Photos
When uploading photos to my llgal gallery, I resize and sharpen them so they don’t take up quite as much storage and bandwidth. I start by using the EXIF auto-rotation flag to losslessly rotate any upright photos:
jhead -autorot IMG_*.JPGNext, I rename the photos so there are no filename collisions when I throw together photos from different events:
exiftool '-FileName<EVENT_ ${CreateDate}_$filename' -d %Y%m%d IM*.JPG
Finally, if I want to upload the batch, I resize and sharpen the photos using the excellent imagemagick tools. Careful! mogrify will modify images in-place, so be sure to apply it on a copy of your original JPGs:
mogrify -resize "1024x1024>" -unsharp 1x1+1+0 -sampling-factor 2x2 *.JPGAfter that the folder with the photos is a simple scp and llgal call away from making it into my gallery.

Videos
I’ve just recently started shooting video, but I already love the functionality on my EOS 60D. Even though I use the Magic Lantern firmware (you absolutely should too!) to reduce the bitrate of the videos by half, the 1080p25 videos from the EOS are still way too large to be used in any reasonable way, so it’s a good idea to compress them. I start by merging all the videos of an event into one file, using the mkvtools package:
mkvmerge MVI_0001.MOV + MVI_0002.MOV -o MVI_EVENT.MOV
Next, I use ffmpeg to downscale and recompress the video and audio. Depending on your distribution, you might need to install extra packages from special repositories to do this:
ffmpeg -i MVI_EVENT.MOV -s 854x480 -b 2048k -vcodec libx264 -acodec libfaac -ac 2 -ar 48000 -ab 128k MVI_EVENT.mp4
This will give you a nice small file with very good quality, even if it takes a while to render. The adjusting knob is the bitrate behind the -b parameter. Be careful not to change the framerate of the original video using -r, this will degrade quality and take forever because frames will have to be interpolated!

The ffmpeg-call could certainly be optimized, and I’m happy to hear about any suggestions.

For some reason I delved into the topic again about a month ago. I realized that my tiny and cheap Acer Aspire One 110L, with its Atheros NIC (AR242x, 802.11abg) does in fact possess the ability to inject packets. Out of curiosity I had to try it for myself. This is not meant as a tutorial for cracking WEP (there is a comprehensive guide for aircrack), but rather as an encouragement to try it yourself, or at least to think very hard if you’re still using WEP.

The most shocking thing I discovered was that the number of necessary packets to crack WEP had dramatically decreased with new attack methods. The aircrack-team talks about 20k / 40k packets (with the new PTW attack, origin and paper here) for cracking 64bit/128bit WEP, which is well below the 1000k packets I read about in the past. At a rate of 500 packets/s this amounts to less than 5 minutes of time needed. This is still a lot if you have to depend on legitimate network traffic and don’t have a few days of time. To speed things up, packet re-injection is the way to go today. It works like this: You wait and try to record an ARP-request (which should be no problem if someone is on the network), and then replay this request back to the network, meaning you simply re-inject the same packet you captured. For every ARP-request, the AP/router should respond with an ARP-reply, which in turn is a new data packet and the kind of packet you want to capture in order to get to 20k/40k unique IVs (initialization vectors). Now imagine doing this re-injection at a rate of 500 packets/s and you get the point.

A few caveats:

• If nobody’s on the network you won’t be able to capture an ARP-request. Tough luck ;)
• If someone is on the network but you missed their initial ARP you can try disassociating them
• I wasn’t able to do fake auth with the AP, which is why I had to replay the ARPs as long as the original client was still associated
• If you wan’t to make extra sure you capture all the interesting replies you can keep Kismac running along airodump-ng
• I suppose this is illegal in Germany. Oh well, I did it while on vacation ;)

The nice thing about this attack:

• Really fast (think ‘car’ and ‘battery slowly discharging’)
• Not much storage needed to capture packets
• Cracking efficiently possible, even on a laptop
• If used for malicious purposes, the kind of people still using WEP will be the last to notice a few thousands extra 802.11 packets over a 5-minute span

• I didn’t choose the Geode GL/GX last time, doh!
• The kernel is no longer tickless (performs better)
• Threw out some modular crypto-stuff (which I missed the last time)

There are three front-LEDs on the ALIX board, so nothing fancy. The interesting is that there are predefined triggers for these LEDs in /sys/class/leds/ which will make the LEDs display one of the following: heartbeat = load average (blinking speed), ide-disk (write access to the cf-card), timer, etc. Just try cat trigger to see the possible values. There is also the possibility to trigger on matches from iptables (think: traffic on port 22 ;). However my iptables userland seems to be outdated, so I will have to report about this another time.

Furthermore I tried using lighttpd instead of gatling on my fat external drive, and it performed even better, using slightly less CPU. In the kernel I activated the deadline IO-scheduler as default (while keeping CFQ and NOOP as an option), let’s see how that plays out. I’m still not getting more than 9MB/s using Samba, while the CPU is mostly idle and lighty completely saturates the 100MBit link, really annoying.

lm_sensors on the ALIX are no problem either. Just try my kernel-config or make sure to activate the basic I2C-stuff and CONFIG_SCx200_ACB. My ALIX runs at comfy 42°C when not under load.

I already talked about using tmpfs for some of the directories written to frequently (/tmp, /var/tmp, /var/run, /var/log, /var/lock). I don’t care about logs right now, so I don’t mind losing them on reboot. Some daemons however complain or won’t start if their log-directories aren’t set up, so you should do that with an init-script. I uploaded my script here, which will work with Debian and also sets up two LEDs and the deadline scheduler in case it isn’t the default.

Specs
PCEngines has an overview over the ALIX-line as well as the specs of the ALIX 2D13, so this is just a short rundown:

• 500 MHz AMD Geode LX800 (x86)
• 256 MB DDR DRAM
• 3 Ethernet NICs (Via VT6105M 10/100)
• Furthermore: 2x USB ports, MiniPCI-slot, CF-slot, serial port

I chose the 2D13 model since I wanted 3 ethernet NICs and the added battery (for keeping system time after a reboot) seemed like a good idea. The ALIX boards can be bought in many variations, some even providing VGA/sound to be used as a thin client. I ordered my ALIX at the Varia-Store, where they offer a complete bundle of ALIX-2D13-board, enclosure, power supply and CF-card for a mere €145 including shipping in Germany. I ordered on Tuesday at noon and the package arrived Thursday afternoon.

Operating system / prerequisites
You probably want to run Linux on these babies, otherwise you can stop reading ahead. There are some things you really need before you get started:

• CF-card reader on your computer (for installing the OS to the CF-card)
• Serial connection (think USB-to-Serial converter, pl2303) to access the ALIX

I chose to install Debian on the ALIX, since I’m familiar with it and it has little overhead. I found these guides to be helpful, even if not completely up to date or correct: Guide 1, Guide 2. But careful! Don’t mount the ALIX board in its enclosure until you’re sure that your ALIX boots, since removing the CF-card requires taking the board out again ;).
The next thing I did was to build a custom kernel, since Debian only includes 2.6.26 and has everything you’ll never need compiled as modules. I built a next-to-minimal kernel on my workstation (this site helped a lot) and it seems to work just fine so far. The config is here. An important thing if you compile somewhere else is to make sure you useARCH=i386 make menuconfig
ARCH=i386 make -j3 when configuring and compiling your kernel for the ALIX.
People already using CF-cards or small embedded devices probably know to use noatime where possible and mount /tmp, /var/tmp, /var/run, /var/log, /var/lock as tmpfs to go easy on the CF-cards limited write cycles.

Performance / Applications
I bought the ALIX to play around with it but also to evaluate its possible use as a Samba-fileserver and CUPS printserver for my flat, and maybe even a small shellserver in case I’m away from home and my workstation isn’t running. With an energy-consumption of about 5-6W you can have it running 24/7, the fact that it doesn’t have any moving parts only adds to that. Booting takes a few seconds by the way, not that it matters.

The first measurements I did were with scp from the ALIX to my WS, which maxed out at 3.5MB/s because OpenSSH used up the CPU on the ALIX. Next I tried using Samba (to and from) and got a mere 6.5MB/s throughput reading from the ALIX and an attached USB-drive. This was with the stock kernel however, and using my own 2.6.34-kernel I was able to transmit more than 9MB/s using Samba. I had a stupid line in my smb.conf which might explain the 6.5MB/s I got before. Make sure to remove this line!:socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384I then did another test using fefes gatling web/ftp/samba-server on the ALIX and my USB-drive in HTTP-mode with wget and was able to completely saturate the 100MBit-link, which is why I suspect to be able to do the same thing with Samba as well.
For customers of Aachens Uni-DSL it should be interesting to know that I managed to max out my 8Mbit-DSL-line (about 700kB/s) using vpnc on the ALIX with enough idle CPU left. Using vpnc and doing a git pull on the ALIX resulted in only a slight slowdown since git was busy saving/packing objects it received. Performance using git daemon on the ALIX and pulling from there were acceptable as well.

All of these measurements are highly unscientific and side-effects or misconfigurations could have had negative effects, so one should read these rates as minimal assurances.

Conclusion
After the first full day of using the ALIX I’m impressed. The CPU is powerful enough for most tasks and with a little custom configuration some things can be sped up considerably. I don’t see any problems for the intended use as a file-server, by whichever way the files are served. The next step will be hooking up my printer.

If you intend to use encrypted filesystems on the ALIX you should do some research first. While the AMD Geode does have hardware support for AES, OpenSSL does not seem to use it and I’m not quite sure about any cryptofs. Another common thing the ALIX might be used for is wireless LAN. The MiniPCI-slot can take a variety of wireless NICs, but I don’t need yet another AP at the moment.

Photography
You accidentally selected “Delete All” on your digital cameras and now your photos are gone? You even fear they might have been overwritten by photos taken after the accident? Fear not, the same thing happened to me, and I was able to restore all the photos from the event plus photos going back as far as three months from my CF card in my 400d using the PhotoRec software.

Cameras today often have an orientation sensor, so pictures taken in portrait mode will automatically be rotated. But this usually happens in the viewer, while the orientation is simply an EXIF tag. Of course this takes up precious computing time and not every viewer supports it. jhead can not only display EXIF information in a consistent manner but can also rotate pictures lossless and clear the orientation-tag afterwards. The call is jhead -autorot *.JPG
If you want to rename your images using EXIF-information, exiftool is the way to go. The command exiftool '-FileName<Party_ ${CreateDate}_${filename}' -d %Y%m%d *.jpg would prefix all the photos with “Party” and the create-date, while keeping the original filename as the suffix. exiftool can shift dates too, if you ever forget to adjust for daylight saving.

When uploading the images you’ll often want to resize them. The ImageMagick collection can do just that, and many other things (like sharpening etc.). If you mogrify -resize 1600x1600 your photos will be resized to 1600px maximum edge length, while keeping the ratio. But be careful, mogrify overwrites the pictures in place!

Music
Thanks to services like video2mp3.net/ you can download a lot of music from YouTube. But sometimes there is silence at the end or the beginning of a song, and a whole collection of songs might have differing levels of volume. To cut an mp3 you can use mp3splt like this to cut everything after 03:30 minutes:mp3splt file.mp3 00.00 03.30The sound levels can be normalized, losslessly, using mp3gain:mp3gain -rk *

Misc
When pretty-printing flat text files I use a2ps to format them nicely and get a PostScript-document. a2ps however does not support UTF-8, while the only characters I care about (German Umlauts) can be represented using Latin1 just fine. So, one can use iconv to convert them on the fly like this:iconv --from-code=UTF-8 --to-code=LATIN1 textfile.txt|a2ps --font 9 -E -B -r --column=1 > out.ps

To export images from a PDF-file I discovered pdfImages, which is part of the xpdf-suite. Use it like this:pdfimages -j foo.pdf bar

Reusing a connection
Anyway, today I wanted to present another advanced feature, one I only stumbled upon while learning for an upcoming exam. The slides mentioned the possibility to share connections on one SSH-channel (to the same destination, obviously). Now, why do you need more than one connection in the first place? Well, sometimes you just need the space, and using screen just doesn’t cut it. Or you use git or scp to the same host you’re logged in already interactively. In that case, you just have to establish one connection and any further connection will use the first one. The benefit? Login is way faster, almost instantly, because the whole handshake and authentication doesn’t have to take place again. The caveat: You’ll have to close your master-connection last, otherwise the other connections will drop too. For me that’s no problem, since the host I use most of the time is also the host I’ve got a session open with 24/7 (IRC).

I’m just gonna show the fully automated version here, though you can use it manually as well, just when you need it. A better description can be found here. To automate it, put this in your ~/.ssh/config (you don’t have a config yet? shocking!):
ControlMaster auto
ControlPath /tmp/%r@%h:%pAs usual, you can put it at the very top to apply for all hosts or you can activate it for specific hosts by putting below a Host declaration. Now all you have to do is use ssh host as usual. You’ll see it’s working when you terminate the connection:
Shared connection to host.de closed.

Reverse tunnel
Yes, you can tunnel with OpenSSH. You can even have it act as a SOCKS proxy, which is really neat when combined with Firefox-plugins like FoxyProxy. But you can also reverse-tunnel your way out of a closed network (or NATed network for that matter) when you don’t have access to any intermediate host (like the router/firewall). It’s easy:
ssh -NR 12345:localhost:22 home.deThis assumes you’re issuing the command from the machine that you want to access (from home) later on. It will bind the port 12345 on home.de so that it is forwarded to port 22 (SSH) on the local host. Yeah, it requires some reverse thinking too to get it right ;) The -N-switch prevents a login, by the way. Obviously it is of little use if your home.de has a flaky dialup connection, so you might want to reverse-tunnel to a stable endpoint (or use something like autossh).

Comments and improvements can be directed to me via email or as a comment to this post.