Category: openSUSE/FreeBSD

How to use a GPG key and encrypt stuff?

In the wake of increased attempts at online frauds and information stealing, I thought it only befitting to write this step by step tutorial down for people who have never heard of GPG.

Simply put, GPG keys are used to encrypt information. To “encrypt information” means to make the information secure in a way that only a particular person can see what it contains. In other words, you lock the information and only the person having the key to the lock can open it.

Use Case 1: Bank account information over emails
Never send your bank account information (your account number, the name on the account, type of account, card number etc.) by email. Don’t even send the bank/branch you hold accounts in. Nothing – just don’t send any information at all over email.

So then how do you send information if you need to? Use GPG. Follow these simple steps:

  1. Put your account information in a text file (using your favorite text editor).
  2. Save the file and call it, say, account.txt.
  3. Run these commands (on your Linux/Unix/FreeBSD box):
# curl -L 'https://fryol.net/r/rishi-public-key' | gpg --import
# gpg --output account.gpg  -r 0x0B5267B1E3662EBB --encrypt account.txt

If you try and open account.gpg in the same text editor, you would see some garbage in there, which can now only be decrypted by the person whose key you used to encrypt account.txt.
Command 1 (of step 3)  was where  you downloaded my key (hosted on the link http://fryol.net/?u=key) and imported it into your gpg keyring.
Command 2 (of step 3) was to tell gpg to use  0x0B5267B1E3662EBB (which is a public key identifier of the key you imported) to encrypt the file account.txt.

For people who use Windows, there’s an easier way out: http://gpg4win.org/. The steps above would be very similar – I am sure there would be a way to import a key into that program using a URL. So then, all you do is provide it the URL of the person whose key you want to import and it should be able to use that key.

The file  account.gpg is now ready to be sent over email (to the person whose key you imported in command 1 of step 3).

This tutorial is only about encryption – decryption is a separate topic. (..and my primary motive for this post is to let people emailing me quickly encypt stuff).

See also: [http://www.madboa.com/geek/gpg-quickstart/#tosomeone].

Dual monitor automation

See the file ~/.config/monitors.xml – this file generally is screwed when you are changing the monitors being connected to your laptop. Most of the times, the symptoms are:

  • connecting to a new environment doesn’t automatically bring up the new monitor on-screen
  • a second VGA monitor is either not detected, or it just doesn’t get the display because: “your display resolution is only XYZ
    whereas you are trying to set a display resolution of ABC”
  • you can only set mirror display and not “dual display” as it should be

Since all of these problems are so chronic, you may want to consider doing away with your dual monitor automation (that gnome’s display applet provides) and using xrandr+customized X configuration. That would require you to use a script that you might have to run every time you change the number of monitors (like connecting a new one etc.). I wanted to believe that openSUSE 11.2 doesn’t need this any more, but I don’t think we’re there yet, since if you are traveling around with your laptop connecting to different resolution screens, it doesn’t work out of the box.

Or – delete the monitors.xml file every time you want to change resolutions. It’s still hacky.

For anyone who wants to try out the dual display script I use, here it is (copy paste this somewhere and save as dual-display.sh and chmod a+x on that file).

#!/usr/bin/sh

# Rishi Pande
# http://fryol./net
# dual-display.sh-0.0.3
# This works well on openSUSE 11.0 / Compaq nc6400, please report if it ain't
# working or even if it works elsewhere.

app=dual-display

if [ "x$1" != 'x-h' ];
   then
   dual_disp_resolution=$1;
else
   dual_disp_resolution=1440x900;
fi;

directions="\\n\
# You should make sure that you see similar settings\\n\
# enabled in the Display sub-section of /etc/X11/xorg.conf: \\n\
#     Virtual    2880 900 \\n\
# And these in the monitor sub-section \\n\
#     Option       \"PreferredMode\" \"1440x900\" \\n\
#     Option       \"Xinerama\" \"off\" \\n"

if [ "x$1" = "x-h" ];
   then
   echo "Usage: $app.sh [WIDTHxHEIGHT]";
   echo "$app: In case you want to undo things, plug out your laptop from the";
   echo "$app: docking station (or pull out the VGA cable) and run $app.sh again.";
   echo "$app: To use a different resoltion, please supply WIDTHxHEIGHT (like 1280x800)";
   echo "$app: as an arguement to the script, and if your /etc/X11/xorg.conf is fine,";
   echo "$app: things should work. Note that this resolution is for your VGA.";
   echo -ne "$app: These are the relevant settings in /etc/X11/xorg.conf:\n";
   grep Virtual /etc/X11/xorg.conf
   #echo -ne "\n$app: "
   grep -E 'Option.*Xinerama' /etc/X11/xorg.conf
   #echo -ne "\n$app: "
   grep -E 'Option.*PreferredMode' /etc/X11/xorg.conf
   echo -ne $directions
   exit;
fi;

if [  `xrandr --prop|grep ' connected'|wc -l` -gt 1 ];
   then
   xrandr --output VGA --preferred --mode $dual_disp_resolution --right-of LVDS;
   # With suse 11.0, this is no longer needed:
   #  xrandr --output VGA --left-of LVDS;
   #  xrandr --output VGA --right-of LVDS;
   #  dcop kwin KWinInterface reconfigure;
   else
   xrandr --output VGA --off;
fi;

Repositories for 11.2

I had to struggle a bit to get Amarok 1.4xx installed on a Gnome based openSUSE 11.2. The reason is that Packman’s 11.2 repository hasn’t been quite updated. So, even if you are on all the latest repositories, there will be a bunch of packages missing which would disable amarok installation. Since amarok is a must in my family (and the family laptop got upgraded to 11.2 too), these are the repos I used to make it work:

# sudo zypper ar http://download.videolan.org/pub/vlc/SuSE/11.2/ vlc
# sudo zypper ar http://download.opensuse.org/repositories/KDE:/KDE3/openSUSE_11.2 kde3
# sudo zypper ar http://download.opensuse.org/repositories/KDE:/43/openSUSE_11.2 kde4.3
# sudo zypper ar http://www.opensuse-guide.org/repo/11.2 x-suse-11.2
# sudo zypper ar http://download.opensuse.org/repositories/GNOME:/Community/openSUSE_11.2/ gnome
# sudo zypper ar http://packman.iu-bremen.de/suse/11.2/ packman.de
# sudo zypper ar http://packman.mirrors.skynet.be/pub/packman/suse/11.2 packman.be
# sudo zypper ar http://packman.unixheads.com/suse/11.1 packman.unix
# sudo zypper ar http://download.opensuse.org/debug/distribution/11.2/repo/oss/ debug
# sudo zypper ar http://download.opensuse.org/distribution/11.2/repo/non-oss/ non-oss
# sudo zypper ar http://download.opensuse.org/distribution/11.2/repo/oss/ oss
# sudo zypper ar http://download.opensuse.org/source/distribution/11.2/repo/oss/ source
# sudo zypper ar http://download.opensuse.org/update/11.2/ update
# sudo zypper ar http://download.opensuse.org/repositories/openSUSE:/11.2/standard/ standard

Just in case you want to use the commands as is to add these repos, I am listing them out above. Just copy paste into a terminal, and you should be good. (Some of the repos are redundant there – overlapping mirrors; but it doesn’t matter much).

openSUSE 11.2 – a sweet end to 2009 (ver1)

Last time I upgraded my installation to 11.1, I was truly disappointed with the release and resolved to create an extra partition on my laptop to make sure I test future releases for days before I really plan to move. I cannot afford any downtime or maintenance activity on my system since it literally takes my whole self offline.

This is where 11.2 comes in. I was ready with extra space and all the parameters to test out the release – and was in for this surprise! I didn’t need it (life’s like that). There are tons of feature improvements with 11.2 and some really nasty bug fixes (which I had trained myself to live with after the disastrous move to 11.1 from 10.2 – which was quite stable for me). The official list of bug fixes might not be very relevant to me (or some other users), so I am listing out my own experiences here:

  • scrolling in Firefox/Thunderbird etc. was extremely slow – fixed
  • compiz wasn’t working out of the box – it didn’t for a while this time around either
    • but after a logout and login (and enabling the Window manager together with making sure it had –replace in it), it works!
  • NetworkManager works much better now – no buggy behavior anymore when I switch from Wired to Wireless etc.
  • ext4 – yay! – I am so thrilled that I have an ext4 ready system now
  • an annoying coredump by konsole (every time I shut it down) – fixed
    • I use konsole+klipper in my Gnome environment, since these two apps are irreplaceable by anything in Gnome world

Update on 2009-11-20

  • dual monitor management was a PITA and I had personal scripts to automate switching+desktop extension using xrandr – fixed
    • no need for the script – if some *Ubuntu guy needs it, be my guest – [evil-laughter] (sheepy smile now)
    • this is not yet fixed – as soon as I took the lappy out of the docking station, it went back to single screen
    • and never came back to dual screen; the only way out is to logout/login (nothing else makes it work) [ashamed]
  • fingerprint scanner on my lappy works like a charm – there’s an error about “Cannot write PAM settings.” – but that can be easily fixed by:
    • editing the /etc/pam.d/common-auth to include the line:
      • auth    sufficient      pam_fp.so
    • or whatever has been written on in the /etc/pam.d/common-auth-pc file (you can check the log: /var/log/YaST2/y2log to see what exactly is going on

Annoyances:

  • as soon as you start up yast for software management, it assumes you want to install a bunch of packages
    • may be it was my system, but it still should give me an option to not do it!
    • I finally had to select every package to manually install and then remove it from the list by clicking on “remove’
    • best thing was, zypper doesn’t do anything when you do a sudo zypper up (while yast goes over the board)

All in all, I am very pleased with this release and applaud the openSUSE community for this release.

Lowmus – Play songs to your audio (music) system

Screen shot: Amarok XUL Remote + Winamp Edcast Plugin
Screen shot: Amarok XUL Remote + Winamp Edcast Plugin

Objective:
I wanted to play music from my laptop to my music system. So, if I fire up Amarok (or Winamp, in case it’s my wife), and I play a song – that should start playing onto my music system.

The best way to achieve it was to connect a low end machine on the network and connect the Audio out from the sound card of that machine into the music system’s Auxiliary port. Hurdles were the software to make it work seamlessly. Follow on…

Requirements:
Apart from a low end system, you also need the perfect OS, which expands to openSUSE. Perfecto.

  • an old system (can be as old as a Pentium 100 Mhz, with some 128MB RAM to spare)
    • this old system would be connected to the Auxiliary input of your music system
  • an openSUSE 10.3 CD (KDE) – Gawd, I love the lizards..
  • a laptop running any Linux or Win*****

After I got 10.3 SUSE running on the host, I connected lowmus (that’s the name I gave to my Pentium 2 166 Mhz with 256 MB RAM) to my old Panasonic audio system (a really old model) and did this:

  • sudo zypper in fluxbox icecast amarok

The next thing to do was login locally to the box (lowmus) and select fluxbox as my default window manager. I configured fluxbox to run amarok and icecast at startup. Essentially, this:

  • mkdir -p ~/.icecast/log/
  • cp /usr/share/icecast/doc/icecast_minimal.xml.dist ~/.icecast/icecast_minimal.xml
  • # changed password on line 24 onwards in ~/.icecast/icecast_minimal.xml
  • # changed logdir to ~/.icecast/log on line 134 onwards in ~/.icecast/icecast_minimal.xml
  • # changed user and group on line 183 onwards in ~/.icecast/icecast_minimal.xml
  • # edited ~/.fluxbox/startup to add these lines:
    • /usr/bin/icecast -c /home/$USERNAME/.icecast/icecast_minimal.xml &
      /opt/kde3/bin/amarok &
  • Used icecast plugin for Winamp on the laptop to stream video to lowmus
  • Configure icecast plugin to stream as Ogg and give the host IP of lowmus along with the passwords you had set above
  • Make sure to configure Amarok on the remote host (lowmus) to play a local stream
    • Fire up amarok on lowmus
    • Click on Playlist > Add Stream > enter [http://localhost:8000/stream.ogg
    • The stream.ogg is the mount point you configured in your Winamp plugin (edcast) or Amarok plugin
    • Hear the sound of music already? (if your player on laptop is playing music)
  • If you play Amarok on your lappy, there are loads of plugins available for icecasting music to lowmus
  • The only other thing you need on your laptop is the Amarok XUL remote
    • Make sure to do a sudo zypper python-qt on your remote host (lowmus)
    • Amarok XUL remote should be installed by doing Amarok > Tools > Script Manager > Install Script > (select the xul-remote-tgz file) and click ok! (do that on lowmus)
    • Configure the script to have the localhost’s IP and a port (preferable 8888) – click Run!
    • Fire up firefox on your laptop and connect to the IP above, like 192.168.1.4:8888
    • It would automatically install Amarok Remote plugin for firefox
    • Go to Tools > Amarok remote on Firefox (laptop) and click on Configure
    • Give your host (lowmus) IP a username (given in a step above) and password – port=8888
    • After you connect, you see Amarok’s playlist on your laptop from the remote host
    • You can increase/decrease volume using amarok remote and change to a different song on the playlist on the remote host (if you have enlisted those)

Play along!