xkcd on the openssl fiasco

I’ve had my attention drawn to Randall Munroe’s take on the openssl coding change problem.



Permanent link to this article: https://baldric.net/2008/06/05/xkcd-on-the-openssl-fiasco/

debian and the openssl flaw

Ben Laurie wrote about the Debian SSL problem a couple of weeks ago. That particular post has attracted a huge response which is well worth reading if you care about free open source software and/or privacy/security issues (or even if you don’t). The key point to take from the discussion is that about two years ago the Debian development team “fixed” a perceived problem in openssl and in so doing actually introduced a fairly serious vulnerability. The net result of this change was that anyone using Debian or a related distribution such as Ubuntu to generate a cryptographic key based on the “fixed” opensssl libraries actually left themselves open to compromise. To quote from the Debian advisory “the random number generator in Debian’s openssl package is predictable. This is caused by an incorrect Debian-specific change to the openssl package (CVE-2008-0166). As a result, cryptographic key material may be guessable…….. affected keys include SSH keys, OpenVPN keys, DNSSEC keys, and key material for use in X.509 certificates and session keys used in SSL/TLS connections.”

Fortunately, it seems that GPG keys are not affected (and in any case, my own key was generated some time ago and not on a Debian based system) but this is pretty serious nonetheless and means that a great many people (myself included) have been relying on keys which it turns out are vulnerable to attack. I have now regenerated all the keys I suspect were vulnerable, but that does not leave me feeling very comfortable about past usage.

I don’t want to denigrate the Debian team in any way, but I can’t help but agree with Ben Laurie’s view that the proper place to fix any perceived flaw in an open source product, particularly one as important as a security critical component, is in the upstream package – not in the distribution.

Permanent link to this article: https://baldric.net/2008/06/02/debian-and-the-openssl-flaw/

recursion: see recursion

I have written about how I use one of my slugs to backup my internal files via rsync over ssh. Well it turns out I made a pretty silly mistake in my rsync options. I thought I’d been careful in specifying the files I specifically wanted excluded from the backup (ephemeral stuff, thumbnail images, some caches such as my browser cache etc.) but I missed one crucial directory and it bit me – and sent the slug’s load average through the roof.

GNOME 2.22 introduced GVFS, a new network-transparent virtual filesystem layer. GVFS is a userspace virtual file system with backends for protocols like SFTP and FTP. GVFS creates a (hidden) directory called .gvfs in your home directory and uses this as a mount point when you open a connection via SSH, FTP, SMB, WebDAV etc from the “Places -> Connect to Server” menu option. So if you open an SFTP connection to a server called “slug”, it will mount that connection in .gvfs. Try it yourself.

Now guess what I had mounted on my desktop at the time my rsync cron job ran. The slug spent some frantic time copying itself to itself until I noticed that it seemed to be inordinately busy, diagnosed the problem and managed to kill the rsync and clear up the mess.

Permanent link to this article: https://baldric.net/2008/06/02/recursion-see-recursion/

linuxdoc.org hijacked

Sadly it appears that the once useful linuxdoc.org website has been hijacked by one of those awful domain squatters who seem to want to sell mortgages, holidays and houses. I tried today to check out an old “howto” I had bookmarked and was greeted by a completely new site – as below:

linuxdoc.org hijacked

At first I thought that they had simply redesigned the site because most of the links appeared to be in place. Unfortunately, none of the old LDP documents appear to be there. I also noticed that all the links are referred to a new site on www.kolmic.com. So, none of my old linuxdoc bookmarks are any use now. RIP friend.

Fortunately, however, the original and best TLDP site is still up and running as is the (similarly named) linuxdocs.org site. So, update your bookmarks and stay away from the hijacker. Such a shame that so many printed references in places like the O’Reilly books are no longer valid.

Permanent link to this article: https://baldric.net/2008/05/26/linuxdocorg-hijacked/

what it is to be popular

According to some dubious stats from a web company, this site now ranks at number 4,880,077 (on a scale of usage where Yahoo, Google and YouTube are apparently first second and third). But I shouldn’t really complain. The same stats say that the position is “up 16,958,547 ranks over the last three months”.

Now that is some rise.

Permanent link to this article: https://baldric.net/2008/05/16/what-it-is-to-be-popular/

slugs aren’t really slow

A recent email exchange with the friend who originally suggested that I take a look at the NSLU2 got me thinking about the machines we currently take for granted. In his email he outlined that he had consolidated a set of services previously run on a couple of old desktops (a Dell and a Shuttle) onto his slug – thereby making a big saving in power consumption. His slug now runs ssh, DNS, IMAP and SMTP mail and a couple of other services – a typical slug user’s profile. The phrase that got me thinking however, was his statement that “I’m quite amazed that it can do all this within 32MB memory”.

Now, not so long ago, 32 Meg of RAM was considered quite a lot. We seem to have become so used to desktop home machines equipped with multi GHz CPUs, 2 or 3 Gig of RAM and anywhere from 160 Gig to three quarters of a terabyte of disk that we are surprised that an apparently humble 266 MHz, 32 Mb RAM machine can do so much. But why? As recently as 10 years ago I was running a large public facing network on which the main DNS/mail and syslog server was a single processor Sun SPARC5 with only 32Mb of RAM. And I recall only 15 years ago (OK, so I’m old) running a network of ICL DRS 6000s providing full office system functions to over 1200 users. So I dug out the specs of the machines I was running at that time for comparison. It made interesting reading.

The smallest (in capacity terms) machine on my network 15 years ago was a DRS6000 L440 – which had a single 40 MHz CPU, 32 Mb of RAM and 2 x 660 Mb disks. That machine served 30 users. I also had a mixture of DRS6000s with older 25Mhz and 33MHz CPUs but with more RAM and disk store (typically 96 Mb and 4 x 660 Mb disks) each of those would support around a hundred users (the office application was memory not CPU dependent). The really interesting point is the pricing. I found a note with the following on it:

Item — Price (UKP)

DRS6000 L440 40MHz CPU — £15,000
(inc. 1 * 660 Mb disk)

64 Mb memory board — £11,000

32 Mb memory board — £6.550

SCSI daughter board — £800
(to support additional disks)

3 * 660 MB disks — £8,850

16 port asynch controller board — £1,500

ethernet LAN controller board — £2,660

external exabyte tape drive — £4,000

console and keyboard — £500

sundry cables — £200

hardware sub-total — £51,060

to which I had to add:

128 user licence for Unix 6, TCP and OSLAN — £11,000

(Thankfully, we had a site licence for the application software…)

So, for just over £62,000 I had a 40 MHz machine with 96Mb of RAM and 2.6 Gig of disk. Not bad.

Oh, I forgot VAT.

Permanent link to this article: https://baldric.net/2008/05/05/slugs-arent-really-slow/

a problem slug

I bought myself another slug recently so that I could have one dedicated to internal work and the other used for public facing webs. I wasn’t really comfortable with having my network backup and apt-get mirror on the same beast as a public web. I know from experience that public facing systems are vulnerable and I have to assume that my webcam slug is disposable.

However, it seems that I picked exactly the wrong time to build a new slug because I fell foul of a previously undocumented bug in the new initramfs-tools (version 0.92) in Debian testing. This version generated a ramdisk that made the slug unbootable. This bug was particularly irritating because it only manifested itself at the end of the complete Debian install – i.e at the point when the installer had flashed the new initramfs and rebooted. Because I had been so successful with the earlier slug only weeks before, I thought at first that either I had made a mistake, or, worse, I had bought a problem slug which I could not return having voided the warranty. So I wasted some more time reflashing first with unslung and later with the original Linksys image – just to satify myself that I had a working beast. Then I checked the debian-arm mailing list. A couple of other users reported similar problems and the cuplprit – initramfs-tools – was quickly identified and rapidly fixed (see bug #478236).

When researching the problem, I picked up a useful tip from the mail list on a quick way of backing up a working slug image which is not documented in the how-to section of the slug website. This tip enabled me to take a copy of the image from the known good working slug and flash it to the non-working new slug at the end of (yet another) complete Debian install.

On a working system, do “cat /dev/mtdblock* > backup.img”, and copy that backup image off to a safe place. Use that image with upslug2 to flash to a non-working (or corrupted) slug thus: “upslug2 -i backup.img”.

The problem I encountered is now fixed with the release of 0.92a of initramfs-tools which is now in the Lenny tree.

Permanent link to this article: https://baldric.net/2008/05/04/a-problem-slug/

slugs as pets

Following a recommendation from a friend of mine, I have recently been playing with a Linksys NSLU2. This device is no larger than a paperback book yet packs some remarkable capabilities. It was originally designed by Linksys (Cisco) to act as a “Network Storage Link for USB 2.0 Disk Drives” (hence NSLU2).

The Linksys NSLU2

Externally, the rear of the box offers two USB 2.0 ports and a 10/100 ethernet RJ45 port for connectivity and sports front panel based LEDs for power, disk and ethernet status. Internally it has an XScale-IXP42x CPU (Intel’s implementation of ARM) running at 266 MHz (early versions were apparently underclocked to 133 Mhz) 8Mb of flash memory and 32Mb of SDRAM. Most interesting, at least from my point of view, is that the OS in flash is a version of Linux. Better yet, that can be changed for a full blown OS such as Debian so long as that OS is installed to external disk and the NSLU2 firmware is reflashed with an image which tells it to look for a bootable kernel on disk. Too good an opportunity to be missed – so I bought one and attached a 500 Gig Lacie USB disk so that I’d have room to play.

There is extensive documentation on-line about reflashing and upgrading the slug (as they are affectionately known by their users). My experience is documented here. My own slug now runs Debian Lenny (kernel 2.6.24-1-ixp4xx) and acts as the local apt-mirror for my home network. That mirror is run out of cron overnight so that I save on my bandwidth allowance. Having a local mirror speeds up software installs and security updates and I know that I can run local downloads to any of my machines at any time without impacting on either my monthly allowance or my external access speed. The slug runs lighttpd (changed from Apache) to give me internal virtual webservers as well as access to the mirror and I also backup my internal files to it via rsync over ssh. For example, my primary desktop machine runs a cron job to rsync to the slug.

Oh, and it also runs a webcam – just for fun.

webcam image

A web search for “webcam on slug” led me to the deliciously bizarre “Slug Racing online” site. Quote – “Slug racing is an exciting and cheap alternative to other racing forms. Slugs are available almost everywhere, often in abundance. Seen as a pest by many people, they can be a great pleasure in cultivated slug racing.” Unquote.

Some people have the strangest hobbies.

Permanent link to this article: https://baldric.net/2008/04/07/slugs-as-pets/

google oddness

A google search for “loadlin” produces a sponsored link for “Inflatable lilos”. Strangely no references to insects or food however.

Permanent link to this article: https://baldric.net/2008/04/06/google-oddness/

ssh through http proxy

On a mail list I subscribe to I have recently been involved in a discussion about the restrictions sometimes placed on users of WiFi hotspots or hotel networks (to say nothing of the restrictions placed on corporate networks). Some of the suggested solutions involve tunnelling ssh connections over http(s). Other solutions assume that the network is simply restricting access with packet filters so that you may just need to connect to a non-standard port (such as 80 or 443). If this is the case, then you simply have to configure your target ssh daemon to listen on that port. However, some networks force you through a proxy, in which case you need a utility like corkscrew. I had not previously heard of this neat little utility – but it turns out to merit some exploration if you find yourself needing such a tool.

Corkscrew is relatively simple to set up, but if you have problems, take a look at Andrew Savory’s blog entry of 27 February 2008.

Permanent link to this article: https://baldric.net/2008/03/01/ssh-through-http-proxy/

another vulnerability in the home hub

The guys at gnucitizen have posted details of another vulnerability in the BT home hub (and related Thomson routers). This vulnerability allows a remote attacker to reconfigure the router using the UPnP functionality which is turned on by default. UPnP is an authenticationless protocol designed to allow local devices to reconfigure the router – typically to allow insertion of port forwarding rules or similar changes to the firewall. On the Thomson routers (and the home hub) UPnP configuration can be found under “Game and Application Sharing” on the web configuration interface.

If you haven’t already done so, I recommend that you turn off UPnP. There is no good reason to leave it on. If you find that some device on your network needs a particular port forwarding rule to be set, then set it manually. Better still, consider whether you really need that device on your network.

Permanent link to this article: https://baldric.net/2008/01/19/another-vulnerability-in-the-home-hub/

psp hardware and software specs

I have just stumbled upon a very good resource listing specifications of the hardware and software revisions for the PSP. I would have found this site most useful when I was researching how to format video for the psp last year.

The site is at www.edepot.com/reviews_sony_psp.html

Permanent link to this article: https://baldric.net/2008/01/13/psp-hardware-and-software-specs/

ain’t standards wonderful

I’ve just changed my mobile phone for the first time in nearly three years. I know this makes me unusual, particularly as I am normally a gadget lover, but to me a phone is primarily intended to be communication device. I don’t really need it to be a camera, or a music player, or a games console. I really want my phone to work as a phone when I need it and I don’t really want to find that the battery is flat at exactly the wrong moment just because I have been listening to Peter Green for hours. My daughter seems to change her mobile every six months or so – but then she seems happy to tie herself into a network provider’s contract in order to update what is essentially a fashion accessory. I’m not prepared to do that and I pay a satisfyingly small sum of money each month to my provider because I don’t expect them to subsidise the cost of a phone.

I bought my new phone on-line. And nice and shiny it is – and I admit it appeals to the gadget lover in me. Besides the obvious voice and text messaging capability it offers: multimedia messaging, email, MP3 and MP4 audio/video (video? on a screen that size?), video calling, web access including an RSS reader, games, a radio, a calendar, an organiser, a calculator, stopwatch and of course the obligatory high resolution camera (which I confess is quite nice).

The phone even includes a file manager to allow the user to shuffle the umpteen MP3/4, jpeg/gif whatever files around and provides bluetooth, USB and infrared local communication capability over and above the GSM connectivity actually needed in a phone in the UK – plus of course 3G capability for all that high bandwidth you will need if you try to actually use all the phone’s functionality. Somehow I don’t think my current ten pounds a month contract is going to cover that.

Now with all the thought that has obviously gone in to the design of this wonderful gadget, why on earth couldn’t the company stick with some obvious existing standards in its physical design. I can just about put up with the need to learn a whole new layout on the keypad – hell the device has some dozen additional keys over and above the keypad itself – but why should I have to carry another set of earphones when I already have a perfectly good set of in ear bud phones with a standard minijack? Why should I have to use the phone’s non-standard USB connector when I already have a USB lead on my PC which terminates in a mini USB connector used by my PSP, and my cameras. Why should I have to buy yet another form of the company’s own proprietary memory sticks when I already have plenty of high capacity memory cards in said cameras and PSP?

Oh, and of course the recharger is different to every other such device in my home.

As an old colleague once said to me (quoting Tanenbaum) – “I love standards, there are so many to choose from”.

Permanent link to this article: https://baldric.net/2008/01/06/aint-standards-wonderful/

the war against hair gel

David Malki ! is an interesting character who creates some wonderful cartoons from images drawn from his collection of 19th-century books and periodicals and from other early rare books held at the Los Angeles Central Library. He publishes a collection of his cartoons at wondermark. I recommend that you spend some time flipping through his archive. The man has a completely anarchic sense of humour.

One of my personal favourites is:


I am grateful to him for permission to republish the image here.

Permanent link to this article: https://baldric.net/2007/12/31/the-war-against-hair-gel/

reflashing the BT home hub from a linux PC

As I mentioned in an earlier post, I found several references to successful reflashes of the BT hub to a genuine Thomson 7G image on a variety of sites. None of those sites gave instructions as to how to do this if you run a linux PC.

So I have documented how I did it here.

Permanent link to this article: https://baldric.net/2007/12/30/reflashing-the-bt-home-hub-from-a-linux-pc/

homehubblog goes off-line

Some of my earlier posts have referred to the “homehubblog”. The author of that blog seems to have had his domain name stolen from under his feet. The address given now links to an estate agent site. I know that there are robots out there just waiting to pounce on domains which come up for renewal so that existing traffic to established sites can be hijacked, but this is just ridiculous. I strongly recommend that anyone using a domain they value get it locked by their ISP or domain manager so that renewal in their own name is automatic.

Needless to say, any references to the homehubblog in my earlier posts should now be ignored – they just won’t work.

Permanent link to this article: https://baldric.net/2007/12/15/homehubblog-goes-off-line/

leaving BT Broadband

My contract with BT has now expired and I am shortly to move my ADSL connection to one of the Entanet resellers (TitanADSL). All the Entanet resellers I have read about get good reviews. I picked TitanADSL because they offer additional webspace and mySQL databases on top of their broadband service. With luck my IP service will improve hugely (BT consistently throttle service at peak times) and I know that my “support” service will improve beyond recognition.

I know I shouldn’t have bothered, but I actually made the mistake of emailing BT Broadband “support” requesting a MAC (Migration Activation Code) so that I could get my new supply sorted. I received the response below. I cannot believe that I actually received an email from someone “trying to be part of the solution”. Needless to say I received no MAC so I phoned the number given on the the BT website and got the code over the phone in minutes.

BT Email

Dear Sir / Madam,

Thank you for your e-mail dated 6/12/07 regarding your request for MAC code.

With regards to your email, I would like to inform you that I have to forward this matter to the relevant team for further assistance. Therefore, I would request you to kindly forward your account details, i.e. the customer account number and the telephone number in reply. We need this information for security reasons, as well as to access your account and assist you further.

I can assure you that on receipt of your account details we will assist you in an appropriate way and will make every possible endeavour to solve your concern as soon as possible.

I realise that I have not been able to resolve your concern immediately. I can assure you that I am trying my best to be a part of the solution and in the meantime I would like to thank you in anticipation of your continued patience and co-operation, and to assure you of our best intentions at all times.

Thank you for contacting BT.

Yours Sincerely,
eContact Customer Service

Permanent link to this article: https://baldric.net/2007/12/15/leaving-bt-broadband/

if Microsoft made the iPhone

I’m sorry. I know I really shouldn’t do this, but I loved this so much I watched it three times in succession. It’s vicious, it really is. And best of all, it was apparently made on a Mac.

Permanent link to this article: https://baldric.net/2007/11/30/if-microsoft-made-the-iphone/

more on the BT home hub

I last wrote about the BT Home Hub (HH) nearly a year ago. Looking back, I spent an unreasonable amount of time trying to get BT “support” to even bother to read, let alone understand, my problems. Eventually I gave up in disgust. Here I was fortunate because I had substituted a genuine Thomson ST780 router for the castrated pile of rubbish that BT provide. I had also junked the BT VOIP service (which I never successfully got working – despite having paid for it) in favour of the excellent service provided by sipgate

I have since had occasion to revisit the HH because an email list I subscribe to started a thread about it (guess what, no-one likes it…) so I looked again at some old links – such as the homehubblog. I also found some new links which look interesting, in particular the home hub hacks site which suggests that it might be possible to reflash the HH with a genuine Thomson image (though some of the links from that site are broken). Now having a couple of extra, cheap Speedtouch routers would be cool. And since you can pick up HHs on ebay for around a tenner (see, I told you no-one likes them) I feel a new hobby coming on.

I currently have two HHs. neither of which I use, and both of which I can afford to brick – so I’m going to play.

Permanent link to this article: https://baldric.net/2007/11/25/more-on-the-bt-home-hub/

update to ripping DVDs to a sony psp on linux

Since writing the entry below, I have discovered a much simpler way of ripping and transcoding DVDs – k9copy. I really should have noticed this earlier because I investigated k9copy when I was playing with dvd::rip and winFF as GUI tools for ripping. I had (stupidly) assumed that k9copy could only copy a DVD to either another DVD or to an ISO file for later burning (admittedly useful if shrinking a DVD from around 9 Gig to under 5 Gig as is commonly required). My only excuse here is that the drop down menu options offered for “ouput device” only give the names of your optical drives or “ISO image”.

However, I went back to k9copy a few days ago when I was trying to rip a particularly difficult DVD which seemed to be faulty. The disk in question would sometimes read, and at other times fail. So my thinking went along the lines of “I’ll try copying to an ISO so that I can loop mount it and then transcode”. When I opened k9copy to do so I noticed that there was an option to create an MPEG 4 file – moreover there were a bunch of preset options for MPEG 4 encoding in the “settings” menu. I tested ripping and transcoding to MPEG 4 (DIVX 4/5) in an avi container and sure enough, it worked fine and played back perfectly using Totem/Xine/VLC/Mplayer. There is no preset for PSP format, but k9copy allows you to add video and audio codec options to pass to mencode. Result!

I created new video and audio entries called “PSP” and “PSP audio” respectively and I now have a simple, all-in-one GUI for selecting, previewing, ripping and encoding to a format usable on my PSP.

I have documented this (with some screenshots) at
ripping and encoding a dvd to psp format using k9copy

I considered editing the earlier post to reflect this new discovery, but decided to leave it as is because the bash script might still be useful to someone. Certainly I use it when batch ripping several tracks (such as is common on TV series compilation disks) from a single disk. The script can be called from another script which just loops through the titles – e.g for a disk with 4 episodes of a programme called Dr Who, something like:

for i in 1 2 3 4
./psp-encode.sh $i dr-who-$i

would do fine.

Permanent link to this article: https://baldric.net/2007/11/25/update-to-ripping-dvds-to-a-sony-psp-on-linux/

ripping DVDs to a sony psp on linux

I spend a lot of time on trains – I mean a /lot/ of time. My daily commute amounts to around 6 hours in total each day. Of that, at least 4 hours is spent sitting on a train avoiding listening to the cacophony of irritating chunterers and morons on mobiles. The worst period is first thing in the morning when silence is supposed to reign. The regulars know the rules. No chuntering. The most that should happen is a “good morning”. After that, silence. In the morning I need to sleep on the train simply to stay sane. In order to mute the noise I wear earplugs.

Coming home is different. Most people are awake and the ambient noise level is such that sleeping isn’t an option. With that level of noise I can’t concentrate properly to read so for some years I have listened to music and (latterly) watched DVDs. I find that with proper full insertion earphones I can shut out the rest of the world enough to allow me to start to relax and unwind sufficiently that I can arrive home in a mood which won’t involve me shouting at anyone. I now have a huge collection of DVDs (Christmas present? How about the complete series of the first Star Trek, The Outer Limits etc.)

But, DVDs plus laptop are bulky and heavy. For a while I tried a portable DVD player but the battery life is poor and, again it’s pretty bulky when you add a collection of DVDs. Then a colleague suggested a Sony PSP. He said that he could rip 3-4 DVDs to one 2 Gig memory stick and battery life ran to about 7 hours. Neat. I checked out my son’s PSP and found that the screen resolution was pretty good so I invested in one of my own to play with. (For some reason my son wasn’t keen on letting me have his for any length of time).

Because I use Linux, my colleague’s advice on ripping to PSP format wasn’t helpful. A search engine is your friend in such circumstances. I quickly discovered that Sony seem to have been awkward in the format they require for MPEG4 video on memory sticks. The PSP is also fussy about screen resolution and audio and video bitrates. I also found a lot of conflicting (and out of date) advice about where to store the movies once ripped. I guess this is largely because the memory stick file system format has changed since version 2.xx of the firmware (mine is at the latest 3.72, though I started at 3.30). In current firmware revisions (from 3.30 onwards at least) videos must simply be stored in the directory called “video” on the memory stick. The name you give to the file is the name that shows up on screen in the PSP.

The PSP manual says that the maximum supported video bit rate is 768kbps. The native screen resolution is supposedly 480 x 272 with support for 720 x 480 and 480 x 352 available for MPEG-4 AVC(H.264) video Main Profile (AVC CABAC) files since firmware v 3.30. However, I have never successfully /reliably/ converted to resolutions better than 368 x 208 and 320 x 240 using MPEG 4 video. I have had some success at higher resolutions using an h264 codec, but the transcoding process was slow and complex involving ripping from DVD to one format then transcoding again to h264. Life is too short. All my ripping is now done at 320 x 240 for the simple reason that it works consistently for any aspect ratio movie, gives good quality and the output can be resized reliably by the PSP itself (the PSP has several screen scaling modes available – original, normal, full screen and zoom). A resolution of 368 x 208 also works well, particularly for wide screen movies, but the output shows a black band at the top and bottom of the screen and it is not possible to zoom to fill.

Many of my early attempts at ripping and transcoding ended less than successfully. I’ve used transcode (www.transcoding.org/cgi-bin/transcode) in the past, together with dvd::rip (www.exit1.org/dvdrip) but I find transcode very slow and I couldn’t always get a successful conversion. So I changed to using MEncoder with ffmpeg. Most distros will have these installed as standard. If not installed, then your first port of call should be your distro repository, thereafter, try www.mplayerhq.hu for MPlayer/MEncoder and ffmpeg.mplayerhq.hu for the codec.

The MPlayer site itself gives advice on how to rip DVD to a format usable on your PSP at:

There they say:


“13.4 Encoding to Sony PSP video format

MEncoder supports encoding to Sony PSP’s video format, but, depending on the revision of the PSP software, the constraints may differ. You should be safe if you respect the following constraints:

– Bitrate: it should not exceed 1500kbps, however, past versions supported pretty much any bitrate as long as the header claimed it was not too high.

– Dimensions: the width and height of the PSP video should be multiples of 16, and the product width * height must be <= 64000. Under some circumstances, it may be possible for the PSP to play higher resolutions. - Audio: its samplerate should be 24kHz for MPEG-4 videos, and 48kHz for H.264. Example 13.4. encode for PSP mencoder -ofps 30000/1001 -af lavcresample=24000 -vf harddup -of lavf -oac lavc -ovc lavc -lavcopts aglobal=1:vglobal=1:vcodec=mpeg4:acodec=aac -lavfopts format=psp input.video -o output.psp Note that you can set the title of the video with -info name=MovieTitle." --------------------------------------------------------------------------

Using a variant of that command line in a bash script I find that I can get a standard 2 hour movie down to around 350-550 MB with excellent resolution and audio quality. This means that I can get around 4 movies on a 2 Gig stick. Battery life runs to around 7.5 hours when running off the stick (and not using the UMD).

Note that I scale to 320×240 and specify the language as english (“alang-en”) just to ensure that I don’t get some other language as the audio output – german seems a popular default in my experience. You will need to ensure that your dvd device is correctly specified (mine is /dev/hda below). The track number is critical because you only want to transcode the main DVD track (usually the longest). The quickest way to discover this is to use a neat little util called lsdvd written by Chris Phillips and available from untrepid.com/acidrip/lsdvd.html. Chris has also written a really good graphical tool called AcidRip which acts as a front end to MEncoder/MPlayer. Note that I use “threads=2” as one of the arguments to lavcopts. This is because I use a dual core processor and the ffmpeg libraries are capable of using both processors. The default is single threading.

My script is as follows:

# script to encode DVD to MPEG4 video for PSP
# $1 = track number, $2 = title
mencoder dvd://$1 -dvd-device /dev/hda -alang en -oac lavc -ovc lavc -of lavf -lavcopts threads=2:aglobal=1:vglobal=1:
vcodec=mpeg4:mbd=2:trell:autoaspect:vbitrate=500:acodec=aac -af volume=10,lavcresample=24000 -vf scale=320:240,harddup -lavfopts format=psp:i_certify_that_my_video_stream_does_not_use_b_frames -o $2.mp4

# end of script

[Update note added on 6 June 2008. Since writing this post, both mencoder and ffmpeg have been updated so that the above script will not work without modification. In particular, the “i_certify….” option is no longer supported (or necessary) and the “aac” codec has been supplanted by “libfaac”. So the new script should look like this:

# script to encode DVD to MPEG4 video for PSP
# $1 = track number, $2 = title
mencoder dvd://$1 -dvd-device /dev/hda -alang en -oac lavc -ovc lavc -of lavf -lavcopts threads=2:aglobal=1:vglobal=1:
vcodec=mpeg4:mbd=2:trell:autoaspect:vbitrate=500:acodec=libfaac -af volume=10,lavcresample=24000 -vf scale=320:240,harddup -lavfopts format=psp -o $2.mp4

End of update note.]

I have also discovered a really good graphical frontend to ffmpeg called winFF (available from www.bigmatt.com). That utility uses ffmpeg to transcode from one file format to another. The nice thing is that it allows you to define a set of command line parameters to pass to ffmpeg in user friendly format. I successfully used this nice GUI to convert AVI packaged files to MPEG4 and h264 encoded files for my PSP. The biggest drawback for most people is that it doesn’t rip from DVD, it only transcodes.

For encoding to MP4 I used:

"-threads 2 -f psp -vcodec mpeg4 -acodec aac -b 500 -ar 24000 -ab 96 -s 368x208 -aspect 16:9"

and set the output file expension to mp4

For encoding to h264 I used:

"-threads 2 -f psp -vcodec h264 -acodec aac -b 500 -ar 24000 -ab 96 -s 720x480 -aspect 16:9"

and set the output file extension to mp4

Note that this is the only way I have successfully managed to get a resolution of 720×480. Note also that the audio bit rate is 96 kbits. Anything higher than that is a waste of time (and space).

As for actually getting the files onto the PSP, it couldn’t be simpler. Just connect the PSP to your Linux box with a USB cable, select “USB connection” from the PSP menu and the device will appear on your desktop as any other removable USB disk. Copy the files you have ripped to the PSP directory called “VIDEO” and away you go.

Of course, all of this assumes that copying DVDs is legal in your country of residence. I am not a lawyer and you must decide for yourself whether following these (purely hypothetical) instructions is legal.

Permanent link to this article: https://baldric.net/2007/11/04/ripping-dvds-to-a-sony-psp-on-linux/

update on the Reg about BT and the GPL

I knew this one would run…..

The Register notes that BT believe they have done enough to comply with the GPL by publishing the code here. But the Free Software Foundation remains unconvinced. In my view BT should respond more positively and work with the foundation to meet the requirements of the GPL.

We’ll see.

Permanent link to this article: https://baldric.net/2007/02/08/update-on-the-reg-about-bt-and-the-gpl/

BT home hub and the GPL

I mentioned the Home Hub Blog in an earlier post. That author of that blog (amongst others) has been trying to find a way to unlock the Hub so that it can be used on ISPs other than BT itself. Unfortunately, BT seems to have tied the beast down (and ties it further with each upgrade of firmware). Worse, most users will be oblivious to the fact that BT can, and does, upgrade the Hub remotely. This may suit BT, but it does not suit all its customers – myself included.

The Home Hub blog author noted that the software in the Hub is a variant of an embedded Linux, with some additional code such as Samba. Given that all this code is covered by one or more variants of the GPL, BT is obliged to release the entire source code to anyone who asks, Access to the source code would, of course, allow anyone to identify where BT have locked the Hub, change it, recompile and reflash the Hub into an unlocked state. So HomeHubBlog wrote to BT – and he eventually gained a partial response. But not enough. See the Register article at The Register. This one could run and run.

My own experiments with the Hub tell me that it runs a Linux kernel The FTP daemon on the Hub is so flakey however, that getting consistent access to the filesystem is very hit and miss. I commented on the Home Hub Blog at playing-around-with-ftp so I won’t repeat it here.

Several commentators have mentioned methods of getting root (superuser) access to the Hub CLI and FTP accounts. The method I have found most consistently successful is as follows:

Telnet to the Hub and log in as admin. At the command prompt type “user”, then type “flush” (this deletes all users). Now log out and log back in again, but this time log in as “root” (no password needed). Now go back to the user command subset and type “add”. Follow the prompts as below:


password=[your chosen password]

password=[repeat your chosen password]

descr=root (or any other description)

defuser=[leave blank – answering yes would make this the default user on login]

defremadmin=[leave blank – answering yes would make this the default remote admin user]

deflocaladmin=[leave bank – answering yes would make this the default local admin]

Bingo, you now have a root user. Now repeat the process for a named user (such as yourself) but give yourself the Administrator role. Make this user the default and the default local admin. Now save the configuration by going back to the top level of the CLI prompt system (type “..” to go back) and type “config save filname=user.ini”.

Note however that BT can overwrite this configuration, so you need to disable that. To do so you need to switch off CWMP (the CPE WAN Management Protocol) capability which allows BT to manage your router remotely. Bear in mind, however, that doing so will prevent BT automatically updating your router software if security problems are found – caveat emptor. To turn off CWMP, do the following:

at the top level CLI prompt, type “cwmp”, then at the cwmp prompt, type “config state=disabled”.

Your router is now unreachable.

(Again, you will need to save this configuration if you want this change to survive a reboot.)

Permanent link to this article: https://baldric.net/2007/01/22/bt-home-hub-and-the-gpl/

another update to correspondence with a corporation

Since my last post at the end of last year I have been testing my ST780 with a variety of alternative VOIP providers whilst at the same time trying to get BT to sort out my connection. I also lodged a formal complaint about the appalling level of technical support with the BT complaints department on 30 December.

The complaints department initially responded to me on 4 January with an acknowledgement and a comment that I could expect a fuller reply in 24 hours. On the 8th of January I received the following gem:

“BT Broadband – Complaint Management Team

Dear Sir

Thank you for your e-mail regarding the problems you are experiencing with your BT Broadband service. Please accept my apologies for the inconvenience this has caused you.

Unfortunately we are unable to assist with technical issues, we have however passed your email to our technical support team, who will be in contact with you in the next 3 to 4 working days to work towards a satisfactory resolution. Should you wish to contact the technical support desk please call 0845 600 7030.

I would again like to apologise for the problems you have experienced. I do hope this information will be of assistance to you.

Kind regards
BT Broadband – Complaint Management Team”

Since that date I have heard nothing – though I have now received my shiny new hub (which I do not intend using).

Now since the substance of my complaint was that the technical support department was neither technical nor supportive I have decided that it is futile to continue down this road and I will simply escalate my complaint (on paper) to the Customer Relations Manager.

Meanwhile, just to prove that there is nothing wrong with my ST780 router, as I mentioned above, I have been experimenting with alternative VOIP providers and have now signed up with Sipgate. Sipgate offers free VOIP services within its own network and with peer networks such as FWD. It only charges for its gateway out to the PSTN. But its charges are very reasonable indeed. Sipgate also offers a rather neat opportunity to gain a UK geographic based telephone number for no additional charge. During my testing (for free) I could successfully dial in to my new Sipgate number from the PSTN and mobile networks but initially could not dial out to the Sipgate test number. Given the problems I have with BT I contacted Sipgate support who very generously credited my account with a small test sum so that I could check outbound connectivity to the PSTN. It worked fine so I have now signed up to Sipgate’s services.

Now compare this attitude and response from a company with whom I had no contractual relationship and had paid no money with that woeful response from BT to whom I pay a very considerable sum of money each month.

Permanent link to this article: https://baldric.net/2007/01/17/another-update-to-correspondence-with-a-corporation/