Some people just cannot get it.
I do not get into password security theory right now, it has been
already. Basically the best way – in my not-so-humble opinion – is
to use different, long and random passwords everywhere (at least on
the web) and store them in a secure
password manager program
protected with one very strong
, but memorizable master
password. (Unfortunately there are lots of programs and web
services around offering password management while utilising
security in horrible ways, including unsafe or weak encryption,
transferring live passwords on the net, sometimes even unencrypted,
or storing the cleartext passwords in an olnline database. It is
really hard to find one which is secure, cryptographically sound
and trusted. And don't get me started with online news articles
written by miners and shoemakers playing mad scientist for the
masses, telling which program is good and
which is not
; they can't even spell cryptography, let alone
understand what it means. But that's a topic for another day.)
So I advise you to use a secure password storage, with long random
passwords, lots of them.
For the web, the easiest way to use a browser with a secure
have one, if
you use a strong master password it's quite safe (well, not
Sometimes you want to use external password manager, or anything
which cannot autofill the form: there you retrieve the long random
noise and try to copy it into the password field. Easy, quite
secure (as long as you trust your copy buffer, but then again this
is a different topic altogether; I do not start to talk you about
swap files - security is a bitch).
So, here come the people who cannot get it.
Some people think it is really smart to disable browser password
saving. Completely. For everyone. They think it's better to use
memorizable "secure" passwords than long random ones. Or maybe they
want to laugh at you trying to type them in. So they include shit
on their webpage like "autofill=no" attributes. Nasty.
Others think that you should not copy secure passwords, Allah knows
what'd on their mind, if they had any. Setting onPaste="return
false" and like on web forms. Double nasty.
So here's a script, which is an adoption of someone's script I
saved long time ago. I am lazy to look it up, if you're the author
you're welcome to tell me and I'll inlcude the credits. The script
was updated to handle oncopy and onpaste.
In Firefox at least you create a new bookmark and copy the whole
stuff into the URL. Anytime you need to save passwords, click on
it, then start filling out.
Got the new family member. Okay, eventually it was unavoidable that
after being computer and network engineer for 20 years I going to
buy a laptop. :-P So far I survived with desktop machines (and you
know they accumulate pretty nicely), mobile phones (obviously
Android, but they're way too small for real work) but now I
realised it cannot go on anymore. I've been on the way for days and
often I had to fix things and it's just not possibe using that
I've been fighting this for 2 years now. The old Thinkpad T40 I
inherited completely died, first the video ram got funnies, then
the fan then the cpu went to see the Great Manitou. The next
problem was to find something cheap
. I realised that if I want to have the best
possible solution it'll take about forever. So okay, let's see what
is NOW available around. This one is probably old enough to be
cheap (as far as I see it's not listed in the current model line
anymore) but good enough to be useable. Originally it's been a
Toshiba but Lenovo got a more powerful cpu and better features.
Finally I picked a Lenovo Thinkpad Edge E320 129888G, Core i5-2450M
4G RAM, 320GB
and an Intel integrated and an ATI Whistler video
card with a Radeon 6600M chipset. It possess a b/g/n wifi (Intel),
an SM card reader (RTS5116 from RealTek), DSub and HDMI for ext
video and an E-Sata for, well, just because. And 2 usb and the gig
ethernet from Atheros closes the line. Not that bad, overall, for
3-6 hours of battery power. I mean, for approx $730 or €545.
Okay, that wasn't what I wanted to talk you about. I wanted to talk
Installing Linux on E320
It sucks. No, really, it does suck pretty hard. I mean, I'm doing
this shit for 25+ years now and still took me the better half of
the day, and a bit of the next. With the help of experience, google
and lots of patience. And it's not Linux who's to blame, mind you.
Okay, so this came preloaded with some windows trash, v0.7 or
something, for the fun without any install media. Which means that
if it gets screwed up then you're probably on your own. Brilliant.
Oh, I mean, no problem, windows never gets broken.
So this machine starts up nicely apart from the microsoft trash on
it. I remembered that ages ago I've used Partition Magic to shrink
it, but it seems it doesn't really exist anymore. But google told
me that this kind of windoze can actually do it by itself. Really,
it has the disk utility built-in which can actually - amond other
things - shrink the partition. And worked pretty well, for a
So I have shrunk it to ~48 Gigs and the rest to be used. The disk
contain 3(!!) partitions, one for thinkpad stuff and other is for
some windows driver crap or whatnot, but fortunately one left to be
used for logical partitions. (Don't get me started on EFI, that
So there's the partition, let's install it. I have a DVD install
but I have no DVD in the machine, but fortunately I have an
external USB drive. So lets boot!
Um, it doesn't. Starts windows (and every time either you wait for
the crap to finish or have to poweroff it since there ain't to
reset buttons on mobile stuff), everytime.
Okay, let's change the BIOS settings. I mean... I ... wtf? No bios
prompt at boot. "Press ENTER to abort booting." Very funny fsckers,
it goes faster into the bloody windows again.
Let's see DEL...no. F1? No. Ctrl-whatever? F12? Looks weird but no.
Okay, the net told me F2, but F12 could be good for it either. So
F2, enter the BIOS, and activate that bloody "show enter bios
prompt" setting, and move over to boot order.
Boot order looks fine: first usb stick, then cd, then whatever,
last hdd. Still, doesn't really care about it, starts hdd
Here came a longer gap when I have tried to
look up what UEFI and EFI is
, why and why not, what and
whatnot, since this beast supports EFI boot. If you wonder you can
look it up in Wikipedia.
No luck. Latest Debian DVD is supposed to boot on EFI as well as
USB stick images, but no. I can set EFI only, no. I have tried
Legacy Only and no. It may have been related to the fact that the
machine boots faster than the DVD can identify the media. So I have
disabled the hdd from boot and this way it was a bit faster to
figure it out, without the need to see windows anymore.
Well, some combination
of EFI and legacy boot, with efi
first if I remember correctly, plus using the F12 boot which was
able to delay the booting I was able to start the DVD. (After the
mess I figured that newest
USB images, which contain
everything including the MBR can boot as well, but no way if I try
to use my own MBR.)
went well, from an older
, installed grub, and I was kind of realised it won't
be that simple.
And it wasn't. Grub didn't boot at all, no operating system. The
fscking lame BIOS is made for windoze and if some windoze shit
isn't there it thinks there isn't an OS around. No matter MBR
signature is ok, the partition table is ok... something is required
which isn't just there.
Another bunch of hours passed with several moves of trying to get
an EFI boot, no luck, or to try to figure out some combination of
partition table which works, without much success. In the meantime
I was able to find an USB stick state which was able to boot,
containing a new (v1.97) GRUB and the partition table created by
grub-mkrescue. So I figured upgrading Debian to latest (sid) may
help, because it contains the new GRUB plus it may support EFI,
Upgrading obviously requires a working ethernet or wifi, and
obviously... none of them were detected. For the record, here are
00:00.0 Host bridge : Intel Corporation 2nd Generation Core
Processor Family DRAM Controller [8086:0104] (rev 09)
00:01.0 PCI bridge : Intel Corporation Xeon E3-1200/2nd
Generation Core Processor Family PCI Express Root Port [8086:0101]
00:02.0 VGA compatible controller : Intel Corporation 2nd
Generation Core Processor Family Integrated Graphics Controller
[8086:0126] (rev 09)
00:16.0 Communication controller : Intel Corporation 6
Series/C200 Series Chipset Family MEI Controller #1 [8086:1c3a]
00:1a.0 USB controller [0c03]: Intel Corporation 6 Series/C200
Series Chipset Family USB Enhanced Host Controller #2 [8086:1c2d]
00:1b.0 Audio device : Intel Corporation 6 Series/C200 Series
Chipset Family High Definition Audio Controller [8086:1c20] (rev
00:1c.0 PCI bridge : Intel Corporation 6 Series/C200 Series
Chipset Family PCI Express Root Port 1 [8086:1c10] (rev b4)
00:1c.1 PCI bridge : Intel Corporation 6 Series/C200 Series
Chipset Family PCI Express Root Port 2 [8086:1c12] (rev b4)
00:1c.2 PCI bridge : Intel Corporation 6 Series/C200 Series
Chipset Family PCI Express Root Port 3 [8086:1c14] (rev b4)
00:1c.5 PCI bridge : Intel Corporation 6 Series/C200 Series
Chipset Family PCI Express Root Port 6 [8086:1c1a] (rev b4)
00:1d.0 USB controller [0c03]: Intel Corporation 6 Series/C200
Series Chipset Family USB Enhanced Host Controller #1 [8086:1c26]
00:1f.0 ISA bridge : Intel Corporation HM65 Express Chipset
Family LPC Controller [8086:1c49] (rev 04)
00:1f.2 SATA controller : Intel Corporation 6 Series/C200
Series Chipset Family 6 port SATA AHCI Controller [8086:1c03] (rev
00:1f.3 SMBus [0c05]: Intel Corporation 6 Series/C200 Series
Chipset Family SMBus Controller [8086:1c22] (rev 04)
01:00.0 VGA compatible controller : ATI Technologies Inc
Whistler [AMD Radeon HD 6600M Series] [1002:6741]
03:00.0 Network controller : Intel Corporation Centrino
Wireless-N 1000 [8086:0084]
04:00.0 Unassigned class [ff00]: Realtek Semiconductor Co., Ltd.
RTS5116 PCI Express Card Reader [10ec:5209] (rev 01)
04:00.1 SD Host controller : Realtek Semiconductor Co., Ltd.
RTS5116 PCI Express Card Reader [10ec:5209] (rev 01)
09:00.0 Ethernet controller : Atheros Communications Inc.
AR8151 v2.0 Gigabit Ethernet [1969:1083] (rev c0)
So, we have a Centrino Wireless-N 1000, which requires
driver and more importantly its firmware
which isn't quite free, so it goes onto the USB stick,
into its root specifically. The installer requires to look for
missing formware images on external drives, finds the usb and uses
it nicely. Still, wifi setup isn't trivial in the installer
(especially when using WPA2).
The ethernet... well it's an atheros 8151, using the atl1c driver,
which is part of debian, and doesn't even require any external
firmware... except it just doesn't get detected.
A nice summary can be read on the Debian
which tells the secret:
echo "1969 1083" > /sys/bus/pci/drivers/atl1c/new_id
And after that udev finds the card nicely. A small problem is
that when you have to try to reboot many times (to fix the
aforementioned boot issues as well as others) this has to typed
every time. Bummer, no mouse on console while installing.
Well yes, the upgrade worked, but still no boot. Dammit.
Another round of fiddling started, which resulted a working
combination of BIOS (efi then legacy), and MBR (GRUB's code but
partition was set as boot media!) and a few twists
with encrypted swap (which changed UUID in the meantime and
update-initramfs completely screwed up figuring it, so
/etc/crypttab had to be edited then initrd had to be completely
removed and re-created), and after all I ended up with a working
As a closing act I wondered whether windoze 0.7 survived, as people
mentioned for windoze 6? xp? whatever? that it dies when MBR
changes and require a reinstall media to fix, which I obviously
didn't possess (this was the reason for the honorable mention in
the first paragraph). Lenovo rescue was beyond rescue: bad media,
fix me with the DVD, but what DVD nobody could tell. To my greatest
surprise years didn't passed vainly on windoze as this extreme
professional version choked on MBR change (but of course, what else
to do anyway), but offered to fix itself and lo! it just did. So I
have a windoze partition as well as a game console or for those
programs which exist only there.
It wasn't that hard. ;-)
Right now Everything Works™, even the SD card reader. I have tested
with dual monitors and it works nicely. I didn't test eSata but
everything else looks fine. Battery time is 3hrs with active use or
close to infinity when suspended, real life lies between these two,
my guess would be around 4-5 hours. Charger is pretty quick: fully
charges around 1 hour.
So far I'm happy.
Maybe someone googles for this...
After an upgrade exim TLS barfs on several connection saying
(gnutls_handshake): Could not negotiate a supported cipher
(gnutls_handshake): An unexpected TLS packet was
All these are caused by the fuckin' gnutls update, which completely
starts vomiting when fed by OpenSSL generated key files and/or
certificates. In my case I had to regenerate the certificate of the
certtool --generate-certificate --load-request host.req
--outfile host.crt --load-ca-certificate CA/cacert.pem
but had to realise that certtol (of GNUTLS) simply
cannot handle encrypted key of the CA, and keeps telling completely
stupid error messages, like
certtool: importing --load-privkey: (null): Base64 decoding error.
and some may have realised that I did not even use
. Oh well. Turned out it's the encoded CA
private key. So first it has to be decoded, not by GNUTLS of course
since it chokes on it but openssl:
openssl rsa < ca.key > ca-fsck.key
which is obviosuly a very secure way to handle a CA
key. Anyway, now the generate-certificate
works and tries to
create a new cert. Of course extended fields are a way off unless
you go on and check all the possible options of the template.
After all this mess it works with the old host key and the new host
Lecseréltem a számítógépem. Pontosabban frissítettem, mert már
éves (ahol iksz
kettőnél nagyobb szám, jelenleg talán öt), és már annyi memória
kellett volna bele, ami nem fért, meg amúgy is a
feszültségszabályozó rész gyanúsan hideg volt, ez a régiek szerint
annak a jele, hogy megszállták a dæmonok. Szóval fél évnyi lelki
gyúrás után frissítettem.
Kéremszépen, műszaki lelkűeknek a specificationen (de már előre
látom, hogy itt fogom mindig megkeresni, amikor elfelejtem):
- alaplap Intel DH55HC
- cpu Intel Core I5-760 („Intel Inside - Idiot Outside”)
- memória (mert manapság már ennek is neve van…) Kingston
- video Zotac GT220 Zone Edition
A ház és a táp a régi (amennyiben a 3 hónapos táp az), a
monitor meg egy ideje már Samsung SMBX2450.
Persze gyors, a régihez képest (12000 BogoMIPS helyett 22300), meg
a 4 mag nyomja mint a meszes, meg halk is (egyelőre, még nem kapott
igazi komoly terhelést). Ami igazán nyom rajta az a 8GB RAM, mivel
már kezdett szűk lenni ennek a sok dög nagy memóriafalónak (de
mondjuk az is igaz, hogy százezer feletti email meg 100 feletti www
tab kezeléséhez kell). A video megy szépen, a hangja is okés (csak
le kell húznom róla a belső hangszórót, mert nagyon viccesen
kivezették rá a hangkártya PCM kimenetét, így hiába a fejhallgató,
Amúgy tele van USB-vel (12 db), nincs benne IDE (0 db), és elő
kellene kaparnom a soros porti csatlakozót is, amit láttam 5 éve
valamelyik dobozban... mert azt nem adtak hozzá.
De, ahogy mondani szokták: eddig jó.