Tuesday, June 27, 2006

Windows XP Bluetooth Dongle Problem

I've been having a problem with my Windows XP Pro desktop system using my bluetooth dongle. Apparently, I'm not the only one. It seems that XP SP2 does not release the COM port when the dongle is removed from the system. This means that if you remove the dongle (for use on a laptop, for instance), that WXP thinks the port is still in use. This means that when you plug the dongle back in, the COM port is incremented, and the application has to be reconfigured.

The problem has manifested itself when using my Palm Hotsync via bluetooth. Every time I disconnect the dongle, the Palm Desktop software has to be reconfigured to use the new COM port. I finally found a fix, but it is a nasty hack. As if there is any other kind on WXP!

Launch System Properties, click the Hardware tab, click Device Manager. Expand Ports and double click Bluetooth link. This item will be labeled with the current port number. Select the Port Settings tab and click Advanced.

At the bottom of the window is the current port number listed in a pull down menu. Turn out, it would let you run it up to COM256! Move up the list to COM3, which will display as in use. (On your system it may be something other than COM3... Adjust appropriately.) Select the in use port, click OK. Return to Advanced, and move through the list for each of the bogus ports, clicking OK after each.

Once all the ports have been freed, select the correct port (COM3 on my system). Before leaving the Bluetooth link, try upping the connect speed-- mine was set to 9600! Click OK, exit Device Manager and System Properties.

Go to Bluetooth Devices and check the COM Ports tab. I should be back to the correct value. Reconfigure the application, and try to connect.

Howto Hack SprintPCS / Palm (pt4)

In case any of my loyal readers forgot where we left off with this project (not likely as I think there are two of you), we were able to get the Palm Tungsten E2 communicating with SprinPCS via a bluetooth enabled Samsung MM-A940. The problem was the $39.99 per month fee for the service. It would be hardly worth it, but for the fact that this also gave PC access. Unfortunately, it would not work under RHEL4.

So, I cancelled the service. This means no data for Mr. Palm. But wait! I did say I had one trick up my sleeve. Check out these links:

Tapland :: Zodiac (PalmOS) and Samsung a920 - How do I connect these?
PCS Intel :: Samsung Sprint

Happy, happy, joy, joy.

Saturday, June 24, 2006

Alternative Keyboard Gallery

I came across Tim Griffin's Alternate Keyboard Gallery displaying some very interesting keyboard designs. This is particularly interesting to me, as I use and ergo-split keyboard on my WXP system. Since I now have a dedicated Linux system, I really need another, but the retail stores no longer carry them.

* His site was running a little slow, so I had to hit the refresh button a couple times to get the pictures loaded.

Wednesday, June 21, 2006

How Few Remain

My wife is fond of dragging me to "thrift stores" to go shopping. Luckily, her favorite has a large book and record section, so I can usually stand about thirty minutes in the place. A few weeks ago, I found a book called How Few Remain, by Harry Turtledove, about the second war between the Confederate States of America and the Union.

Now, I know what you're thinking: "There was only one war between the states, and the Confederates lost." Turtledove, however, is known as the master of alternate histories, and this was the second volume about a history where the Confederates won. In another series of books, the US in engaged in World War II, when an alien species decides to invade Earth. Given the situation, Roosevelt and Hitler sign a treaty, and fight the aliens together.

The first of the Civil War series was The Guns of The South. General Lee finds himself at a turning point in the War Between the States. He knows that if he can not pull off a major victory by invading Pennsylvania, then turning on Washington's soft northern flank, than the war is lost and the South is doomed. That's when a man with foreign accent
presents the Confederate Army with the gift of a newly invented rifle. He explains that he, and his associates, have a factory where they can produce the new weapon and ammunition. They call the rifle the AK-47.

In reality, the foreigners are South Africans who are using a time machine the transport weapons from the future, in an effort to keep slavery alive. The Confederates do win the war, but Lee and Nathan Bedford Forest turn on the South Africans when they realize what is happening. Lee follows Jefferson Davis as President of the Confederacy, and emancipates the slaves in order to secure the support of the Europeans.

Time machines, people from the future, advanced weapons out of place on the battlefield... Hey, it's a science fiction book!

Advance twenty years. It's now about 1887, and the USA and CSA are coexisting at best. Tensions are high, and war in rumbling on the horizon. Unfortunately, there are no AK-47s on the battlefield-- instead, everyone has Winchesters and Springfields. And the CSA still has slaves. General Lee is not even mentioned. No time machines.

Hey! This isn't a sequel: its a completely new book based upon the premise that the Confederates just won the Civil War on their own. Well, that's a pretty big leap of faith. In reality, the Confederates didn't actually expect to win the war. For the most part this a book of speculative politic fiction.

The only interesting part so far is that the first US victory was under the command of Custer. He turned the tide of battle by baiting cavalry into an ambush, and chopping them down with his Gatling Guns. Of course Custer was actually killed at Little Big Horn by being ambushed by attacking cavalry... because he wouldn't take his Gatling Guns in the field.

Hopefully, Turtledove has more tricks than irony up his sleeve.

Friday, June 09, 2006

SELinux: MLS Under Fedora Core 5

Hearing that Multi Level Security was available in FC5, I decided to load it on a system and take a look. The original concept of MLS was to allow military and government systems to tag files as Classified, Secret, Top Secret, or Unclassified. In its current incarnation, the military labels are replaced with arbitrary codes which can be aliased to names. This means you could put a document on a server that could only be read by people with "Marketing" clearance, whether they are in the Marketing group or not.

Here's what we have to do:
1. Install a Fedora Core 5 system with SELinux active, running the targeted policy.
2. Load the selinux-policy-mls RPM.
3. Change the default policy from targeted to mls.
4. Reboot the system to allow it to add a default security level label to every file.

Unfortunately, this resulted in a kernel panic. The kernel would die at boot time, because it was expecting to find an extra security context element, which wasn't there. (SELinux uses a three part security context to flag each file. MLS gives and additional flag, which must be added.) Of course, it was suppose to boot to a relabel mode, and take care of that for us. No luck.

Rebooted the system, interrupted GRUB, and appended selinux=0 to the kernel options. Logged in as root, and issued the command fixfiles restore. It took the system about 15 minutes to relable the files with the new information. (This isn't the best way of doing this, but it was the only choice since the auto-relabel failed.)

Rebooted the system, and was offered a login prompt. Logged in as root, only to find-- I didn't have security clearance to access /bin/bash. Oops.

Rebooted the system, interrupted GRUB, and appended enforcing=0 to the kernel options. Logged in as root... and I'm in! The SELinux security system is running in the Permissive mode, however. Now I've got to get the correct clearance.

Just for fun, I switched back to the Enforcing mode. I logged into the system as an unprivileged user, and everything worked. Ha! Maybe it is not broken after all... Maybe I'm just not allowed to login as root, which (actually), is a good thing.

You see: root is living, breathing, security violation. If I have a user on my "traditional" linux system that has codename clearance for the MAJESTIC project, and I access his home directory, I could snatch documents that I am not authorized to see. Under MLS, root can not even cd into an unprivileged user's home directory. As a matter of fact, now that I've switched back to Enforcing, I can't even cd into /root!

Turns out, the problem wasn't the clearance needed to run Bash, but the clearance to access root's home. When root logs in, he has the staff_r role. To access /root, he needs the sysadm_r role. To make matters even more interesting, I wanted to return to the Permissive mode to test my theory. I issued setenforce 0 only to be greeted by a happy little message:
Permission denied

Now I'm stuck. The only way out is to reboot... Or accept the march of progress. Root is no longer God. He has gone the way of Quetzalcoatl. Maybe he was a false god all along. Kinda like the Go'ald.

The next trick is to figure out how to use MLS to create my own codewords.

Thursday, June 08, 2006

RHEL4 Network Access via Bluetooth Cell Phone

I worked several hours on using my Bluetooth enabled cell phone as a modem for roaming internet access. Alas, it was not to be. I was able to successfully get my Palm to connect, but could not get the laptop to work.

The problem was RHEL4's inability to respond to a PIN request from the phone. Under Fedora, there is a PIN Helper Daemon to handle pairing. It is not included with RHEL.

Oh, well. Maybe I'll try again in RHEL 5.