grin agymenései
Taggalés számítógép

Intelligens program – unintelligens emberek

2014-01-17 14:49:53 írta grin

Ismét felbosszantottam magam és megint ugyanazon és már előre tudtam hogy fel fogom magam bosszantani rajta és azt is hogy legközelebb is fel fogom.

(…befejezetlen entry…)

Enable password saving in web forms

2013-05-23 10:27:04 írta grin
Some people just cannot get it.
I do not get into password security theory right now, it has been well debated to death already. Basically the best way – in my not-so-humble opinion – is to use different, long and random passwords everywhere (at least on the web) and store them in a secure password manager program protected with one very strong, but memorizable master password. (Unfortunately there are lots of programs and web services around offering password management while utilising security in horrible ways, including unsafe or weak encryption, transferring live passwords on the net, sometimes even unencrypted, or storing the cleartext passwords in an olnline database. It is really hard to find one which is secure, cryptographically sound and trusted. And don't get me started with online news articles written by miners and shoemakers playing mad scientist for the masses, telling which program is good and which is not; they can't even spell cryptography, let alone understand what it means. But that's a topic for another day.)
So I advise you to use a secure password storage, with long random passwords, lots of them.
For the web, the easiest way to use a browser with a secure storage. Firefox have one, if you use a strong master password it's quite safe (well, not Fort Knox, but "pretty good").
Sometimes you want to use external password manager, or anything which cannot autofill the form: there you retrieve the long random noise and try to copy it into the password field. Easy, quite secure (as long as you trust your copy buffer, but then again this is a different topic altogether; I do not start to talk you about swap files - security is a bitch).
So, here come the people who cannot get it.
Some people think it is really smart to disable browser password saving. Completely. For everyone. They think it's better to use memorizable "secure" passwords than long random ones. Or maybe they want to laugh at you trying to type them in. So they include shit on their webpage like "autofill=no" attributes. Nasty.
Others think that you should not copy secure passwords, Allah knows what'd on their mind, if they had any. Setting onPaste="return false" and like on web forms. Double nasty.
So here's a script, which is an adoption of someone's script I saved long time ago. I am lazy to look it up, if you're the author you're welcome to tell me and I'll inlcude the credits. The script was updated to handle oncopy and onpaste.

In Firefox at least you create a new bookmark and copy the whole stuff into the URL. Anytime you need to save passwords, click on it, then start filling out.


Installing Debian/Linux on Thinkpad Edge E320 Core i5

2012-03-24 20:14:52 írta grin
Got the new family member. Okay, eventually it was unavoidable that after being computer and network engineer for 20 years I going to buy a laptop. :-P So far I survived with desktop machines (and you know they accumulate pretty nicely), mobile phones (obviously Android, but they're way too small for real work) but now I realised it cannot go on anymore. I've been on the way for days and often I had to fix things and it's just not possibe using that phone...
I've been fighting this for 2 years now. The old Thinkpad T40 I inherited completely died, first the video ram got funnies, then the fan then the cpu went to see the Great Manitou. The next problem was to find something cheap without being sucky-sucky. I realised that if I want to have the best possible solution it'll take about forever. So okay, let's see what is NOW available around. This one is probably old enough to be cheap (as far as I see it's not listed in the current model line anymore) but good enough to be useable. Originally it's been a Toshiba but Lenovo got a more powerful cpu and better features.

Finally I picked a Lenovo Thinkpad Edge E320 129888G, Core i5-2450M @ 2.4GHz, 4G RAM, 320GB (290GiB) hdd and an Intel integrated and an ATI Whistler video card with a Radeon 6600M chipset. It possess a b/g/n wifi (Intel), an SM card reader (RTS5116 from RealTek), DSub and HDMI for ext video and an E-Sata for, well, just because. And 2 usb and the gig ethernet from Atheros closes the line. Not that bad, overall, for 3-6 hours of battery power. I mean, for approx $730 or €545.

Okay, that wasn't what I wanted to talk you about. I wanted to talk about:

Installing Linux on E320

It sucks. No, really, it does suck pretty hard. I mean, I'm doing this shit for 25+ years now and still took me the better half of the day, and a bit of the next. With the help of experience, google and lots of patience. And it's not Linux who's to blame, mind you.

Okay, so this came preloaded with some windows trash, v0.7 or something, for the fun without any install media. Which means that if it gets screwed up then you're probably on your own. Brilliant. Oh, I mean, no problem, windows never gets broken.

So this machine starts up nicely apart from the microsoft trash on it. I remembered that ages ago I've used Partition Magic to shrink it, but it seems it doesn't really exist anymore. But google told me that this kind of windoze can actually do it by itself. Really, it has the disk utility built-in which can actually - amond other things - shrink the partition. And worked pretty well, for a windows program.

So I have shrunk it to ~48 Gigs and the rest to be used. The disk contain 3(!!) partitions, one for thinkpad stuff and other is for some windows driver crap or whatnot, but fortunately one left to be used for logical partitions. (Don't get me started on EFI, that comes soon.)

So there's the partition, let's install it. I have a DVD install but I have no DVD in the machine, but fortunately I have an external USB drive. So lets boot!

Um, it doesn't. Starts windows (and every time either you wait for the crap to finish or have to poweroff it since there ain't to reset buttons on mobile stuff), everytime.

Okay, let's change the BIOS settings. I mean... I ... wtf? No bios prompt at boot. "Press ENTER to abort booting." Very funny fsckers, it goes faster into the bloody windows again.

Let's see F1? No. Ctrl-whatever? F12? Looks weird but no. Okay, the net told me F2, but F12 could be good for it either. So F2, enter the BIOS, and activate that bloody "show enter bios prompt" setting, and move over to boot order.

Boot order looks fine: first usb stick, then cd, then whatever, last hdd. Still, doesn't really care about it, starts hdd everytime.

Here came a longer gap when I have tried to look up what UEFI and EFI is, why and why not, what and whatnot, since this beast supports EFI boot. If you wonder you can look it up in Wikipedia.

No luck. Latest Debian DVD is supposed to boot on EFI as well as USB stick images, but no. I can set EFI only, no. I have tried Legacy Only and no. It may have been related to the fact that the machine boots faster than the DVD can identify the media. So I have disabled the hdd from boot and this way it was a bit faster to figure it out, without the need to see windows anymore.

Well, some combination of EFI and legacy boot, with efi first if I remember correctly, plus using the F12 boot which was able to delay the booting I was able to start the DVD. (After the mess I figured that newest USB images, which contain everything including the MBR can boot as well, but no way if I try to use my own MBR.)

The install went well, from an older Debian x64, installed grub, and I was kind of realised it won't be that simple.

And it wasn't. Grub didn't boot at all, no operating system. The fscking lame BIOS is made for windoze and if some windoze shit isn't there it thinks there isn't an OS around. No matter MBR signature is ok, the partition table is ok... something is required which isn't just there.

Another bunch of hours passed with several moves of trying to get an EFI boot, no luck, or to try to figure out some combination of partition table which works, without much success. In the meantime I was able to find an USB stick state which was able to boot, containing a new (v1.97) GRUB and the partition table created by grub-mkrescue. So I figured upgrading Debian to latest (sid) may help, because it contains the new GRUB plus it may support EFI, too.

Upgrading obviously requires a working ethernet or wifi, and obviously... none of them were detected. For the record, here are the internals:

00:00.0 Host bridge [0600]: Intel Corporation 2nd Generation Core Processor Family DRAM Controller [8086:0104] (rev 09)
00:01.0 PCI bridge [0604]: Intel Corporation Xeon E3-1200/2nd Generation Core Processor Family PCI Express Root Port [8086:0101] (rev 09)
00:02.0 VGA compatible controller [0300]: Intel Corporation 2nd Generation Core Processor Family Integrated Graphics Controller [8086:0126] (rev 09)
00:16.0 Communication controller [0780]: Intel Corporation 6 Series/C200 Series Chipset Family MEI Controller #1 [8086:1c3a] (rev 04)
00:1a.0 USB controller [0c03]: Intel Corporation 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #2 [8086:1c2d] (rev 04)
00:1b.0 Audio device [0403]: Intel Corporation 6 Series/C200 Series Chipset Family High Definition Audio Controller [8086:1c20] (rev 04)
00:1c.0 PCI bridge [0604]: Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 1 [8086:1c10] (rev b4)
00:1c.1 PCI bridge [0604]: Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 2 [8086:1c12] (rev b4)
00:1c.2 PCI bridge [0604]: Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 3 [8086:1c14] (rev b4)
00:1c.5 PCI bridge [0604]: Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 6 [8086:1c1a] (rev b4)
00:1d.0 USB controller [0c03]: Intel Corporation 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #1 [8086:1c26] (rev 04)
00:1f.0 ISA bridge [0601]: Intel Corporation HM65 Express Chipset Family LPC Controller [8086:1c49] (rev 04)
00:1f.2 SATA controller [0106]: Intel Corporation 6 Series/C200 Series Chipset Family 6 port SATA AHCI Controller [8086:1c03] (rev 04)
00:1f.3 SMBus [0c05]: Intel Corporation 6 Series/C200 Series Chipset Family SMBus Controller [8086:1c22] (rev 04)
01:00.0 VGA compatible controller [0300]: ATI Technologies Inc Whistler [AMD Radeon HD 6600M Series] [1002:6741]
03:00.0 Network controller [0280]: Intel Corporation Centrino Wireless-N 1000 [8086:0084]
04:00.0 Unassigned class [ff00]: Realtek Semiconductor Co., Ltd. RTS5116 PCI Express Card Reader [10ec:5209] (rev 01)
04:00.1 SD Host controller [0805]: Realtek Semiconductor Co., Ltd. RTS5116 PCI Express Card Reader [10ec:5209] (rev 01)
09:00.0 Ethernet controller [0200]: Atheros Communications Inc. AR8151 v2.0 Gigabit Ethernet [1969:1083] (rev c0)
So, we have a Centrino Wireless-N 1000, which requires iwlwifi driver and more importantly its firmware images which isn't quite free, so it goes onto the USB stick, into its root specifically. The installer requires to look for missing formware images on external drives, finds the usb and uses it nicely. Still, wifi setup isn't trivial in the installer (especially when using WPA2).

The ethernet... well it's an atheros 8151, using the atl1c driver, which is part of debian, and doesn't even require any external firmware... except it just doesn't get detected.

A nice summary can be read on the Debian wiki which tells the secret:
echo "1969 1083" > /sys/bus/pci/drivers/atl1c/new_id
And after that udev finds the card nicely. A small problem is that when you have to try to reboot many times (to fix the aforementioned boot issues as well as others) this has to typed every time. Bummer, no mouse on console while installing.

Well yes, the upgrade worked, but still no boot. Dammit.

Another round of fiddling started, which resulted a working combination of BIOS (efi then legacy), and MBR (GRUB's code but windoze partition was set as boot media!) and a few twists with encrypted swap (which changed UUID in the meantime and update-initramfs completely screwed up figuring it, so /etc/crypttab had to be edited then initrd had to be completely removed and re-created), and after all I ended up with a working multibooting Debian.

As a closing act I wondered whether windoze 0.7 survived, as people mentioned for windoze 6? xp? whatever? that it dies when MBR changes and require a reinstall media to fix, which I obviously didn't possess (this was the reason for the honorable mention in the first paragraph). Lenovo rescue was beyond rescue: bad media, fix me with the DVD, but what DVD nobody could tell. To my greatest surprise years didn't passed vainly on windoze as this extreme professional version choked on MBR change (but of course, what else to do anyway), but offered to fix itself and lo! it just did. So I have a windoze partition as well as a game console or for those programs which exist only there.

It wasn't that hard. ;-)

Right now Everything Works™, even the SD card reader. I have tested with dual monitors and it works nicely. I didn't test eSata but everything else looks fine. Battery time is 3hrs with active use or close to infinity when suspended, real life lies between these two, my guess would be around 4-5 hours. Charger is pretty quick: fully charges around 1 hour.

So far I'm happy.

Recording the fight won against gnuTLS

2012-02-29 22:56:11 írta grin
Maybe someone googles for this...

After an upgrade exim TLS barfs on several connection saying
 (gnutls_handshake): Could not negotiate a supported cipher suite.
or maybe
 (gnutls_handshake): An unexpected TLS packet was received.

All these are caused by the fuckin' gnutls update, which completely starts vomiting when fed by OpenSSL generated key files and/or certificates. In my case I had to regenerate the certificate of the key by:
certtool --generate-certificate --load-request host.req  --outfile host.crt --load-ca-certificate CA/cacert.pem   --load-ca-privkey CA/private/cakey.pem
but had to realise that certtol (of GNUTLS) simply cannot handle encrypted key of the CA, and keeps telling completely stupid error messages, like
certtool: importing --load-privkey: (null): Base64 decoding error.
and some may have realised that I did not even use --load-privkey option. Oh well. Turned out it's the encoded CA private key. So first it has to be decoded, not by GNUTLS of course since it chokes on it but openssl:
openssl rsa < ca.key > ca-fsck.key
which is obviosuly a very secure way to handle a CA key. Anyway, now the generate-certificate works and tries to create a new cert. Of course extended fields are a way off unless you go on and check all the possible options of the template.
After all this mess it works with the old host key and the new host certificate. Boo-hoo.


2011-06-06 08:23:07 írta grin
Lecseréltem a számítógépem. Pontosabban frissítettem, mert már lassan iksz éves (ahol iksz egyenlő tetszőleges, kettőnél nagyobb szám, jelenleg talán öt), és már annyi memória kellett volna bele, ami nem fért, meg amúgy is a feszültségszabályozó rész gyanúsan hideg volt, ez a régiek szerint annak a jele, hogy megszállták a dæmonok. Szóval fél évnyi lelki gyúrás után frissítettem.
Kéremszépen, műszaki lelkűeknek a specificationen (de már előre látom, hogy itt fogom mindig megkeresni, amikor elfelejtem):
  • alaplap Intel DH55HC
  • cpu Intel Core I5-760 („Intel Inside - Idiot Outside”)
  • memória (mert manapság már ennek is neve van…) Kingston KHX1600C9D3K2/8GX
  • video Zotac GT220 Zone Edition
A ház és a táp a régi (amennyiben a 3 hónapos táp az), a monitor meg egy ideje már Samsung SMBX2450.
Persze gyors, a régihez képest (12000 BogoMIPS helyett 22300), meg a 4 mag nyomja mint a meszes, meg halk is (egyelőre, még nem kapott igazi komoly terhelést). Ami igazán nyom rajta az a 8GB RAM, mivel már kezdett szűk lenni ennek a sok dög nagy memóriafalónak (de mondjuk az is igaz, hogy százezer feletti email meg 100 feletti www tab kezeléséhez kell). A video megy szépen, a hangja is okés (csak le kell húznom róla a belső hangszórót, mert nagyon viccesen kivezették rá a hangkártya PCM kimenetét, így hiába a fejhallgató, mindenki élvezi).
Amúgy tele van USB-vel (12 db), nincs benne IDE (0 db), és elő kellene kaparnom a soros porti csatlakozót is, amit láttam 5 éve valamelyik dobozban... mert azt nem adtak hozzá.
De, ahogy mondani szokták: eddig jó.

Taggalés számítógép


grin agymenései