You might remember a while back, i posted some entries about using your ATI GPU to do some number-crunching for you. Specifically, Pyrit can be used to break the PMK or Pairwise Master Key of a WPA protected WLAN. Pyrit can use both ATI and NVIDIA cards (plus some others); this entry will deal only with ATI, since i have an ATI Radeon 4850.

Prerequisites

Let’s get started. The platform that i have for doing all this is as follows:

• ATI Radeon HD4850 graphics card (Asus brand, 512 MB memory)
• Gigabyte motherboard with AMD790 chipset
• AMD Phenom II X4 processor
• 4 GB DDR2 memory
• Ubuntu 9.10 64-bit clean installation
• Latest fglrx drivers from ATI, installed using the System -> Administration -> Hardware Drivers
• Kernel is 2.6.31-16

To start out, i installed the following packages (packages are in the ubuntu repositories):

• binutils, build-essential, libssl-dev, python-dev, zlib1g-dev, libzlcore-dev

There shouldn’t be other dependencies, but do download anything that apt suggests with the aforementioned packages. After this, you need to install the ATI-stream packages, which is split into two parts: Atical and Atibrook. The files can be downloaded from ATI’s site, but installation may be tricky. I used alien to convert the .rpm packages to .deb packages, which worked somewhat well. I’m not brave enough to distribute the .deb’s i made on this site, as i never heard anything from ATI when i asked about this. Sufficed to say it can be done and wasn’t too hard, since i managed.

After this you can go two ways. Either install the stable 0.2.4 packages of Pyrit, or go the SVN route, and get the very latest builds (revision 193 or 0.2.5-dev at the time of writing). In either case, the process is the same, but the SVN is always the “latest”, which doesn’t necessarily translate to “most stable” or even “working”. I tried SVN, because i had an issue (which later turned out not to be Pyrit’s fault, more on this later).

The SVN-way:

Install a svn client by doing:

sudo apt-get install subversion

Go to your home directory, or other location where you have write privileges. Run the following command:

svn checkout http://pyrit.googlecode.com/svn/trunk/ pyrit_svn

It will create a directory called pyrit_svn where you are, and download the latest source-code. To update this later, run:

svn update

You will end up with a directory-tree that contains everything in the pyrit project. The ones we are interested in now are the directories called pyrit and cpyrit_stream.

From here on the instructions continue the same way, whether you got the SVN or the stable code.

Compiling Pyrit

If you downloaded the packages, open them up and place them for instance in your home directory. First, enter the directory called pyrit and run the following command:

python setup.py build

If that succeeds, and you don’t see any errors (it should be pretty quick), type in the following command:

sudo python setup.py install

You should also get no errors from this before moving on.

Compiling cpyrit_stream

Now we’re compiling the ATI Stream component of Pyrit (as opposed to CUDA for Nvidia cards). Go back to the directory you unpacked the stream files (or the pyrit_svn directory if you downloaded that), and enter the cpyrit_stream directory. Run the same commands as you did with Pyrit main, i.e python setup.py build and then sudo python setup.py install.

Note! You will probably hit a glitch here, as i have done every single time i’ve compiled Pyrit. These are known issues, which are adressed in the following way:

You’ll get an error that says something about:

/usr/local/atibrook/sdk/include/brook/CPU/brtvector.hpp:190: explicit template specialization cannot have a storage class

There’s an error in two files (with the latest version of Linux Kernel/ATI drivers, i’m not a developer so i can’t say what changed, but these changes were necessary) that need to be corrected before you can compile cpyrit_stream.

You need to locate and open the following file: /usr/local/atibrook/sdk/include/brook/CPU/brtvector.hpp

Inside this file, find the following line: #define SPECIALGETAT(TYP) template <> static TYP GetAt (const TYP& in,int i) {return in;}

From this line, remove the word static. Save and close the file. Do this as sudo, because atistram is installed somewhere where you probably don’t have write permission.

From the same directory, open as sudo the file brtarray.hpp, and in the beginning of the file, find the line or lines that start with include, and add the following there:

#include cstdio (with cstdio inside < these > characters)

Save and close the file. cpyrit_stream should now compile perfectly. If you have doubts, replace the word build with clean, and then start the compilation again.

After this, add the following lines to your .bashrc .bash_profile .profile file (s). I frankly don’t know which of them is the effective one, but the idea is to load this when you load your profile. We want to add a few variables so that Pyrit can execute the ATI stream code successfully.

export LD_LIBRARY_PATH=/usr/local/atibrook/sdk/lib:/usr/local/atical/utilities/lib64:$LD_LIBRARY_PATH
export PATH=/usr/local/atibrook/sdk/bin:$PATH

Additional problems & Testing

You should now have a working Pyrit that can utilize ATI Stream. I ran in to some more problems at this point, but i was able to solve them with the help of the internets.

Next, try seeing of you can locate the GPU using the FindNumDevices which should tell you that you have one device ready, or the number equal to the amount of GPU’s you have. The bin is inside /usr/local/atical/bin/lnx64 in my case, and you can run it with ./FindNumDevices.

Note! At this point i ran in to a segfault, which is caused by the fglrx driver and the PAT option being enabled in the kernel. You can try the command, and see what you get, but if you get a segfault, see the next chapter.

Your output should be like this:

Supported CAL Runtime Version: 1.3.185
Found CAL Runtime Version: 1.4.427
Use -? for help
CAL initialized.
Finding out number of devices :-
Device Count = 1
CAL shutdown successful.

Press enter to exit…

Where the device count is .. what i said before.

If you get this, you are ready to try out Pyrit. Type in pyrit list_cores to see the devices available for calculation use in Pyrit. You should get your processor cores minus one, and your gpu(s).  My output looks like this:

Pyrit 0.2.5-dev (svn r193) (C) 2008, 2009 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3

Connecting to storage… connected

The following cores seem available…
#1:  ‘ATI-Stream device 1′
#2:  ‘CPU-Core (SSE2)’
#3:  ‘CPU-Core (SSE2)’
#4:  ‘CPU-Core (SSE2)’

You can now run pyrit benchmark to see what kind of processing power you are looking at. Refer to the pyrit site for a more complete howto of the program. The benchmark command will give you the amount of PMKs per second that the different cores can do. In my case, the output was something like, 8400 PMKs/s for my Radeon, and around 700 PMKs/s for each of my Phenom cores.

Troubleshooting the Segfault

Starting out according to the instructions on various sites (mainly the Pyrit site), i ran into a segfault with both pyrit list_cores and ./FindNumDevices. It wouldn’t execute at all. Running list_cores as sudo, i didn’t get the segfault, i got my four Phenom Cores  (and no Radeon cores anywhere).

I found exactly one (1) result with google, but that got me in the right direction. It has something to do with a problem between PAT and fglrx, PAT being Page Attribute Table (yeah, i googled that..). To get rid of the problem, pass the nopat option to the kernel at boot. If you haven’t done this before, boot your machine, and when you get to to grub, hit e to edit the commands being run.

Locate the line which has the boot command, and at the end of my line (my line ended with the options quiet nosplash) so i made it quiet nosplash nopat and hit ctrl-x to boot with those commands. You can edit your grub to always start with nopat, but i will not get in to that here.

After this, both ./FindNumDevices and pyrit list_cores ran like a charm and produced the end-result i was looking for, that is, using your GPU to chip away at some pesky PMK.

This is just an expansion and update on the great instruction in Pyrit’s wiki, but other sources were used as well!

So, i got the recently (1.10.09) released Beta of Ubuntu 9.10, and i’m happy to report that the propietary drivers for ATI work fine now, so you can get 3D acceleration. Screenshot below.

If i read this correctly, it works.

So okay, you have a problem with there being no utility for configuring how many lines you scroll at once in ubuntu? Shit, i mean, how can this still be missing? There’s no gui for configuring it, and doing it by hand in xorg.conf is a pain too.

So in Firefox, the default becomes one line per scroll. This isn’t satisfactory when you want to surf porn effectively, or scroll 4chan without having your eyes burned out. So to fix this you’ll do the following:

1. Type about:config in the address bar in Firefox
2. Accept the yabber about being careful (if you haven’t used this before)
3. In the search-field (at the top), type mousewheel.withnokey.sysnumlines and set that to False (double click the value field)
4. Again in the search-field, type mousewheel.withnokey.numlines, and set the value (default is 1, for one line at a time), to whatever you want. Personally, i use 5.
5. Close the tab with about:config. Changes take place immediately.

So it’s time for another story time with uncle grelbar. This time, i’m going to deal with.. well, car dealerships. This is a story on how they’ll try to fuck you over, but how you can, at least in my case, walk out as a winner.

My story begins with a standard annual service for my 2003 Nissan Primera station wagon. I bought it from Autokeskus Konala (Finnish Nissan/Dodge/BMW/Mini dealer) a few years ago, and i’ve been servicing it there as well, to maintain a good service record. So far, i’ve gotten excellent service, from the very start of our relationship. But this time was different.

I paid for my service on the 14th of September, got my keys, and went out to get my car from the lot. I was rather surprised that the key (which had been working flawlessly for two years), now suddenly would not open the doors. I went a bit closer, and the same thing: the doors wouldn’t unlock. So, i open the door with the actual physical key (shit, i can’t remember when i’ve last done that with a car!), and got in. Put the key in to the ignition. No start. Not even a peep out of the engine or ignition. No blinking red light in the dash (to indicate car is not running, etc.). Notice the lights are on, and that the battery is dead due to this.

At this point i’m starting to realize that i’ve been fucked over. I’ve just paid several hundred for my service, and my car is dead in the dealership parking lot. Not nice. I walk back in to the place, and ask what the hell is up. The guy, one guy, looks a bit tired, it’s probably the end of his shift. He asks for my license place and checks for what was done with my car. He instantly says “Nope, nothing in here explains a broken key. We don’t really have anyone working here who can help you at this hour (a bit before closing). Maybe the battery is dead?”. So, i mutter some obscure Norwegian curses, and head for the spare-parts section.

I buy a new battery, of the typ 2025, for 1,80€. Pay for the battery. Go out. At this point it starts to rain. Car still does not open with the remote control. I’m getting increasingly pissed off. I call my dad, who comes and helps me with starter-cables (since nobody at the fucking dealership offered their help), and the car starts right up. Key is still dead. I walk back in to notify the service guy that i’d be contacting them about this fuckup later).

Drive home. Try our spare key, which works fine. Call the dealership the following day, telling them that i had some problems with my previous service, and that i needed to talk to someone. Nobody was apparently available, so i left a message, with a request to call me. Three days pass, nobody calls me.

I send email to the head of the service department. Wait 10 days for a reply. Guy says that the coding of my key might have gotten scrambled when the battery was drained by some incompetent fuck who left the lights on. Seemed like a good explanation, except, why would my spare key work? The dead battery in the car somehow remotely broke the other key? Okay. He told me to bring it in on the first of October, to have it looked at.

Bring the car over in the morning of the 1st. Get a call in a few hours by some asshat who tells me “The key is broken”. No fucking shit. Also he tells me, that my spare key, which works fine, “also is working a bit badly”. Horse shit. Okay, next he throws the bomb. “A new key is 111 euro. Would you like to order it?”. I told him that this isn’t the way it goes, and that i’d contact his superiors.

I e-mail the same head of the service department who tells me that “The re-encoding which we promised, did not work, so the key is otherwise broken, and we are not liable.”. I complain, and he graciously offers to take the price down to 75 euro for a new key. I tell him that i won’t pay them a dime, since the key broke in their custody.

At this point, i also e-mail the head of customer relations at Autokeskus Konala, and the head of customer relations for the entire company, with the head of service as CC. A day passes. I get a new e-mail stating that the key would be replaced for no cost.

Lessons learned

So, when things fail, complain, and keep complaining up the ladder until you get what you want. But be sure you are right, and that they are wrong.

A car dealership can’t be like the coat-check, where they take no responsibility for anything left with them. When i bring in a car for service, i expect that it comes back in the same, err.. improved condition from the original. What i do not expect, is that my car is dead in the lot, and that my key has been broken by some asshat. Or that management gives me the fucking dick when i ask to fix what they broke.

Autokeskus Konala was on the Kuningaskuluttaja (“King Consumer”, a program about consumer rights) program, about ripping off some other consumer. I guess the fault in this one lay with Nissan, but in any case, this isn’t something we should just swallow and complement the taste. Consumers are being fucked over everywhere, by unscrupulous businessmen who know that if they push a consumer far enough, they’ll give up, because litigation, in many countries, is too expensive, or not an option.

But what we can do, is talk about it. Write a few blog posts, maybe e-mail your correspondence to a few news outlets. Talk to your friends. Sure, a blogpost, in the big scheme of things, is meaningless, unless you run a huge site. But at least you can raise some awareness. If two people learn something out of this, it’s been a good day.

Just don’t give in to unreasonable demands, and keep your eyes open when people are slapping you around with a wet cock. Too many people can just be intimidated, by an authoritative voice, to doing whatever they want you to.

Okay, so this piece of shit program is pissing me off. It blocks sites like www.2600.com, which has *no* harmful content on it. When inquired on the reasons, they have not yet replied (I sent mail from my company account a few months ago). I guess it’s kind of like the government blocklist for “child porn” sites, which can’t be viewed, can’t be challenged, and can only be changed for the worse.

So how to defeat this stupid piece of shit software: Ping the address you want to visit, and type in the ip address instead of the DNS name. Presto. It’ll still complain if the site links to images or other stuff using the DNS name, but you’ll be able to view the content. Office Scan 0, Me 1.

This post will deal with the Alpha4 release of Ubuntu 9.10 “Karmic Koala”, and it’s new features, particularly the functionality of ATI Radeon cards.

I did a clean install yesterday, and this is what i’m liking so far:

• Empathy, the new default IM client is awesome. I didn’t find plugin support yet, but it’s light, and clean. Just the way i like it.
• The boot time is less than 20 seconds on my machine. It’s nearly not enough to go do anything else while i’m waiting, which is a great feature for someone that has to deal with windows vista at work every day…
• Firefox 3.5 ubuntu branded by default. Thanks. That package is missing from 9.04 right now, and while you can still install it, it takes some work to go from the Beta name of “Shiretoko” to Firefox, with icons and everything. It works, but it’s not perfect.

What i don’t like:

• The new default login screen sucks ass.
• While the new 2.6.31 series kernel is a great improvement in many areas, AMD has not yet supported it in it’s binary fglrx drivers (which offer 3d acceleration and the works on ATI cards)

So this will be the topic of discussion today. ATI cards have traditionally been much worse than those of Nvidia on any Linux distro. AMD (ex. ATI) offers drivers called fglrx which provide full 3D acceleration in Linux, and when they are working, the cards can offer great performance. However. When they don’t work, disaster ensues.

When you install Karmic, you’ll get the traditional “Hardware Drivers” dialog, which will say you have a device that requires propietary drivers that weren’t installed by default. Yeah no shit they weren’t. You select your device, you hit install. It downloads the drivers, installs them, makes modifications to xorg.conf, and asks you to reboot. With Karmic Alpha4, i got no download dialog, even if it seemed to do something. The selection of my card remained inactive and grey, instead of the green “activated” button that appears when drivers have been installed. So i thought that the drivers somehow failed (didn’t look at debug or anything). I went about my business, doing an apt-get update && apt-get upgrade, and then rebooting.

To my great dismay, it wouldn’t load gdm at all, but instead displayed an esoteric graphical pattern in the top section of my screen. So, switch to a shell, check out /etc/X11/xorg.conf, and sure enough, fglrx was jotted down as the driver. So clearly, this didn’t work.

To get past this problem, uninstall and clean the fglrx drivers. They are not supported in the 2.6.31 kernel yet, so we need to wait for AMD’s 9.9 series drivers for this. Usually they’ll be out in time for the Beta’s or at least the release, so i’m not fretting.

Run:

aptitude purge xorg-driver-fglrx && dpkg-reconfigure -phigh xserver-xorg && exit

This removes the driver, deletes anything related to it, and runs a reconfigure on xorg.

You should now have a clean xorg.conf. Install the xorg-driver-radeon if you don’t have them (i’m not sure, i think they were installed by default), and then edit xorg.conf and in the device section, set the driver option to “radeon”, if it isn’t.

You should now be able to boot in to a graphical user interface.

Okay dual screens. To make these work, as a “big desktop”, make your xorg.conf look like this. I tried different options, and fiddling around with the “System -> Preferences -> Display” dealio, but that didn’t get me anywhere. It’ll ask you to “automatically set the virtual resolution to match your screens”, but the end result was 2048 x 2048, in xorg.conf, which obviously didn’t work.

Here’s my xorg.conf:

Section “Screen”
Identifier      “Default Screen”
DefaultDepth    24
SubSection “Display”
Virtual 3360 1050
EndSubSection
EndSection

Section “Module”
Load    “glx”
EndSection

Section “Device”
Identifier      “Default Device”
Driver  “radeon”
EndSection

In all it’s simplicity, i made the virtual resolution match the maximum resolutions of my screens set next to each other. I have two 22″ Samsungs, each with a 1680×1050 resolution. So i added up the width resolution and that was it. I restarted X (why does ctrl-alt-bkspace not work anymore?), and went to Display, and then unchecked “mirror displays”, and dragged the screens next to each other. Apply, Ok, restart X. Dual screen.

UPDATE! Video playback works *much* better with the radeon drivers than the fglrx drivers ever did in Jaunty 9.04! I’m playing a FullHD video, in full screen with no tearing (which was evident in 9.04 with fglrx drivers), and no problems. 40 CPU load on one core. 500 megs ram used with a bunch of other stuff on as well.

So conclusions: If you don’t need 3d performance (i.e. compiz, gaming whathaveyou), don’t install the propietary drivers. Stick with the open-source ones!

So i’d like to divert your attention to two things that bugged me this tuesday morning:

1) Outlook 2007 autoproofing. I had a client come in with an Outlook 2007, that automatically made headings out of the first words in a mail. So if you wrote “Hi”, on the first line, followed by a line change, it’d make it heading 1. Annoying as hell, since you probably don’t want the Hi to be size 9000 and bold and blue? So how do you turn this off. I had to google it, and turns out it was a helluva path. So, you go to Tools, Options, Mail Format, then Editor Options, Proofing, then Auto Correct Options, and then AutoCorrect as you type. From there, uncheck the shit you don’t want Microsoft to do for you…. Grr!!!! I actually gave a post-it note to the client with the path there.

2) Nokia Ovi Maps doesn’t detect your phone. So Nokia Maps is now Nokia Ovi maps, since everything Nokia is now Ovi (means door in Finnish). You plug in your phone, make sure you have PC Suite support installed (From PC-suite, go to help, then Install PC-suite support on phone or something). Download Nokia Map Updater from their site (version is something like 3.0 at the time of this writing), and then, you install that and like start it.

It should then detect your phone. PC-suite detected my phone. My phone detected the PC. I could even like..view the messages on my phone in PC-suite. But according to Nokia Maps Updater, no compatible phone was connected. It’d just say “searching for connected phone(s)”, and nothing. It did say “This might take minutes”, but to be fair, i gave it several, to no avail.

So how to get it to see the phone? Well: Switch it off. Then while the phone is off, plug in the usb-cord, then power up your phone. When it has booted, it’ll ask for the “How do you want to connect”, and offer options like PC-suite, Mass-memory and so on. Select PC-suite, then start Nokia Map Updater, and presto. Phone is detected right away without any searching.

So yeah. Activated my phone on twitter, so i can send SMS messages to update my status.

Why, you may ask, would one want to use something as rudimentary as a text message to update your twitter status? Well, one of the reasons is: Data is expensive if you are roaming, or if you don’t have a plan.

Plans are pretty cheap here nowadays. You can get unlimited maximum speed 3G for 12,90 a month, as long as you submit yourself to be a whore of that company for two years. I know it’s very common to be tied to a mobile service provider abroad, but we’re kind of used to not being locked in.

Sure, we have subsidized phone plans as well, that require a 1 or 2 year contract, but most phones i’d wager are still the unlocked kind, with some kind of pay as you go plan, or a plan without a long contract.

But if you’re outside a plan, or abroad, data costs you an arm and a leg. Why? I’m not really sure. I’m not really sure how moving one megabyte of data through the network can cost 1.5 euros (which is the standard going rate for un-planned data!). That’s over two dollars a megabyte! Abroad it can be even more insane, where billing can be by the kilobyte. I heard in Turkey, certain roaming data costs like a euro per 50 kB.. insane.

So in these cases SMS might be a good choice. SMS will cost you the standard rate, which might also be a bit high abroad, but still not as high as data, probably. 140 characters isn’t a lot, and loading the m.twitter.com page (or any other mobile page for that matter), won’t cost you too much, but multiple updates will.

An SMS usually costs you less than ten cents, and even while roaming it’s hardly ever over 30 cents. So if you just want to do a quick update, it might be a better choice than data.

Activation was pretty easy, you just slide in your number, then sms the twitter number with an activation code and you’re done. After that you can just sms that same number and it’ll tweet it. 140 chars though, so not even a full standard 160 char SMS.

Yay!

I’ve finally gotten the Pyrit program running and utilizing ATI Stream! I followed these instructions to the letter, though i built RPM from source with the patch for LZMA compressed RPM’s, which did the trick (although, i’ve also read the 1.4.0 beta 2 package of the Ati Stream SDK doens’t have this problem, but anyhow). I think i also had to apt-get some libraries that were missing, but they were listed pretty well in the instructions.

As for building pyrit, i used the instructions in the wiki, that can be found here. I ran in to an error while building the pyrit source, but that was fixed by doing an edit in a file according to these instructions. Fixes for other common errors are in the installation wiki.

So for the order: Install Atistream and Atical according to the instructions in the KB. Apt-get any packages you are missing. Build and install Pyrit, then CPyrit-Stream.

Run the command pyrit list_cores, which should show something like the screenshot below, and then run pyrit benchmark to see what kind of numbers you’re getting on your hardware. I am amazed. Compare the over 8000 PMKs/s (pairwise master keys), with the ~700 of one Phenom II X4 940 cores. Look at those results (yes yes, synthetic benchmark..):

List cores and Benchmark on my Radeon 4850 (and Phenom 2 940)

You’ll note that it only shows three of the four cores on my Phenom, this is a feature. For every GPU core that it handles, it saves one CPU core for scheduling tasks.

A man can always dream… That there is about 3000 euros worth of hardware  (four Nvidia GTX295′s, a motherboard to support 4 Pci-e cards, processor, memory.. i guestimated). 80 000 PMKs / s (or half of that, depending on how you read the benchmarks). It seems to see the cards as two cores each.

Edit for 15.8.09 – I’m working on a proper howto for this thing since the internets seem not to have a coherent guide for a current ubuntu version. The 8.04 guide is great, don’t get me wrong, but i think it could be more complete. I’ve also e-mailed AMD to ask about providing .deb packages on my / their site, and or publishing the new howto.

Hey!

This was a thing i was debating with a colleague for a long time. There is no official x64 client from Citrix for their XenApps dealio. But! There is a way to install it successfully!

I used Madox.net for a part of this, but the rest was googled by myself. I thought i’d compile the instructions here to avoid problems. So, follow the instructions of Madox.net. As for the certificate issue mentioned, you can search my blog for Thawte, or download any necessary certs and place them in your citrix installation folder /keystore/cacerts.

There are a few remaining problems, namely some 32-bit libs that can’t be found when starting wfcmgr or wfica. To solve these, i found an awesome tool called getlibs. Getlibs gets 32 bit libs as they are needed. You can point it to the wfcmgr program (if you used the default, that’s /usr/lib/ICAClient/wfcmgr), and it’ll sniff out the needed libs, download, install and symlink as needed! It fucking worked! Thanks to cappy, if that’s who made the tool. There are tons of other nifty options for that tool, you could look here for some of those.