since i’m always forgetting what to do to encrypt a harddisk, and have to rely on other sites (which might go offline once), i decided to sum everything up in a post. parts can already be found here in this blog.
note that the disk device name can differ from computer to computer, so i used /dev/sdx in this description which you have to change to the right name.

creation.

first, connect the disk and unmount it. then, delete all existing partitions and create a linux primary partition (or do whatever else you want):

$ sudo fdisk /dev/sdx

then it is recommended to clear the partition with random data:

$ sudo dd if=/dev/urandom of=/dev/sdx1

note that this step takes a lot of time.
then, make luks aware of the drive, open it with luks and format it:

$ sudo cryptsetup --verbose --cipher "aes-cbc-essiv:sha256" --key-size 256 --verify-passphrase luksFormat /dev/sdx1
$ sudo cryptsetup luksOpen /dev/sdx1 encrdisk
$ sudo mke2fs -v /dev/mapper/encrdisk
$ sudo cryptsetup luksClose encrdisk

this creates an ext2 file system. now you should be able to unplug the drive and reconnect it, and ubuntu should ask you for a passphrase to unlock the disk. feel free to add -L "label" (at most 16 characters; see the man page for more details); ubuntu will try to mount the disk as /media/label then.

mounting and unmounting.

to mount:

$ sudo cryptsetup luksOpen /dev/sdx1 encrdisk
$ sudo mount /dev/mapper/encrdisk /mnt

to unmount:

$ sudo unmount /mnt
$ sudo cryptsetup luksClose encrdisk

note that for example newer ubuntu versions automatically ask for a passphrase and performs luksOpen / mount / unmount / luksClose for you.

checking.

basically, you just have to open the partition, run the usual file system check, and close it:

$ sudo cryptsetup luksOpen /dev/sdx1 encrdisk
$ sudo fsck -v -C -n /dev/mapper/encrdisk
$ sudo cryptsetup luksClose encrdisk

passphrase management.

note that luks has a storage of several passphrases, which can all be used to open the partition. one can add and remove phrases to/from this list.
to add a passphrase:

$ cryptsetup luksAddKey /dev/sdx1

to remove a passphrase (you have to enter the passphrase to be removed):

$ cryptsetup luksRemoveKey /dev/sdx1

to remove the passphrase from a slot (useful if you forgot one of the passphrases and want to remove it):

$ cryptsetup luksKillSlot /dev/sdx1 0

a friend of mine just send me a link to this article, which compares the operating systems windows 7, osx and the linux distribution kubuntu. i must admit that it’s the worst article i ever read on such a subject, containing so many mistakes.
this annoys me enough to write a blog post about the article, trying to point out errors. all quotes are from the version retrieved on october 2nd, 08:55 in the morning (german time).

“Microsoft sorgte im Gegensatz zu den Konkurrenten immer für einen schnellen Patch”

in the past, there have been critical bugs in windows which have been known for more than half a year before they have been fixed. more precisely, i remember a bug which allowed to remotely shut down windows (presenting a 60 seconds or so countdown which could not be canceled, followed by an automatic shutdown) which could be triggered by sending a bad packet to a windows computer (without a firewall, which was the default configuration at that time for windows). that’s definitely not fast, and at that time there was nothing one could do against it but installing third party software (like a personal firewall).

“Bei Mac OS X prüft – wie bei Windows 7 – ein eingebauter Update-Manager in bestimmten Zeitabschnitten auf Aktualisierungen. Unter Kubuntu muss der User selbst daran denken.”

this is not true: ubuntu has an update manager as well, which checks regularly (every day i think?) and allows the user to install the updates. i think it can also be configured to automatically install updates. moreover, kubuntu installes updates for all installed programs (at least the ones supported by the program manager – which are usually all which a standard user uses.)

“Gegenüber Linux haben die großen Anbieter Microsoft und Apple allerdings einen Sicherheitsnachteil: Bevor die Updates an die User gehen, durchlaufen die Bugfixes viele Qualitäts- und Kompatibilitätskontrollen. Der Vorteil der Linux-Community: Oft gibt es schon nach Stunden den ersten Patch – der kann allerdings auch das System instabil machen.”

well, in theory. there have been cases where patches from microsoft have been broken; at the moment i’m too lazy to search for that. and having fast patches for certain (very annoying) problems is a good thing as well. and, no one is forced to install the patches right away. if one waits a few days, possible errors in the patches are usually corrected.

“Apple und Linux gehen sogar noch einen fatalen Schritt weiter: Bei OS-XRechnern ist die Firewall von Haus aus deaktiviert, und wer unter Kubuntu geschützt sein will, muss je nach Distribution die Firewall sogar noch extra nachinstallieren.”

apparently, the author did not notice that he is looking at a very special distribution of linux, called kubuntu, and not at the family of all linux distrubutions, when he wrote “je nach Distribution”. but more seriously, i have some doubts that the author knows what a firewall really does, what the difference between a so called personal firewall and a “real” firewall is, and why one does (not) need one (under linux, all ports are closed by default). for linux, there is usually no need to install a firewall.
the conclusion of the security discussion,

“Der Punktsieg geht hier knapp an Windows 7. Denn dieses ist das einzige System, das bereits heute zeigt, dass es sich im Kampf gegen Hacker einigermaßen durchsetzen kann. Wer hingegen mit OS X oder Kubuntu unterwegs ist, hat keine Firewall, keinen Virenscanner und teilweise lange Zeit ein ungepatchtes System.”

is therefore worth to be ignored.

“Der Nachteil von Kubuntu ist jedoch, dass es je nach Distribution rund zehn Gigabyte auf der Festplatte verbraucht.”

first, kubuntu is a distribution, not a family of distributions. dear author, distinguishing between linux and kubuntu is not that hard. moreover, the full installation of kubuntu installes a huge amount of programs, including open office, a cd/dvd burning program, and lots of games, just to name a few. if you install all such programs under windows, it will surely use more than 10 gb. way more than that. so this comparism does not make sense.

“Bei seinen Programmierern bestand ein Gigabyte aus 109 Bytes und nicht aus 230 Bytes.”

i don’t know if this is the author’s fault, but apparently the person who put the article into the focus system did not compare it with the original, to make sure everything is fine. the 109 should be 10⁹ and the 230 should be 2³⁰ – a huge difference.

“Der Grund: Das Dateisystem von Snow Leopard ist optimal auf das System abgestimmt und insgesamt besser als das Windows-7-FAT-Dateisystem.”

i seriously doubt that windows 7 is using a fat-based file system per default. standard for the last windows version (and for windows nt for a longer time now) is ntfs. the author should definitely know this.

“Windows und OS X nehmen sich beim Kopf-an-Kopf- Rennen nicht viel: 48,22 Frames pro Sekunde (fps) schafft Windows 7, OS X 48,76 fps. Kubuntu hinkt mit nur 43,55 fps hinterher.”

here, the author is missing an important detail: what exactly is measured? a benchmark? a game? a custom application?

“In der Rubrik „Performance“ heißen die Gewinner damit Windows 7 und Mac OS X. Das Apple-System kann schneller Dateien kopieren, während Windows 7 schneller CSS-Websites anzeigt.”

this is not wrong, but i seriously doubt that the file copying really influences the standard users of computers. just think. how many gigabytes you are copying each day? (and besides that, “css-websites” is a very funny expression…)

“Beim Mac OS X fehlt sogar ein Programm fürs Daten-Backup. Wer hier Files sichern will, muss auf das mächtige Time Machine zurückgreifen. Damit sichert das Mac-OS das komplette System auf eine externe Festplatte.”

i don’t get this: first, the author says that osx has no backup software. then, he says how great the included backup software is. i mean, seriously, wtf?

“Kubuntu bietet nur ein einfaches Backup-Tool. Ein komplettes Image des Systems [...] sind damit nicht möglich.”

i don’t know what kind of (gui) backup tools are included with kubuntu, but (almost?) every linux system ships with rsync and tar, two command line programs allowing backups. obviously these are not for the standard user, but they are included. and have been included for a long time.

“Bei der Installation von Programmen gewinnt OS X haushoch: Einfach das gewünschte Tool in den Programmordner ziehen, fertig. Für die Deinstallation einfach den Ordner löschen – simpler geht’s nicht. Keine über die Platte verteilten DLLs, keine Registry-Einträge.”

for the (relatively) short time i was using osx, i noticed that not all programs fall in this category. there are programs (for example, some from apple) which do install stuff at various places in the system and which cannot be installed that easily.

“Kubuntu bietet nur wenige Standardtreiber. Speziell auf die Hardware angepasste Versionen gibt es kaum und wenn, sind sie nur von Informatikstudenten installierbar.”

first, apparently, the author has no clue about the difference between computer scientists and computer technicians. this is really embarrasing.
second, linux contains a huge amount of drivers, in particular for older hardware. nowadays one often has linux drivers for older hardware, for which no windows 7 or osx drivers exist. on the other hand, windows has a huge amount of drivers for modern hardware which osx and linux do not have – but mostly because the manufacturers of the hardware do not produce these drivers. to the end user, this makes no difference, but one could expect that the author mentions this somehow.
well. considering how much information this article contained, a non-trivial amount is wrong or dangerously imprecise. hence, if you need information, do not use this article as a source.

while talking with a friend about learning programming, i searched for course material for the best programming course i ever had so far, namely dibo’s “programmierkurs java” (which i praised so often when it comes to this topic). while looking, i found a new website by dibo, called programmierkurs java, which features the lectures (both slides and video recordings!) and exercises. in case you want to learn programming and understand german well enough, take a look there!
ok, so much for advertising. when taking to the friend, another topic was “what is the right programming language to begin with?” in this case, the canidates java and c++ were named. i would definitely go for java, even though i prefer to use c++ myself for most things i program, as java is more allergic to programming errors: if you try to access an array out of the boundaries, it will throw an exception and will not result in unexpected behaviour. moreover, it is widely available (for free!) and easy to set up, there is a huge amount of (good and bad) literature about it, it is not too far off from the real world programming languages which one might use later (in case one wants to learn more than one language, it might also be a good idea to start with something more esoteric, like functional programming). moreover, it can be used both imperatively (which is in particular useful in the beginning) and object oriented (which one shouldn’t touch too early, in my opinion).

i got another external hard drive today. the main reason is that i want to encrypt my (current) backup harddisk, which requires reformatting the disk. but if i do so, i’m left with nothing but the original data on the laptop, and no backup. in case something goes terribly wrong, i’m screwed. i just created an encrypted partition on the disk; this is really pretty easy and not much command line typing is required, in particular if everything is set up: then linux will ask me for the password as soon as i plug the usb cable in, and automatically mount it using that password. that’s how it should be. and so far, it works perfect.
currently, rsync is mirroring my home directory onto the disk. as soon as it is done, i will copy some stuff from the other backup disk over (like my server’s backups) which i don’t have on the laptop’s harddisk (which is 180 gb smaller than each of the backup disks), and after that, my old backup disk will be reformatted as well and also filled.
after that, i will deposit one of the backup drives somewhere outside my appartment: in case something goes wrong (like house burns down, someone decides to break in, …), i still have a backup somewhere. and, as it is encrypted, nobody but me can read it. (even if someone breaks in here, and steals both laptop and backup, they can’t access the data without my password. and yes, i am aware of xkcd.)

as you may have noticed, i use wikipedia a lot – both for linking to descriptions of terms i use in this blog, and for looking up stuff myself which i encounter somewhere, may it be offline or online. usually, chances are good that wikipedia offers at least some kind of description which answers my questions, or at least helps me getting an idea. but from time to time, it happens that you try to look something up on wikipedia, only to find out that such an article existed but was deleted – for example, because it was “not relevant”. i can understand that people do not want to see wikipedia flooded by biographies of john doe and jane roe – only a handful people are interested in these, probably most notably john doe and jane roe themselves.
but there are cases where i simply can’t understand the decision. for example, there is the chilenian doom metal band mar de grises, which i discovered by chance in zurich’s now deceased knochenhaus. according to the wikipedia deletion log, it is “not noteable” and failes some guidelines. so, who decides what is noteable and what is not? and, after all, the simplified ruleset explicitly mentiones

ignore all rules – rules on wikipedia are not fixed in stone. the spirit of the rule trumps the letter of the rule. the common purpose of building an encyclopedia trumps both.

i can pretty well understand that not every small band hobby band project should be mentioned – in particular the ones which sound bad and dissolve quickly with none or almost no productions. but that’s not the case for mar de grises. besides that, the deletion log also mentiones other problems with the article (namely, being badly written and failling to provide references for some claims), but why not throw these parts out or reduce the article to a stub?
two other examples, this time from the german wikipedia, are sinnlos im weltraum and lord of the weed, two fandubs. according to the english wikipedia, sinnlos im weltraum (a redub of a star trek series), dating back to 1994, is one of the first such projects, essentially starting the whole genre of fandubs. i don’t know how many people know it, probably a huge number. lord of the weed (a redub of the beginning of 2001’s lord of the rings) is also rather well-known; i don’t remember how often i saw it – at least ten times. well, it is obviously true that these movies haven’t been shown in movie theaters or on television – as they contain copyrighted material (i.e. the original movie), used without permission. for the same reason, they haven’t been shown on film festivals, you can’t buy them on dvd. they are also not listed on the imdb. but – so what? does that make them not noteable? irrelevant?
on the other hand, a lot of totally trashy movies – which, compared to sinnlos im weltraum and lord of the weed, are really crappy and lame – are featured on media, two good examples are a music video by grup tekkan and the infamous star wars kid, making a fool out of himself. these are pushed by media as “youtube movies you have to see” or are even shown on tv. and they can be found on wikipedia. even though they are real crap. in the case of star wars kid, the really embarrassing movie was uploaded by “friends” of its actor and will probably haunt him for a very long time. to make this even better, a lot of online versions of famous newspapers or magazines feature this video as well, showing it to an even wider audience. and i thought the use of a pillories are outlawed in modern countries.
anyway. i’m still using wikipedia, even though of these reasons. and i even created an account at the english wikipedia and started writing an article about infrastructures (number theory). as so far, nobody else dared to write something on this subject, and a google search only gives documents featuring other kinds of infrastructures, or scientific articles about this subject, i thought it would be time to add something to the web. i’ve started a series of posts on my math blog on infrastructures, but as google usually ranks wikipedia articles higher, i decided to also add something to wikipedia. so far, it is more a stub and far from being a complete article, but at least provides some information and several references to literature.

a few days ago my hispeed internet started to be slow. after a short time, i got the impression that the network itself was fine, but the dns lookups are slow. some minutes ago, i decided to investigate this problem a bit more in detail. indeed, host turns out to be really slow when looking up domain names, and if i enter an ip address in firefox instead of a domain name, accessing the page is really fast. searching the net for this problem, i found nothing except a list of shaw dns servers. the ones listed there for calgary differ from the ones entered in /etc/resolv.conf; more precisely, the last byte reads 143 and 145 instead of 133 and 135. to try it out, i changed the values, and voila, host ran in hispeed again. restarting firefox also allowed to access the world wide web fast, again.

i finally started another project: a math blog. the aim of this one is to write about mathematical things which interest me, for example things related to my research. the formulae will be rendered with latex; mathml is simply unuseable so far.
an example post shows a feature with i added to my wp-latex enhancer plugin: (primitive) environments for definitions, theorems, proofs, etc., including a very basic labeling system allowing hyperlinks which jump to the right environment; for example, here’s a link to a lemma in the post. the post features my favourite proof of the fundamental theorem of algebra, using complex analysis.

spielwiese moved to a new server today. it’s way faster now, as you might have already noticed. unfortunately, the ad rotator plugin which i used to display the random lyrics stopped working, probably it doesn’t like the php version running here. maybe i’ll replace it at some point…

well. the thinkpad i ordered some more time ago has arrived some time ago, and finally i got around to set it up. well, with the newest release candidate of ubuntu. the 64 bit version, of course. even after all the trouble i had last year, i couldn’t think of a better linux distro… (i want apt, and i don’t want to compile everything by myself – which rules out fedora and gentoo.)
anyway. i installed it. and: it worked. everything’s fine. well, so far, of course, i don’t know if this will change. and even setting up the hdd realtime encryption on installation worked like a charm.
well. let’s see how it continues… :)

while i was searching for a plug-in which allows access control to posts based on users and/or user groups, i stumbled about many different plug-ins, some of them very promising, but either dead, not updated for a long time, or simply not exactly usable by producing a long list of php error messages already in the admin screen after activating them. grrreat. well, of course, i could also try to do it myself, as usual. but hey, that sucks: i’d be better of writing my own blog software.
well, i talked about the problem a bit with kornel, and we concluded that an optimal blog system would be a very slim piece of software, just providing the very basic features, i.e. managing posts, comments and pages, users and user groups/roles/whatever, and access privileges, while everything else—such as galleries, embedding videos, gadgets, comfortable post editors, …—is implemented as plugins.
anyone want’s to do this, and produce a well-documented, slim, bug-free blog system with a good plugin interface, together with a few standard plugins? :)

yesterday evening, i wanted to grab a few cds. while cdparanoia was running, i copied a text file to another place. then, i noticed that the content of the copy was garbled. a quick check showed that the content of the original file wasn’t. tried it again, the same result. and again. then, i stopped cdparanoia, and after that, copying worked. well. after restarting cdparanoia, copying still worked fine. so i stopped thinking about this and continued working – which was a fatal error.
this morning, when i turned the macbook on again, the desktop was pretty garbled and the dock was at the wrong position and had the wrong size and the wrong content, i.e. everything i changed since i first got my macbook was gone. moreover, skype wanted to know a user name and a password, and adium seemed to have forgotten a lot of things i taught it, too. after starting the terminal (which is not so easy to find, if it’s not in your dock) i quickly checked some files i created yesterday – all garbled! what the heck. the older files seem to be ok. after some more trying around, it turned out that some other files from yesterday evening (namely, the music which i ripped) was fine, too. so, what happened? i don’t know. well, most of the files which were garbled i had backuped on the institute’s server, so that wasn’t a problem. but there was one file, called termine.txt, where i collected all appointments for the next months, which i changed yesterday evening and which i created in the last few days in long hours, and which i hadn’t backuped yet: now it’s garbled, too. screwed.
well. i don’t know what happened or whose fault it was. but for me, garbling data is something which an operation system should never ever do. well, good for me that i ordered a thinkpad yesterday, so i’ll switch back to linux soon anyway, hoping it will be less annoying… after all, all big data losses i had in the last years, which weren’t related to dying hard disks, happened on osx.

well, after this rant, something more constructive. one thing what could have happened is that for some reason, something screwed up with the realtime disk encryption i enabled on the macbook. maybe, for some reason, a screwed up dma transfer (maybe initiated by cdparanoia?) somehow managed to screw this up. just guessing.