Bluetooth + Gentoo + SE K700i

Today I’ve done some first steps in connecting my new phone (sony ericsson k700i) to my box. I’ve borrowed a bluetooth usb dongle from a friend (thnx a lot chrys!) and started playing with it. First thing to do was read what was already documented. Starting at “HOWTO mobile phone, Bluetooth and GNOME” you can easily get a general idea on what’s needed. But there’s a major part missing… the creation of the correct devices.
That’s done by:
cd /dev && mknod rfcomm0 c 216 0 && mknod rfcomm1 c 216 1 && mknod ttyU0 c 208 0 && mknod ttyU1 c 208 1

Following the tutorial above, after having created the proper devices as stated above, is really easy to send files to your phone through nautilus. Just open it and “Send via bluetooth”.
When I have the time I will write about command line sending and receiving files.

Playing midi files at Gentoo linux

My new phone, Sony Ericsson K700i, supports polyphonic ringtones, mp3 or midi, so I downloaded a few from the internet and I wanted to upload them to the phone. Before doing so I also wanted to listen to them on my box. I had never tested playing midi files on my box so far so when I tried listening to them “out-of-the-box” I ran into problems.
I started reading Gentoo Linux ALSA Guide again.
Basically I just had to:
#emerge awesfx

and then load a soundfont … which is a good soundfont though ? Googling around I came up to this site which has a lot of information on soundfonts and has 2 great soundfonts available for linux. They might be BIG…but it’s worth it if you want extra high quality. The difference between those offered at PersonalCopy and the one provided by creative and included at alsa-project is just HUGE.
Just try them with:
# asfxload 8MBGMSFX.SF2
or
# asfxload UNISON.SF2

and play the same file…You’ll hear the clear difference.
You can use kmid to play the files and/or a collection of midi files. Don’t forget to choose your midi output device though…
# aplaymidi -l will give you the complete list of midi devices in your box. Before choosing the “correct” midi port in kmid try all out with:
# aplaymidi -p midi:port file.mid

Image Editing with gimp

I have just bought my new digital camera…and I want to be able to “play” with it as much as I can. There are stuff you can do with the camera…and stuff you can do at your box. Most photo editing tutorials are about photoshop and other windows utilities. This one provides some helpfull tips for editing pics with gimp. More gimp tutorials can also be found here, here, here, and here.
Some more interesting links:
How To Work With Your Digital Camera’s Histogram
The Arithmetic of Printing Images
Understanding Resolution

I hope that’s enough food for thought and practice for now…

Oh btw…I’ve “installed” Internet Explorer in my Gentoo Linux…for..”fun”…Just follow this nice tutorial if you want to learn how to do it. It’s simple…and useless 🙂

Message written on a wall

Greeks only…
Just check this and tell me if it isn’t great or what ? It’s written in a wall about 200m from my house…

The revenge of Internet Explorer

Who thought that my e-banking troubles were over? huh…
Today when I logged in I saw that I was able to create client certificates to verify money transfers. I can’t do money transfers without this certificate that the bank provides. So…I clicked on a few links with firefox…and ooooops…ERROR…I couldn’t create a certificate with firefox. It couldn’t find the “proper” security devices. I tried with my firefox @ work where I have windows installed. Same error. Then it was time for Internet Explorer. click click click…and I had a perfect certificate. I couldn’t export it though to use it with firefox. So Eurobank forces me to use Windows and IE to make money transfers. I DID NOT SIGN THAT on the agreement. I don’t have the money to buy windows @ home, I use Linux, period. It’s tooooooooo bad that they have some nice security features on their site…like virtual keyboard for typing passwords with a mouse, so you can’t get “sniffed” but they can’t make their site usable for all users.
I am going to call them tomorrow to ask them what can I do, if there is any hidden “link” that works with firefox and can provide me a client certificate…else…I will start looking for a new bank with better e-banking methods that will fully support Linux…and transfer my money there. What’s the use of having my money in a place I can’t “access” them ?

That’s the error message I get (it’s in Greek, sorry):

e-banking

I’ve just updated WordPress to 1.5.1. It supposedly has a lot of bugfixes…we’ll see. Anyway…to the point..

Today I’ve finally activated my e-banking account. The process was quite long…I had to go to a bank, sign some papers, then wait 4 days for a courrier to come and give me my passwords. After doing that I had to activate the account via telephone. But wait…I didn’t have telephone-banking enabled…so another 2 day delay until my telephone-banking account was enabled, and then I could finally enable my e-banking. When I first logged in I saw a very stupid page warning me that I should click on “the yellow locker in Internet Explorer” to make sure I was inside the right domain, bank’s domain.
– Well I don’t have IE…what should I do now master ?
– Use the force and click “CONTINUE” young Luke….
I clicked once…clicked twice…opened the url in another Tab…another Window…nothing…the frame would not let me go. I guess it had a special IE thingie that was not satisfied by my Firefox’s “click”…
Anyway…I closed the window…and tried re-logging in. No stupid welcome screen. Yuppi!
Browsing around, it felt like working. But I can’t be sure unless I have to transfer money to another account…then I shall see if I have one more of those stupid “use IE only please” warnings. I have the bank documents I signed in front of me…I see nowhere any term forcing me to use IE or windows only. Is e-banking only for the “serious” windows users ?
Oh and what’s the name of the bank ? Eurobank!
From the other hand it’s the only bank in Greece that offers the creation of digital certificates in order to make money transfers, and not a bunch of passwords that you have to change all the time.
So the score is… 1-1

missed me ?

I am on easter vacations (it’s Greece here…orthodox easter is after the catholic one) in my home town since 4-5 days now…I am on dialup so bare with my absence. It’s so so hard to be “online” with dialup..I can’t even read my emails properly. I was used to adsl@home and my university’s line…and now I feel really weird. I got no tech/IT/whatever news from here. My only “news” is that the PortableFirefox I have inside my usb key is a life savior. I can go with it in any friend’s house or netcafe and have everything I want with me…including my passwords that I don’t even have to type 🙂

The only new thing I have found lately and it’s relatively handy is this: If you want to get rid of annoying error popups in firefox go to about:config, find browser.xul.error_pages.enabled and change its value to true. No more error popups, instead you get informative error html pages, I really liked it…

Annoying “security” company

While Googling the net I bumped into this hilarious, frustrating, “insert your own word here” company that sells PCs with “extra security”. It installs linux with some encryption options and asks very large amounts of money for a few copy paste clicks.
Just check this from their site:

Installed Secure™

Level One: Default installation with firewall, encrypted swap, no insecure services such as sendmail. On Gentoo Linux we use Firehol the easy to read and verify iptables based firewall.

Level Two: Loop-AES encrypted partition backed GPG secured multi-key encryption in a subdirectory of the default user with the GPG keyring stored on a USB keychain drive.

Level Three: Entire /home partition is encrypted with a GPG secured multi-key encryption with GPG keyring and partition keys stored on USB keychain drive. You must log in as root at the command line before logging in to X windows.

Level Four: Encrypted root and /home partitions with GPG secured multi-key encryption. Laptop unusable without keychain (and trusted CDROM if so desired). It is impossible to modify or even ascertain what is on the computer.

How much does these cost ? Prepare yourselves…

Level1: 0$
Level2: 200$
Level1: 300$
Level1: 400$

How ridiculous can some people be ?
Level 2 is something like this previous post of mine. Let’s count the chars:
The characters of the commands needed are 470 (or 9 copy-paste lines as I have written them in my post). They are FULLY scriptable, ie a guy who knows a bit of bash can create a script to produce this kind of encrypted loopfiles with a single command in under 3 minutes. But let’s say they don’t copy paste the lines…but they write down every character every time…one by one. It still makes us 0.4255$ per character. THIS is called FRAUD! I am even typing more characters in this post than they are typing to get 200$.

It’s easy to spot which is this company…just google some terms…
If you find the site…check their other “offers” too…

Usb key encryption frenzy, loopfile encryption

It’s time for something more serious now, time to play with encrypted partitions and loop devices storing the keys on the usb key.

Following the excellent loop-AES.README I created an encrypted loop file that is encrypted with some random keys which are stored inside a file…and that file is encrypted with gpg and stored inside my usb stick. Confused ? Here it goes…

“Create 65 random encryption keys and encrypt those keys using gpg.”
# head -c 2925 /dev/urandom | uuencode -m - | head -n 66 | tail -n 65| gpg --symmetric -a >/mnt/usb-key/keyfile.gpg

Time for the loop file creation. An example of a 100Mb file follows:
# dd if=/dev/urandom of=/my-encrypted-loop.aes bs=1k count=100000

Then encrypt the loop file using our previously generated keys. From losetup man page:

-K gpgkey
Password is piped to gpg so that gpg can decrypt file gpgkey which
contains the real keys that are used to encrypt loop device. If
decryption requires public/private keys and gpghome is not speci-
fied, all users use their own gpg public/private keys to decrypt
gpgkey. Decrypted gpgkey should contain 1 or 64 or 65 keys, each
key at least 20 characters and separated by newline. If decrypted
gpgkey contains 64 or 65 keys, then loop device is put to multi-key
mode. In multi-key mode first key is used for first sector, second
key for second sector, and so on. 65th key, if present, is used as
additional input to MD5 IV computation.

So…
# losetup -K /mnt/usb/keyfile.gpg -e AES256 /dev/loop3 /home/kargig/mytest
# losetup -d /dev/loop3

Now add this to /etc/fstab:
/my-encrypted-loop.aes /mnt/private ext3 defaults,noauto,user,loop=/dev/loop3,encryption=AES256,gpgkey=/mnt/usb-key/keyfile.gpg 0 0

now try this in order to check if the fstab entry is working and to format the loopfile:
# losetup -F /dev/loop3
# mke2fs -j /dev/loop3
# losetup -d /dev/loop3

If everything is fine…you can just try this:

mount /mnt/private

And you should be asked for your gpg passphrase 🙂 If you don’t have your usb key mounted, the loop file(or partition) won’t be mountable. BACKUP your keyfile.gpg!!!

What if you want to change your password ? Simply do this to decrypt the gpg file and re-encrypt it with a new password:
# gpg -d /mnt/usb-key/keyfile.gpg > /mnt/usb-key/clearkeys.txt
# cat /mnt/usb-key/clearkeys.txt | gpg --symmetric -a > /mnt/usb-key/newkeyfile.gpg
(now make sure the keyfile.gpg and newkeyfile.gpg differs, if yes it means that the gpg password was changed...move on)
# mv /mnt/usb-key/newkeyfile.gpg /mnt/usb-key/keyfile.gpg
# rm -f /mnt/usb-key/clearkeys.txt

(thanks to metown for pointing at some errors at the previous post)

What’s left to be done now is make it work like the pam_usb module, ie create a set of scripts(or programs?) so that when I want to mount the encrypted partition it will automatically check the usb key to find a private key to check it against the “partition’s public key” so there won’t be a need for typing a passphrase.

More fun with a usb key: pam_usb, hotplug and xlockmore

Uncle sivitos introduced the idea of using hotplug with the usb key. So here we go:

Insert this to your sysctl
kernel.hotplug = /usr/bin/usbhotplug
and then emerge xlockmore.
Now go to your /etc/pam_usb/handlers/xlock.sh, and edit it so the start function looks like this:
su - USERNAME -c "xlock -display $DISP"

where USERNAME is the name of the user that you start X with…you don’t still use X as root…do you ?

Now plug and unplug the usb key to see what happens. Normally when you unplug it your X session should be locked and you should be asked for a password. Then , when you plug your usb key back in … you should be able to return in your X session after 1-2 seconds of delay. Try it and tell me whether it works for you too 🙂

Using a usb stick to login to gentoo Linux

It was kinda late, and I wanted to do something tonight…something interesting. I was looking at my usb key when I had this flash…”Could I use my usb key to login to my pc with a certain account ?”.
Googling … googling… I need a PAM module to do it. eix time now!
#eix pam usb
* sys-libs/pam_usb
Available versions: 0.3.1 0.3.2
Homepage: http://www.pamusb.org/
Description: A PAM module that enables authentication using an USB-Storage device (such as an USB Pen) through DSA private/public keys.

Bingo!

I emerged it and edited /etc/pam.d/system-auth and /etc/pam.d/login
In the very first line of the files I added:
auth sufficient /lib/security/pam_usb.so !check_device allow_remote=1 force_device=/dev/sda1 fs=vfat debug=1 log_file=/var/log/pam_usb.log

Then I just did:
usbadm keygen /mnt/usb1 root 4096
as the great quickstart of pam_usb describes and I am set!

just a test then…:
$ su
#

Damn! I liked that!

and you can check the debug log too:
[device.c:371] Forcing device /dev/sda1
[device.c:346] Creating temporary mount point...
[device.c:354] Scheduling [/tmp/pam_usbI7wL6Z] for dropping
[device.c:358] Using /tmp/pam_usbI7wL6Z as mount point
[device.c:237] Trying to mount /dev/sda1 on /tmp/pam_usbI7wL6Z using vfat
[device.c:253] Device mounted, trying to open private key
[device.c:181] Opening /tmp/pam_usbI7wL6Z/.auth/root.XXXXXX
[device.c:261] Private key opened
[auth.c:207] Private key imported
[auth.c:218] Public key imported
[device.c:455] Dropping [/tmp/pam_usbI7wL6Z]
[dsa.c:77] Checking DSA key pair...
[dsa.c:87] Signing pseudo random data [1 time(s)]...
[dsa.c:94] Valid signature
[dsa.c:87] Signing pseudo random data [2 time(s)]...
[dsa.c:94] Valid signature
[dsa.c:87] Signing pseudo random data [3 time(s)]...
[dsa.c:94] Valid signature
[pam.c:207] Access granted

What about if I remove the usb key ?

$ su
Password:
su: Authentication failure
Sorry.
$

and the debug log:

[device.c:371] Forcing device /dev/sda1
[device.c:346] Creating temporary mount point...
[device.c:354] Scheduling [/tmp/pam_usbTMRHEZ] for dropping
[device.c:358] Using /tmp/pam_usbTMRHEZ as mount point
[device.c:237] Trying to mount /dev/sda1 on /tmp/pam_usbTMRHEZ using vfat
[device.c:242] mount failed: No such file or directory
[device.c:249] Unable to mount /dev/sda1, tried with 1 fs
[device.c:376] Device forcing failed, back to guess mode
[device.c:419] Cannot find any device
[device.c:455] Dropping [/tmp/pam_usbTMRHEZ]
[auth.c:186] Invalid device
[pam.c:203] Cannot authenticate user "root"

I really liked that today…felt like Mission Impossible..yeah 😛
I wonder if I could make that work with xscreensaver too…would be pretty cool, wouldn’t it ?

Gentoo and Acrobat Reader Firefox plugin fix

If you use gtk+ with version higher than 2.4.9 you might have noticed that the acrobat reader plugin does not work with firefox. To solve this you have to take certain steps.
mkdir /opt/Acrobat7/Reader/intellinux/lib/gui
ebuild /usr/portage/x11-libs/gtk+/gtk+-2.4.9-r1.ebuild install
cp -ax /var/tmp/portage/gtk+-2.4.9-r1/image/usr/lib/* /opt/Acrobat7/Reader/intellinux/lib/gui/

Now edit ‘acoread’ (/usr/bin/acroread)

find this section in the acroread script:
intellinux)
LD_LIBRARY_PATH="`prepend "$ACRO_INSTALL_DIR/$ACRO_CONFIG/lib:$ACRO_INSTALL_DIR/$ACRO_CONFIG/sidecars" "$LD_LIBRARY_PATH"`"
export LD_LIBRARY_PATH
;;

now modify the LD_LIBRARY_PATH line, ie. the ‘intellinux)’ one to look as follows:
LD_LIBRARY_PATH="`prepend "$ACRO_INSTALL_DIR/$ACRO_CONFIG/lib/gui:$ACRO_INSTALL_DIR/$ACRO_CONFIG/lib:$ACRO_INSTALL_DIR/$ACRO_CONFIG/sidecars" "$LD_LIBRARY_PATH"`"

and you are set 🙂

try the acrobat reader plugin now 🙂

It works for me!

Fun with google images – GoogleMontage

There’s a site called GoogleMontage that you can give many keywords or expressions and it creates a nice montage of pictures. Check this sample I did about the city I currently study and live. (I don’t know for how long this image will be kept on their servers, so if you can’t see it post a comment).

Alternate local image if the above link stops responding: local sample

Making life easier with gentoo

I really like the emerge tool that gentoo has. My only problem so far was the search option it had. It’s sometimes pretty slow, so I wanted an alternative. After some googling I came up with eix. It’s a powerfull search tool for the portage with indexing capabilities. So the search is really FAST!

Here’s an example of a search while emerging the latest gcc:

# time emerge -s doom >/dev/null

real 0m40.642s
user 0m0.768s
sys 0m0.210s
# time eix -s doom >/dev/null

real 0m1.140s
user 0m0.059s
sys 0m0.012s

I think that you can easily spot the “improvement”…right ?

What I also like about eix is that you can see all available versions when you search for something and not just the latest stable. Check this output when searching for gcc:

* sys-devel/gcc
Available versions: [P]2.95.3-r8 [P]3.1.1-r2 [P]3.2.3-r4 [P]3.3.2 [P]3.3.2-r5 [P]3.3.2-r7 3.3.5-r1 ~3.3.5.20050130 3.3.5.20050130-r1 ~3.3.5.20050130-r2 *~3.4.1-r3 *~3.4.3-r1 *~3.4.3.20050110-r1 *~3.4.3.20050110-r2 [M]4.0.0_beta20050402
Installed: 3.3.5.20050130-r1
Homepage: http://www.gnu.org/software/gcc/gcc.html
Description: The GNU Compiler Collection. Includes C/C++, java compilers, pie+ssp extensions, Haj Ten Brugge runtime bounds checking

Well, after searching for doom I’ve decided to install it too 🙂 Doom3 to be exact using the pak files I had in my windows ntfs partition. I just needed to “ln -s” the pak files and my savegames to the proper dirs. I now enjoy doom3 on my gentoo and I get about the same fps I used to get at windows (maybe even just a bit better, but that could be because there were many things running concurrently at windows, e.g. antivirus, firewall, windows crappy services,etc) .

If you like openoffice and you use latex there’s a very nice macro that combines these 2 worlds: OOoLatexEquation. I think it’s just great when you want to have some nice looking math formulas on your documents (embedded as graphics of course). Check this screenshot.

Oh and something I don’t understand. I have emerge multitail some time ago and I saw that there’s an updated version out, but when I “emerge -uDpv world” I don’t see it listed. When I try “emerge -u multitail” it’s there:

[ebuild U ] app-text/multitail-3.4.8 [3.4.5] -debug 63 kB

any ideas why can this be happening ? Is it a bug ? If it is it could affect the whole system by not listing packages that have security problems and “must” be updated. I have never seen it happening before and I wish I won’t see it in the future again.

More patent problems

In a recent post in slashdot it is said that vlc is threatened with closure due to software patents. You can read more about it here: Videolan patent problem.

This patent madness will drive many opensource developers crazy in a very short time…I guess that it is getting more and more difficult to code something when you are in fear that someone may sue you for something that you just…thought. The problem is bigger for people coding multimedia applications. That’s where the most money from typical users are spent…and that’s where big companies base their success. You buy a dvd from your local store…but now you need to watch it with a decent player right ? Who has de-interlace support ? Who has DTS support ? and so on and so on… This is really getting nowhere…If companies persist on their patents each one is going to create a crippled player due to patents pending from the “opponent” companies…just crazy…and BAD for the users…

shame…but that’s how things work lately…There was a time where software was cheap and hardware was trully expensive..this has changed completely nowdays…

More links on patent problems:
DTS vs Videolan
Kopete patent problems