Samstag, 2. November 2013

=== Exaile Music Player 3.3.2 has arived ===

As i suggested to Dustin Spicuzza he has made a more stable version 3.3.2 ready for installation:


* Tracks were sometimes selected incorrectly when searching a playlist
* Sometimes the main window wouldn't appear when minimizing to the
system tray
* More tags supported for MP4/M4A/FLAC/OGG files
* Locale bugs when executing --help
* Updated Windows installer dependency download versions
* Fixed plugins: librivox

And as i promised here are the exaile packages for opensuse 12.x and already for 13.1

Sonntag, 20. Oktober 2013

=== Free your Galaxy Tab 2 ===

First of all i am happy that i finally got rid of that stupid samsung androidlike version and now running a fully optimized android system 4.2.2 as it's meant to be. Android 4.2.2  needs much less power to operate. hence making the battery life from nearly a day up to 4 days.

Read carefully and i really recommend doing the flashing step with linux. i tried it several times with windows 7 and windows 8 but failed. You might
think the windows  way might be the more aproven way to do that. But i failed every single time i tried to do that.

Some additional statement:

  • freeing your phone is easy enough. However you should be fully aware about knowing what you are doing. If anything goes wrong i am not responsible for bricking your device.
  • Make sure that you have a fully charged battery or at least at 80 % battery charge.
  • I will use an external device and install the mod from there.
  • I used opensuse 12.3 for flashing the device with clockworkmod but other *nix based operating systems will also work.

__What we need__
(0) The tablet obviously and an external micro sd card.

(1) Download the clockworkmod

(2) Download the cyanogenmod

(3) [Optional] If you want to use your android devcice with google apps you have to download this from here . However this is not neccessary. There is an gpl alternative package manager for android called f-droid available

(4) Download the heimdall suite

(5) [Optional] If you download the cyanogenmod to pc. And i realy recommend doing that  you need to put the installer together with the clockworkmod to
your device. Install the Software datacable app to your android still 4.0 device 

__How we do it__
(1) [Optional] You should have donwloaded cynogenmod as well as the google apps package to your pc. Make sure these files are not corrupted by verifying it's md5 checksum. You can do this by typing

md5sum Mod.img

After verifying everything is fine you can set up a connection from your pc to your tablet with data cable and send the data to the root tree of your external device.

(2) Untar and verify heimdall. i use the x86 version The x64 did for some reason not work for me. Therefor if you are using x86_64 architecture, on suse
you should do

zypper in libusb-1.0.0-32bit

to install the 32 bit libraries of libusb from suse. rpm -ql libusb-1.0.0-32bit will reveal that the location of the needed library is /usr/lib/ Simply copy this file (not move!) to the directory where the heimdall binary has been extracted to.

(3) However you obtained the files. Cynogenmod and if needed gapps should be put to the root tree of the external card of your android device. That should
be /mnt/extSdCard.

(4) Power off the device. And keep holding the volume down key. This will boot the Samsung Galaxy Tab into download mode. Accept the disclamer and be aware of the warning. When the tablet is in download mode connect it with the computer using the usb cable shipped by your vendor.

(5) Put the clockworkmod into the same directory where the heimdall binary has been placed. Now execute the following command as root:

heimdall flash --recovery <recovery.img> --no-reboot "

The --no-reboot Option is important since samsung overrites the tablet with it's own bootloader. There should appear a blue gauge indicating that the clockworkmod recovery is transfered and installed.

(6) Now boot the device in to recovery mode. DO NOT REBOOT THE DEVICE. by pressing the Volume up and the Power button.

(7) Select wipe data/factory reset and Install zip from sdcard select the cyanogenmod file and wait until the installation has finished.

After this has finished you may optionaly install the gapps. However there is no need for that.

__Good to know__
If you want to be absolutely free you skip the installation of gapps and just use the f-droid  application manager. Which will give you access to all the free software apps. For example the Hackers Keyboard will give you access to a full featured keyboard as you know it from your computer.

Rooting your device is great but you should however install a firewall and start managing your autostarts. I recommend to you intalling the Autostarts and
the Droidwall package.

Also a backup solution would be great. The best way i found so far is Helium from clockworkmode which will also break my privacy rules. Not very satisfing.



Sonntag, 14. Juli 2013

=== Windows 7 more usable ===

After all these years i am sarting to use windows again. People may laugh at me but windows 7 for example has a lot of advantages to prior version. For instance the Power Shell or the netsh command for configurations of your network interfaces are two pretty neat features Windows has to offer. And as an IT-Pro you can't just ignore windows if you want a job.

Here are 3 awesome free porgrams you could have installed to make the desktop experience a bit better:

 1) Fences


 With Fences you are able to Organize Your Desktop Icons into groups. You create a fence by drawing a bounding box with the right mouse button. Each Fence can be named. And if you are doubleclick on the desktop all icons disapear.

Fences can be downloaded from here

2) Process Explorer

Process ExplorerThe Windows Process Explorer is part of the Microsft Sysinternals Suite which can be downloaded directly from Micorsoft. After unpacking the Suite you might copy this to your C:\Programms folder and adjust your Systems PATH variable. So that you can start programs directly from Start --> Search. Do do so from the desktop do the following: Right-click My Computer and select Properties. Now click on Advanced System Settings and on the In the System Properties window click the Environment Variables button. This will open a box where you can edit the systems path variable. Just open the PATH by double-click on this and add a Value seperated by  ";"(semicolon). After you have started Process Explorer you can use this one and replace the Task Manager. Just use Replace Task Manager from the Options menu of this program.

 3) Better Explorer

Better Explorer

 Better Explorer is an alternative Explorer which uses the Ribbon Style Explorer like in Windows8. The best way to have the best of both worlds. You can download it here.


Dienstag, 2. Juli 2013

=== Obtain versions of firefox in linux using python and bash ===

The following code will get you the versions of both: The firefox version currently installed and the one available for update on the server:

01 #!/usr/bin/env python
03 import os
05 # we look and store the local version of firefox in this function
06 def firefox_get_version_string(inputString):
07     firefox_version_string = os.popen(inputString).read()
09 # short name for firefox version number
10     fvn = " "
12     for i in firefox_version_string:
13         if i.isalpha() != True and i != "-" :
14            fvn = fvn + i
16     return fvn.strip()
19 firefox_version_remote = (firefox_get_version_string("curl -s -l|awk -F "".tar.bz2"" {'print $1'}"))
20 firefox_version_local = (firefox_get_version_string("firefox -v"))
22 if firefox_version_remote == firefox_version_local:
23     print("++++++++++++++++++++++++++++++++++++++++++")
24     print("This is a Testphase for autoupdate firefox")
25     print("version is up to date")
26 else:
27     print("++++++++++++++++++++++++++++++++++++++++++")
28     print("This is a Testphase for autoupdate firefox")
29     print("version differs. There might be a newer version available on the remote server")
30     print("consider implementing all of it.")
31     print("for now update must be done manually")

try it and enyjoy. oh and i am using python 2.7.3 by the way.

Mittwoch, 27. März 2013

=== Encrypt and automaticly mount external harddrive with debian ===

In my last blogpost i showed you how you can acutal get your usb devices to be encrypted.

Now let's suppose you have a lot of devices that needs to be encrypted as well as automaticly mounted on boot up.

One Word before we begin. This does only make sense if you fully encrypt your root filesystem. Since we will deploy the keys in here needed to automaticaly mount and decrypt these. If this filesystem is encrypted nobody should be able to access those keys when the disk with main root filesystem isn't mounted.

For this i assume you have a partition /dev/sdb1 on your device which already is encrypted.

(1) First let's figure out the uuid of the harddisk we want to decrypt. Note that we are using the UUID of the partition that was encrypted here not the one where the device gets mapped to.

blkid /dev/sdb1 
>> /dev/sdb1: UUID="056bb8d6-cdf6-4081-23d9-cdef8bf7c18b" TYPE="crypto_LUKS" 

(2) Now as root user we are editing the file /etc/crypttab 

#devicealias #uuid #key  #encrption method
_sdb1 UUID=<from blkid> /etc/cryptkeys/crypt_sdb1.key luks

(3) Next edit the /etc/fstab accordingly
/dev/mapper/crypt_sdb1    /mnt/Backup    ext4 auto,defaults   0   0

Great we have created the entries in both files. All we need todo is to create the keys. I suggest that you are put keys in /etc/cryyptkeys as i configured the /etc/crypttab but you could of course put them anywhere you like. However if you do this you need to change the entry in the /etc/crypttab file. So create the directory in /etc and make it readable and accessable to group and user root only.

(4) The following command will create a key
dd if=/dev/urandom of=/etc/cryptkeys/crypt_sdb1.key bs=4k count=1
chmod 400 /etc/cryptkeys/*

(5) As the final step add the key to luks. When asked for a password you must enter your current used password you were using when you were encrypting this partition in the first place
cryptsetup luksAddKey /dev/sdb1 /etc/cryptkeys/crypt_sdb1.key

Dienstag, 5. Februar 2013

=== Lockdown USB Devices ===

One fundamental security issue to face is that an unwanted person has usb-access and steal your files or even drop trojans or backdoors on your computer. It seems to be neccessary to lock up the usb devices.

I do this by

(I) whitelist the usbdisk that i had bought.

(II) encrypt the filesystem they are using.

The benefits for this is that only your devices can be used. and that nobody is able to access the usb devices you are using other but you. The disadvantages of this that you are the only person how can transfer data via usb to your pc.

To lockup and whitelist usb devices i luckily found this article in the internetz. Its a bit diffifcult to understand so will explain here how i did it.

(1) First lockup the usb stack by using the script i wrote Basicaly it disables the kernels access to the usb stack after startup by passing the "0" bit to the specific /sys subsystem located in the files


You should copy this script to /etc/init.d/usblock. Note: There is no .sh filename extension and add the script as startup service:

chkconfig -a usblock

At this point you do not need to start the script.

(2) Suppose you have a usbstick which is currently mounted from /dev/sdb1. Best practice would allowing the mapping of the usbstick by using something unique like the usb serial number. To get this number run the following command:

udevadm info -a -n /dev/sdb1|grep ATTRS{serial}


(3) Thanks to the article i mentioned above i was able to setup the required udev rule in /etc/udev/rules.d/01-udevlockdown.rules:

# Script by Adrian Crenshaw
## With info from Michael Miller, Inaky Perez-Gonzalez and VMWare
## By default, disable it.
ACTION=="add", SUBSYSTEMS=="usb", RUN+="/bin/sh -c 'for host in
/sys/bus/usb/devices/usb*; do echo 0 > $host/authorized_default; done'"
## Enable hub devices. There may be a better way than this.
ACTION=="add", ATTR{serial}=="123456789ABC", RUN+="/bin/sh -c 'echo 1>/sys$DEVPATH/authorized'"
## add further lines like above to allow more devices

(4) Now start the usblock "service":

service usblock start
service usblock status

and restart the udev service

service udev restart

and test your result by plugging in the device you just setup and an other usb drive. The result should be that the first one should get mounted normaly according to further udev rules in /lib/udev/rueles.d/ whereas the second device should be ignored.

(5) Whenever you need to add new device rules. Remeber that you first have to disable the usblock by using:

service usblock stop

before you can deploy new whilelist rules following steps 2 to 4.


(1) To encrypt your usb-sticks you need first to unmount them by using

umount /dev/sdb1

and using luksformat to encrypt and reformat (!) the device. In this step data which is not saved will get lost.

luksformat -t vfat /dev/sdb1


thats it for the start of this year.