfather who would walk six miles to go fishing. There’s nothing at all wrong with that! In fact, given the very large number of Americans who are morbidly obese, maybe more six-year-olds should be playing outside their parents’ lawns.

Regardless, if parents wish to allow their kids to run free (and of course assume responsibility for any misbehaviour those kids get up to), that’s the parents’ right. Neither the State nor its agents have any business intruding a nose where it’s not wanted.