Wednesday, December 20, 2006

x11grab in ffmpeg svn

Edouard Gomez did a great job on pushing my x11grab patch into ffmpeg. He smoothed all rough edges ranging from my blunt ignorance of the ffmpeg coding guidelines to obvious hacks without any remorse.

The patch series hit ffmpeg svn on 20061212. Get it from here. You have to run configure with --enable-gpl to get the GPL-ed x11grab implementation.

To actually start grabbing, run

ffmpeg -vcodec mpeg4 -qscale 2 -r 10 -vd x11:0+0,0 -s 1280x1024 whatever.avi

You might replace 1280x1024 by your actual screen resolution.

Saturday, December 2, 2006

Headache and ion

Free-as-in-beer cocktail parties, bad idea. Headache in the morning. So I thought while I'm there, I can take advantage of my headache and code C.

Here is an update to my XFT branch of ion3, this time as darcs patch and as regular patch for distro maintainers.

Thursday, October 5, 2006

New x11grab patch for ffmpeg

Courtesy of Edouard Gomez, we have a new x11grab patch for ffmpeg. According to his mail, the following things are new:
  • use av_log, no fprintf

  • remove unnecessary strdup of ap->device

  • some cleaning and code homogeneity

  • rebase on current (~20060902) ffmpeg SVN

Grab it here. This patch includes bug fixes contributed by Ali Servet Donmez. Thanks both of you!

Friday, June 30, 2006

Beyond my expectations

Whenever you are tempted to say something controversal, you can
relativize your statement a bit like "Personally, I think that ...",
"From my point of view.. ", or even better "It can be argued
that...". You do that to prevent steering up dust. Well, for the
following statements I won't need such things:

The Common Lisp Workshop was a huge success. Success in terms of
people attending the workshop. Success in terms of people hacking
Common Lisp. Success in terms of progress parts of the audience made
despite the task I have choosen was way to big for a one hour

Actually I should say 3 1/2 hour workshop. I talked for twice the time
I planned for and was surprised that both parties involved sustained
this: First, that I am able to concentrate for such a long time on
talking sense about non-trivial ideas, second that the audience
appearently was able to listen to me.

I hope to repeat this workshop somewhere sometime (if you are
interested just mail me), but as in this very moment in your personal
time dimension there is no workshop happening (presumably because you
are looking at a website), I put the course material online

Tuesday, June 13, 2006

Common Lisp Workshop

I will give a Common Lisp Workshop for novice Common Lisp
programmers. Everyone in reasonable driving range of Vienna is invited

MetaLab -
Sunday, 25th of June, 18:00-20:00.

Features: 45 minutes presentation of Common Lisp basics, break, 1 hour
hack your own tic-tac-toe. For the later workshop part, it is
necessary to bring your own laptop! Nothing else than an ssh client
is required.

The workshop is intended for programmers with experience in other
languages but no experience in Lisp. The event is free.

Wednesday, June 7, 2006

Welcome LiLA!

Hamburg, April 2006. A few guys, a bar, and liters of cheap
water. The right soil for male talk when no girls are
listening. Right, it's all about Common Lisp.

I was attending ECLM06 and with me more Austrians than
anticipated. After a quick hello, the idea was clear. We need to plan
planning a strategy for the subversive infection of our fellow
countrymen with the fruits of the theoretic work around the Lambda
Calculus: Lisp!

After the regular phase of idleness, and occassional real life
contact, I came up with the cute name LiLA, for Lisp Lovers
Austria. But the name was found to be revealing on our true nature,
and "Lovers" was substituted by the more neutral word "Lab" (thanks
for the suggestion Patrik!). <Add more idleness here>, and right
after that went online!

Our name, Lisp Lab, also fits neatly with a project we are associated
with: metalab. metalab is an open center in the heart of Vienna, providing us with space and infrastructure for our meeting and events.

Talking of events, there will be Common Lisp Introduction workshop in
metalab soon. I'm aiming to hold a two hour workshop consisting of 45
minutes talk, break and one hour hacking on your game-theorically
perfect tic-tac-toe implementation. For the latter, we can also go for
a more stupid computer player, otherwise playing and knowing the game
will end in a draw is no fun.

Watch this site for a date/place announcement of the CL intro.

Thursday, April 6, 2006

cryptsetup 1.0.3

Finally, cryptsetup-luks 1.0.3 is out.

It's somewhat hard to do a release when you not interested in doing it
at all. But someone has to do it. I hope that this release will do it
for the rest of the year.

Unless something grave happens (for instance, SISWG happens to adopt
LUKS as hard disk encryption standard), I don't have plans for further
development. The reason is that there is little room for substential
improvement at the layer LUKS is at. Integrating encryption at file
system level gives you features that are unattainable at block level
(see Plausible Denial article in this blog).

So, whenever you encounter a bug or undesired behavior, please try
hard to diagnose them on your own or -- even better -- provide a
patch. With the growing user base of LUKS, I simply can't devote
lifetime for user support. Please use your distributions mailing lists
as community based support forum.

Thursday, March 30, 2006

Plausible Denial

Every quarter of a year, worried postings appear about governments and law enforcement on the hard disk encryption mailing list I'm subscribed to. The solutions are different every time but the problem stays the same: "Rubberhose attacks". This term is an elegant description of the attack path that works without ever touching cryptography: torture.

Torture involving a rubberhose is unlikely to occour in modern socities. Nonetheless, there are equally effective measures if needed. This fear gives rise to ideas like this: "The data should be destroyed when I type a special panic passphrase" or "store the hard disk encryption key on CD and break the CD when in trouble" or "stripe the partition of any sign of encryption header". They have the same goal: remove intention to torture the key owner.

To save a bit of your time I take this shortcut: THEY ARE ALL BROKEN and to figure out why is left as an exercise to the reader.

Instead, you need three things to avoid rubberhosing.
  1. Avoid any metadata that hints the existence of data.

  2. Use steganography.

  3. Provide a plausible explanation for using steganography software.

Let me elaborate these points.


Don't store a shell history, don't use "Recent Document"-like features, don't use programs that create things like thumbnail caches. Make sure your disk access pattern is uniform.


"Steganography" can also be read as "hide data within other data". Files are the most uniform and convenient way of storing data. Unfortunately you can't hide arbitrary files in arbitrary other
files, as the format will vary. But you can hide file systems in the free space of other file systems. In fact, if you store something in the free space, it won't be free space anymore. But without the right access token (password), thinking of this space as anything but free space is big no-no.

Think again of rule number #1 "don't let any metadata hint the existence of the data you want to keep secret". Hence in any such layered file system implementation, the outer file system must known nothing about the inner file system and it's management algorithms must regard space occupied by the inner file system as free space.

Potemkin Cities

This concept must be stackable. The file system layering must be able to grow infinitely deep. Again this is because of rule number #1 - the metadata rule. Do you think that the man with the stick believes that you don't have anything to hide if you use software that is made for hiding data? No, of course not. The installed software is metadata itself and as its existence can't be removed from the system obviously, you need to provide a plausible explaination.

Now, here is the point where your creativity comes in. You need to build Potemkin Cities. You need to build a fake data repository that is private enough that others would buy that you have a strong interest in keeping these fake data private. If you are a spy that poses the launch codes of intercontinental nuclear missles, it would be wise to put pornographic pictures on the middle layers that depict you cheating on your wife (that is surely part of your cover-marriage).

Facing torture, you reveal access to these potemkin cities and therefore provide an explanation for using encryption software. As the same principal "don't hint metadata about the more inner layers" applies to the middle layer, the attacker has no way of knowning how much layers are left in the free space he seeing. He only sees this space shrinking with every key you reveal (I strongly suggest that you only reveal a single key, because this looks most innocent -- at least to me).

You can't do that

There is no such system -- at least none that I know of. You need to implement these things at file system level, as the free space must "flow" between the layers dynamically. Whenever you write to this file system, you must provide the keys to all file system layers, otherwise new files might be written into locations that are marked as free (remember the requirement that the outer layers must know nothing about the inner layers) but in fact contain data.

The most hardest thing to conceil -- in my oppinion -- is the hardware usage pattern. Every write request to the disk leaves magnetic traces that might be analysable. The steganography file system software must schedule disk writes in a way that will yield a uniform disk writing pattern. That's a tasty requirement, right?

Update: There seems to be such a file system for Linux. Unforunately, outdated.

Sunday, March 12, 2006

ion-therp updated

I had troubles with improper window embedding in firefox, so I decided
to upgrade my dusty private branch of ion to 20060305. Get it here

There are a few changes concerning XFT support. First, the seperate
draw engine code of xftde was merged back into the regular de. XFT is
now a compile type option to configure (enabled by default) and about
40 #ifdefs embedded in the de/ source files.

The consequence for you is that you do not have to rewrite your
look configuration to refer to xftde. So, it's "de.defstyle" again,
instead of the old "xftde.defstyle". This is pretty neat as XFT also
understands X11 font specifiers and so your old configuration will
work right out of the box, but now with proper XFT rendering beauty.
To use XFT font specifier, prepend "xft:". For instance, "xft: Sans-10:weight=bold".
Here is sample config using XFT font specifiers (using the "Sans" font; will map to
Bitstream Vera Sans on most systems).

My branch also contains my key synthesizer patch, see
my patch post.

There is also a semi-tested ebuild available for Gentoo, get it here.

Update: Tom Payne, the Gentoo maintainer of ion, pulled the XFT part of ion-therp into the official Gentoo ebuild. See his posting.

Tuesday, February 21, 2006

CLIM Screencast - Installation and Hello World

Finally, I was able to do my first CLIM screencast. It's about
installation and writing a little hello world program to give the
viewer a starting point for exploring McCLIM.

The intended audience are developers that have never seen McCLIM in
action before and that need guidance with the Installation and their
first Hello World steps.

Get it via bittorrent:
CLIM Screencast - Installation and Hello World.torrent
. (Please do not link to this torrent directly, as I might change the way I intend to distribute it, please link to the permalink below. I will update this entry when I move things around.)

In the video, I forgot to mention that you can use:

(define-key slime-doc-map "g" 'clim-lookup)
to bind clim-lookup to a key in Slime. Typing "C-c C-d g" will then
invoke clim-lookup. And also here is the code fragment to run
hello-world without the SLIME object pasting magic I unintentionally
used in the video:

(run-frame-top-level (make-application-frame 'hello-world))
Update on video codec: I'm using a regular ISO MPEG-4 encoder. You
will be able to decode this video with any MPEG-4 decoder, but
sometimes (older player have that issue) they do not recognize the
video as MPEG-4 as it contains the new fourcc for ffmpeg. (Background story here.)

Windows users should install a recent version of ffdshow. *nix user can grab a recent version of mplayer. VLC should work as of version 0.8.4.

cryptsetup-luks 1.0.2 out

A new version of cryptsetup-luks is out. Get 1.0.2 at

Saturday, February 18, 2006

New LUKS spec has an update to the LUKS specification. Changes:

  • Added precise AFsplit specification.

  • Removed lrw-plain mode spec as the LRW standardization process is not about to be finished any time soon; will be reintroduced when a normative documentation is released by SISWG.

  • Extended introduction text.

Thanks to Sarah Dean for providing valuable feedback with respect to the AFsplit specification.

Thursday, February 16, 2006

Beautiful XEmacs

XEmacs becomes beautiful. Courtesy of Stephen J. Turnbull, we enjoy
beautiful subpixel rendered fonts in XEmacs. 21.5.24 is the
first release after the sjt-xft branch was merged MAIN.

I suggest to read the release notes to
get an idea how to enable Xft. It's not on per default. You can also
cut&paste my configure "line":

./configure \
'--with-cflags=-march=i686 -fno-strict-aliasing -O2' \
'--disable-error-checking' '--with-png' '--disable-debug' \
'--with-jpeg' '--with-tiff' '--without-gnome' '--with-xpm' \
'--with-xft=emacs,gauges,menubars' '--with-zlib' '--with-xface' \
'--with-athena=3d' '--enable-pdump' '--enable-dump-in-exec' \
'--enable-bignum=gmp' '--enable-menubars=lucid' \
'--enable-scrollbars=lucid' '--enable-dialogs=athena' \
'--enable-widgets=athena' '--without-gtk' '--enable-mule'

To get the same look as on the screenshot, drop that into your .xresources (and make sure they are "xrdb -merge"-ed).

XEmacs.modeline.attributeFont: Bitstream Charter-12
XEmacs.modeline.attributeBackground: gray
XEmacs.default.attributeFont: Bitstream Vera Sans Mono-12
XEmacs.default.attributeBackground: white

Wednesday, February 15, 2006

Screencasting for X11: an FFmpeg screen recorder

vnc2swf, vncrec, xvidcap. Either they can't record audio (vnc2swf,
vncrec) or they can't keep audio in sync (xvidcap). xvidcap is the most
advanced utility but it seem rather unmaintained and I also dislike
the internal code structure (amorphic functions that behaviours
strongly depend on semi-global state variables).

ffmpeg already comes with grabbing code, but only for V4L. The
requirements are not so different from X11 grabbing, so I decided to
hack a new X11 grabber into ffmpeg (after verifying that ffmpeg does
correct A/V syncing).

The result is a working mixture of videograb.c of ffmpeg
and capture.c/xtoffmpeg.c of xvidcap. I'm now able to do screencasts
from X11 where I'm able to comment the things I'm doing via

Here is the patch for ffmpeg-0.4.9-p20051216: ffmpeg-x11-screen-recorder.diff

Compile like:

./configure --enable-x11grab --enable-gpl

Run like:

./ffmpeg -vcodec mpeg4 -b 1000 -r 10 -g 300 -vd x11:0,0 -s 1280x1024 test.avi

The -vd option is required. The two values following the colon
describe the left upper coordinate of the grabbing region. The -s
option describes the grabbing size. I'm using a frame rate of 10fps
(-r 10) and a group size of 300 frames (so you have an intra frame
every 30 seconds).

Thursday, February 9, 2006

#cl-gardeners: a channel for Lisp newcomers!

#lisp on FreeNode is home for many experienced
CL wizard, and not primarily a place for asking trivial lisp newcomer
questions. Of course, not all of these questions are valid. Some of
those people joining #lisp simply want to get their homework done
(preferably by others). But sometimes there are people that seriously
want to learn Lisp. Every single one that is not sucked into the
Common Lisp community is a loss that might not be quantified. And
selfish as I am, I simply dislike the idea that there are any
obstacles for lisp newcomers to start writing lisp code that someday I
might be able to use :).

Now we have a channel, where newcomers can ask question and eventually
get answer by newcomers. It is #cl-gardeners. You don't have to
fortuneteller to predict that sometimes newbies can answer questions
by other newbies better than an experienced CL. And in most cases,
both parties gain knowledge. The unexperienced newbie by getting an
answer, the semi-experienced newbie by repeating his partially
acquired knowledge; you'll find that learning technique in every
serious "teachers handbook".

However, CL wizards that are in a mood for providing help to newcomers
are invited to join #cl-gardeners to share their experience. This
gives #lisp the opportunity to send help seekers to #cl-gardeners when
#lisp is busy with more important stuff or simply doesn't want to give
an answer. (This is also the reason why #cl-gardeners should be on the
same net as #lisp.)

So, if you are interested join #cl-gardeners on FreeNode. Lurking and
idling is totally ok, and actually desired. Please consider
#cl-gardeners as candidate for your autojoin list.

Monday, February 6, 2006

A Guided Tour of CLIM (draft)

is my update to A guided Tour of
, an article that was published in ACM's Lisp Pointers in
1991. This is a draft, so feedback is appreciated. The latex source of
this article is maintained in the McCLIM