Into.the.Void.

While Googling the net I bumped into this hilarious, frustrating, “insert your own word here” company that sells PCs with “extra security”. It installs linux with some encryption options and asks very large amounts of money for a few copy paste clicks.
Just check this from their site:

Installed Secure™

Level One: Default installation with firewall, encrypted swap, no insecure services such as sendmail. On Gentoo Linux we use Firehol the easy to read and verify iptables based firewall.

Level Two: Loop-AES encrypted partition backed GPG secured multi-key encryption in a subdirectory of the default user with the GPG keyring stored on a USB keychain drive.

Level Three: Entire /home partition is encrypted with a GPG secured multi-key encryption with GPG keyring and partition keys stored on USB keychain drive. You must log in as root at the command line before logging in to X windows.

Level Four: Encrypted root and /home partitions with GPG secured multi-key encryption. Laptop unusable without keychain (and trusted CDROM if so desired). It is impossible to modify or even ascertain what is on the computer.

How much does these cost ? Prepare yourselves…

Level1: 0$
Level2: 200$
Level1: 300$
Level1: 400$

How ridiculous can some people be ?
Level 2 is something like this previous post of mine. Let’s count the chars:
The characters of the commands needed are 470 (or 9 copy-paste lines as I have written them in my post). They are FULLY scriptable, ie a guy who knows a bit of bash can create a script to produce this kind of encrypted loopfiles with a single command in under 3 minutes. But let’s say they don’t copy paste the lines…but they write down every character every time…one by one. It still makes us 0.4255$ per character. THIS is called FRAUD! I am even typing more characters in this post than they are typing to get 200$.

It’s easy to spot which is this company…just google some terms…
If you find the site…check their other “offers” too…

Filed by kargig at 19:16 under General,Linux
No Comments | 2,554 views

It’s time for something more serious now, time to play with encrypted partitions and loop devices storing the keys on the usb key.

Following the excellent loop-AES.README I created an encrypted loop file that is encrypted with some random keys which are stored inside a file…and that file is encrypted with gpg and stored inside my usb stick. Confused ? Here it goes…

“Create 65 random encryption keys and encrypt those keys using gpg.”
# head -c 2925 /dev/urandom | uuencode -m - | head -n 66 | tail -n 65| gpg --symmetric -a >/mnt/usb-key/keyfile.gpg

Time for the loop file creation. An example of a 100Mb file follows:
# dd if=/dev/urandom of=/my-encrypted-loop.aes bs=1k count=100000

Then encrypt the loop file using our previously generated keys. From losetup man page:

-K gpgkey
Password is piped to gpg so that gpg can decrypt file gpgkey which
contains the real keys that are used to encrypt loop device. If
decryption requires public/private keys and gpghome is not speci-
fied, all users use their own gpg public/private keys to decrypt
gpgkey. Decrypted gpgkey should contain 1 or 64 or 65 keys, each
key at least 20 characters and separated by newline. If decrypted
gpgkey contains 64 or 65 keys, then loop device is put to multi-key
mode. In multi-key mode first key is used for first sector, second
key for second sector, and so on. 65th key, if present, is used as
additional input to MD5 IV computation.

So…
# losetup -K /mnt/usb/keyfile.gpg -e AES256 /dev/loop3 /home/kargig/mytest
# losetup -d /dev/loop3


Now add this to /etc/fstab:
/my-encrypted-loop.aes /mnt/private ext3 defaults,noauto,user,loop=/dev/loop3,encryption=AES256,gpgkey=/mnt/usb-key/keyfile.gpg 0 0


now try this in order to check if the fstab entry is working and to format the loopfile:
# losetup -F /dev/loop3
# mke2fs -j /dev/loop3
# losetup -d /dev/loop3


If everything is fine…you can just try this:

mount /mnt/private

And you should be asked for your gpg passphrase 🙂 If you don’t have your usb key mounted, the loop file(or partition) won’t be mountable. BACKUP your keyfile.gpg!!!

What if you want to change your password ? Simply do this to decrypt the gpg file and re-encrypt it with a new password:
# gpg -d /mnt/usb-key/keyfile.gpg > /mnt/usb-key/clearkeys.txt
# cat /mnt/usb-key/clearkeys.txt | gpg --symmetric -a > /mnt/usb-key/newkeyfile.gpg
(now make sure the keyfile.gpg and newkeyfile.gpg differs, if yes it means that the gpg password was changed...move on)
# mv /mnt/usb-key/newkeyfile.gpg /mnt/usb-key/keyfile.gpg
# rm -f /mnt/usb-key/clearkeys.txt

(thanks to metown for pointing at some errors at the previous post)

What’s left to be done now is make it work like the pam_usb module, ie create a set of scripts(or programs?) so that when I want to mount the encrypted partition it will automatically check the usb key to find a private key to check it against the “partition’s public key” so there won’t be a need for typing a passphrase.

Filed by kargig at 02:31 under General,Linux
6 Comments | 4,004 views

Uncle sivitos introduced the idea of using hotplug with the usb key. So here we go:

Insert this to your sysctl
kernel.hotplug = /usr/bin/usbhotplug
and then emerge xlockmore.
Now go to your /etc/pam_usb/handlers/xlock.sh, and edit it so the start function looks like this:
su - USERNAME -c "xlock -display $DISP"

where USERNAME is the name of the user that you start X with…you don’t still use X as root…do you ?

Now plug and unplug the usb key to see what happens. Normally when you unplug it your X session should be locked and you should be asked for a password. Then , when you plug your usb key back in … you should be able to return in your X session after 1-2 seconds of delay. Try it and tell me whether it works for you too 🙂

Filed by kargig at 21:58 under General,Linux
No Comments | 3,596 views

It was kinda late, and I wanted to do something tonight…something interesting. I was looking at my usb key when I had this flash…”Could I use my usb key to login to my pc with a certain account ?”.
Googling … googling… I need a PAM module to do it. eix time now!
#eix pam usb
* sys-libs/pam_usb
Available versions: 0.3.1 0.3.2
Homepage: http://www.pamusb.org/
Description: A PAM module that enables authentication using an USB-Storage device (such as an USB Pen) through DSA private/public keys.


Bingo!

I emerged it and edited /etc/pam.d/system-auth and /etc/pam.d/login
In the very first line of the files I added:
auth sufficient /lib/security/pam_usb.so !check_device allow_remote=1 force_device=/dev/sda1 fs=vfat debug=1 log_file=/var/log/pam_usb.log


Then I just did:
usbadm keygen /mnt/usb1 root 4096
as the great quickstart of pam_usb describes and I am set!

just a test then…:
$ su
#

Damn! I liked that!

and you can check the debug log too:
[device.c:371] Forcing device /dev/sda1
[device.c:346] Creating temporary mount point...
[device.c:354] Scheduling [/tmp/pam_usbI7wL6Z] for dropping
[device.c:358] Using /tmp/pam_usbI7wL6Z as mount point
[device.c:237] Trying to mount /dev/sda1 on /tmp/pam_usbI7wL6Z using vfat
[device.c:253] Device mounted, trying to open private key
[device.c:181] Opening /tmp/pam_usbI7wL6Z/.auth/root.XXXXXX
[device.c:261] Private key opened
[auth.c:207] Private key imported
[auth.c:218] Public key imported
[device.c:455] Dropping [/tmp/pam_usbI7wL6Z]
[dsa.c:77] Checking DSA key pair...
[dsa.c:87] Signing pseudo random data [1 time(s)]...
[dsa.c:94] Valid signature
[dsa.c:87] Signing pseudo random data [2 time(s)]...
[dsa.c:94] Valid signature
[dsa.c:87] Signing pseudo random data [3 time(s)]...
[dsa.c:94] Valid signature
[pam.c:207] Access granted


What about if I remove the usb key ?

$ su
Password:
su: Authentication failure
Sorry.
$


and the debug log:

[device.c:371] Forcing device /dev/sda1
[device.c:346] Creating temporary mount point...
[device.c:354] Scheduling [/tmp/pam_usbTMRHEZ] for dropping
[device.c:358] Using /tmp/pam_usbTMRHEZ as mount point
[device.c:237] Trying to mount /dev/sda1 on /tmp/pam_usbTMRHEZ using vfat
[device.c:242] mount failed: No such file or directory
[device.c:249] Unable to mount /dev/sda1, tried with 1 fs
[device.c:376] Device forcing failed, back to guess mode
[device.c:419] Cannot find any device
[device.c:455] Dropping [/tmp/pam_usbTMRHEZ]
[auth.c:186] Invalid device
[pam.c:203] Cannot authenticate user "root"


I really liked that today…felt like Mission Impossible..yeah 😛
I wonder if I could make that work with xscreensaver too…would be pretty cool, wouldn’t it ?

Filed by kargig at 05:22 under General,Linux
2 Comments | 10,592 views

If you use gtk+ with version higher than 2.4.9 you might have noticed that the acrobat reader plugin does not work with firefox. To solve this you have to take certain steps.
mkdir /opt/Acrobat7/Reader/intellinux/lib/gui
ebuild /usr/portage/x11-libs/gtk+/gtk+-2.4.9-r1.ebuild install
cp -ax /var/tmp/portage/gtk+-2.4.9-r1/image/usr/lib/* /opt/Acrobat7/Reader/intellinux/lib/gui/

Now edit ‘acoread’ (/usr/bin/acroread)

find this section in the acroread script:
intellinux)
LD_LIBRARY_PATH="`prepend "$ACRO_INSTALL_DIR/$ACRO_CONFIG/lib:$ACRO_INSTALL_DIR/$ACRO_CONFIG/sidecars" "$LD_LIBRARY_PATH"`"
export LD_LIBRARY_PATH
;;

now modify the LD_LIBRARY_PATH line, ie. the ‘intellinux)’ one to look as follows:
LD_LIBRARY_PATH="`prepend "$ACRO_INSTALL_DIR/$ACRO_CONFIG/lib/gui:$ACRO_INSTALL_DIR/$ACRO_CONFIG/lib:$ACRO_INSTALL_DIR/$ACRO_CONFIG/sidecars" "$LD_LIBRARY_PATH"`"

and you are set 🙂

try the acrobat reader plugin now 🙂

It works for me!

Filed by kargig at 01:18 under General,Linux
6 Comments | 10,937 views

There’s a site called GoogleMontage that you can give many keywords or expressions and it creates a nice montage of pictures. Check this sample I did about the city I currently study and live. (I don’t know for how long this image will be kept on their servers, so if you can’t see it post a comment).

Alternate local image if the above link stops responding: local sample

Filed by kargig at 14:22 under General
No Comments | 2,621 views

I really like the emerge tool that gentoo has. My only problem so far was the search option it had. It’s sometimes pretty slow, so I wanted an alternative. After some googling I came up with eix. It’s a powerfull search tool for the portage with indexing capabilities. So the search is really FAST!

Here’s an example of a search while emerging the latest gcc:

# time emerge -s doom >/dev/null

real 0m40.642s
user 0m0.768s
sys 0m0.210s
# time eix -s doom >/dev/null

real 0m1.140s
user 0m0.059s
sys 0m0.012s

I think that you can easily spot the “improvement”…right ?

What I also like about eix is that you can see all available versions when you search for something and not just the latest stable. Check this output when searching for gcc:

* sys-devel/gcc
Available versions: [P]2.95.3-r8 [P]3.1.1-r2 [P]3.2.3-r4 [P]3.3.2 [P]3.3.2-r5 [P]3.3.2-r7 3.3.5-r1 ~3.3.5.20050130 3.3.5.20050130-r1 ~3.3.5.20050130-r2 *~3.4.1-r3 *~3.4.3-r1 *~3.4.3.20050110-r1 *~3.4.3.20050110-r2 [M]4.0.0_beta20050402
Installed: 3.3.5.20050130-r1
Homepage: http://www.gnu.org/software/gcc/gcc.html
Description: The GNU Compiler Collection. Includes C/C++, java compilers, pie+ssp extensions, Haj Ten Brugge runtime bounds checking

Well, after searching for doom I’ve decided to install it too 🙂 Doom3 to be exact using the pak files I had in my windows ntfs partition. I just needed to “ln -s” the pak files and my savegames to the proper dirs. I now enjoy doom3 on my gentoo and I get about the same fps I used to get at windows (maybe even just a bit better, but that could be because there were many things running concurrently at windows, e.g. antivirus, firewall, windows crappy services,etc) .

If you like openoffice and you use latex there’s a very nice macro that combines these 2 worlds: OOoLatexEquation. I think it’s just great when you want to have some nice looking math formulas on your documents (embedded as graphics of course). Check this screenshot.

Oh and something I don’t understand. I have emerge multitail some time ago and I saw that there’s an updated version out, but when I “emerge -uDpv world” I don’t see it listed. When I try “emerge -u multitail” it’s there:

[ebuild U ] app-text/multitail-3.4.8 [3.4.5] -debug 63 kB

any ideas why can this be happening ? Is it a bug ? If it is it could affect the whole system by not listing packages that have security problems and “must” be updated. I have never seen it happening before and I wish I won’t see it in the future again.

Filed by kargig at 03:31 under General,Linux
No Comments | 2,571 views

In a recent post in slashdot it is said that vlc is threatened with closure due to software patents. You can read more about it here: Videolan patent problem.

This patent madness will drive many opensource developers crazy in a very short time…I guess that it is getting more and more difficult to code something when you are in fear that someone may sue you for something that you just…thought. The problem is bigger for people coding multimedia applications. That’s where the most money from typical users are spent…and that’s where big companies base their success. You buy a dvd from your local store…but now you need to watch it with a decent player right ? Who has de-interlace support ? Who has DTS support ? and so on and so on… This is really getting nowhere…If companies persist on their patents each one is going to create a crippled player due to patents pending from the “opponent” companies…just crazy…and BAD for the users…

shame…but that’s how things work lately…There was a time where software was cheap and hardware was trully expensive..this has changed completely nowdays…

More links on patent problems:
DTS vs Videolan
Kopete patent problems

Filed by kargig at 20:11 under General
No Comments | 2,533 views

I’ve found this little hack for wordpress that supposedly stops trackback spamming. I’ve installed it..and I will wait for the results.

Not much else is going on lately since my free time is .. absent.

By the way..the wordpress theme I use is not imhotep any more but gentle calm. I’ve added a calendar and some Meta links to the theme..and I like it a bit more this way than the original.

Filed by kargig at 14:17 under General
No Comments | 2,826 views

I’ve just upgraded my blog to WordPress 1.5. I know there might be some probs with older posts, but I will try to fix them as soon as you tell me or as soon as I spot them. I chose the imhotep theme which I kinda like..for now.

I hope I have more news on wordpress plugins/hacks soon.

Filed by kargig at 03:13 under General
No Comments | 2,427 views

After Angelos decided to install MathML in his blog, I decided to install the proper fonts in my Gentoo linux in order to read it.

After some googling I came up with this article from bugzilla:
https://bugzilla.mozilla.org/show_bug.cgi?id=128153#c81

I was able to follow it and install all necessary fonts apart from the Symbol font. I don’t know what this guy means…and yes, I’ve read previous posts before this and still can’t get it. The thing he says about the .font.conf here (https://bugzilla.mozilla.org/show_bug.cgi?id=128153#c42) doesn’t seem to work for me.
Anyway…my solution was to ask Angelos to give me his symbol.ttf font from his windows pc and install it where all my truetype fonts are. Then I simply followed this:

[1] ‘Symbol’ truetype font also works if you remove the comment for the
following lines in fontsEncoding.properties file (in $MOZILLA_HOME/res/fonts)
—————-
#encoding.symbol.ttf = Adobe-Symbol-Encoding
#encoding.symbol.ftcmap = mac_roman
——————

Now my Firefox is ready for MathML.

Filed by kargig at 19:49 under General,Linux
No Comments | 2,677 views

I decided to go for kernel 2.6.11. It works just fine and I think there’s a slight improvement in memory usage and application response time (something regarding threading maybe ?). At least that’s what I have noticed so far.

If you have not used mouse cursors for X so far I recommend that you emerge x11-themes/silver-xcursors. They look just great. I especially like the shadows.

I’ve also emerged the Gaim AutoProfile plugin which has a powerfull away management system plus various funny stuff to add to your away messages such as fortune cookies and quote from text files or from http…Take a look at it if you like gaim and want something different.

Filed by kargig at 18:04 under General,Linux
No Comments | 8,339 views

If you want your Midnight Commander to be transparent, just edit your .mc/ini and add this line in the end:

[Colors]
base_color=normal=,default:selected=,:marked=,default:markselect=,:menu=,:menuhot=,:menusel=,:menuhotsel=,:dnormal=,:dfocus=,:dhotnormal=,:dhotfocus=,:input=,:reverse=,:executable=,default:directory=,default:link=,default:device=,default:special=,:core=,:helpnormal=,:helplink=,:helpslink=,:

This is how mine looks like now:

Now I have to fix those ugly fonts. The borders of MC are not properly displayed. Anyway..one step at a time…

Filed by kargig at 20:55 under General
1 Comment | 23,222 views

1) The Gaim-encryption problem was solved for good. When both ends upgrade to newer version on both gaim and gaim-encryption everything works perfectly. (Gaim 1.2.0 with Gaim-encryption 2.35 works just fine)

2) I figured out the problem of my mrxvt transparency problem. Inside my fluxbox startup config I had this naughty line:

/usr/bin/bsetroot -solid black

I just commented it out and I now enjoy my beautiful pseudo-transparency even when I move my terminal around the screen. 🙂

Now here’s something that IS funny…or sick…or call it as you want.
One guy made a raid0 array out of usb floppy drives. Yes, yes, yes…you’ve read correctly…USB FLOPPY DRIVES.
Here’s the link to the weirdo: USB FLOPPY DISK STRIPED RAID UNDER OS X

just enjoy…

(how did he test the speed of it ? using a Devo mp3 song… What else could it be ?)

Filed by kargig at 19:35 under General,Linux
No Comments | 2,417 views

I’ve been doing no great stuff lately, just some software upgrades to my desktop machine.
Following this guide I’ve installed Native POSIX Thread Library to my gentoo box. I can’t say whether there’s been any difference at all. I don’t think so, maybe because I might need to re-emerge some programs ? I don’t know…and I am not in the mood to find out right now. I just hope there will be a use for what I’ve done.
I’ve also upgraded my ati-drivers(8.10.19) and xorg(6.8.2). I am dying to find a solution to the Composite xorg extension with ati drivers. When I enable these in my xorg.conf:

#Section “Extensions”
# Option “Composite” “Enable”
# Option “RENDER” “Enable
#EndSection

I lose hardware opengl support and the desktop starts crawling. When I try to enable xcompmgr these problems get even worse. Xorg becomes unusable even with a simple xcompmgr -c. I know that such stuff is eye-candy only and there’s no real gain in having them…but hey..why should only people with nvidia cards have them ? I am jealous. ATI GET TO WORK!

Something else I can’t solve is how to have my rxvt (or mrxvt) keep being transparent even when I move it. Take a look at these 2 screenshots:

and

The first one is what I see when I open mrxvt. The second is what happens when I move the terminal.
I would like to be able to have mrxvt showing the “wallpaper” behind it even when I reposition it. Anyone has any idea about this ?

Oh and more problems ? Why can’t Gaim work with Gaim-Ecnryption from version 1.1.2 and above? I’ve tried all combinations…1.1.3 with encryption 2,32,2.34,2.35, 1.1.4 with 2.32, 2.34,2.35…and still the only version that works smoothly is 1.1.2 with 2.34. I’ve unmerged and re-emerged it a LOT of times without any luck. Is it only me having these problems ? I couln’t find anything relative on google nor on any lists/forums. I hope it will be fixed with version 1.2.0 that came out a couple of days ago…
<Edit>
Looks like it is a known issue with jabber and gaim-encryption:
http://sourceforge.net/tracker/index.php?func=detail&aid=1144888&group_id=57740&atid=485253
I am currently using 1.2.0 with 2.35. I’ll edit again if it finally works.
</Edit>

And now that we’re talking about Gaim…wouldn’t a gnomemeeting plugin for gaim be a great idea ? to right click on a buddy…and ask them to accept your invitation (in fact you will ask them to show you their ip) to go voice-chatting ? Anyway … just an idea.

Filed by kargig at 15:27 under General,Linux
1 Comment | 3,111 views