Pyinotify – Linux filesystem watcher

from the Pyinotify wiki

Pyinotify is a Python module for monitoring filesystems changes. Pyinotify relies on a Linux Kernel feature (merged in kernel 2.6.13) called inotify. inotify is an event-driven notifier, its notifications are exported from kernel space to user space through three system calls. pyinotify binds these system calls and provides an implementation on top of them offering a generic and abstract way to manipulate those functionalities.

See the tutorial

Secure Email – Thoughts

I have been learning to use GPG (openPGP) with email.

Two clients that implement it pretty well are

This has gotten me thinking through secure email; I probably will have updates to these thoughts, but here’s a first draft….

There are several interests of the sender and the receiver of email, along with how public key encryption addresses them.  The model that I am using is PGP/MIME encryption, but S/MIME encryption is equivalent.

  • The sender and recipient both might want to ensure that content is only readable by the recipient.
    • This can be addressed by the sender encrypting the content with the recipient’s public key.
  • The recipient might want to know that the content was not altered.
    • This can be addressed by the sender signing with the sender’s private key.
  • The recipient might want to know that the content was indeed sent by the sender.
    • This can be addressed by the recipient validating the signature.
  • Each party might want to be sure that the public key that they have obtained for the other is genuine.
    • This can be addressed by having a trustee sign the public key.
    • In the case of S/MIME, the trustee would be a public certifier such as VeriSign.

Preparation

The first phase is for the sender and recipient to generate their public keys, populate them into the repository, have their trustees sign each other’s keys, and retrieve each other’s keys.  Here is a diagram of the process.  (Click to enlarge).

SecureMail-Prepare

Sending and Receiving

The next diagram shows the secure mail process, assuming that message content is both signed (using the sender’s private key) and encrypted (using the recipient’s public key).  This is not meant to represent a single, automated flow, but rather a relationship among events, decisions (by humans and machines), and dependencies.  (Click to enlarge.)

SecureMail-Send

Wandboard Quad – Maybe I should try Yocto to get to Debian

I tried the audio output port of my Wandboard – all I get is noise.  Perhaps I could figure out what’s wrong; however, this may be the inspiration that I need to try Yocto, an “roll your own embeddable distro” tool that is somewhat officially supported for the Wandboard:
www.yoctoproject.org
https://en.wikipedia.org/wiki/Yocto_Project
I doubt that this is the fastest way to get audio working; it might be more educational….

Since this is an embedded Linux board, it makes sense to try a system for building embedded Linux as an alternative to relying on others to product an image.  All you need is a Linux build system (which I have) and another SD card.  I guess I’ll start with “Getting Started”:
http://elinux.org/Getting_started_with_Yocto_on_WandboardHere’s a tiny bit more background
https://www.linux.com/learn/tutorials/588534-embedded-linux-development-in-6-easy-steps

Hopefully, I can figure out how to build a Debian-based Wandboard image with Yocto.

P.S. Here’s an article on the choices for bringing up embedded Linux in a professional environment:
http://www.radio-electronics.com/articles/processing-embedded/embedded-linux-challenges-for-yocto-project-99

Wandboard Quad – First Boot

I received the WBQUAD along with a case and a WiFi antenna.  It runs off a 5V 2A power supply, which connects to it via a 5.5mm x 2.1mm center positive barrel connector. I imagine that it doesn’t use a micro USB connector because it has to draw 10 W of power, which is much more than the power provided by a standard USB connector.

I use Debian Linux.  This is partly because it (and the APT package manager) is so familiar to me, partly because it always has seemed stable, partly because it’s based on a community rather than a product of a company, partly because it is the basis for many other Linux distributions, partly because the installation process gives me plenty of opportunity to choose how it is installed, and partly because upgrades between releases are fairly seamless.

Ordinarily, I use the Debian installer to install onto a desktop or laptop.  For embedded computers (with their specialized hardware), the trend seems to be to download an image to an SD card.  For the Pi, the Raspbian image is recommended by the Raspberry Pi Foundation.  By contrast, wandboard.org offers only Ubuntu, Yocto, and Android images.

I did download their Ubuntu image, but, when I was validating it, I was confused because I didn’t see a Linux kernel; I learned subsequently that the image has the kernel in an unpartitioned section of the SD card – apparently, this makes upgrading the kernel a challenge.

Because I didn’t find Digi-Key’s support thread when I was looking for an OS image, I didn’t try out their Debian image.  However, I did find a great thread on Google Groups with a link to Martin Wild’s Debian image for the WBQUAD.  I am quoting the entry for the image here because hyper-linking to it is difficult if not impossible:

Martin Wild — Aug 6, 2013 6:47 AM
I’ve uploaded a new version of my debian image ,now with full Gnome, Owncloud, Aria2 with webinterface, Truecrypt with Gui (just launch with “truecrypt” inside Gnome-terminal), full setup ampache, Samba setup, new kernel wand 6.3 and some more tweaks
The Download size increased (naturally) but it still fits on a 4GB card. ip is fixed now via network manager (gnome) to 192.168.1.155, so change this if it doesnt fit your homenet. VNC is available but not running from boot. to vnc in open a terminal (ssh/putty)
and do “sudo vnc” to get a permanent running vnc session waiting for login until you logout again from gnome (pw=debian). to use aria2-downloader make sure the download-folder as defined in /etc/aria2/aria2.conf exists ,or aria will refuse to start.

The running webservices can be accessed by doing :

Owncloud —> /wbquad/owncloud
Ampache —> /wbquad/ampache
Aria2 —-> /wbquad/aria2
Webmin —-> https://wbquad:10000
Phpmyadmin —> /wbquad/phpmyadmin

(if your dns is not working correctly change wbquad to your ip-address 192.168.1.155/owncloud)
all passwords and usernames are stored inside /var/www/pass
Default login is debian:debian or root:debian

http://www39.zippyshare.com/v/9043871/file.html (part1)
http://www39.zippyshare.com/v/86491193/file.html (part2)
http://www39.zippyshare.com/v/31872725/file.html (part4)
http://www64.zippyshare.com/v/48319927/file.html (part3)

regards, martin

I proceeded to bring up my Wandboard as follows:

  1. download the four parts on a Linux box,
  2. concatenated them using cat,
  3. used 7z (i.e., 7-zip) to reconstruct the image,
  4. used dd to copy to an 8 GB micro SD card,
  5. used gparted to grow the second partition to fill the disk.

I ended up with an micro SD card with a 49 MB ext2 boot partition and a 7.8 GB ext4 root partition (and no swap partition, which wouldn’t make sense when using an SD card as a system disk).  Next, I put it into the Wandboard, hooked the latter up to my HDMI TV, and powered it up.

I saw nothing on the screen.  A few hours later, I read the quick-start guide in greater detail and learned that the WBQUAD has two micro SD card slots: one, intended for the OS, is on the daughter card along with the CPU and memory; the other, intended for removable storage, on the main card along with all the IO ports.  I moved the micro SD card to the daughtercard and rebooted.

Now I could see HDMI output to the TV screen, but when I hooked the Wandboard to my DVI monitor, I didn’t get an image.


UPDATE

I am using a multisync monitor with DVI input and a native resolution of 1680×1050 @ 60 Hz.  So, I needed to update /dev/fb.modes with an entry for this resolution/refresh combination.  Here is what I added:

mode "1680x1050-60"
# D: 147.14 MHz, H: 66.22 kHz, V: 60.00 Hz
geometry 1680 1050 1680 1050 32
timings 6796 288 104 33 1 184 3
hsync low
vsync high
endmode

I used the following command to generate this:

gtf 1680 1050 60 -f -v

GTF is originally from Nvidia, but currently it is built into my image (it’s also in Raspian and may be standard Debian fare).  I gather that it is from the XFree86 utilities.  It is based on the VESA “general timing formula”.  Since this hasn’t changed in a long while, neither has the program.  I found the source code at Sourceforge, at Apple, and on archive.org.  (I included three links because, when I tried this a few days ago, I got an error when trying to view it on sourceforge.)

I noticed the kernel boot parameters (for the first time) when reviewing the dmesg output, and noticed that the kernel command line included

video=HDMI-A-1:800x600@60

On a hunch, I mounted /dev/mmcblk0p1 as /boot
and I edited /boot/uDev.txt, changing

video=HDMI-A-1:800x600@60

to

video=HDMI-A-1:1680x1050@60

Now I have full video with the resolution of my monitor and no flashing lines.


I was able to ssh to it at the address assigned to it by DHCP. That means that I am not forced to use my TV as my display.  I installed the Debian tightvncserver package so that I can view a virtual desktop remotely.  A sensible alternative would be to run an X server remotely, but I don’t have an X server installed on each and every machine that I might want to use to access my Wandboard.

The WiFi chip wasn’t working. Once again, Martin Wild has already provided a solution:

Martin Wild — Aug 15, 2013 6:37 AM
Posted in group: Wandboard
Hi.

here is an recent (15.08.2013) hardwarepack using the 3.11 mainline kernel with audio and Wlan enabled. the required firmware files are already included
Just download to your wboard and do ./install

hwpack3.11.0-rc5-armv7-x8.2.tar.gz

http://www29.zippyshare.com/v/24614634/file.html

Regards, Martin

Now, I can see the WLAN interface with ifconfig, so I am hopeful that I can get it running soon.


On a side note, one annoyance that I experienced with the gnome desktop was that, when I opened a terminal window, I could not use the up and down arrow keys to scroll through my command history because the up arrow was toggling the window maximization state and the down arrow was restoring a maximized window. The resolution was to alter the shortcut:

Applications > System Tools > System Settings
then Keyboard > Shortcuts > Windows
then change “Toggle maximization state” to Shift+Ctrl+Up
and change “Restore window” to Shift+Ctrl+Down


I found lots of “CANNOT SET SOC VOLTAGE BACK” lines in the output from dmesg.  At https://groups.google.com/forum/#!forum/wandboard on 17 July 2013, Dave McMordie provided the solution:

edited /etc/rc.local to add a line

cpufreq-set -g performance

before

exit 0

edited /etc/init.d/cpufrequtils to set the default governor to performance with the following lines:

ENABLE="true"
GOVERNOR="performance"
MAX_SPEED="996000"
MIN_SPEED="996000"

Wandboard Quad – Procurement

After I had selected the Wandboard Quad, my next step was to procure one.  I did a price comparison of the vendors in the USA that I found listed at
http://wandboard.org/index.php/buy
and found that Avnet and Future were much cheaper than Digi-Key and Mouser.  So, I rolled the dice and ordered from Future.

At first, the process seemed pretty normal.  During checkout, I answered a “technology export” dialog asking me to affirm that I was not going to export the technology that I was buying.  Since I am only using this for my hobby, I said “no” and submitted my order.

To my surprise, shortly after I placed my order, I received an email that began as follows:

The part that you have ordered is controlled and an ECS (End Consignee Statement) is required prior to the shipment. The ECS is our due-diligence in getting to know who our customers are and what they will be doing with the products that they will be purchasing from Future Electronics.

The “ECS” included this statement from the “Customs Trade Partnership Against Terrorism”:

Secure trade will reduce the incidence of diversion of dual-use items to prohibited end-uses and end-users.

This ECS asked me (again) whether I would be exporting the product that I was buying and whether it was for commercial applications, military applications, or both.  That seemed weird – I am using it for my hobby, so, the true answer is “none of the above”, but that wasn’t an option listed.  I was told that I should put down “commercial applications”, print and sign the form, and then snail-mail it (to Quebec) or send a picture of it.  I promised the vendor and my government that I would not sell or transfer my hobby computer to anybody.

The Wandboard has maybe four times the power of a Raspberry Pi, which I ordered a year ago without having to complete any ECS (although I probably promised not to export it).  It’s a bit creepy to realize that some people think that it might be used for something else.  I was also left wondering: Do Avnet, Mouser, and Digi-Key require this form?

Once that bizarre experience was over, my shipment arrived within two days.

Wandboard Quad – Why?

I think that the Raspberry Pi is awesome.  For $35, you get a machine that can run as a web server, firewall, or ad-blocker.  You can also use it to control hardware with a network interface.  All for about 5 watts of power.

However, what you cannot do with the Pi is surf the web very quickly; it doesn’t have the “juice”.  I even tried running an X server on another computer and running only the X clients (such as my web browser) on the Pi – still no joy.  So, I decided that if I wanted a cheap Linux desktop, I should look elsewhere.  So, I found the Wandboard at
wandboard.org.

The Wandboard comes in single, dual, and quad core variants.  I decided to go with the $129 quad core variant because it comes with 2 gb of RAM and a SATA connector.  It also includes an RS232 serial port (you never know when you might need one of those) and a USB3 port (alas, only one of them) and two micro SD slots (one for the OS; the other for storage).

My next post will cover procurement, which proved to be an unexpected adventure.