Google public WiFI

Short post: when you agree to the terms and conditions of Google sponsored WiFi (e.g. at Starbucks) your DNS resolution settings are updated to point to Google’s DNS servers. While this does result in hands-off protection from malicious websites it also enables Google to track your browsing habits and gather a large representative sample of the habits of people that use that particular WiFi network.

In Linux, look at your /etc/resolv.conf to determine if your DNS server has changed. Google’s servers are: and

I recommend checking this file each time you connect to a public WiFi network.

Arch Linux on Dell M6800

I have not upgraded my computer systems for a while and have been using a combination of Windows 7 and Mac OS X as my main OSes. Recently, I had the opportunity to purchase a Dell M6800. Below is a walkthrough of how I got Arch Linux configured on this monster of a machine.


– Blazing fast machine, faster than a top-of-the-line Macbook Pro (mid-2015) Retina model tested at the Apple Store on loading webpages (tested NYT, The Verge, BBC, and Engadget).

– Too large to conveniently lug around
– Heavy

Applications Used: Mutt (email), Firefox (web browsing), rxvt-unicode (terminal), dwm (window manager), irssi (irc)


This computer was configured with two hard discs: a 512GB SSD and a 512GB HDD. The first was used as the boot drive. It has been a long time since I configured a hardware (not VM) Linux machine from scratch and spent several hours selecting the optimal partition layout to set me up for the next 5 years. I wanted a partition layout that was easy to reconfigure, hard to configure improperly, and encryptable.

Before even considering the layout, I had to choose which partition table format I would go for. In the past, I would opt for the Master Boot Record (MBR) format which gave me interoperability with Windows. Now, with Windows 8 and beyond requiring UEFI support for Windows 8 certified PCs, there is no real reason to stick with MBR. For this machine, I selected the GUID partition table (GPT).

With that in mind, I considered the following scenarios:

(1) Simple scheme using GPT
In the past, due to the requirement of dual-booting for university, I had opted for a MBR configuration. I considered for this machine the following layout.

Partition 0: EFI boot, 256MB
Partition 1: Windows, 256GB
Partition 2: /boot, 256MB
Partition 3: / (root), 64GB
Partition 4: /home, remainder of space

Benefits of this layout was that it was simple. Drawbacks: could not easily modify in the future without copying data to an external disc and copying back. Also, it would be a waste of space if I did not use Windows.

Furthermore, with /home and / separated, I would have to set up encryption twice so I could make mistakes that would render encryption useless or open up attack opportunities.

(2) Linux Unified Key Setup upon Logical Volume Management (LUKS upon LVM)
This setup would give me all the flexibility of LVM with the added benefit of encryption. This means, I could extend a logical volume within Linux across multiple drives in the event my SSD ran out of space or, say, I wanted to implement a RAID configuration. Unfortunately, again, this would require multiple partitions and key configurations which would be cumbersome to manage.

(3) LVM upon LUKS
This setup would prohibit me from doing the above in (2), namely, spreading out partitions across physical media. However, it would be the easiest to configure and would give me encryption across my entire drive. Because I had an SSD, I was not too concerned about any r/w performance penalty that I would likely encounter having all these abstractions in place. Here is the partition scheme I opted for, using the GPT.

Partition 0: EFI system, 256MB
Partition 1: Linux boot, 256MB
Partition 2: Linux LVM, remainder of space, encrypted

You will notice that a Windows partition isn’t included here. Because I am using LVM, I can create space for it if I do decide to install Windows upon a separate partition.

I configured the above with the following commands (after booting into the Arch Linux setup disc).

Using GDisk, performed as root

#> gdisk /dev/sda #configure my SSD
(gdisk)> o # create a new GPT
(gdisk)> n # create the EFI partition
(gdisk)> [enter] # default partition number
(gdisk)> [enter] # default sector
(gdisk)> +256M # make the partition size 256MB
(gdisk)> ef00 # make the filesystem type EFI
(gdisk)> n # create the boot partition
(gdisk)> [enter] # default partition number
(gdisk)> [enter] # default sector
(gdisk)> +256M # make the partition size 256MB
(gdisk)> 8300 # make the filesystem type Linux FS
(gdisk)> n # create the LVM partition
(gdisk)> [enter] # default partition number
(gdisk)> [enter] # default sector
(gdisk)> [enter] # up to last sector
(gdisk)> 8e00 # Linux LVM filesystem type
(gdisk)> w # write changes to disc

Using LVM, performed as root

#> lvmdiskscan # list available disks found by lvm
/dev/sda1 [ 256.00MiB]
/dev/sda2 [ 256.00MiB]
/dev/sda3 [ 465.26MiB]
0 disks
3 partitions
0 LVM physical volumes
#> pvcreate /dev/sda3
#> vgcreate root /dev/sda3
#> lvcreate -L 32GB vg0 -n root
#> lvcreate -L 8GB vg0 -n tmp
#> lvcreate -L 8GB vg0 -n swap
#> lvcreate -L 64GB vg0 -n home

Create the file systems
In the past, I would have went for ext4, but wanted to really make sure I was taking advantage of my SSD (despite the performance penalty from LVM and encryption), so I went with XFS.

#> mkfs.xfs /dev/vg0/root
#> mkfs.xfs /dev/vg0/home
#> mkfs.xfs /dev/vg0/tmp

So, now I have achieved my initial scenario. The Arch Linux Installation guide shows how to mount the file system and install packages as appropriate.

Other Callouts on the Dell M6800

– At times, I encountered some rather scary looking write errors (likely due to the write scheduler being used). I prevented further occurences by adding libata.force=noncq to my GRUB_CMDLINE_LINUX_DEFAULT in /etc/default/grub and regenerating the configuration.
– I did not remember to install wpa_supplicant to connect to WiFi so I had to procure an Ethernet cable to download it before configuring netcfg to connect to my home network.
– Audio was enabled on Firefox by installing its optional dependencies (use pacman -Qi firefox to list them) and installing pulseaudio and pulseaudio-alsa. Remember to turn off the suspend-on-idle module to prevent pops when playing videos.
– The included Nvidia graphics card is meant for an Optimus configuration, so use the Intel supplied graphics card as the default. You can use bumblebee to offload 3D rendering applications to the Nvidia graphics card.
– Not Dell specific but I needed to remember to update my resolv.conf when connecting to OpenVPN servers. This fixed my DNS resolution issues.


00:00.0 Host bridge: Intel Corporation Xeon E3-1200 v3/4th Gen Core Processor DRAM Controller (rev 06)
00:01.0 PCI bridge: Intel Corporation Xeon E3-1200 v3/4th Gen Core Processor PCI Express x16 Controller (rev 06)
00:02.0 VGA compatible controller: Intel Corporation 4th Gen Core Processor Integrated Graphics Controller (rev 06)
00:03.0 Audio device: Intel Corporation Xeon E3-1200 v3/4th Gen Core Processor HD Audio Controller (rev 06)
00:14.0 USB controller: Intel Corporation 8 Series/C220 Series Chipset Family USB xHCI (rev 04)
00:16.0 Communication controller: Intel Corporation 8 Series/C220 Series Chipset Family MEI Controller #1 (rev 04)
00:19.0 Ethernet controller: Intel Corporation Ethernet Connection I217-LM (rev 04)
00:1a.0 USB controller: Intel Corporation 8 Series/C220 Series Chipset Family USB EHCI #2 (rev 04)
00:1b.0 Audio device: Intel Corporation 8 Series/C220 Series Chipset High Definition Audio Controller (rev 04)
00:1c.0 PCI bridge: Intel Corporation 8 Series/C220 Series Chipset Family PCI Express Root Port #1 (rev d4)
00:1c.2 PCI bridge: Intel Corporation 8 Series/C220 Series Chipset Family PCI Express Root Port #3 (rev d4)
00:1c.3 PCI bridge: Intel Corporation 8 Series/C220 Series Chipset Family PCI Express Root Port #4 (rev d4)
00:1c.4 PCI bridge: Intel Corporation 8 Series/C220 Series Chipset Family PCI Express Root Port #5 (rev d4)
00:1c.6 PCI bridge: Intel Corporation 8 Series/C220 Series Chipset Family PCI Express Root Port #7 (rev d4)
00:1c.7 PCI bridge: Intel Corporation 8 Series/C220 Series Chipset Family PCI Express Root Port #8 (rev d4)
00:1d.0 USB controller: Intel Corporation 8 Series/C220 Series Chipset Family USB EHCI #1 (rev 04)
00:1f.0 ISA bridge: Intel Corporation QM87 Express LPC Controller (rev 04)
00:1f.2 SATA controller: Intel Corporation 8 Series/C220 Series Chipset Family 6-port SATA Controller 1 [AHCI mode] (rev 04)
00:1f.3 SMBus: Intel Corporation 8 Series/C220 Series Chipset Family SMBus Controller (rev 04)
01:00.0 VGA compatible controller: NVIDIA Corporation GK104GLM [Quadro K3100M] (rev a1)
03:00.0 Network controller: Intel Corporation Wireless 7260 (rev bb)
11:00.0 SD Host controller: O2 Micro, Inc. SD/MMC Card Reader Controller (rev 01)

uname -a

Linux london 4.1.5-1-ARCH #1 SMP PREEMPT Tue Aug 11 15:41:14 CEST 2015 x86_64 GNU/Linux

iOS 9 Public Beta 1 Changes

Apple has introduced a number of positive changes with iOS 9. This post details them the items I have found through ad-hoc usage.

– Mail app has icons when swipe is shown
– Selecting and deselecting text now has animations
– Passbook has be renamed to Wallet
– Swiping down from the home screen has more searchable features; equivalent to swiping left on the home screen
– Low battery mode
– Double-tap home button shows new switching mode
– Settings app now has search
– Apple Music is now default on US builds
– Maps has transit directions for some markets
– Context menus are now more Palm-esque, as in, do not extend across the screen
– More sharing options
– Notes supports additional media
– Recommended apps to use now shows up reliably on the lock screen

Find any other changes? Add comments below.

PDF Minimalist 2015 Calendar for Printing

I needed a simple calendar to track some projects and could not find a one online that matched my requirements without a watermark.  I spent a few minutes creating a minimalist calendar for 2015 (including the months already passed).

Feel free to use it to track your projects and let me know if it was useful.


  • Horizontal entries per day
  • Week and day number on each entry
  • ISO8601 date and time formatting

Download: 2015 Calendar (letter) (A4)

Setting up a git server accessible via ssh

For small personal projects I often use git to track my work. Sometimes, I’ll work from a different computer and wish I could clone the repository and continue where I left off. I recently set up a git server that allowed me to do this and all I needed was ssh access.

Provided you have a remote server located at gitserver with user admin, you can set one up by doing the following.

Log in to your server and create the git user.
user@local $ ssh admin@gitserver
admin@gitserver $ sudo useradd -m git

Locally, create the ssh-key pair that you’ll using to log in to your server and copy it over.
user@local $ ssh-keygen -t rsa -f ~/.ssh/id_rsa_gitserver
user@local $ ssh-copy-id -f ~/.ssh/ git@gitserver

Create a placeholder for the repository that you want to track. --bare is used here because you’ll be pushing your current repo to the server.
user@local $ ssh -i ~/.ssh/id_rsa_gitserver git@gitserver
git@gitserver $ mkdir ~/repo.git
git@gitserver $ cd !$ && git init --bare

Push your local copy over to the server. Here, I start a new shell with ssh-agent so key management is handled transparently.
user@local $ ssh-agent bash
user@local $ ssh-add ~/.ssh/id_rsa_gitserver
user@local $ cd ~/repo
user@local ~/repo $ git remote add origin ssh://git@gitserver[:port]/home/git/repo.git
user@local ~/repo $ git push origin master

Finally, lock down the git account
user@local $ ssh admin@gitserver
admin@gitserver $ sudo chsh -s /usr/bin/git-shell git

As a general ssh security tip: make sure that password-based login is disabled and public-keys are required when logging in to the server.

Now you’re all set! You can push changes as usual by using git push.

Google’s addition of C class stock

This is a big announcement and I thoroughly expect it to be approved at the meeting this June.


Backing up your Gmail account using procmail and fetchmail

With the advent of tools such as Amazon EC2, backing up your mail accounts is relatively easily.

Before you begin, make sure that POP is enabled in your Gmail account. You will need to log in via the web interface to confirm these settings.

To get started, launch an instance on your favourite cloud provider (or alternatively on your own computer). It’s wise to create a new volume to store your data.

Rationale: Fetchmail is used to retrieve the mail and procmail is used to create a Maildir — a much preferable format for storing messages because each message is stored in a seperate file.

# Preparing the storage volume
sudo fdisk [disk location]
sudo mkfs.ext3 [disk location]

# Mount storage volume

mkdir -p ~/
sudo mount [disk location] ./username
sudo chown -R ec2-user:ec2-user username/

# Install packages
sudo yum -y install fetchmail ca-certificates procmail

# Confirm that SSL connection works
openssl s_client -connect
You should see Gpop ready for requ….

# Configure fetchmail
vim ~/.fetchmailrc

service 995
protocol pop3
password ‘password’
options ssl

# Configure procmail
vim ~/.procmailrc



# Change ownership

chmod 600 ~/.fetchmailrc ~/.procmailrc

# Confirm that the configuration works
fetchmail -vk

# Download the mail
fetchmail -nk -a -d 200 -N

If you have a large mailbox, as expected, this will take a while. After it’s done, consider storing a copy of this volume (if using a cloud provider) elsewhere.

Quickly Attaching USB Devices to VirtualBox Guests using VBoxManage

I frequently develop inside VBox guests because I to ensure that my development environment is consistent across machines and operating systems.

Sometimes, I will need to connect a USB device plugged into the host computer to the guest VM. Because I start most VMs in headless mode, I would rather not launch the VM manager just to attach the USB device. Using VBoxManage, you can also mitigate this issue.

First (if you do not remember), find the name of the VM.
$ VBoxManage list vms
"archlinux" {3daf7395-3866-2348-bc54-947445b5e626}

List the USB devices attached to the host.
$ VBoxManage list usbhost
UUID: e2d15ede-83f1-45ad-98d5-1efa46b810eb
VendorId: 0x06c2 (06C2)
ProductId: 0x0033 (0033)
Revision: 1.0 (0100)
Manufacturer: Phidgets Inc.
Product: PhidgetSpatial
SerialNumber: 166112
Address: p=0x0033;v=0x06c2;s=0x000064bfc79cb786;l=0x06200000
Current State: Captured

Note that if the Current State is Captured, then you should make sure that the host has not already locked the device. In this case, it was already captured by the guest.

Connect the USB device to the guest, using the given UUID.
$ VBoxManage controlvm archlinux usbattach e2d15ede-83f1-456d-98d5-1efa46b810eb

You can also make this attachment permanent by creating a USB filter.

List the filters for the VM. Note the index.
$ VBoxManage showvminfo archlinux
USB Device Filters:

Index: 0
Active: yes
Name: Phidgets Inc. PhidgetSpatial [0100]
VendorId: 06c2
ProductId: 0033
Revision: 0100
Manufacturer: Phidgets Inc.
Product: PhidgetSpatial
Remote: 0
Serial Number: 166112

Place the filter after the last index. You can grab the VendorId and the ProductId from the previous usbhost output.
$ VBoxManage usbfilter add 1 --target archlinux --name Phidget --vendorid 0x06C2 --productid 0x0033

If you have problems setting the filter, first ensure that there are no existing global filters.
$ VBoxManage list usbfilters

You can later remove the filter by using a similar incarnation.
$ VBoxManage usbfilter remove 1 --target archlinux

Predictions for iOS 5

Here is a short list of the things that I think will be present in iOS 5. The correct featureset will be announced at the 2011 WWDC.

  1. Improved notification infrastructure, i.e., like the jumping dock present in Mac OS.
  2. Storage of contacts/documents/mail/calender events/books/purchased songs and videos on the cloud with no intervention and no limit
  3. Improved support for exchange and corporate infrastructure
  4. Group messaging
  5. Dynamic homescreen tiles
  6. Universal search
  7. New animations for common actions
  8. Support for at least 10 more languages (I would say 20 new languages)
  9. Improved iTunes/iPod experience
  10. Improved lock screen
  11. Font/kerning updates
  12. Improved accessibility
  13. Maps improvement

HP Veer

I have been thinking about a phone with a small but usable form factor for a long time. Microsoft nailed it with the Kin but unfortunately the target audience was not applicable to me. I’m really excited about the HP Veer which is supposed to be shipping in the spring.

The deciding factor is the answer to the question: how much for an unlocked phone? It is only running a Snapdragon 800Mhz CPU and given that the screen is a little over 2 inches, I don’t see why it would cost much more than $399.

Time will tell.

Link: “HP Veer, first hands-on! (updated with video!)” []


Get every new post delivered to your Inbox.