Entries filed under English

Establish secure instant messaging connections via jabber and OTR

Posted on 12. April 2011 Comments

//update: even easier: My installer for both messenger and encryption

Instant Messaging is what most of you might know as ICQ, AIM, YIM, Windows Live Messenger(or „MSN“), Skype, Google Talk, etc.

What I’m going to show you is how to install the instant-messenger Pidgin, the encryption extension OTR and create a jabber-account with a provider of your choice. But don’t worry, this is not getting very technical, in fact, it probably takes you less than 5 minutes(!). At the end of the article you’ll find some more explanations and backgrounds, if you’re interested.

Step by step

1. Download Pidgin at http://www.pidgin.im/download (Link for Windows)

2. Download the OTR Pidgin plugin at http://www.cypherpunks.ca/otr/ (Link for Windows)

3. Install Pidgin, just doubleclick on the icon and press next every time you’re asked something. Then install the OTR plugin, same procedure.

4. Create a jabber account, for the beginning https://register.jabber.org/ will do. Just choose a nickname, that might be your real name, a nickname or some letter-number-chaos, just remember it and the password too.

5. Open Pidgin, you’re gonna be asked to create an profile/account. Choose XMPP as protocol. Username is the part in front of @jabber.org at your new jabber-address, so the nickname you chose before. Domain is jabber.org. Leave recource free and enter your password. Click Save.

7. Your buddy-list opens, as you might know it from ICQ or Skype. You can now add buddys via the main menu.

8. Enable OTR by clicking Tools/Plugins in the main menu, then scroll down, until you find Off-the-Records Messaging, make sure it’s checked.

9. As soon as you chat with someome who also has OTR installed, Pidgin creates a pair of keys(only for the first time). As from now on the connection is encrypted. Just make sure, the person you’re talking to, is really the person you think it is.

10. That’s what the verifying function is about. On the right side of a chat window, there is a button with encrypted but not authorized button, click on it and authorize your chat buddy via passphrase, question and answer or by compairing digital fingerprints over a secure connection, e.g. mobile phone or by standing next to each other.

 

Extra Information

Pidgin is a multi platform chat client. This means you can use whatever chat provider you want to, such as ICQ, Windows Live(MSN) or Skype and use just one programm for all of them. Also, OTR works with all of them, but to be completly independent on commercial providers, I chose jabber.

Jabber works a bit like e-mail (decentralized, that is). You have to choose a provider, just like you would choose hotmail.com, googlemail.com, yahoo.com etc for e-mail. There a quite a few providers, for example the Chaos Computer Club in Germany or even German Universities. Since most jabber software is free software you might even want set up your very own jabber server in your basement like me.

OTR has a pretty good encryption. The big advantage is the encryption from end to end, so unless the attacker is in control over your computer, no one can see what you’re writing. Plus, it’s plausible deniable, see Plausible Deniability at wikipedia

Jabber, or rather the protocol XMPP is used by various big companies such as Google(google talk) or Facebook(facebook chat). You just hardly ever get to know what’s behind a system.

Flattr this!

IPv6 Privacy extensions Ubuntu 10.04

Posted on 15. Januar 2011 Comments

If not already happened, add the following to /etc/udev/rules.d/70-persistent-net.rules:

SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*",
ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*",
RUN+="sysctl net.ipv6.conf.%k.use_tempaddr=2"
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*",
ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="wlan*",
RUN+="sysctl net.ipv6.conf.%k.use_tempaddr=2"

Usually this happens when installing miredo or similar IPv6 tunneling software, but you might want to double-check it. Also, check if the eth* and wlan* fit your ethernet/wifi devices.

btw, unfortunately Android and I-Phone Devices don’t have this, which causes quite a bit privacy concerns, see heise.de on IPv6 on Smartphones for more information (German)

Flattr this!

Speicherkarte gefunden – Besitzer gesucht – Sydney NYE 2008

Posted on 26. Dezember 2010 Comments

German Version below.

As I was doing some backups I found some pictures of a girl I have never met on my SD Card. Well, actually, it probably isn’t mine;) Inspired by this blog post by steffen (and since it worked for him) I decided to try finding this girl over the internet.

So, dear Internet, do you know this Jane Doe?

On the pictures you see Sydney, NSW on 31/12/2008, mostly the harbour and Bondi Beach the next morning(01/01/2009). I’ve been to Sydney so I most likely took the SD Card accidentally while living in a hostel in Newtown. The photos were taken with a Nikon E4600. Sorry that I had a look at your photos but I guess that’s the only way to get them back. Write me an email to repat[at]repat[dot]de or drop a comment here.

Als ich heute Backups gemacht habe habe ich Bilder auf einer SD Karte gefunden, von einem Mädel, das ich nie in meinem Leben gesehen habe. Inspiriert von diesem blog post von Stefan werde auch ich versuchen den rechtmässigen Besitzer über das Internet zu finden, immerhin hat es bei ihm geklappt.

Also, liebes Internet, kennt ihr diese Jane Doe?

Auf den Bildern sieht man überwiegend den Hafen von Sydney am 31.12.2008 und Bondi Beach am nächsten Morgen(1.1.2009). Ich bin selbst in Sydney gewesen und habe die Karte wahrscheinlich ausversehen in einem Hostel in Newtown eingesteckt. Die Fotos wurden mit einer Nikon E4600 gemacht. Tut mir leid, dass ich mir die Bilder angeschaut habe, aber das ist wohl die einzige Möglickeit sie wieder zu bekommen. Schreib mir eine mail an repat[at]repat[punkt]de oder hinterlasse hier einen Kommentar.

Flattr this!

Diaspora and status.net/identi.ca

Posted on 15. Dezember 2010 Comments

Today I read the following on twitter:

and now !Diaspora is mirroring into !statusnet. Excellent! #microblogging #socialnetworks #onefeedtorulethemall

originally from http://encyclomundi.status.net/notice/11978

After I scrolled through diaspora it turns out that’s what he ment:

I was imprecise in my grammar. My Diaspora is feeding into my statusnet, because i put the RSS feed from Diaspora into mirroring option on statusnet. Statusnet is pulling, Diaspora is not pushing 🙂

That’s of course not a bad idea, although identi.ca doesn’t support this. Luckily twitterfeed.com also supports status.net, so identi.ca:) Just create an account, enter your RSS Adress(https://joindiaspora.com/public/username) and there you go:)

Flattr this!

Diaspora on Dockstar with Debian Lenny

Posted on 13. Oktober 2010 Comments

I’ll write this in English because more people might want to read it;)

Diaspora, programmed by 4 young hackers in NYC, is „The privacy aware, personally controlled, do-it-all, open source social network“(joindiaspora.com). Some say it’s gonna be a facebook killer, some say it’s gonna fail for various reasons. Basically, the idea is to create your own server – seed – which „speaks“ to other servers on the diaspora network, so a decentralized network instead a central server(farm) like facebook or several others. The main reason to do this is that your data stays in your own hands. Therefore everybody would have to install their own servers, which 99,9% of all internet users wouldn’t, simply because they wouldn’t know how.

Unfortunately they decided to write the whole thing in ruby(on rails), which I don’t know and most of the paid-hosters don’t support by default(unlike http/php/mysql/perl). As the database system they chose MongoDB, unusual as well.

My idea would have been, to install Diaspora on a mini server like the Sheeva Plug or Dockstar(3-5 Watt), with a debian/gentoo system on a USB Stick. It’s not to hard, there are a lot of tutorials on the internet. All the packages, like ruby/rake are supported. But would have? Yes, because obviously MongoDB doesn’t support ARM(Debian Lenny on a Dockstar with all dependencies installed):

In file included from db/../bson/bsoninlines.h:21,
from db/jsobj.h:43,
from db/jsobj.cpp:21:
db/../bson/util/atomic_int.h:96:4: error: #error "unsupported compiler or platform"
scons: *** [db/jsobj.o] Error 1
scons: building terminated because of errors.

So unless you want to keep your HomePC running 24/7(effect on environment? energy cost?), there’s no chance to host your own Diaspora seed at home. Therefore you have to pay a hoster to do so, and nearly nobodie’s gonna do that, because facebook is for free. I don’t think Diaspora will change their database system, so this goes out to all MongoDB developers: Please add support for ARM! According to this post on in a google group it can’t be too hard, but I really can’t tell:/ As I found out while googling I obviously wasn’t the only person who thought this might be a good idea:)

I’ll try to keep you uptodate, if anybody finds a solution, please post a comment:)

update: I just tried to use the same code for ARM as for i386 and – of course – got an error:

/tmp/ccEB7sgz.s: Assembler messages:
/tmp/ccEB7sgz.s:7236: Error: bad instruction `lock'
/tmp/ccEB7sgz.s:7237: Error: bad instruction `xadd r3,[r2,#0]'

Unfortunately I don’t know any ARM ASM, but maybe someone can translate?

update: In the code(/bson/util/atomic_int.h) it said

#elif defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_4)
// this is in GCC >= 4.1

So I just added || defined(__arm__) because my dockstars gcc said:

# gcc -v
Using built-in specs.
Target: arm-linux-gnueabi
Configured with: ../src/configure -v --with-pkgversion='Debian 4.3.2-1.1'
 --with-bugurl=file:///usr/share/doc/gcc-4.3/README.Bugs --enable-languages=c,c++,fortran,
objc,obj-c++ --prefix=/usr --enable-shared --with-system-zlib --libexecdir=/usr/lib
 --without-included-gettext --enable-threads=posix --enable-nls
 --with-gxx-include-dir=/usr/include/c++/4.3 --program-suffix=-4.3 --enable-clocale=gnu
 --enable-libstdcxx-debug --enable-objc-gc --enable-mpfr --disable-libssp --disable-sjlj-exceptions
 --enable-checking=release --build=arm-linux-gnueabi --host=arm-linux-gnueabi --target=arm-linux-gnueabi
Thread model: posix
gcc version 4.3.2 (Debian 4.3.2-1.1) 

I thought this might work. Then it compiled for about 3 hours and I got this error:

db/jsobj.o: In function `mongo::AtomicUInt::operator++(int)':
/root/mongo/db/../bson/util/atomic_int.h:60: undefined reference to `__sync_fetch_and_add_4'
util/message.o: In function `mongo::AtomicUInt::operator++(int)':
/root/mongo/util/../util/../db/../bson/util/atomic_int.h:60: undefined reference to `__sync_fetch_and_add_4'
db/stats/counters.o: In function `mongo::AtomicUInt::operator++(int)':
/root/mongo/db/stats/../../bson/util/atomic_int.h:60: undefined reference to `__sync_fetch_and_add_4'
/root/mongo/db/stats/../../bson/util/atomic_int.h:29: undefined reference to `__sync_fetch_and_add_4'
/root/mongo/db/stats/../../bson/util/atomic_int.h:29: undefined reference to `__sync_fetch_and_add_4'
db/stats/counters.o:/root/mongo/db/stats/../../bson/util/atomic_int.h:29: more undefined references to `__sync_fetch_and_add_4' follow
s/chunk.o: In function `mongo::AtomicUInt::operator++()':
/root/mongo/s/../client/../util/../util/../db/../bson/util/atomic_int.h:57: undefined reference to `__sync_add_and_fetch_4'
/root/mongo/s/../client/../util/../util/../db/../bson/util/atomic_int.h:57: undefined reference to `__sync_add_and_fetch_4'
/root/mongo/s/../client/../util/../util/../db/../bson/util/atomic_int.h:57: undefined reference to `__sync_add_and_fetch_4'
collect2: ld returned 1 exit status
scons: *** [mongodump] Error 1
scons: building terminated because of errors.

Any ideas? Seems like gcc has to be >= 4.4.0. Might be a good idea to install squeeze instead of lenny but it’s nearly 5am and I can’t be bothered now;)

Update: at the MongoDB Bugtracker the user Eliot Horowitz stated:

„Unfortunately compiling is only a small portion of the issue.
The bigger problem is endianness – which is fixable, just a fair amount of work.“

I guess we’ll just have to wait-.-

Update: Great news! Looks like somebody finally did it:

Although they did not really write a tutorial… I can’t seem to find that many differences in the code but it’s definitly right, that ARM is bi-endian(didn’t know that until my professor told me this semester). Might work with the newser gcc version. Anyway, if I find some free time, I’ll test it.

 

Related:

 

Flattr this!

pam_face_authentication with Ubuntu 9.10(Karmic Koala) + GDM + Speedlink Webcam

Posted on 3. Mai 2010 Comments

There are probably several ways to install OpenCV. I decided to compile it by myself, because the .deb-package(found here) collided with lib-…something and that was definitely necessary for pam_face_authentication, though that happened on my Toshiba M10 with Lucid Lynx 10.04 and not on the Karmic Laptop.

Anyway, even if it works for you, this definitely doesn’t hurt. Download the latest version of OpenCV(2.1.0 at the time) here and follow the very same Installation Guide:

cd ~/projects/OpenCV-2.1.0
mkdir release
cd release
cmake -D CMAKE_BUILD_TYPE=RELEASE -D CMAKE_INSTALL_PREFIX=/usr/local -D BUILD_PYTHON_SUPPORT=ON ..
make
make install
export LD_LIBRARY_PATH=~/projects/OpenCV-2.1.0/release/lib:$LD_LIBRARY_PATH
sudo ldconfig

This should work without any error messages, which – of course – it didn’t. For example, I had to install libqt4-dev and qt4-make and a couple of others, just have a look at synaptic or apt-cache and try to google the error message. Also took quite a while.

Now download the source code from http://code.google.com/p/pam-face-authentication/ , my version is 0.3. Then follow the video instructions:

cd pam_face_authentication-0.3
mkdir build
cd build
cmake -D CMAKE_INSTALL_PREFIX=/usr ..
make
sudo make install

Same thing, should work perfectly fine. Try to google error messages, if you get any. On my Toshiba with Lucid I got loads of error messages, don’t know what went wrong, but the cmake command just doesn’t work. On Karmic however no problem at all.

Next thing was nearly more difficult: installing a webcam. As I posted before, my Speedlink SL-6810 worked out of the box with camorama, but somehow I couldn’t get it to work. Turns out you need sudo(root privilege) to open /dev/video0, duh!. Same thing with cheese or other programs for webcams. These programs are designed to use libv4l libraries. qt-facetrainer, the program you need to capture a couple of sets for the recognition of your face, however has to be told to use these for this specific webcam.
Try

sudo LD_PRELOAD=/usr/lib/libv4l/v4l1compat.so qt-facetrainer

(Thanks to rohan.anil and mystercoco)

So once you got your camera working, we’ll try to implement the whole thing into GDM, which I thought is pretty complicated but is actually quite easy. Thanks again to Rohan’s Blog:
Just add this line:

auth sufficient pam_face_authentication.so enableX

to /etc/pam.d/gdm, as it is said in his blog. Works fine for Karmic, can’t say anything about Lucid.
For my webcam, you’ll also need the libv4l for login, so create a /etc/ld.so.preload and just write

/usr/lib/libv4l/v4l1compat.so

in it. This will provide GDM with any information required to login by face authentication.

That’s it. Leave comments if there are any questions:)

Weblinks

Flattr this!

Wiimote Whiteboard Deutsche Untertitel

Posted on 19. April 2010 Comments

Es gibt schon einige Übersetzungen aber ich hab auf Anhieb keine Deutsche gefunden. Jetzt habe ich zwar nicht das Problem mit Englisch aber vielleicht andere und ich hatte noch keine Lust schlafen zu gehen und wollte ausserdem schon immer mal wissen wie man Untertitel schreibt:

w3.org hat Probleme mit dem Code angezeigt, deswegen hier ein Link zu youtube: Wiimote Whiteboard Deutsch

Flattr this!

Aircrack Dokumentation auf deutsch

Posted on 3. April 2009 Comments

2006 habe ich angefangen die aircrack-Dokumentation ins Deutsche zu übersetzen, bin aber nie fertig geworden. Manche Passagen sind etwas schlechter geraten, da ich 2006 auch ehrlich gesagt noch nicht viel Ahnung von W-LAN, geschweige denn von WEP oder Verschlüsselungen allgemein hatte. Man sollte auch beachten, dass die Informationen natürlich nicht mehr aktuell sind. Vielleicht bringt es aber doch noch dem einen oder anderen etwas.

Hier der Link:

http://repat.de/files/aircrack documentation.html (Original: http://repat.re.ohost.de/aircrack.html ist offline)

Die originale und aktuelle Dokumentation findet man hier:

http://www.aircrack-ng.org/doku.php#documentation

Meines Wissens fällt aircrack unter der Hackerparagraphen.

Flattr this!