The code in this blog post wasn’t written by me. The code actually comes from an automatic code generator used by the wayland project (and is credited to Kristian Høgsberg). To me, the code displays simple craftsmanship and should be appreciated for something beyond it’s mere utility.

The code itself deserved to be read.

So here it is:

static const char *indent(int n)
{
	const char *whitespace[] = {
		"\t\t\t\t\t\t\t\t\t\t\t\t",
		"\t\t\t\t\t\t\t\t\t\t\t\t ",
		"\t\t\t\t\t\t\t\t\t\t\t\t  ",
		"\t\t\t\t\t\t\t\t\t\t\t\t   ",
		"\t\t\t\t\t\t\t\t\t\t\t\t    ",
		"\t\t\t\t\t\t\t\t\t\t\t\t     ",
		"\t\t\t\t\t\t\t\t\t\t\t\t      ",
		"\t\t\t\t\t\t\t\t\t\t\t\t       "
	};

	return whitespace[n % 8] + 12 - n / 8;
}

[From http://cgit.freedesktop.org/wayland/wayland/tree/src/scanner.c ]

I can even forgive if for neglecting to assert() its preconditions!

In this tutorial we will repartition a USB stick and install Fedora on it allowing it to be used:

• As encrypted storage with any modern Linux system
• As a bootable USB stick running Fedora and using an encrypted home partition
• To copy files to/from other computers, including those running non-Linux operating systems (this bit uses an unencrypted partition).

The basic idea is to split the disc into two partitions, Boot and Vault.

Boot is a FAT partition that interoperates well with non-Linux operating systems. The FAT partition will also contain, as files, the bootloader, read only compressed file system image and “overlay” image that allows us to amend the main filesystem. It is the compression that makes this scheme attractive. A very rich development workstation (including eclipse and lots of header packages) weighs in at less than 2GB. The other big advantage of basing things on the live images is that all the logic to stop temporary (and log) files writing out to the USB media is ready and working out of the box. This keeps down the wear on the media.

Note: The read-only compressed file system comes from the Fedora “Live” media. Thus the images easily available are the live CD and the live DVD published by the Fedora project. However it is possible to use the Fedora tools to custom roll your own live media.

The Vault is an encrypted home partition where the user files (including audio/video streams) can be stored. It is also automounted, subject to password, on any modern Linux system allowing it to be used for encrypted file exchange.

Recommended partition sizes

This is just a rough guide since its up to you to decide what you’ll be using the bootable stick for.

For a 4GB USB stick a 3GB FAT partition leaving a 1GB encrypted partition would be fairly flexible and allow big files to be transferred to a non-Linux operating system. Consider using a CD sized live image and a relatively small overlay partition (300MB or so).

For a 8GB USB stick, either a 4GB/4GB or a 5GB/3GB division would make sense. With a 5GB/3GB split then the DVD sized live image is possible together with a generous home area and the capacity to transfer large files.

For 16GB media I like to have a very big encrypted area so I can keep lots of audio/video material on the encrypted partition. For me a 6GB/10GB split gives me exactly what I want. A 2GB live image together with a generous overlay partition (1GB) so I can easilt install extra software whilst travelling if I need to.

I seldom use non-Linux operating systems these days so these recommendations assume I can use the encrypted partition for file transfer. If the primary thing you use the USB stick for is file transfer to non-Linux operating systems then perhaps you want to just pick a relatively small size for the encrypted partition (say 1GB) and give all the rest to the boot partition.

Putting it into practice

After inserting the USB media it is likely to be auto-mounted by the OS. Therefore the first thing we need to do it identify the media and unmount it. I recommend using the command line for this. Many GUI “eject” commands do more than just unmount the file system, they also do a USB shutdown that makes it impossible to use the media until you unplug and replug it (at which point it auto mounts again). Here we use mount to list the mounted devices and hunt for the device mounted on either /media or /run/media/<username>/ and then use the device name on the left to do the unmount. Remember the device name (below it is /dev/sdb1) since we’ll need that later.

[root@lobster ~]# mount
 proc on /proc type proc (rw,relatime)
 sysfs on /sys type sysfs (rw,relatime)
 ...
 /dev/sda1 on /boot type ext3 (rw,relatime,data=ordered)
 /dev/sdb1 on /run/media/drt/9A63-9772 type vfat
    (rw,nosuid,nodev,relatime,uid=500,gid=500,fmask=0022,dmask=0077,
     codepage=cp437,iocharset=ascii,shortname=mixed,showexec,utf8,
     errors=remount-ro,uhelper=udisks2)
 [root@lobster ~]# umount /dev/sdb1

Now we need to repartition the USB media to create seperate Boot and Vault partitions. THIS WILL ERASE EVERYTHING ON THE DISC. Here we use parted and the argument is the device name from above (/dev/sdb1) with the numeric part and the end shaved off (/dev/sdb).

Note: The following examples are taken from my own system where I’m setting up a 16GB USB stick with a 6GB/10GB split.

[root@lobster ~]# parted /dev/sdb
 GNU Parted 3.0
 Using /dev/sdb
 Welcome to GNU Parted! Type 'help' to view a list of commands.
 (parted) p
 Model: SanDisk Cruzer Fit (scsi)
 Disk /dev/sdb: 16.0GB
 Sector size (logical/physical): 512B/512B
 Partition Table: msdos
 Disk Flags:

Number Start End Size Type File system Flags
 1 16.4kB 16.0GB 16.0GB primary fat32 lba

Remove the original partition:

(parted) rm 1

Make a 6GB FAT partition to act as the boot partition, a 10GB encrypted partition and double check things by printing the partition table:

 (parted) mkpart primary fat32 16.4kB 6.0GB
 Warning: The resulting partition is not properly aligned for best performance.
 Ignore/Cancel? i
 (parted) mkpart primary ext2 6.0GB 16GB
 (parted) print
 Model: SanDisk Cruzer Fit (scsi)
 Disk /dev/sdb: 16.0GB
 Sector size (logical/physical): 512B/512B
 Partition Table: msdos
 Disk Flags:

Number Start End Size Type File system Flags
 1 16.4kB 6000MB 6000MB primary fat32 lba
 2 6001MB 16.0GB 10.0GB primary

(parted) quit
 Information: You may need to update /etc/fstab.

Now is a good time to unplug the media, just to make sure that the kernel adopts the new partition table. This is paranoid but, hey, unplugging a USB stick isn’t so hard now is it?

Having done that, the automounter might end up decided to mount the old filesystem (not caring that half of it is now missing). However because the file system has changed size we must make a new one in order to be save.

Firstly we format the boot partition:

[root@lobster ~]# umount /dev/sdb1
 [root@lobster ~]# mkfs.vfat -F 32 -n LIVE /dev/sdb1
 mkfs.vfat 3.0.12 (29 Oct 2011)
 [root@lobster ~]#

Having done that we now need to create an encrypted ext4 partition ready to use as the home area (and for Linux to Linux file transfers):

[root@lobster ~]# cryptsetup --verify-passphrase luksFormat /dev/sdb2

WARNING!
 ========
 This will overwrite data on /dev/sdb2 irrevocably.

Are you sure? (Type uppercase yes): YES
 Enter LUKS passphrase:
 Verify passphrase:
 [root@lobster ~]# cryptsetup luksOpen /dev/sdb2 tmp
 Enter passphrase for /dev/sdb2:
 [root@lobster ~]# mkfs.ext4 -L Vault -m 0 /dev/mapper/tmp
 mke2fs 1.42.3 (14-May-2012)
 Filesystem label=Vault
 OS type: Linux
 Block size=4096 (log=2)
 Fragment size=4096 (log=2)
 Stride=0 blocks, Stripe width=0 blocks
 610800 inodes, 2442752 blocks
 0 blocks (0.00%) reserved for the super user
 First data block=0
 Maximum filesystem blocks=2503999488
 75 block groups
 32768 blocks per group, 32768 fragments per group
 8144 inodes per group
 Superblock backups stored on blocks:
 32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632

Allocating group tables: done
 Writing inode tables: done
 Creating journal (32768 blocks): done
 Writing superblocks and filesystem accounting information: done

[root@lobster ~]# cryptsetup luksClose tmp
[root@lobster ~]#

Again this is paranoia but just to make sure everything writes out before we unplug I like to run a:

[root@lobster ~]# sync

That’s it. The USB stick is ready. You can confirm this by hot-plugging one last time and you should be prompted to enter your password by the auto mounter.

We’re now half way there. The disk is all ready to run liveusb-creator to install the bootable operating system. After that there’s one last trick to get the live operating system to mount the encrypted home partition automatically and we’re all set.

I’ll tell you about all that in another post!

That’s it actually.

GNOME is brilliant. Each new release gets very slightly better than last time and the developers are doing a really good job of not listening to the regressive forces that want to halt all progress in UI design and happily assume Mac OS 8 and Windows 95 were the pinnacle of human achievement.

The restoration/reassembly of this lovely old guitar is coming along nicely. I spent a good half hour the other day working methodically though the box of screws, pickups, electrics and hardware until I was sure I know what each screw was for. It turned out to be quite complex jigsaw, made a lot easier when I realized that the screws for the machine heads didn’t actually match (which is why I couldn’t find 16 identical little screws).

I also spent a fair bit of time with the bridge. As you can see on the photo below I needed to sand it down a bit to match the curvature of the guitar.

With the bridge feet set up to avoid damaging the top of the guitar I had all the bits ready to string it up and see what other adjustments might be needed. When I first strung it up I realized I would have to cut slots into the saddle to get the string spacing right (not quite sure how I overlooked that). So finally yesterday I was able to bring the guitar into a playable condition.

First impressions are pretty good. Its fun to play and sounds much more like a double bass than my electric basses. I understand the tapewound strings contribute to this.

At this stage I’m not quite ready to start the rewiring as there remain a few drawbacks. Some of this is just finishing what I started. The truss rode needs a little more tuning now the strings are at tension and I need to shave several mil of the bridge. I need to shave of a little more from the feet, a little from the saddle and then take the rest from the middle section.

The other issue is that the strings don’t quite run parallel to the fretboard.

Most of what you see in the picture above is actually caused by the bridge being incorrectly sited. However there is some play in the neck joint meaning I can pull the neck and bring the strings completely straight. The neck joint has odd single bolt plus one light duty woodscrew construction which I’ve not seen before and I haven’t yet decided whether or not to try and wedge it. I’m going to leave that decision until the bridge is at the right height.

Nevertheless I pleased with the progress so far. It’s bags of fun to play acoustically… looking forward to starting on the electrics.

This is a short jingle to promote the Meadowbrook School Fair (or to put it another way, its my daughter’s homework assignment).

School Fayre Jingle

[right click and "Save Link As..." to download]

This is the view from the campsite I was a me to grab whilst someone else makes me a cup of tea.

If you have plug encrypted removable media into a recent GNU/Linux distribution it will probably try to automount it for you.

So far, so hoopy.

However a recurring class of bugs in the hot plug logic is failure to tear down the encrypted device mapper when the media is removed without unmounting it first.

It results in a message something like this:

Naturally this is a bug in your distribution but it is one that sends to regress as the desktop stack is developed so knowing how to workaround will do you no harm at all.

I generally use:

sudo cryptsetup luksClose udisks-luks-uuid-d9fb9d0d-74e6-49b1-94d3-7edc083f04c0-uid80377

Note: gnome-shell-3.2 will prompt you for a password but doesn’t issue an error message if the automount fails. If you want to see the error message (and hence the name of the mapping) open the file manager and try to mount the encrypted partititon from there instead.

Although I couldn’t really be bothered you could easily write a script to automatically identify encrypted device mapping that aren’t being used and undo them by getting a script to look at the output of ls -al /dev/mapper. Probably it would be best to look for devices that have a mapping but are not mounted.

Since first opening this blog one of the things that surprised me was the number of spam comments it attracted. Its hardly a high publicity site so I guess I was supprised how quickly the spam robots started to target my blog. Thankfully the first few spam comments were pretty obvious:

Without Perscription, Certified by FDA depression or other mental illness Cymbalta Cheap Overnight Doctor weight loss Real Online! It is Easy and Fast.Antibiotics online US chest pain confusion Cymbalta Generic On Line, No Hidden Fees! Licensed Pharmacy, muscle aches Were to Purchasing internet.buy brand buy Deutschland FDA Approved us pharmacy cabergoline, other medicines, foods, dyes, or preservatives Mevacor Colorado No prescription
pas cher order Zocor, acheter cheap Zofran, ordine cheap Zovirax, in italia order Zyban,

[From an online pharmacy]

After reading a little more on the subject of spam comments I quickly learned two things. The first is that spam comments are a fact of life if you want to allow anonymous comments (and doubly so if you don’t like CAPTCHAs). The other is that the part that always gives away the spammer is that the comment doesn’t contain any information related to the actual content of your article. This is because the spammer has to write one text and then post it to many different sites. Philosophically speaking if the spammer wrote bespoke comments for each site they would not longer be a spammer. Perhaps an artisan spammer who wrote bespoke comments would wind up being called a fillet-steaker.

Anyhow even with no obvious motivation for the comment the following messages did rather give away their true nature, especially when you remember that many bloggers only moderate the first comment from a user so if you let them through assume they will be back.

Thanks for taking this opportunity to mention this, I’m strongly about it and I benefit from garden greenhouse structures this subject. When possible, when you gain data, please update this website with new information. I have found it extremely useful.

[From a person in "trading strategies"]

After reading your blog post I browsed your website a bit and noticed you aren’t ranking nearly as well in Google as you could be. I possess a handful of blogs myself and I think you should take a look here: http://nottherightlinksothere.org You’ll find it’s a very nice tool that can bring you a lot more visitors. Keep up the quality posts

[From a SEO company]

The next two posts represent the most sophisticated spam comments I’ve received so far. Both avoid flattery and instead try to latch onto technical paranoia instead. The first one is particular clever for the question in the middle and its assumption that other humans really need to read this message. Whilst I’d prefer spammers to find some more productive line of work you have to admire someone at the top of the game like this:

I don’t know if it’s just me or if everybody else encountering problems with your blog. It seems like some of the text within your posts are running off the screen. Can somebody else please provide feedback and let me know if this is happening to them as well? This may be a issue with my browser because I’ve had this happen before. Cheers

[From a fake Burberry scarves salesman]

Howdy just wanted to give you a quick heads up. The text in your content seem to be running off the screen in Chrome. I’m not sure if this is a format issue or something to do with browser compatibility but I figured I’d post to let you know. The layout look great though! Hope you get the problem solved soon. Kudos

[From a pornographer]

It’s getting towards time to finish this post so I’ll introduce one of my favourites here. It’s not because of the quality of the prose, although one does have to admire the excellent spelling together with correct use of capital letters, commas and full stops (even on the last line). The reason it’s my favourite is this transparent attempt to flatter me into accepting the spam was attached to a pictoral joke. The “astonishingly thought-provoking” words that inspired such gushing praise numbered only ten.

You have written an astonishingly thought-provoking article. Your written content speaks to me and I share inside your views. Countless writers do not write original material, but you have really achieved an awesome job with this information.

[From a fake ugg boot salesman]

So to close I shall leave you with this comment and sincerely hope you share the sentiment.

I would brand your blog the dreamland! though Santa knocks at our door just once every year, you blog is open the entire year ¨C wow!

[From a fake ugg boot salesman]