Skip to content
Nov 1 / kkrizka

Non-Linear Fitting Using GNU/Octave And leasqr

I am currently taking the Optics Lab course up at SFU, which means that I have to take some data and then fit some function to it. The preferred way to do that is using MATLAB’s Curve Fitting Toolbox. However I only have limited access to that software on the slow computers in the common room. To work more efficiently, I’ve looked into alternatives that I can run on my laptop. The best choice that I’ve found is GNU/Octave. Octave is mostly compatible with MATLAB, so I can share the bulk of my code with rest of the class. The only issue is that Octave does not have it’s own “Curve Fitting Toolbox”, but instead relies on a single function, found in the optim package, called leasqr. Since there aren’t many examples of using this function, I decided the write one.

The following script creates a set of data following a line and adds some Gaussian noise. Then it fits a line to it, prints out the results including the fit parameters (m,b), covariance matrix and calculated chi square. At the end, it displays the plot of the data points, fitted line and the residuals.

clear all; clf;
% Function that will be fit
function [y]=line_func(x,par)
% Generate a line
% Add some noise to the line
% Perform the fit
% Print out the results
% Plots
hold on;

I won’t go through the code line-by-line, but I want to make a few key points.

  1. The equation that will be fit has to be defined as an Octave function that takes two arguments; an vector containing values of the independent variable (x) and a vector containing a list of parameters (p). The function should return a vector containing the dependent value for each x value input.
  2. The weights parameter contains the weighting information for each data point. In the case of leasqr function, it is vector containing 1/(uncertainity of point) for each data point. This is different from MATLAB, which uses 1/(uncertainity of point)^2.
  3. You can extract the uncertainty of the fitted parameters from the diagonals of the covariance matrix. The simplest way to do this is using the following code:
  4. I could not find if any of the returned parameters are related to chi squared, so I just calculate them myself using the line:
  5. The leasqr function returns a value called the covariance matrix of the residuals. I haven’t found any other reference to this matrix through Google, so please leave a comment if you understand it. It is possibly related to the reduced chi square…
Jun 30 / kkrizka

Linux and Passwordless Login To A SSH Sever

This is a follow up to my tutorial about setting up a secure shell server on an iPhone. The problem with the first tutorial is that you have to type in your password everytime you want to login. This is can get annoying, especially if you connect a lot. For example, you would have to type in your password everytime you sync your iPhone over WiFi or do debugging on it (more on that later). In this tutorial, I will show you how you can set it up in a way such that you won’t have to type in the password. This tutorial should also work with any SSH server (as long as it is not explicitly disabled), not just on an iPhone.

Passwordless login is very good for convenience and it is relatively secure. It works by generating a private-public key on your Linux PC and copying the public key to the iPhone. Then when you connect, the SSH server checks your private key against the public key, and if they match, it lets you in. You cannot compare a public key with another public key, so if someone steals your iPhone, they won’t be able to get in. Heck, you can even post your public key on your website and let others download it. However if someone steals your private key, then they will be able to get in. So make sure to project your private key! To read more about private-public key authorization, read the Simple Wikipedia page.



  1. Make sure you have the OpenSSH client installed on your PC.


    sudo aptitude install openssh-client
  2. Create a private/public key pair using the following command. It will ask you some questions, but just hit enter to accept the defaults. If you already have a SSH key, you can skip this step. By default, the key pair is saved into ~/.ssh/id_rsa and ~/.ssh/, where the .pub file is the public key. That is the one you want to copy. If you saved your key pair somewhere else, don’t forget to edit the location in any of the future steps.
    ssh-keygen -t rsa
  3. Append the contents of the public key into the ~/.ssh/authorized_keys file on the iPhone. The following command does just that. Don’t forget to replace with the IP address of your iPhone.
    ssh root@ "mkdir -p ~/.ssh && echo `cat ~/.ssh/` >> ~/.ssh/authorized_keys"
  4. Try to login to your iPhone. You shouldn’t be asked for the password if everything worked.
    ssh root@
  5. Repeat steps 1-4 on any additional computers that you own and will use to connect to your iPhone. For step 3, make sure that you append the contents of your public keys as a new line at the end of the authorozed_keys file.
Jun 28 / kkrizka

Setup SSH On A Jailbroken iPhone

One of the advantages of having a jailbroken iPhone is that it is possible to setup a Secure SHell server (SSH) on it. SSH gives you access to the underlying Unix system. If you do not know what that means, then probably you do not need it. However, it is a very useful tool for programmers like me. This guide goes over how to setup a OpenSSH server on the iPhone and connect to it from either a Linux, Windows or Mac OS X based computer. In the future, I plan to write a guide on how to setup passwordless login, meaning you don’t have to type in your password every time and still have a level of security.

I originally wrote this tutorial before iOS4 came out, using iPhone OS 3.1.3 running on my iPod Touch 2G. However I’ve also tested this tutorial on iOS4 and none of the steps have changed.

Warning: Make sure to change the default password after you setup the SSH server!!! The default password is ‘alpine’ and is well known. The first iPhone worm exploited the fact that people didn’t change the default password!


  • Jailbroken iPhone/iPod Touch. The SSH server is only available through Cydia, since Apple didn’t (and most likely never will) allow it into their App Store.
  • Wireless Router. SSH is a network server, meaning that you need to have it connected to some network. The simplest way to do that with the iPhone is via a WiFi connection.

Setup SSH Server Instructions

  1. Locate Cydia on your iPhone and start it.
  2. Click on the Search tab.
  3. Click on the search bar on top, and type in openssh. There should be only one result, as shown below.  Select it.
  4. Click the Install button in top right corner.
  5. Click the Confirm button and wait.
  6. After the SSH server is downloaded and installed, you can click the Return to Cydia button on the bottom of the screen. Do not exist Cydia yet, because we need to install one more tool.
  7. Now that we have installed the SSH server, we need to install a convenient way to turn it on and off. I prefer to use SBSettings, which is a drop-down menu that allows you to toggle SSH, WiFi and Bluetooth ON/OFF, and lists some useful informations. To install SBSettings, continue from the previous step by clicking the Search button to return to the search menu.
  8. Type in SBSettings and scroll down until you see the entry that just says SBSettings, as shown in the picture below. Select it.
  9. Click the Install button in the top right corner.
  10. Click the Confirm button and wait.
  11. After SBSettings is downloaded and installed, you need to restart your iPhone. This will start up SBSettings. Do so by clicking the Reboot Device button. (On iOS4.0, the button will say Reload SpringBoard. You do not have to reboot your device.)
  12. After your iPhone starts up again, place your finger in the top left corner of the screen, and slide it from left to right. SBSettings will pop down, listing all of the information. The best thing is that you do not have to be on the home screen to do this. You can do it while running any application.
  13. There are two important pieces of information that you see in the SBSettings window. The first is the SSH button in the top right corner. You can click it to toggle the SSH server on and off. Make sure it is in the On position. The second piece of information is the WiFi IP Address. This address is what you use when you connect to your iPhone, so write it down. It will be used in the next few steps.
  14. You can hide the SBSettings window by clicking the X button in the top left corner. The next few steps will show you how to connect to your iPhone from a computer. When you try connecting, make sure that the iPhone is turned on or otherwise it will be disconnected from the Internet. I suggest that you turn Autolock off.

Connecting From Linux

  1. Make sure that you have the SSH clients installed. On Ubuntu, type in the following command.

    sudo aptitude install openssh-client
  2. Connect to the iPhone using the following command. This will connect to the iPhone at IP address (make sure to change it to what you wrote down before) using the root account.
    ssh root@
  3. You will be asked for a password. If this is your first time logging in, type in alpine. This is the default password, and we’ll change it in the next step.
  4. If you typed in the correct password, you should see a prompt. Any commands that you type in will be executed on your iPhone!

Connecting From Windows

None of the Windows versions come with an SSH client. However there are numerous free options that you can install. I prefer to use the PuTTY client, which is what I’ll be using in the following steps

  1. Download PuTTY from the download page (direct link to 32-bit version). The latest version at this moment is 0.60-beta. The file you should download is putty.exe, which is the program itself. No installation is required.
  2. Find the downloaded program (putty.exe) and double-click it. Take a look at the screenshot below to see what the icon of the program looks like, to make it easier to locate it.
  3. The dialog displayed below should pop-up. Type the IP address of your iPhone into the textbox under Host name (or IP address) label. Also make sure Connection type is set to SSH (should be by default). When you are done, click the Open button to connect. The IP address I wrote into the picture below is different from that you see in the SBSettings picture, because I took this screenshot while connected to a different network. You should still use the IP address that you found via SBSettings.
  4. A dialog box, displayed below, will pop-up asking you to accept a new fingerprint. Just click Yes to skip it. This just means that you haven’t connected to this server before and it wants to make sure that it is the correct one.
  5. You will be asked for a username. Type in root.
  6. You will be asked for a password. The default password is alpine, but make sure to change it after you login!
  7. If everything went right, you should see the prompt as displayed below.

Connecting From Mac OS X

The instructions for connecting to the SSH server from Mac OS X are the same as for Linux. Except you don’t have to install OpenSSH (Mac OS X comes with it) and you type the commands into the Terminal application.

  1. Open the Terminal application by searching for it via Spotlight.
  2. Connect to the iPhone using the following command. This will connect to the iPhone at IP address (make sure to change it to what you wrote down before) using the root account.
    ssh root@
  3. You will be asked for a password. If this is your first time logging in, type in alpine. This is the default password, and we’ll change it in the next step.
  4. If you typed in the correct password, you should see a prompt. Any commands that you type in will be executed on your iPhone!

Changing Password

  1. Connect to your iPhone following the instructions above. All of the following commands will be run on it.
  2. Lets change the password. Type in the following command.
  3. You will be asked for a new password twice. Type in anything you want and hit enter to confirm it. As you type, no characters will appear on the screen, not even *. It is meant to be that way. If you make a mistake, I suggest that you hit the backspace key a lot of times and start typing over.
  4. After you have changed the password, you can disconnect by typing in the following command. Next time you connect, don’t forget to use your new password instead of alpine.
Jun 20 / kkrizka

Another Problem With Fingerprints And Linux: SSH and sudo

A few days ago I’ve managed to stumble across another problem with using fingerprint authentication on my X61 Tablet. The screenshot below summarizes it the best.

If you run any command that asks you for your password over SSH, then it will ask you to swipe your finger. This is a problem because if you are SSH’ing into your computer, then it most likely means that you are not physically present and so you cannot swipe your finger. The good news is that you don’t have to swipe your finger to actually login via SSH, so this isn’t as big of a problem. Only if you plan to use the sudo or su commands.

So what is the solution? I don’t think there is a good one. I did come up with a proposal for one, but it is not perfect since it doesn’t even work yet with my driver of choice (fprint). The best solution would be for the fingerprint driver to guess if it is being called from a remote machine or local machine, and fail based on that. However that is not possible yet. What I would propose instead is to prompt a user for a fingerprint, allow him to cancel it via a keyboard and then prompt him for a password.

This might not seem like a very good solution, since maybe you want your computer to be very secure and always want a biological identification. Asking for a password then defeats the purpose. If this is what you want, then I suggest you watch this video. Fingerprints readers aren’t very secure and can be bypassed. I think the purpose of having a fingerprint reader is to provide a balance between security and practicality. Swiping a finger is much faster and easier than typing a long password. This is especially true when you are using a tablet and do not have access to a keyboard. And it is relatively secure, since an average person would not probably be able to bypass it. It does require a bit of work and equipment.

Before I begin, I will go over how the fingerprint drivers plug into the standard Linux authentication framework, PAM. This background information is not very throughout, since I have just learned it myself this morning. But it should give you enough knowledge to understand why this fingerprint problem is present and maybe to come up with alternate solutions. Please leave a comment if you do.

When a program wants to authenticate a user, it talks to PAM. PAM asks the program for a username and what service to authenticate for. The reason it asks for a service is that different services might have different rules for authentication. The rules for the service are stored in the file /etc/pam.d/service-name, where service-name is the name of the service. This file contains a list of rules, one rule per line. Comments start with the # symbol and are included. Each rule has the following syntax:

type control module

The type field is the type of the rule. There are different types. For example, the auth type is used to authenticate a user by prompting him for a password. The control field determines what action should be taken if the rule fails or succeeds. For example, a required control means that the rule must succeed for the user to be authenticated. On the other had, a suffiecient control means that if the rule succeed then the user is authenticated and if it fails, then the other rules will be tested. The module field is just a reference to which module will be used to test the rule. The pam.d manpage contains a list of possible values for the type and control fields.

PAM starts by evaluating the rules in order. If the first rule tells it that the user is authenticated, then it finishes. If the first rule tells it that the user is not authenticated, then it proceeds to the next rule (or finishes) based on the value stored in the control field. A quirk is that a required rule is not always tested. For example, if the first rule is sufficient, then the user is authenticated whether any consequent required rules would fail or succeed.

If you followed my tutorial (or one of the many countless tutorials on the web) to setup your finger print reader, then you added the following set of lines to the file /etc/pam.d/common-auth. This file is the set of rules that is included in almost every service defined in the same directory.

auth sufficient
auth required nullok_secure

This means that PAM first asks for a fingerprint. If that fails (wrong finger, reader not present or hardware error…), then the first rule fails. Since the rule is only sufficient, then PAM proceeds to the next rule. The next rule is the rule for standard Unix password authentication. What I would like fprint to do is to fail (causing it to proceed to password prompt) if I hit a certain key. For example according to the ThinkWiki page, the properiaty bio_api driver already does this with the Ctrl+C key combination. This way I could choose whether to use a fingerprint or proceed with typing in a password.

Of course, some people you use the keyboard more than the fingerprint reader. In that case, you can replace those two lines with the following.

auth sufficient nullok_secure
auth required

This means “try password first, then fingerprint”. You can always cause the password prompt to fail by hitting Ctrl+C.

Jun 12 / kkrizka

ThinkPad X61 Tablet and Ubuntu Lucid Lynx

I have been using my ThinkPad X61 Tablet on Ubuntu Lucid Lynx for about a month now, so I think I am comfortable in writing an update about how well those two work together. To make a long story short, most items are unchanged since Ubuntu Karmic Koala. What worked before still works, what didn’t work before still doesn’t work. The one thing that changed is that to get the scrolling via the TrackPoint to work, you have to create a new file. Read on to see what needs to be changed.

Further documentation is available on the X61T’s Lucid ThinkWiki page and the Ubuntu Wiki. However at the time of writing, neither has been updated for Lucid.

Before I start talking about Ubuntu Lucid Lynx, I want to write a quick summary about the hardware. My tablet is the one with the SWGA screen and does not have finger-touch capabilities. You have to use the cheap pen, included with the tablet, for input. The tablet also has 2 GB of memory and a Core 2 Duo processor running at a maximum of 1.6 GHz. The processor also supports other frequencies, like 800 MHz and 1.2 GHz. The frequencies can be changed using the standard Linux tools right away.


The wireless connection works out of the box. It uses the iwlagn kernel module.

Touchscreen (Pen Only)

The touch screen works out of the box using the Wacom pen. I don’t know about finger-touch support, since as I do not have that capability.

I recommend that you instal xournal for note-taking and cellwriter (my tips and tricks) for handwriting recognition. Both are available in the official Ubuntu repository, but are not installed by default.

Extra Buttons/Screen Buttons

All of the extra keyboard buttons work out of the box, with the exception of the zoom button (Fn+Space). The buttons that work are the volume buttons, the ThinkVantage button and all Fn buttons. The buttonson the screen are the rotate button, the toolbox button, the escape button and the arrow buttons.

By work, I mean they report a valid symbol to X.Org. For some of them, you have to bind them to an action to make them do something useful.

Middle Button Scrolling Using TrackPoint

You cannot use the TrackPoint as a scroll button out of the box. In Karmic, you had to create a file, such that HAL would know to enable this feature. However Lucid no longer uses HAL, instead it reverted back to’s own device configuration system. So you have to create a file for The contents are still the same, only the syntax changed.

To create this file, run the following command to open a text editor:

sudo gedit /usr/lib/X11/xorg.conf.d/20-thinkpad.conf

And place the following text into it:

Section "InputClass"
Identifier "Trackpoint Wheel Emulation"
MatchProduct "TrackPoint"
MatchDevicePath "/dev/input/event*"
Driver "evdev"
Option "EmulateWheel" "true"
Option "EmulateWheelButton" "2"
Option "Emulate3Buttons" "false"
Option "XAxisMapping" "6 7"
Option "YAxisMapping" "4 5"

Save the file and restart After that, you can scroll by holding down the middle mouse button and moving your TrackPoint up-and-down at the same time.

I stole these instructions from Phil Sung, who stole them from Samson Yeung.


Both work out of the box without any problems.

Hard Drive Accelerometer

The hard drive accelerometer STILL does not work out of the box. It will report the position (0,-3) regardless of the real position. My understanding is that there are some political problems (legal, ideal?) as to why it hasn’t been fixed yet.

To get the accelerometer to work, you have to compile it manually from the tp_smapi package. I’ve already documented how to do this for Karmic, and the same steps apply to Lucid.

Of course, you still have to install some packages to make it do something useful. I suggest that you install hdapsd, which will spin down your disk when motion is detected. This prevents it from being damaged.

sudo aptitude install hdapsd

Also my AutoRotate daemon is quite cool. It rotates your screen automatically based on orientation.

Fingerprint Scanner

The scanner does not work out of the box. And even after manual configuration, you can only go so far. While the hardware is supported, the software that uses it isn’t that great. You can configure PAM to allow you to login via fingerprints, but it cannot identify the based on the fingerprint and it always asks for a specific finger at a time.

The best software for this is fprint. I have written a tutorial on how to configure fprint. However you no longer have to add the PPA in it, since fprint is now part of the official Ubuntu repository.

Another choice is thinkfinger. I have also written a tutorial for it.