Thursday, May 29, 2014

RIP Truecrypt

Truecrypt is no more.  Another victim of a national security letter or a visit by a man in black? Quite possibly.   Unfortunately FreeOTFE was also leaned on and had to shut down - the funny thing being that some government departments were using it!  I would have loved to hear Pamela Jones' view on these goings on, but she has been leaned on too and had to close down Groklaw a long time ago already.

If you were using TC before, then you should switch to LUKS, GPG or EncFS.  Note that LUKS can mount TC volumes.  If you are using Windows, then you are screwed anyway no matter what you do, so then you can just as well use Bitlocker as suggested by the TrueCrypt folks.

If you want to do any sort of security related IT work, then you should set up shop outside the USA. Fortunately Blackphone had the good sense to move to Switzerland already. 

Saturday, May 10, 2014

Fedora on a Mac: Change Cmd Key to Ctrl Key

I am running Fedora 20 on Virtualbox on a Mac.  This works pretty good provided that I use XFCE or LXDE and turn fancy desktop animations off, because the Mac version of Virtualbox doesn't do any video acceleration.

My prime annoyance is that the Linux Copy and Paste uses the Ctrl key, while the Mac uses the Command key.  This requires a hand shift when I copy and paste from the VM to the host.  A simple solution is to map the Linux VM Command key into another Control key, using xmodmap.

Create ~/.Xmodmap:
remove mod4 = Super_R 
remove mod4 = Super_L 
add Control = Super_R 
add Control = Super_L

Add a line to .bashrc:
xmodmap .Xmodmap

and apply the change by executing:
# xmodmap .Xmodmap

Now, in the Virtualbox configuration, change the Host key which is by default Command Left to something else.  I simply selected Command Right

From now on, I can copy and paste with the same key combination between the VM and the host with my left hand, without upsetting my muscle memory.

Wednesday, May 7, 2014

TFTP Server on Fedora Linux

For some odd reason, Fedora 20 still ships with a prehistoric and dysfunctional TFTP server, which requires the deprecated xinetd service.  Installing that is only good if you want a broken system that won't boot...

You can get a proper TFTP server here:
http://freecode.com/projects/tftp-hpa

Download tftp-hpa

Make a directory to work in  called sw:
$ cd
$ mkdir sw
$ cd sw

Get the file:
$ wget https://www.kernel.org/pub/software/network/tftp/tftp-hpa/tftp-hpa-5.2.tar.xz

Untar it:
# xzcat tftp-hpa-5.2.tar.xz > tftp-hpa-5.2.tar
# tar -xvf tftp-hpa-5.2.tar

(or simply tar -xJvf  tftp-hpa-5.2.tar.xz, if your copy of tar supports it)

Install the software development tools

First do an update:
# yum update -y
Install the software development tools: 
# yum install kernel-headers -y
# yum groupinstall "Development Tools" "Development Libraries" -y

You may also want to install the RPM tools, while you are at it:
# yum install rpm-build gvim -y

Apper Update Service Locking Yum

BTW, if you are running F20 KDE, then you will run into an annoyance with the software update processes incessantly checking for updates, thus keeping yum locked.  The overall best solution is to  uninstall apper completely and install yumextender instead:
# yum remove apper -y
# yum install yumext -y

Compile

The usual drill:
$ cd tftp[tab]
$ ./configure
$ make
$ make check

$ su
password
# make install

Configure

Make a directory for the load files:
# mkdir /tftpboot

Upload your software image files and note that all files must be marked READ ONLY, otherwise TFTP will not work!

# chmod 444 /tftpboot/*
# chown nobody: /tftpboot/*

You may want to put that in the TFTP server start up script, just to make sure it will actually work.

Start the TFTP Server to test it:
# /usr/sbin/in.tftpd -ls /tftpboot

You can put the above in a script in /usr/local/bin.

Test it with a TFTP client and try to get a file:
# touch /tftpboot/testfile 
# chmod 444  /tftpboot/testfile
# exit
$ tftp localhost -c get testfile

My TFTP launch script:
#! /bin/bash
/usr/sbin/iptables -F
chmod 444 /tftpboot/*
chown nobody: /tftpboot/* 
/usr/bin/killall in.tftpd
/usr/sbin/in.tftpd -ls /tftpboot

La voila!