BBC News - Ubuntu sets crowdfund pledge record for Edge smartphone.

In between my running, I am now going to start seeking profession certification in linux. It’ll give me something to get a leg up back into the software world, plus let me use something I care about, rather than the very frustrating (and annoying) Windows 7.

Here’s a snippet to extract all the ZR zips. Copy all the zips onto your desktop and run this in a console window

for a in .zip do unzip -o $a -d <a class="zem_slink" title="Basename" href="http://en.wikipedia.org/wiki/Basename" target="_blank" rel="wikipedia">basename</a> $a .zip rm $a rm basename $a .zip/.json done

Now, each ZR zip contains the audio (as mp3s), plus a json file detailing what item ranges can be picked up during each block and with what probability. We don’t need this for what we are doing.

There’s also no telling whether or not Six to Start will start including other files within their zips, so rather than extract just the mp3s, I extract everything, then take out what I know I don’t need.

I’ve been tinkering with my LVM config and exploring, and trying to learn how to setup an encrypted Logical Volume, and then, how to grow and shrink it. I’d like to share my workings with you so you know too. This is a long article, so I’ve hidden it under a cut.

Remember, before you do ANYTHING that involves shrinking or resizing partitions on your hard drive, you MUST make a backup. Ideally as an image. If anything goes wrong, you will need to revert back to this image.

I’m not going to give you a background on LVM or crypt volumes. If you need that, try this link, this link and this link.

Firstly, let’s talk shrinking a volume. If you don’t have any room for an encrypted LV, then you must resize an existing LV. I’m resizing one of my LVs (which contains some videos from my dashboard camera), and reducing it by 10GB ("-L -10G" means “resize to -10G (e.g. 10GB smaller than it currently is.) “-r” means “run resize2fs to resize the filesystem inside the LV”. “-v” means “be verbose”

lvresize -L -10G -r -v /dev/HitachiVG/Dashcam

Once the resize is complete, we can create a new LV in the same Volume Group. Since I’ve just resized my other LV down by 10G, this new one must be 10GB or lower. Here, I give it a name (-n), tell LVM I want rw access (-p), to be verbose (-v) and specify a size of 10GB (-L 10G). I also have to tell LVM which volume group I want to put this new LV in (HitachiVG)

lvcreate -n CryptTesting -p rw -v -L 10G HitachiVG

Once the LV has been successfully created, we can now format the LV as a LUKS volume. Here, I tell it I want to use the AES crypto algorithm (-c aes) , and use a SHA256 hash (-h sha256). I also have to give it the mapping of the new LV (/dev/mapper/HitachiVG-CryptTesting). A password will need to be set at this point.

cryptsetup luksFormat -c aes -h sha256 /dev/mapper/HitachiVG-CryptTesting

When the format is completed, I can now decrypt (open) the new crypt volume, giving the new name I want the decrypted mapping that will appear in /dev/mapper/ directory.

In the example below, once the mapping for the decrypted (volume will be /dev/mapper/DecryptedTest)

cryptsetup luksOpen /dev/mapper/HitachiVG-CryptTesting DecryptedTest

With the decrypted volume open, I can now format it. I’m using ext4 here, but you could use anything

mkfs.ext4 /dev/mapper/DecryptedTest

I’m creating a mount point manually here for the purposes of testing, but you can use cryptmount

mkdir /media/DecryptedTestMount

Mount the decrypted volume so you can start using the content

mount -t ext4 /dev/mapper/DecryptedTest /media/DecryptedTestMount/

At this point, you can work with the content. For this test, I’m going to create a 512MB file

dd if=/dev/zero of=/media/DecryptedTestMount/dummyfile bs=1M count=512

Now we can unmount the volume

umount -f /media/DecryptedTestMount/

(Optional) We can change the way we unlock the crypted volume by creating and adding a key to the crypted volume. I’m making a 409,600 byte key, but you can mess around with your own values here.

dd if=/dev/urandom of=./crypttest.key bs=1024 count=400

Remember that the key will unlock the crypted volume, so you should, where possible avoid having it accessible by other users. You should also lock it down - for example, by making it only readable to root (or whichever user is going to use the key)

chown root:root ./crypttest.key chmod 400 ./crypttest.key

Now we can add the key to the crypted volume

cryptsetup luksAddKey /dev/mapper/HitachiVG-CryptTesting ./crypttest.key

To test the key method works, we close and reopen the crypted volume, this time, passing the key file. This time, it shouldn’t prompt for a password.

cryptsetup luksClose DecryptedTest cryptsetup luksOpen –key-file=./crypttest.key /dev/mapper/HitachiVG-CryptTesting DecryptedTest

Mount to check the content is untouched

mount -t ext4 /dev/mapper/DecryptedTest /media/DecryptedTestMount/

Unmount

umount -f /media/DecryptedTestMount/

Now, we have an encrypted LV. Now we move onto shrinking the crypted volume. We will resize in the following order:

1. Decrypted Filesystem
2. Logical Volume

First, we must run a fsck on the decrypted filesystem

e2fsck -f /dev/mapper/DecryptedTest

Now, we resize the filesystem. I’m resizing it down to 1GB

resize2fs /dev/mapper/DecryptedTest 1G

Close the crypt volume

cryptsetup luksClose /dev/mapper/DecryptedTest

Now we resize the LV. You may get a warning here that you may lose data. You MUST make sure you have a backup before resizing.

lvresize /dev/HitachiVG/CryptTesting -L 1G

We close and reopen the crypted and decrypted volumes

cryptsetup luksClose /dev/mapper/DecryptedTest cryptsetup luksOpen –key-file=./crypttest.key /dev/mapper/HitachiVG-CryptTesting DecryptedTest

Because of the crypt resize the crypted and decrypted filesystems aren’t exactly the same size, so let’s make them match. If you don’t do this, any fsck you run on the decrypted volume will flag up as an error. This line resizes the decrypted filesystem to fit the space available for it.

resize2fs /dev/mapper/DecryptedTest

Now let’s do a final fsck to make sure everything is OK

e2fsck -f /dev/mapper/DecryptedTest

Now growing. Let’s say I wanted to grow the crypted filesystem back up to 10GB. This is easier because you’re making things BIGGER, not smaller. First, close the decrypted volume if it is already open

cryptsetup luksClose /dev/mapper/DecryptedTest

Resizes must happen in the REVERSE order to the shrinking:

1. Logical Volume
2. Decrypted Filesystem

lvresize -n -L 10G -v /dev/mapper/HitachiVG-CryptTesting

Open the crypted volume

cryptsetup luksOpen –key-file=./crypttest.key /dev/mapper/HitachiVG-CryptTesting DecryptedTest

Resize the Decrypted file system to fit

resize2fs /dev/mapper/DecryptedTest

The filesystems are now grown

As a result of the Ubuntu Forums hack recently, I’ve now had to spend several hours going through all my internet logins accounts to see whether or not I have used the same password anywhere else. Not surprising, I have so I have to go through and change them all. Fortunately, LastPass allows me to generate secure passwords which  I can use to replace other passwords. The only real place where I would be concerned if they have access would by emails, but I have 2-factor authentication turned on there, and have had it turned on for many months, and they need my email address, password AND phone to get into my account. Even my backup codes are stored on a TrueCrypt volume stored on a LUKS partition on my laptop so they would need two passwords to get at those.

Mind you, it IS good that these forums were hacked, it’s given me a reason to go through my accounts and see which ones I still use and which ones I can delete.

Related articles

• Ubuntuforums.org Hacked (it.slashdot.org)
• Ubuntu Forums (blenderfox.com)
• Ubuntu Forums Hacked, All User Names and Passwords Have Been Stolen (news.softpedia.com)
• IMPORTANT! Ubuntu Forums Hacked (unixmen.com)
• Ubuntu Forums Hacked, 1.8 Million Passwords, E-Mails & Usernames Stolen (omgubuntu.co.uk)
• The Most Unsafe Passwords of 2012 Look a Lot Like the Ones from 2011 (staples.com)
• Email and passwords compromised after attack on Ubuntu Forums (news.en.softonic.com)
• Ubuntu forum hack sets same-password users at risk (itwriting.com)
• Ubuntu Forum Security Breach (news.slashdot.org)
• Notice of security breach on Ubuntu Forums site (canonical.com)

youtu.be/eQLe3iIMN…

Hello,

You are receiving this message because you have an account registered with this address on ubuntuforums.org.

The Ubuntu forums software was compromised by an external attacker. As a result, the attacker has gained access to read your username, email address and an encrypted copy of your password from the forum database.

If you have used this password and email address to authenticate at any other website, you are urged to reset the password on those accounts immediately as the attacker may be able to use the compromised personal information to access these other accounts. It is important to have a distinct password for different accounts.

The ubuntuforums.org website is currently offline and we are working to restore this service. Please take the time to change your ubuntuforums.org account password when service is restored.

We apologize for any inconvenience to the Ubuntu community, thank you for your understanding.

The Canonical Sysadmins.

Related articles

• Ubuntu Forums Hacked, All User Names and Passwords Have Been Stolen (news.softpedia.com)
• Ubuntu Forums Hacked (sucuri.net)
• Ubuntuforums.org Hacked (it.slashdot.org)
• Email and passwords compromised after attack on Ubuntu Forums (news.en.softonic.com)
• Notice of security breach on Ubuntu Forums site (canonical.com)
• Neil Oosthuizen: Ubuntu Forums (nlsthzn.com)
• Ubuntu Forums Hacked - Millions of Username, password, email address stolen (ehackingnews.com)
• Linux forum hacked and user details collected (pcauthority.com.au)
• Passwords of 1.8M Ubuntu Forums users compromised in hack (net-security.org)

Linux is no longer a “geek” OS as this article proves.

Who’s Using Linux? CIOs May Be Surprised… [FLIPBOOK].

Linux is slowly but surely gaining ground as more and more people see its effectiveness.

Does anyone here play PKR? I’m trying to learn the game and I’m mediocre at best, so would like to get a few additional contacts to add to my list, and maybe get some tips….

Related articles

• PKR 3D Poker v1.0 APK Free Download (reviewbyh20.blogspot.com)
• PKR Launches Android Poker App (sys-con.com)
• (Note on the above links -- limited devices are supported by the app)

A small script to help speed up regular updates for P2P block lists that you might be using for filtering for apps like routers, mail servers, or BitTorrent.

I’ve taken my block lists from iblocklist.com, but you can add your URLs to the list and have it download and concatenate as well. Some apps will need to be restarted to use the new filter list. Others might not.

TMPFILE=iblock.tmp FINALFILE=iblock.p2p

if [ -f $FINALFILE ]; then echo “Removing already existing $FINALFILE” rm $FINALFILE fi echo Renaming temp file $TMPFILE to $FINALFILE mv $TMPFILE $FINALFILE

Ever get a file off the internet with a .tar.bz2 extension? Well, you can extract it in one step like this:

curl [cf1.vuze.com/files/Vuz...](http://cf1.vuze.com/files/VuzeInstaller.tar.bz2) | tar xjv

Rather than extracting the tar first, then extracting the tar, then removing the archives. Running curl and piping it to tar in this way means you don’t need to write anything to the disk other than the extracted files, and it extracts as it goes.

No, not the camera thingy, this is to do with Android. I just found out about EOS today which is another variant of AOSP by a different team. I’ve had a few problems with CyanogenMod, and I’ve tried AOKP, so I’m going to give EOS a go next and see if that’s any better.

I’ve been using Tor for a while now, and have been tinkering with settings to try to get it work right. One of the many frustrating things is DNS leaking whereby an application resolves DNS using the host DNS and not via Tor. Consequently, since the DNS server of your PoP (Point of Presence) is usually your ISP’s DNS server, or a DNS server maintained by your ISP, they can easily eavesdrop on your surfing behaviour, by simply connecting a DNS query with a traffic stream to that same IP soon afterwards.

Using DNS via Tor is a bit of a pain, but there are various ways I’ve found that seem to work. Some better than others.

Solution 1: Local DNS Host

It is possible to setup Tor to act as a local DNS host by using the “DNSPort 53” directive within the torrc. However, you will need to run tor (or Vidalia) as root in order to be able to open this port.

Once this is done, you can add 127.0.0.1 to your DNS hosts list in /etc/resolv.conf. To account for when Tor isn’t running, I add my true DNS afterwards so my resolv.conf would be:

nameserver 127.0.0.1
nameserver 192.168.0.1

Which means it should  resolve through Tor first, then my ISP DNS if that fails. Tor DNS only responds to A-records, MX and NS queries return an error.

If you turn on DEBUG level logging in Vidalia, you can test if DNS is working by trying to ping a host and seeing if Tor receives a DNS request.

Solution 2: Wrapper

Probably an easier method than above, is to use a wrapper tool, such as torsocks or proxychains. My preference is proxychains and you’ll see why.

Torsocks, as its name suggests is built by the same group who created tor and wraps the application you pass to it, tunnelling all traffic through tor. However, it seems rather quirky to me, and when used with some apps, it drops out several pages of LD_PRELOAD errors and the application either doesn’t start or starts without access to the net.

Proxychains, similarly wraps an application and tunnels traffic through a proxy (including its DNS queries, by default.) Not specifically Tor, but it does come with its config already setup for Tor and works fine. When you start it up with an application, by default, it shows all the DNS queries it makes (configurable). It also allows you to chain proxies (hence the name) so proxy A to proxy B to proxy C, etc. to make it even harder to follow your traffic. It even allows you to randomise your proxy chains so one request might go A-B-C and the next might go A-C-B.

At the moment I use the DNS method to hide my DNS traffic on most of my linux applications, then use proxychains on anything I specifically want to tunnel through Tor, such as browser sessions or the occasional BitTorrent download.

Yep, just confirmed Google Movies now also works. Picked a relatively cheap purchase (£2) to test with.

I’ve finished copying my files over onto my Debian installation and I just now need to reconfigure everything. My Fitbit is now syncing in Debian happily. BOINC is installed (but not configured) and I’ve installed LXDE so I can take off KDE.

And DRM finally works!

I managed to install Debian again today. This time I used my DVDs which meant I didn’t actually have to download anything off the repositories which could run into the problems mentioned in my previous posts here and here.

And, I was able to install extra software in the same way, including KDE, and again, without having to download from repos. Finally, I used netmirror-apt to update my sources list with the fastest repositories to me.

I still need to copy across my files, and run some configuration, but I should be back onto Debian within the next week or so.

I’m back on Fedora at the moment, with my Debian install backed up as a CloneZilla image.

Well, all three Debian DVDs are now downloaded and burned. Just need to have some time to try my install again…

[caption id="" align=“alignright” width=“109”] Debian OpenLogo (Photo credit: Wikipedia)[/caption]

Today, I decided to try reverting my laptop to Debian, having imaged it yesterday to provide a rollback option in case something went wrong.

The installation (via Net Install) took absolutely ages, but was pretty much successful. Then I got reminded why I stopped using Debian originally – the Unity style interface. It really winds me up. Then I was surprised by just how long it took to download updates. I usually get a throughput of between 100kb/s and 400kb/s depending on what and where I’m downloading from. I was getting around 20kb/s downloading from ftp.uk.debian.org and downloading the KDE package, apt-get was estimating 6 HOURS to finish downloading, and that’s not including the installing. I even used the tool netselect-apt to pick the fastest mirrors, and it still didn’t improve. I’m going to try again once I’ve downloaded and burned all the Debian DVD images. Maybe I might be able to select the packages and go straight to KDE without using the Unity-like interface.

On the plus side, I checked the DRM test video via Adobe’s web site and I was able to confirm that it works fine and I was able to view DRM protected material in Debian after downloading the hal package, so whatever happens, I’ll at least be able to use Google Movies now.

I might also take a look at openSuSE and see what that’s like. Hey, have to keep my options open. :-)

Been trying to watch some DRM movies off Google Play recently, and can’t seem to get them working on Fedora. I can watch them on my TF101 though, so it’s not too much of a problem, but more of an inconvenience:

I'm already talking to Google support about this and seeing what they suggest.

Grive is an open source command-line-based sync tool to synchronise a directory with your Google Drive. Grive is not in the Fedora repositories, although it is undergoing review for addition into the repositories.

In the meantime, if you want to use it, I’ve written a script that should pick the latest version from the russianfedora website. Bitbucket repository is here.

Direct link to script: here

Once you install the application, create a blank folder (this will be the sync folder), then run grive -a to request an authentication URL. Go to that URL, log into Google if you need to, and you’ll get a response string you need to copy back into the console window. If the authentication was successful, Grive will sync your files into the folder. Each subsequent time you run Grive, it will download and/or upload files to/from your Google Drive.

There is only one limitation that I’m aware of. Documents created from within Google Drive won’t sync, but if you convert them to odt or doc files, they will sync.

Gah, I really hate corporate firewalls. They block so many sites it’s sometimes impossible to do any work. I have Cloud Storage accounts with various sites, and can’t access:

• Box
• MediaFire
• DropBox
• JustCloud
• JungleDisk (No account)
• SpiderOak (No account)
• SugarSync (No account)
• Bicasa (No account)
• Wuala (No account)

• Google Drive
• MiMedia
• Mozy (No account)
• Ubuntu One

Behind my draconian corporate firewall the only one I can effectively use is Google Drive since they haven’t blocked Google, and I doubt they will since it’s probably the de facto search engine for most of the Internet users (although I prefer a metasearch engine like IXQuick.

I’ve been cracking my head trying to figure out how to concatenate my dashcam videos, which get chopped by my dashcam into 15 minutes chunks. The most obvious one is ffmpeg, where I would use this:

$ ffmpeg -i “concat:<a class="zem_slink" title="Ls" href="http://en.wikipedia.org/wiki/Ls" target="_blank" rel="wikipedia">ls -l</a> | <a class="zem_slink" title="Grep" href="http://en.wikipedia.org/wiki/Grep" target="_blank" rel="wikipedia">egrep</a> -i "apr\ \ 2" | awk 'BEGIN {ORS="|"} { print $9 }'” -c copy output.AVI

What this does is concatenates all of the videos with a date stamp of April 2nd (the “apr \ \ 2”), sticks a “|” between then, and pipes them to ffmpeg as a parameter:

$ echo ffmpeg -i “concat:ls -l | egrep -i "apr\ \ 2" | awk 'BEGIN {ORS="|"} { print $9 }'” -c copy output.AVI ffmpeg -i concat:PICT0001.AVI|PICT0002.AVI|PICT0003.AVI|PICT0004.AVI|PICT0005.AVI|PICT0006.AVI|PICT0007.AVI|PICT0008.AVI|PICT0009.AVI|PICT0010.AVI| -c copy output.AVI

However, here’s where linux version matters. On Fedora 18, I have ffmpeg V1.0.5:

$ ffmpeg -version ffmpeg version 1.0.5

On Lubuntu 13.10 (Raring Ringtail), I have ffmpeg/avconv V0.8.6:

$ ffmpeg -version ffmpeg version 0.8.6-6:0.8.6-0ubuntu0.12.10.1, Copyright (c) 2000-2013 the Libav developers built on Apr 2 2013 17:07:34 with gcc 4.7.2 *** THIS PROGRAM IS DEPRECATED *** This program is only provided for compatibility and will be removed in a future release. Please use avconv instead.

$ avconv -version avconv version 0.8.6-6:0.8.6-0ubuntu0.12.10.1, Copyright (c) 2000-2013 the Libav developers built on Apr 2 2013 17:07:34 with gcc 4.7.2 avconv 0.8.6-6:0.8.6-0ubuntu0.12.10.1

As a consequence, this is what happens when I run this the ffmpeg line on Lubuntu:

$ ffmpeg -i “concat:ls -l | egrep -i "apr\ \ 2" | awk 'BEGIN {ORS="|"} { print $9 }'” -c copy output.AVI ffmpeg version 0.8.6-6:0.8.6-0ubuntu0.12.10.1, Copyright (c) 2000-2013 the Libav developers built on Apr 2 2013 17:07:34 with gcc 4.7.2 *** THIS PROGRAM IS DEPRECATED *** This program is only provided for compatibility and will be removed in a future release. Please use avconv instead. [avi @ 0x8a8cf80] non-interleaved AVI Input #0, avi, from ‘concat:PICT0001.AVI|PICT0002.AVI|PICT0003.AVI|PICT0004.AVI|PICT0005.AVI|PICT0006.AVI|PICT0007.AVI|PICT0008.AVI|PICT0009.AVI|PICT0010.AVI|': Duration: 00:14:59.96, start: 0.000000, bitrate: 88466 kb/s Stream #0.0: Video: mjpeg, yuvj422p, 1280x720, 30 tbr, 30 tbn, 30 tbc Stream #0.1: Audio: adpcm_ima_wav, 16000 Hz, 1 channels, s16, 64 kb/s Unrecognized option ‘c’ Failed to set value ‘copy’ for option ‘c’

Not to worry, I can always explicitly say what I want to do with the streams:

$ ffmpeg -i “concat:ls -l | egrep -i "apr\ \ 2" | awk 'BEGIN {ORS="|"} { print $9 }'” -vcodec copy -acodec copy output.AVI ffmpeg version 0.8.6-6:0.8.6-0ubuntu0.12.10.1, Copyright (c) 2000-2013 the Libav developers built on Apr 2 2013 17:07:34 with gcc 4.7.2 *** THIS PROGRAM IS DEPRECATED *** This program is only provided for compatibility and will be removed in a future release. Please use avconv instead. [avi @ 0x9561f80] non-interleaved AVI Input #0, avi, from ‘concat:PICT0001.AVI|PICT0002.AVI|PICT0003.AVI|PICT0004.AVI|PICT0005.AVI|PICT0006.AVI|PICT0007.AVI|PICT0008.AVI|PICT0009.AVI|PICT0010.AVI|': Duration: 00:14:59.96, start: 0.000000, bitrate: 88466 kb/s Stream #0.0: Video: mjpeg, yuvj422p, 1280x720, 30 tbr, 30 tbn, 30 tbc Stream #0.1: Audio: adpcm_ima_wav, 16000 Hz, 1 channels, s16, 64 kb/s Output #0, avi, to ‘output.AVI’: Metadata: ISFT : Lavf53.21.1 Stream #0.0: Video: mjpeg, yuvj422p, 1280x720, q=2-31, 30 tbn, 30 tbc Stream #0.1: Audio: adpcm_ima_wav, 16000 Hz, 1 channels, 64 kb/s Stream mapping: Stream #0.0 -> #0.0 Stream #0.1 -> #0.1 Press ctrl-c to stop encoding [avi @ 0x9579d40] Application provided invalid, non monotonically increasing dts to muxer in stream 1: 4551 >= 4551 av_interleaved_write_frame(): Invalid argument

Oh, I guess that didn’t work either. Okay, if ffmpeg isn’t an option, then mencoder is the next option:

$ mencoder -oac copy -ovc copy -idx -o output.AVI ls -l | egrep -i "apr\ \ 2" | awk 'BEGIN {ORS=" "} { print $9 }' MEncoder svn r34540 (Ubuntu), built with gcc-4.7 (C) 2000-2012 MPlayer Team success: format: 0 data: 0x0 - 0x3f4a3440 libavformat version 53.21.1 (external) Mismatching header version 53.19.0 AVI file format detected. [aviheader] Video stream found, -vid 0 [aviheader] Audio stream found, -aid 1 Detected NON-INTERLEAVED AVI file format. VIDEO: [MJPG] 1280x720 24bpp 30.000 fps 12399.9 kbps (1513.7 kbyte/s) [V] filefmt:3 fourcc:0x47504A4D size:1280x720 fps:30.000 ftime:=0.0333 videocodec: framecopy (1280x720 24bpp fourcc=47504a4d) audiocodec: framecopy (format=11 chans=1 rate=16000 bits=4 B/s=8110 sample-256) Writing header… ODML: Aspect information not (yet?) available or unspecified, not writing vprp header. Writing header… ODML: Aspect information not (yet?) available or unspecified, not writing vprp header. ^CPos: 692.7s 20782f (72%) 298.78fps Trem: 0min 1343mb A-V:0.000 [11759:64] Writing index… Writing header… ODML: Aspect information not (yet?) available or unspecified, not writing vprp header.

I cancelled the run, but it seems to work. Strange that ffmpeg is so far behind on Ubuntu. So far behind, in fact, that the -c command fails. But on the plus side, at least mencoder works

Grive: Open Source Google Drive Client For Linux ~ Web Upd8: Ubuntu / Linux blog.

If you use Google Drive a lot, this might be a useful tool for you. It provides a form of sync for a folder to and from your Drive.