Category Archives: Eureka

Flying a spaceship is hard

Growing up as a kid I always dreamt of flying around in space. I watched all the sci-fi shows, and had more make-believe sessions than I can count during my childhood. Never once did I think about exactly how to fly one; I just imagined that I flew one, and that I was damn good at it too.

Last week I came across a flight simulator called Orbiter. In it, you get to fly spacecraft in a realistic physics environment. Now, as an adult I know my chances of flying into space are pretty much nil, but the game basically shattered what glimpse of hope I had left about flying into space. I’ll state the obvious: flying a spaceship is hard. Just getting into orbit is a trick. Make it into a stable orbit? A geosynchronous orbit? Land on a moving target (flying to the moon)? You can’t just point your spaceship and “go” like they do in the movies, you really have to do the math, you really have to know what all the controls do, you really have to have the patience. This simulator may have a “time warp” feature to fast-forward, but real life doesn’t. Space is vast, and this simulator shows it real well.

Now, I knew all these things, I guess it just never hit me how difficult it is. Well, now the fantasy is over, and from this moment forward I’ll watch sci-fi media with even more humorous skepticism. People make entire careers out of flying spaceships, and even then a lot of them don’t get to go up into space. After flying in Orbiter, I have even more respect for those at NASA than I ever had.

Childhood (and adulthood) dream shattering aside, it’s a fun simulator. My only complaint is, when you crash, you ricochet off the ground into an out-of-control spin, there is no explosion. Oh well!


I recently sent an abstract to LinuxCon / Kernel Security Summit, and the other day I heard back from one of the panel members. As I mentioned my thoughts on implementing AppArmor on CentOS/RHEL via LKM, he replied about a project that he threw together called AKARI. It’s a fork of TOMOYO, and inserts into the linux kernel in a very similar way to how I was planning on doing AppArmor, and have been recently been toying with in tpe-lkm.

All I can say is, that’s a whole lot of code I won’t have to figure out 🙂 He’s already solved some of the problems I’ve been facing. I haven’t used TOMOYO before so I haven’t given this module a test yet beyond inserting it into one of my test systems, but so far it appears to work as advertised. As my time permits I’ll throw up a git repo called kmod-apparmor, which contains some of this code, and continue my work on it.

Intercepting glibc functions

The other day I came across an old forum post about logging exec calls to syslog without modifying code anywhere. I was intrigued; I didn’t know you could hook into glibc function calls like this. I wonder how far can this go? Naturally, I decided to take a quick whack at it myself, and I ended up coding a very basic implementation of Trusted Path Execution with it. I got good (although puzzling) results:

Continue reading Intercepting glibc functions