I actually got a reply from YTV! I asked them three specifying questions, and they answered them all. So the new and updated technical information is:

- The “use once cards” are in fact the lowest of the low, MIFARE Ultralight. No crypto, no brains, no nothing.

- The normal cards are DESfire (first generation), not EV1.

- The encryption method used is 3DES.

I wasn’t expecting a reply, but i got one, and pretty quickly too! So thanks YTV.

Many of you may have heard about the new Matkakortti, being rolled out as of last week (10.11.2009). Ads for the new card have appeared all over the place, and urge people to change the card during their next re-charge. The new card has a nice flashy green graphic printed on it, no doubt to reflect the new eco-features of the card.

So what changes? According to YTV, the previous blue cards have reached the end of their life-cycle. “As with credit- and debit-cards, the cards have to be changed out every few years”. Also, the new cards are now ISO 14443A compliant (specifications for RFID cards). I have a funny feeling the last cards were compliant as well, but there’s no data on this. They were made by Mifare as well (as the new cards), so i think they were compliant.

The color of the card changes, but also, the type chages. The old cards were MIFARE classic. This is a card that has a 48-bit encryption key, that is seeded based on the “start-date” of the card, i.e. when it was first turned on. This system has been broken multiple times. To give you an idea of how easy it is, it takes about 12 seconds on a standard laptop computer to break the built-in Crypto-1 encryption scheme.

The cards are ASIC based, and have a very limited storage space. There are 1K and 4K versions of the card, and accounting for read-only data put in by the manufacturer, the de-facto storage space of these cards was 752 bytes and 3440 bytes respectively. That’s a whole lot already!

The new cards are based on later revisions of MIFARE technology. There are two basic types that will be rolled out now (the specific models are not listed, but i’m going to find out one way or another):

• MIFARE DESfire. This is the regular “multiple use” card that most of us use every day. More on this later.
• MIFARE Ultralight. This is the “use once” tourist card, which can be charged once, and then thrown away after use.

DESfire is a new card type that MIFARE came out with in 2002. There is an EV1 (evolution 1) version of the card, which was released in 2006 and offers more options and better crypto. Which system is used here, i’m not sure as i said, but i’ll find out. This is an entirely new card compared to the old stupid cards. They sport a real NXP made microprocessor, and more memory. There are 2, 4 and 8KB versions of the card. They come with a propietary DESfire operating system, which uses a real directory/file structure in the storage space. The crypto is upgraded from “Crypto-1″, using a 48bit key, to a minimum triple-DES, i.e. 3x56bits keylength, and up to a 128-bit AES in the EV1 variant. The NXP microprocessor is 8051 based, and has separate hardware crypto-accelerators for both AES and 3DES, which makes the crypto transactions even faster than before.

Ultralight is the use-once version of the cards. Cheaper to manufacture, it’s apparently made out of some kind of thick paper. There are also two versions of this card, the  Ultralight, and the  Ultralight C, which are from 2001 and 2008 respectively. The plain-jane version offers no crypto at all, and 512 bits (64 bytes) of memory. The C variant offers crypto, more storage-space, and ISO 14443 compliance. It is highly likely, that the version being rolled out is the C version, because it has features that make it suitable for mass transportation (i.e. abrasion resistance and crypto).

So why are the cards being changed for real? I’ll offer a few guesses. One, is that the new cards are cheaper. That’s a big thing when it comes to public transport and anything government funded. The Apollo astronauts reminded each other that they are going to the moon in a craft built by the company that made the cheapest offer. I’m not saying cheap is bad in this case though.

The new cards are also more ecological. Also a big thing in government projects, and easier to sell to consumers. The cards are either made out of bio-degradable plastic, or paper.

All methods of public transport will be fitted with GPS. Some already have it (trains, trams and some busses), but i suppose they’ll be rolling this out to every damn thing. This makes tracking not only the vehicle easy, but also tracking you. They can stamp your card with exactly the stop you got on. Where you got off is another matter entirely, but in any case. The bus and the reader knows where you are, and when you get on, the card will retain this information, along with personally identifiable information. This information is said not to be readable by regular kiosks and other recharge outlets, but only by ticket inspectors or law enforcement “should the legal need arise”. In any case, the expanded memory and processing capability, plus the new crypto, make the cards very hard to hack, and capable of storing hoards of information, and not just a “one travel” buffer, which contains your last transit. This of course, is pure speculation on my part.

Why replace an already working system? Well, that’s anybody’s guess, and the site they put out doesn’t really give a specific reason. The fact that the new cards are cheaper, is a small issue, when we consider that there are already what.. a million cards in circulation that now all have to be replaced? Expanding the system to new areas? Okay, but why not just expand the current, tried and tested (and broken ) system? The cards are at the end of their lifespan? Why? My card is seven years old and it works just fine. I’ve had it in my pocket, my wallet and god knows where. There are no moving parts, and no exposed chips, as with regular smart cards. The exposed components tend to wear out and that is a good reason to change your card. But it doesn’t apply to the Matkakortti. Sure, if you bend the card, it’ll snap, but i bet the new cards are just the same.

I also have a hard time believing that standards compliance is a reason for the overhaul. The old cards are based on the same basic technology, i.e. RFID, which should in itself adhere to ISO 14443. If it didn’t, okay, but adhering to standards isn’t a benefit for the consumer in this case. Everyone is forced to either use the cards, or pay each trip with cash, which leaves little options. The standard defines how well the card should withstand physical abuse, but again, i stress that my card is still working after seven years. Abuse-resistance was not an issue with the old cards either.

So the Fox Mulder in me deduces that this is just a way to track us even more closely. The hacking of cards wasn’t an issue in Finland, at least not that i heard of, but with the new cards, this becomes practically impossible, unless there are vulnerabilities in the implementation of the crypto, or predictability in the key-generation (or exchange) as with the previous system. This removes any chance of an “open and fair” system, meaning that i can’t buy a MIFARE reader, and dig out the data that they have store on me personally, on the card. I’m not even looking for free travel or some such shit, i just want to know how the system stores and uses my data.

I’ll be following up on this as i get my hands on the new card. I’ll be retaining a few of the older cards, just to make comparisons, should such an opportunity arise. I’m still in the market for a MIFARE reader, but i haven’t gotten off my lazy ass and bought one yet.

Source to my rambles are:

http://en.wikipedia.org/wiki/MIFARE

http://www.matkakortti.net

A client was generous enough to donate me an old laptop to play with. It’s a Compaq EVO N610C. You may remember if from about 8 years ago, or so? It’s got that silver wlan antenna thingy behind the screen?

Yeah. That one.

Anyway, it’s a nice piece of work despite being old. It’s a very first generation pentium 4 mobile, which means it eats battery like a kid eats cookies. 512MB ram, 40 gig hard drive. Old, but works fine. Put Xubuntu 9.10 on it, XFCE works just fine, and plays DVDs too. 14″ screen.

I’m gonna be playing around with the wireless some more, since it has a good atheros chipset, and a proper antenna (with a ready plug for an even bigger external antenna). I’m thinking this might become my wardriving laptop, or something in that order.

So, the story continues.

I’m seriously beginning to suspect the damn Linksys. It’s gotta be the Linksys.

B kindly provided me with a Zyxel 660HW, and a Telehell 501, out of which the Telewell works fine. Zyxel seems fucked somehow. Telewell handshakes at about 10/2, which is roughly the same as before (with the linksys) though a little below. No weird packet loss, and no weird disconnects so far. I’m still holding my vote on this one, but it’s looking better.

As for the speed, they just said it might be a bad pair going to my appartment, or that my neighbor got DSL and the pair traveling next to mine up the building, is giving it like.. interference or something. The DSLAM would connect at 18/2.5 if only my end co-operated. Not much they can do about the shitty old copper in my house… Damn it. I guess i’ll just have to wait for the mandatory fiber connection, due no later than 2015

So, i have been having some trouble with my Nebula line. About a month ago, something odd happened, and my line dropped, only to reconnect at about half the speed that it used to be. I called them, they fix something and the speed improves marginally, but i have had no explanation as to why this happened. If i change nothing, how can the speed drop?

According to their technicians, the line should handshake at 18/2.5 mbit/s, but i’m getting about 10/2 mbit/s. So anyway, i said, okay, the upstream improved to about what they said it should be, and the downstream isn’t that important to me anyway. That ticket was closed.. only to be re-opened a few weeks later, when i started having unexpected packet loss. It’s a copper connection so there’s really no reason to have packet loss, especially in this day and age. Not unheard of though, with bad lines etc, so i called Nebula again.

They’ve made a number of suggestions, such as “faulty wiring” (changed), “faulty modem” (also changed, more on this later), to “a bad copper pair to my apartment from the building phone board”.

So far i’ve ruled out cables. Nothing has changed there, but none the less, i swithced all cables that i could. No change. I changed the modem now, from a 2 year-old Linksys WAG200G, to a Telewell TW-EA501 (provided by B, thanks). So the Telehell connects at about 9/2mbit so the speed is worse still. I’ve now had it in for about a day, and i’m gonna keep testing it, to see if the problem returns.

If it does, then it’s something with the damn line, and they are going to have to do something about it. The speed.. well, i know the modem affects the speed a bit, but how can i get such varying results? All modems have had their firmware updated, and i have no long extension cords for the phone line, nothing like that. If the copper pair is crap, then i guess i’m fucked (and have to wait for the “mandatory” fiber connection no later than 2015).

This has caused unnecessary downtime for my server, Agamemnon. The gods don’t look favorably on this.

This post will deal with the Alpha4 release of Ubuntu 9.10 “Karmic Koala”, and it’s new features, particularly the functionality of ATI Radeon cards.

I did a clean install yesterday, and this is what i’m liking so far:

• Empathy, the new default IM client is awesome. I didn’t find plugin support yet, but it’s light, and clean. Just the way i like it.
• The boot time is less than 20 seconds on my machine. It’s nearly not enough to go do anything else while i’m waiting, which is a great feature for someone that has to deal with windows vista at work every day…
• Firefox 3.5 ubuntu branded by default. Thanks. That package is missing from 9.04 right now, and while you can still install it, it takes some work to go from the Beta name of “Shiretoko” to Firefox, with icons and everything. It works, but it’s not perfect.

What i don’t like:

• The new default login screen sucks ass.
• While the new 2.6.31 series kernel is a great improvement in many areas, AMD has not yet supported it in it’s binary fglrx drivers (which offer 3d acceleration and the works on ATI cards)

So this will be the topic of discussion today. ATI cards have traditionally been much worse than those of Nvidia on any Linux distro. AMD (ex. ATI) offers drivers called fglrx which provide full 3D acceleration in Linux, and when they are working, the cards can offer great performance. However. When they don’t work, disaster ensues.

When you install Karmic, you’ll get the traditional “Hardware Drivers” dialog, which will say you have a device that requires propietary drivers that weren’t installed by default. Yeah no shit they weren’t. You select your device, you hit install. It downloads the drivers, installs them, makes modifications to xorg.conf, and asks you to reboot. With Karmic Alpha4, i got no download dialog, even if it seemed to do something. The selection of my card remained inactive and grey, instead of the green “activated” button that appears when drivers have been installed. So i thought that the drivers somehow failed (didn’t look at debug or anything). I went about my business, doing an apt-get update && apt-get upgrade, and then rebooting.

To my great dismay, it wouldn’t load gdm at all, but instead displayed an esoteric graphical pattern in the top section of my screen. So, switch to a shell, check out /etc/X11/xorg.conf, and sure enough, fglrx was jotted down as the driver. So clearly, this didn’t work.

To get past this problem, uninstall and clean the fglrx drivers. They are not supported in the 2.6.31 kernel yet, so we need to wait for AMD’s 9.9 series drivers for this. Usually they’ll be out in time for the Beta’s or at least the release, so i’m not fretting.

Run:

aptitude purge xorg-driver-fglrx && dpkg-reconfigure -phigh xserver-xorg && exit

This removes the driver, deletes anything related to it, and runs a reconfigure on xorg.

You should now have a clean xorg.conf. Install the xorg-driver-radeon if you don’t have them (i’m not sure, i think they were installed by default), and then edit xorg.conf and in the device section, set the driver option to “radeon”, if it isn’t.

You should now be able to boot in to a graphical user interface.

Okay dual screens. To make these work, as a “big desktop”, make your xorg.conf look like this. I tried different options, and fiddling around with the “System -> Preferences -> Display” dealio, but that didn’t get me anywhere. It’ll ask you to “automatically set the virtual resolution to match your screens”, but the end result was 2048 x 2048, in xorg.conf, which obviously didn’t work.

Here’s my xorg.conf:

Section “Screen”
Identifier      “Default Screen”
DefaultDepth    24
SubSection “Display”
Virtual 3360 1050
EndSubSection
EndSection

Section “Module”
Load    “glx”
EndSection

Section “Device”
Identifier      “Default Device”
Driver  “radeon”
EndSection

In all it’s simplicity, i made the virtual resolution match the maximum resolutions of my screens set next to each other. I have two 22″ Samsungs, each with a 1680×1050 resolution. So i added up the width resolution and that was it. I restarted X (why does ctrl-alt-bkspace not work anymore?), and went to Display, and then unchecked “mirror displays”, and dragged the screens next to each other. Apply, Ok, restart X. Dual screen.

UPDATE! Video playback works *much* better with the radeon drivers than the fglrx drivers ever did in Jaunty 9.04! I’m playing a FullHD video, in full screen with no tearing (which was evident in 9.04 with fglrx drivers), and no problems. 40 CPU load on one core. 500 megs ram used with a bunch of other stuff on as well.

So conclusions: If you don’t need 3d performance (i.e. compiz, gaming whathaveyou), don’t install the propietary drivers. Stick with the open-source ones!

Yay!

I’ve finally gotten the Pyrit program running and utilizing ATI Stream! I followed these instructions to the letter, though i built RPM from source with the patch for LZMA compressed RPM’s, which did the trick (although, i’ve also read the 1.4.0 beta 2 package of the Ati Stream SDK doens’t have this problem, but anyhow). I think i also had to apt-get some libraries that were missing, but they were listed pretty well in the instructions.

As for building pyrit, i used the instructions in the wiki, that can be found here. I ran in to an error while building the pyrit source, but that was fixed by doing an edit in a file according to these instructions. Fixes for other common errors are in the installation wiki.

So for the order: Install Atistream and Atical according to the instructions in the KB. Apt-get any packages you are missing. Build and install Pyrit, then CPyrit-Stream.

Run the command pyrit list_cores, which should show something like the screenshot below, and then run pyrit benchmark to see what kind of numbers you’re getting on your hardware. I am amazed. Compare the over 8000 PMKs/s (pairwise master keys), with the ~700 of one Phenom II X4 940 cores. Look at those results (yes yes, synthetic benchmark..):

List cores and Benchmark on my Radeon 4850 (and Phenom 2 940)

You’ll note that it only shows three of the four cores on my Phenom, this is a feature. For every GPU core that it handles, it saves one CPU core for scheduling tasks.

A man can always dream… That there is about 3000 euros worth of hardware  (four Nvidia GTX295′s, a motherboard to support 4 Pci-e cards, processor, memory.. i guestimated). 80 000 PMKs / s (or half of that, depending on how you read the benchmarks). It seems to see the cards as two cores each.

Edit for 15.8.09 – I’m working on a proper howto for this thing since the internets seem not to have a coherent guide for a current ubuntu version. The 8.04 guide is great, don’t get me wrong, but i think it could be more complete. I’ve also e-mailed AMD to ask about providing .deb packages on my / their site, and or publishing the new howto.

Okay, so since i just got the new graphics card (an ASUS EAH4850), i wanted to try out some of the GPU computing possibilities of the card. The Pyrit project exists to take advantage of multiple GPU computing platforms, such as Nvidia CUDA, and ATI Stream, so i decided to give that a whirl.

I downloaded the Pyrit and the Ati Stream packages from the Pyrit site. I found out i also need the ATI Stream SDK, which can be obtained from the AMD site. The thing to be noted here is that there is currently only support for RPM based systems, such as Fedora, CentOS etc. So of course, i thought, “Alien!”, the package converter. I apt-get’ed Alien and RPM, and got working on the thing.

You download the package, which is a .tar.gzip file. Unpack the file to get to the .run file. The run file can be exectured simply with ./filename.run. This should result in the script from the .run file being executed. It’ll fail shortly after the EULA, or it did on my x64 system.

I opened up the run file, and commented out the part where it deletes the temporary folder where it extracts the actual RPM file (and before that, tries to run rpm on the file, which fails).

#!/bin/bash
echo “ATI Brook+ SDK Installer”

TMP=”atibrook”

HERE=`pwd`
DST=/usr/local
FOPEN=”more”
RPM=”alien”

#Extract archive into /tmp/atibrook
echo -n “Extracting archive…”
dd if=$0 of=/tmp/${TMP}.tar.gz bs=1 skip=16384 >& /dev/null
echo “DONE”
mkdir /tmp/atibrook
cd /tmp/atibrook
echo -n “Uncompressing package…”
tar -xzf ../${TMP}.tar.gz
echo “DONE”

#Accept EULA
${FOPEN} EndUserLicense.txt
echo -n “Do you accept this license agreement? [y/n]: ”
read agree
if test A”$agree” = Ay -o A”$agree” = AY; then
echo “You accepted the license, continuing installation.”
else
echo “You declined the license, aborting…”
rm -rf /tmp/atibrook
rm /tmp/${TMP}.tar.gz
exit
fi

#Install via rpm
echo “”
echo -n “Select a path for installation [default]: ”
read USERPATH

if test “$USERPATH” != “”; then
echo “Using ‘$USERPATH’ for directory prefix.”
echo “”
echo “Installing package via RPM…”
$RPM –prefix=$USERPATH /tmp/atibrook/*.rpm
else
echo “Using default directory /usr/local/atibrook”
echo “”
echo “Installing package via RPM…”
$RPM /tmp/atibrook/*.rpm
fi

#### THIS PART I COMMENTED OUT SO IT LEAVES THE RPM INTACT ####

#Cleanup
#echo “”
#echo “Removing Temporary Files…”
#rm -rf /tmp/atibrook
#rm /tmp/${TMP}.tar.gz
echo “Exiting installation…”
exit

So the result is that in /tmp/atibrook you now have the rpm file.

Running Alien against it results in an error about rpm.pm on line 155. Something relating to perl, the complete error is:

Installing package via RPM…
Unpacking of ‘/tmp/atibrook/atistream-brook-1.4.0_beta-1.x86_64.rpm’ failed at /usr/share/perl5/Alien/Package/Rpm.pm line 155.
Exiting installation…

Now, i have no fucking idea how to fix it. Looking at line 155, it relates to the cpio command not working properly, but how and why and what the fuck? I’m not a developer. I’ll need to show this to someone, like B, maybe he can figure it out.

I also tried instructions i found on the AMD Developer Forum (requires registration). These detail the use of rpm2cpio, instead of alien, but that doesn’t work either. The RPM seems malformed somehow. Perhaps as a result of it being made with a specific tool (the name of which escapes me), which creates files that are unreadable by rpm2cpio.

Blargh. I’m gonna run a Fedora 11 live CD soon, and see that it actually works. Get some numbers off this thing. It’s supposed to do 7800 PKM’s, which is a lot faster than for instance an Intel I7 920. Sweetness.

I recently got a second Samsung 226BW from a friend, and i wanted to find out whether it had the S or the A panel.

Background

So what’s this hokum-pokum about different panels? Well if you ask Samsung, nothing.  Nowhere do they state who their panel manufacturer is. So why would people get angry about two different panels then? Well, because there are differences. The inferior A panel, is called AU M220EW01. While it does conform to the promise of 3000:1 dynamic contrast (in reality a bit under 1000:1 actual contrast), response time (while the A panel is supposed to be 5 ms, it does conform to the 2ms promise made by Samsung). The main difference comes with the colors. The A panel is clearly blue-heavy, i.e. the picture is leaning towards the blue. Also, the colorspace isn’t as wide as with the proper S panel. The S panel has a truer color space than the A. This means that if you’re working with graphics or something that requires true color output, you need to make sure you get an S panel Samsung.

I’m not too well versed in the technical details, and i’d rather not repeat what someone else said, and sound smarter than i am, i’ll link to the most comprehensive comparison i could find on these two variants. Here’s the link to BeHardware who did an absolutely amazing job on this thing.

The Service  Menu

Until hackers found the service menu, Samsung had absolutely nothing to comment on this issue. People were claiming that reviewers were sent pre-calibrated S-panel screens, while some consumers were stuck with the far inferior A panels.

After this, Samsung i guess just said, nowhere do they promise specifics about the panel, except for certain specs. But for people looking for the reviewed goodness of the calibrated S panel, the A panel might be quite the disappointment.

You can access the Service Menu on your Samsung 226BW in the following manner:

1. Set Contrast and Brightness to 0 using the regular menu.
2. Close the menu after this, then open it again.
3. Press and hold the source button (second from the right).
4. Tadah. You now have a service menu on the screen.
5. Close the screen using the power button, then power it on again to kill the service menu.

The service menu shows you all kinds of details, such as a lifetimer (how many hours the panel has been on), and how many times the device has been power-cycled. The item we are interested in is the panel manufacturer.

Identifying the S and A

There are two ways to find out which panel your screen has.

1. Look at the back side of your screen. You’ll see the sticker with the serial number and other stuff on it. Look for an S or an A behind the model name.
2. If this doesn’t work for some reason, look up the service menu and look at the panel manufacturer:

• A panel will have AU M220EW01
• S panel will have AMLCD 220M1

I’m stuck with an A panel, what can i do?

Well, if you look through the BeHardware article, they’ve made a spiffy color profile, and detailed some of the settings you can do to remediate the issue. I’ll sum them up:

• Select the internet profile using the down arrow key while not in the menu.
• Set contrast and brightness to comfortable levels
• Download the color profile and install it according to instructions in the article, page 2.

They even list manual settings if you don’t wanna calibrate using a color profile, or you are not using Windows. This is on page 3 of the article.

I actually did all these, and the picture improved noticeably, though i can’t say anything for actual measurements, as i don’t have the spiffy hardware that the guys at BeHardware had. But i’m pleased, not as much as with the S panel, but happy none the less.

Sources: 1) BeHarware – Samsung 226BW A and S series: The Verdict

Alrighty then. I had the wonderful opportunity to get a lightweight UPS from my good friend G, who has no need for one. It’s a Powerware 5110, with a USB interface, surge protection and RJ-11 filtering.

That puppy is now hooked up to Agamemnon, the main server on my network. The server has dual power supplies, so im not sure how the proper way to hook it up would be, but the way i did it now is, one power supply is hooked up to AC power, the other through the UPS. I pulled out the AC power one, and then the UPS AC power cord, thus leaving the server on one power supply and the UPS battery. The UPS started beeping to tell me it’s running on batteries, but the machine worked like a charm.

I also added a 146 GB RAID-1 array, called /dump, for general file storage for my users and myself. The one disk apparently is faulty, so i’ll need to swap that fucker out today. Lucky it’s RAID1