Bluetooth + Gentoo + SE K700i

Today I’ve done some first steps in connecting my new phone (sony ericsson k700i) to my box. I’ve borrowed a bluetooth usb dongle from a friend (thnx a lot chrys!) and started playing with it. First thing to do was read what was already documented. Starting at “HOWTO mobile phone, Bluetooth and GNOME” you can easily get a general idea on what’s needed. But there’s a major part missing… the creation of the correct devices.
That’s done by:
cd /dev && mknod rfcomm0 c 216 0 && mknod rfcomm1 c 216 1 && mknod ttyU0 c 208 0 && mknod ttyU1 c 208 1

Following the tutorial above, after having created the proper devices as stated above, is really easy to send files to your phone through nautilus. Just open it and “Send via bluetooth”.
When I have the time I will write about command line sending and receiving files.

Playing midi files at Gentoo linux

My new phone, Sony Ericsson K700i, supports polyphonic ringtones, mp3 or midi, so I downloaded a few from the internet and I wanted to upload them to the phone. Before doing so I also wanted to listen to them on my box. I had never tested playing midi files on my box so far so when I tried listening to them “out-of-the-box” I ran into problems.
I started reading Gentoo Linux ALSA Guide again.
Basically I just had to:
#emerge awesfx

and then load a soundfont … which is a good soundfont though ? Googling around I came up to this site which has a lot of information on soundfonts and has 2 great soundfonts available for linux. They might be BIG…but it’s worth it if you want extra high quality. The difference between those offered at PersonalCopy and the one provided by creative and included at alsa-project is just HUGE.
Just try them with:
# asfxload 8MBGMSFX.SF2
or
# asfxload UNISON.SF2

and play the same file…You’ll hear the clear difference.
You can use kmid to play the files and/or a collection of midi files. Don’t forget to choose your midi output device though…
# aplaymidi -l will give you the complete list of midi devices in your box. Before choosing the “correct” midi port in kmid try all out with:
# aplaymidi -p midi:port file.mid

Image Editing with gimp

I have just bought my new digital camera…and I want to be able to “play” with it as much as I can. There are stuff you can do with the camera…and stuff you can do at your box. Most photo editing tutorials are about photoshop and other windows utilities. This one provides some helpfull tips for editing pics with gimp. More gimp tutorials can also be found here, here, here, and here.
Some more interesting links:
How To Work With Your Digital Camera’s Histogram
The Arithmetic of Printing Images
Understanding Resolution

I hope that’s enough food for thought and practice for now…

Oh btw…I’ve “installed” Internet Explorer in my Gentoo Linux…for..”fun”…Just follow this nice tutorial if you want to learn how to do it. It’s simple…and useless 🙂

Annoying “security” company

While Googling the net I bumped into this hilarious, frustrating, “insert your own word here” company that sells PCs with “extra security”. It installs linux with some encryption options and asks very large amounts of money for a few copy paste clicks.
Just check this from their site:

Installed Secure™

Level One: Default installation with firewall, encrypted swap, no insecure services such as sendmail. On Gentoo Linux we use Firehol the easy to read and verify iptables based firewall.

Level Two: Loop-AES encrypted partition backed GPG secured multi-key encryption in a subdirectory of the default user with the GPG keyring stored on a USB keychain drive.

Level Three: Entire /home partition is encrypted with a GPG secured multi-key encryption with GPG keyring and partition keys stored on USB keychain drive. You must log in as root at the command line before logging in to X windows.

Level Four: Encrypted root and /home partitions with GPG secured multi-key encryption. Laptop unusable without keychain (and trusted CDROM if so desired). It is impossible to modify or even ascertain what is on the computer.

How much does these cost ? Prepare yourselves…

Level1: 0$
Level2: 200$
Level1: 300$
Level1: 400$

How ridiculous can some people be ?
Level 2 is something like this previous post of mine. Let’s count the chars:
The characters of the commands needed are 470 (or 9 copy-paste lines as I have written them in my post). They are FULLY scriptable, ie a guy who knows a bit of bash can create a script to produce this kind of encrypted loopfiles with a single command in under 3 minutes. But let’s say they don’t copy paste the lines…but they write down every character every time…one by one. It still makes us 0.4255$ per character. THIS is called FRAUD! I am even typing more characters in this post than they are typing to get 200$.

It’s easy to spot which is this company…just google some terms…
If you find the site…check their other “offers” too…

Usb key encryption frenzy, loopfile encryption

It’s time for something more serious now, time to play with encrypted partitions and loop devices storing the keys on the usb key.

Following the excellent loop-AES.README I created an encrypted loop file that is encrypted with some random keys which are stored inside a file…and that file is encrypted with gpg and stored inside my usb stick. Confused ? Here it goes…

“Create 65 random encryption keys and encrypt those keys using gpg.”
# head -c 2925 /dev/urandom | uuencode -m - | head -n 66 | tail -n 65| gpg --symmetric -a >/mnt/usb-key/keyfile.gpg

Time for the loop file creation. An example of a 100Mb file follows:
# dd if=/dev/urandom of=/my-encrypted-loop.aes bs=1k count=100000

Then encrypt the loop file using our previously generated keys. From losetup man page:

-K gpgkey
Password is piped to gpg so that gpg can decrypt file gpgkey which
contains the real keys that are used to encrypt loop device. If
decryption requires public/private keys and gpghome is not speci-
fied, all users use their own gpg public/private keys to decrypt
gpgkey. Decrypted gpgkey should contain 1 or 64 or 65 keys, each
key at least 20 characters and separated by newline. If decrypted
gpgkey contains 64 or 65 keys, then loop device is put to multi-key
mode. In multi-key mode first key is used for first sector, second
key for second sector, and so on. 65th key, if present, is used as
additional input to MD5 IV computation.

So…
# losetup -K /mnt/usb/keyfile.gpg -e AES256 /dev/loop3 /home/kargig/mytest
# losetup -d /dev/loop3

Now add this to /etc/fstab:
/my-encrypted-loop.aes /mnt/private ext3 defaults,noauto,user,loop=/dev/loop3,encryption=AES256,gpgkey=/mnt/usb-key/keyfile.gpg 0 0

now try this in order to check if the fstab entry is working and to format the loopfile:
# losetup -F /dev/loop3
# mke2fs -j /dev/loop3
# losetup -d /dev/loop3

If everything is fine…you can just try this:

mount /mnt/private

And you should be asked for your gpg passphrase 🙂 If you don’t have your usb key mounted, the loop file(or partition) won’t be mountable. BACKUP your keyfile.gpg!!!

What if you want to change your password ? Simply do this to decrypt the gpg file and re-encrypt it with a new password:
# gpg -d /mnt/usb-key/keyfile.gpg > /mnt/usb-key/clearkeys.txt
# cat /mnt/usb-key/clearkeys.txt | gpg --symmetric -a > /mnt/usb-key/newkeyfile.gpg
(now make sure the keyfile.gpg and newkeyfile.gpg differs, if yes it means that the gpg password was changed...move on)
# mv /mnt/usb-key/newkeyfile.gpg /mnt/usb-key/keyfile.gpg
# rm -f /mnt/usb-key/clearkeys.txt

(thanks to metown for pointing at some errors at the previous post)

What’s left to be done now is make it work like the pam_usb module, ie create a set of scripts(or programs?) so that when I want to mount the encrypted partition it will automatically check the usb key to find a private key to check it against the “partition’s public key” so there won’t be a need for typing a passphrase.

More fun with a usb key: pam_usb, hotplug and xlockmore

Uncle sivitos introduced the idea of using hotplug with the usb key. So here we go:

Insert this to your sysctl
kernel.hotplug = /usr/bin/usbhotplug
and then emerge xlockmore.
Now go to your /etc/pam_usb/handlers/xlock.sh, and edit it so the start function looks like this:
su - USERNAME -c "xlock -display $DISP"

where USERNAME is the name of the user that you start X with…you don’t still use X as root…do you ?

Now plug and unplug the usb key to see what happens. Normally when you unplug it your X session should be locked and you should be asked for a password. Then , when you plug your usb key back in … you should be able to return in your X session after 1-2 seconds of delay. Try it and tell me whether it works for you too 🙂

Using a usb stick to login to gentoo Linux

It was kinda late, and I wanted to do something tonight…something interesting. I was looking at my usb key when I had this flash…”Could I use my usb key to login to my pc with a certain account ?”.
Googling … googling… I need a PAM module to do it. eix time now!
#eix pam usb
* sys-libs/pam_usb
Available versions: 0.3.1 0.3.2
Homepage: http://www.pamusb.org/
Description: A PAM module that enables authentication using an USB-Storage device (such as an USB Pen) through DSA private/public keys.

Bingo!

I emerged it and edited /etc/pam.d/system-auth and /etc/pam.d/login
In the very first line of the files I added:
auth sufficient /lib/security/pam_usb.so !check_device allow_remote=1 force_device=/dev/sda1 fs=vfat debug=1 log_file=/var/log/pam_usb.log

Then I just did:
usbadm keygen /mnt/usb1 root 4096
as the great quickstart of pam_usb describes and I am set!

just a test then…:
$ su
#

Damn! I liked that!

and you can check the debug log too:
[device.c:371] Forcing device /dev/sda1
[device.c:346] Creating temporary mount point...
[device.c:354] Scheduling [/tmp/pam_usbI7wL6Z] for dropping
[device.c:358] Using /tmp/pam_usbI7wL6Z as mount point
[device.c:237] Trying to mount /dev/sda1 on /tmp/pam_usbI7wL6Z using vfat
[device.c:253] Device mounted, trying to open private key
[device.c:181] Opening /tmp/pam_usbI7wL6Z/.auth/root.XXXXXX
[device.c:261] Private key opened
[auth.c:207] Private key imported
[auth.c:218] Public key imported
[device.c:455] Dropping [/tmp/pam_usbI7wL6Z]
[dsa.c:77] Checking DSA key pair...
[dsa.c:87] Signing pseudo random data [1 time(s)]...
[dsa.c:94] Valid signature
[dsa.c:87] Signing pseudo random data [2 time(s)]...
[dsa.c:94] Valid signature
[dsa.c:87] Signing pseudo random data [3 time(s)]...
[dsa.c:94] Valid signature
[pam.c:207] Access granted

What about if I remove the usb key ?

$ su
Password:
su: Authentication failure
Sorry.
$

and the debug log:

[device.c:371] Forcing device /dev/sda1
[device.c:346] Creating temporary mount point...
[device.c:354] Scheduling [/tmp/pam_usbTMRHEZ] for dropping
[device.c:358] Using /tmp/pam_usbTMRHEZ as mount point
[device.c:237] Trying to mount /dev/sda1 on /tmp/pam_usbTMRHEZ using vfat
[device.c:242] mount failed: No such file or directory
[device.c:249] Unable to mount /dev/sda1, tried with 1 fs
[device.c:376] Device forcing failed, back to guess mode
[device.c:419] Cannot find any device
[device.c:455] Dropping [/tmp/pam_usbTMRHEZ]
[auth.c:186] Invalid device
[pam.c:203] Cannot authenticate user "root"

I really liked that today…felt like Mission Impossible..yeah 😛
I wonder if I could make that work with xscreensaver too…would be pretty cool, wouldn’t it ?

Gentoo and Acrobat Reader Firefox plugin fix

If you use gtk+ with version higher than 2.4.9 you might have noticed that the acrobat reader plugin does not work with firefox. To solve this you have to take certain steps.
mkdir /opt/Acrobat7/Reader/intellinux/lib/gui
ebuild /usr/portage/x11-libs/gtk+/gtk+-2.4.9-r1.ebuild install
cp -ax /var/tmp/portage/gtk+-2.4.9-r1/image/usr/lib/* /opt/Acrobat7/Reader/intellinux/lib/gui/

Now edit ‘acoread’ (/usr/bin/acroread)

find this section in the acroread script:
intellinux)
LD_LIBRARY_PATH="`prepend "$ACRO_INSTALL_DIR/$ACRO_CONFIG/lib:$ACRO_INSTALL_DIR/$ACRO_CONFIG/sidecars" "$LD_LIBRARY_PATH"`"
export LD_LIBRARY_PATH
;;

now modify the LD_LIBRARY_PATH line, ie. the ‘intellinux)’ one to look as follows:
LD_LIBRARY_PATH="`prepend "$ACRO_INSTALL_DIR/$ACRO_CONFIG/lib/gui:$ACRO_INSTALL_DIR/$ACRO_CONFIG/lib:$ACRO_INSTALL_DIR/$ACRO_CONFIG/sidecars" "$LD_LIBRARY_PATH"`"

and you are set 🙂

try the acrobat reader plugin now 🙂

It works for me!

Making life easier with gentoo

I really like the emerge tool that gentoo has. My only problem so far was the search option it had. It’s sometimes pretty slow, so I wanted an alternative. After some googling I came up with eix. It’s a powerfull search tool for the portage with indexing capabilities. So the search is really FAST!

Here’s an example of a search while emerging the latest gcc:

# time emerge -s doom >/dev/null

real 0m40.642s
user 0m0.768s
sys 0m0.210s
# time eix -s doom >/dev/null

real 0m1.140s
user 0m0.059s
sys 0m0.012s

I think that you can easily spot the “improvement”…right ?

What I also like about eix is that you can see all available versions when you search for something and not just the latest stable. Check this output when searching for gcc:

* sys-devel/gcc
Available versions: [P]2.95.3-r8 [P]3.1.1-r2 [P]3.2.3-r4 [P]3.3.2 [P]3.3.2-r5 [P]3.3.2-r7 3.3.5-r1 ~3.3.5.20050130 3.3.5.20050130-r1 ~3.3.5.20050130-r2 *~3.4.1-r3 *~3.4.3-r1 *~3.4.3.20050110-r1 *~3.4.3.20050110-r2 [M]4.0.0_beta20050402
Installed: 3.3.5.20050130-r1
Homepage: http://www.gnu.org/software/gcc/gcc.html
Description: The GNU Compiler Collection. Includes C/C++, java compilers, pie+ssp extensions, Haj Ten Brugge runtime bounds checking

Well, after searching for doom I’ve decided to install it too 🙂 Doom3 to be exact using the pak files I had in my windows ntfs partition. I just needed to “ln -s” the pak files and my savegames to the proper dirs. I now enjoy doom3 on my gentoo and I get about the same fps I used to get at windows (maybe even just a bit better, but that could be because there were many things running concurrently at windows, e.g. antivirus, firewall, windows crappy services,etc) .

If you like openoffice and you use latex there’s a very nice macro that combines these 2 worlds: OOoLatexEquation. I think it’s just great when you want to have some nice looking math formulas on your documents (embedded as graphics of course). Check this screenshot.

Oh and something I don’t understand. I have emerge multitail some time ago and I saw that there’s an updated version out, but when I “emerge -uDpv world” I don’t see it listed. When I try “emerge -u multitail” it’s there:

[ebuild U ] app-text/multitail-3.4.8 [3.4.5] -debug 63 kB

any ideas why can this be happening ? Is it a bug ? If it is it could affect the whole system by not listing packages that have security problems and “must” be updated. I have never seen it happening before and I wish I won’t see it in the future again.

Linux, Firefox and MathML fonts

After Angelos decided to install MathML in his blog, I decided to install the proper fonts in my Gentoo linux in order to read it.

After some googling I came up with this article from bugzilla:
https://bugzilla.mozilla.org/show_bug.cgi?id=128153#c81

I was able to follow it and install all necessary fonts apart from the Symbol font. I don’t know what this guy means…and yes, I’ve read previous posts before this and still can’t get it. The thing he says about the .font.conf here (https://bugzilla.mozilla.org/show_bug.cgi?id=128153#c42) doesn’t seem to work for me.
Anyway…my solution was to ask Angelos to give me his symbol.ttf font from his windows pc and install it where all my truetype fonts are. Then I simply followed this:

[1] ‘Symbol’ truetype font also works if you remove the comment for the
following lines in fontsEncoding.properties file (in $MOZILLA_HOME/res/fonts)
—————-
#encoding.symbol.ttf = Adobe-Symbol-Encoding
#encoding.symbol.ftcmap = mac_roman
——————

Now my Firefox is ready for MathML.

Some more upgrades

I decided to go for kernel 2.6.11. It works just fine and I think there’s a slight improvement in memory usage and application response time (something regarding threading maybe ?). At least that’s what I have noticed so far.

If you have not used mouse cursors for X so far I recommend that you emerge x11-themes/silver-xcursors. They look just great. I especially like the shadows.

I’ve also emerged the Gaim AutoProfile plugin which has a powerfull away management system plus various funny stuff to add to your away messages such as fortune cookies and quote from text files or from http…Take a look at it if you like gaim and want something different.

Solved some problems + usb floppy raid

1) The Gaim-encryption problem was solved for good. When both ends upgrade to newer version on both gaim and gaim-encryption everything works perfectly. (Gaim 1.2.0 with Gaim-encryption 2.35 works just fine)

2) I figured out the problem of my mrxvt transparency problem. Inside my fluxbox startup config I had this naughty line:

/usr/bin/bsetroot -solid black

I just commented it out and I now enjoy my beautiful pseudo-transparency even when I move my terminal around the screen. 🙂

Now here’s something that IS funny…or sick…or call it as you want.
One guy made a raid0 array out of usb floppy drives. Yes, yes, yes…you’ve read correctly…USB FLOPPY DRIVES.
Here’s the link to the weirdo: USB FLOPPY DISK STRIPED RAID UNDER OS X

just enjoy…

(how did he test the speed of it ? using a Devo mp3 song… What else could it be ?)

Recent Changes

I’ve been doing no great stuff lately, just some software upgrades to my desktop machine.
Following this guide I’ve installed Native POSIX Thread Library to my gentoo box. I can’t say whether there’s been any difference at all. I don’t think so, maybe because I might need to re-emerge some programs ? I don’t know…and I am not in the mood to find out right now. I just hope there will be a use for what I’ve done.
I’ve also upgraded my ati-drivers(8.10.19) and xorg(6.8.2). I am dying to find a solution to the Composite xorg extension with ati drivers. When I enable these in my xorg.conf:

#Section “Extensions”
# Option “Composite” “Enable”
# Option “RENDER” “Enable
#EndSection

I lose hardware opengl support and the desktop starts crawling. When I try to enable xcompmgr these problems get even worse. Xorg becomes unusable even with a simple xcompmgr -c. I know that such stuff is eye-candy only and there’s no real gain in having them…but hey..why should only people with nvidia cards have them ? I am jealous. ATI GET TO WORK!

Something else I can’t solve is how to have my rxvt (or mrxvt) keep being transparent even when I move it. Take a look at these 2 screenshots:

and

The first one is what I see when I open mrxvt. The second is what happens when I move the terminal.
I would like to be able to have mrxvt showing the “wallpaper” behind it even when I reposition it. Anyone has any idea about this ?

Oh and more problems ? Why can’t Gaim work with Gaim-Ecnryption from version 1.1.2 and above? I’ve tried all combinations…1.1.3 with encryption 2,32,2.34,2.35, 1.1.4 with 2.32, 2.34,2.35…and still the only version that works smoothly is 1.1.2 with 2.34. I’ve unmerged and re-emerged it a LOT of times without any luck. Is it only me having these problems ? I couln’t find anything relative on google nor on any lists/forums. I hope it will be fixed with version 1.2.0 that came out a couple of days ago…
<Edit>
Looks like it is a known issue with jabber and gaim-encryption:
http://sourceforge.net/tracker/index.php?func=detail&aid=1144888&group_id=57740&atid=485253
I am currently using 1.2.0 with 2.35. I’ll edit again if it finally works.
</Edit>

And now that we’re talking about Gaim…wouldn’t a gnomemeeting plugin for gaim be a great idea ? to right click on a buddy…and ask them to accept your invitation (in fact you will ask them to show you their ip) to go voice-chatting ? Anyway … just an idea.

Encrypting the swap partition

Now that my system is considered (that’s what I think) a working desktop machine, it’s time for some security. First and easiest thing to do is to encrypt the swap partition.
What should I use though to achieve this goal ? cryptoloop ? Loop-AES ? cgd ? ppdd ? and so on and so on…The choices are too many to list. After reading Loop-AES author’s reply to this question:

[…] if Loop-AES works so much better, why hasn’t it been included in the kernel?[…]

here, and studying this great guide on computer security (How to defend your Privacy), I’ve decided to go for Loop-AES.

Quick SWAP encryption with Loop-AES HOWTO for gentoo linux:

1)Be SURE to remove any loop support from your kernel. Either as a module or builtin. We are going to build our own module so we don’t want the kernel’s module.

2) Supposing that your kernel does NOT have loop support we move on to installing the necessary packages.

echo "sys-fs/loop-aes ~x86" >> /etc/portage/package.keywords
emerge /usr/portage/sys-apps/util-linux/util-linux-2.12q.ebuild
emerge loop-aes

3) Time to change current swap configuration end enable the encryption support

swapoff -a

Now edit your /etc/fstab, find your swap lines and change them to something looking like this:

/dev/hda999 none swap sw,loop=/dev/loop9,encryption=AES128 0 0

4) We now clean the swap partition by filling it with 0s, recreate the swap partition and start using it

dd if=/dev/zero of=/dev/hda999 bs=64k conv=notrunc
mkswap /dev/hda999
swapon -a

You are ready, you swap is now encrypted on the fly.

More on linux desktop

I’ve recently upgraded my fluxbox to 0.9.12 which has antialiasing support 🙂 Fonts look a lot better now on the titles and menus.
After some world updates (where gtk+ was upgraded to version 2.6.2) vlc did not open up it’s neat gui. I had to re-emerge wxGTK and re-emerge vlc (version 0.8.1 works pretty smooth now).

I’ve also tried tuxracer version 1.1.1. It’s not as fun as ver 0.6 (it’s a lot slower and courses take more to finish and one can get easily bored), but I kept it cause it has head to head duels 😉

But there’s something that “bothers” me…Should I use:

ACCEPTED_KEYWORDS=”~x86″ emerge world

or just

emerge world

?

Anyone has any experience on this ?