Aug 8, 2014

How To Encrypt an USB Stick or Ext. Drives With GNU+Linux

So, I showed you, in short, how to encrypt your home directory and your swap. That's fine and helps a lot to secure your system. But now and then you want to put data on external drives. No matter if you use an USB stick or an external HDD, the procedures are the same.

First of all you need to determine what drive you want to encrypt. This is very important and choosing the wrong drive can get you in big trouble and losing your data on that drive. That is right. All data will be erased on the drive you chose.
So let's assume our USB Stick is sdb1 which is quite common if you have only 1 internal harddrive and no other drives attached. But double check!

Open a shell and enter sudo cryptsetup luksFormat /dev/sdb1 - again, you need to replace /dev/sdb1 with your device (could be sdc1, sdd1 etc. but certainly NOT sda1).
You will be asked for a passphrase. Use a good one. You need to remember it everytime you plug in the drive. Without you lose access to all data stored on it. Use special chars, uppercase letters, numbers. Don't use a weak passphrase.
Then go ahead to create a device mapper with sudo cryptsetup luksOpen /dev/sdb1 nameofdrive where nameofdrive can be replaced with the name you want to give that secure device. You need to enter the passphrase that you chose in the previous step.
Now you need to choose a filesystem. I recommend ext4 for normal distributions. But you can use ext3 or even fat. Since Windows can't decrypt this drive at the moment anyway, you won't get any good if you use fat, but some problems. Use mkfs.ext4 /dev/mapper/nameofdrive to do so. It can take a while.

Now it is a good time to switch to your GUI and find the drive. Unmount (eject safely) the drive and remove it from your computer. Put it back in. Now if you open the device, a requester will pop up asking you for the password. If you enter the right passphrase, the device will be mounted just like any other drive ready to use as usual.
Here it is, your own secure drive ready to go.

Jul 18, 2014

The End of The American Web Dominance

Way to go, but the carefree usage of US Internet services is over. This will lead to an emerging market in Europe for replacement services and companies. A big chance for the European market to break the American dominance of the Internet.

What happened? What we all knew is now manifested in a vote that the official German TV-Station ARD, financed by the government, has made.

It isn't this vote alone. People in Germany and elsewhere in Europe are condemning the aggressive behavior and mass spy attacks of the USA. Now that first governments in Europe are officially acting against those activities, the public roar rises to new heights and can't be dismissed any longer.

This affair opens chances for many companies that will offer replacement services for big companies from the US. Some, like mail providers, are already directly marketing against the surveillance agencies. A migration within Germany is notable. Now, with that kind of opinion, more companies will replace other things. And there is a lot. Replacinge Google Docs or Microsoft Office online is a big chance. Online photo albums are the next. If cloud services can be saved at all, depends on the European ability to defend their networks from US spying. Security firms that offer strong encryption, and services that help companies and private persons to enforce methods like GPG/PGP and other secure encryption software, are now having a big opportunity, too.

Welcome to the new Internet. Starting slowly in 2014.

Jul 10, 2014

Manjaro GNU+Linux: Installation and Some Tips

You know, I like these combined short reviews with a how-to. So here is one more. I scrapped the recent installation of Linux Mint 17 KDE in favor of this "Manjaro 0.8.10 KDE Edition" which is based on Arch.

Before you start to shivering, I wrote "is based on Arch" not that it is Arch. The Manjaro team has own repositories to assure a stable system and still having a rolling release. Octopi for updating and package selection seems like a good thing to me. If you want you can use Arch repositories, but this is really not recommended.

The installer, available as with simple GUI or shell UI for advanced configs, is very easy to understand, looks clean and runs off the live-cd. You can try it on an USB drive and it might be as catchy for you as it was for me. Really a good default selection of software. Yakuake, Rekonq, VLC, some theme editors for KMail and Contact and so on. I like the decision to deliver a KDE system with Konqueror and Rekonq set as the default browser. That comes handy for me, I banned Mozilla completely off my system for several reasons, and Chromium is only an emergency option. However, you can install one of them with octopi quickly. This is the way it should be imho. KDE should have a free KHTML browser as default.
See later how to get Chromium work with Flash, as this is horrible on newer versions, but not the fault of the distribution. Chromium is to blame. Another reason for Rekonq, as this works with Flash out of the box.

So the system is complete after install, and you can go right into productive mode. Or install some additional software. The system runs stable, and demands to install the last wave of updates. Over 200 packages including a kernel update. Update went smooth. the second update this morning (2014-07-10) with about 170 packages also went smooth with again a new kernel. Runs like it should!

After the first installation, it was a bit tricky to get the encrypted home-dir running. more to that later. And that brings us to some problems. First, there are no options to encrypt your home folder and set everything up at the installation. This should be mandatory in 2014 with all the things going on. All packages are installed, but you need modprobe it (really? Coming from Mint/Ubuntu it's illogical to get a service manually running after you installed it).
Then there is the graphic driver. I have the video-hybrid-intel-nouveau-bumblebee running. And its performance is horrible. I don't know why. This configuration runs very smooth with Linux Mint 17 and Ubuntu derivatives. On Manjaro 0.8.10 don't even try to use Chromium with hardware-acceleration enabled. It's unusable. Stuttering around even on text-scrolling. After disabling it, it's usable. Video output is okay, but you can clearly see the sluggish rendering. Also when moving windows fast or scrolling quickly through text in a web browser. I'm pretty sure this will get better in one of the coming updates. Keep in mind that it's a 0.xx release. So nothing to be dramatic about.
All in all it's a great distribution, and I totally like it. Recommended for sure. It's a real fun distribution that you can <3.

Now for the fixes and (ugly) workarounds for some problem that occur for me

To get your Garmin GPSr working with it, I have written a dedicated short article.

To encrypt your home directory you can partly follow the instructions on howtogeek for Ubuntu. You need to do a sudo modprobe ecryptfs before even trying it, since the module is not loaded by default even though ecryptfs is already installed. It is recommended to just log in your root account instead of creating a new user. Then you can migrate your home folder. Also follow closely the instructions on screen. You must login as the user with the migrated home BEFORE you reboot. And also do a ecryptfs-unwrap-passphrase . Do not forget to encrypt your swap partition, too. But be careful to choose the correct partition marked as swap.
Then you need to make some changes in /etc/pam.d/system-auth according to this article on Arch-Wiki (please follow closely).

To get Chromium running with Flash you need to install pepper-flash, since no other method is possible with newer versions of Chromium. Do so by typing sudo yaourt -S chromium-pepper-flash in the Konsole. Answer all questions about edits with no. Mind the warning that it might not be a good idea to build this as root. However it worked for me. After that, Chromium has Flash support again.

The everlasting xbacklight / brightness problem. You can solve it with almost the same instruction from this old article for Ubuntu. Just care about some differences. You need to change the GRUB_CMDLINE_LINUX_DEFAULT like this:
Insert after "quiet splash": "acpi_osi=Linux acpi_backlight=vendor"
Do not alter anything after "resume=..."
The line should then look something like this (UUID depends on your system):
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash acpi_osi=Linux acpi_backlight=vendor resume=/dev/disk/by-uuid/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx"

Last but not least, the printer driver (HL-2030) does not work. I tried many different drivers that came with Manjaro. None of the Brother driver did work (HL2030, HL2035, HL1250).
Visit , select your printer and download a PPD-File.
Then select "Manually provide a PPD-File" in Settings-> Printer-> configure-> select custom driver.
It works great with the driver from openprinting.

As always, use these tips and workarounds at your own risk.

Have a lot of fun!

Jul 4, 2014

To whom it may concern - Manjaro and gpsbabel / gebabbel and Garmin

Note to myself :) Or any other who has problems with Manjaro to send GPX files to a Garmin GPSr via gpsbabel.

gpsbabel -w -r -t -i gpx -f /home/USER/PATH-TO-FILE -o garmin -F /dev/ttyUSB0

You can enter this line also in gebabbel (a GUI for gpsbabel) in "Edit command" to use it from there.

It's dirty (look where your gpsr is connected can be /dev/ttyUSB1 etc. ) works if you get the error: "Claimed interface failed: Device or resource busy"

So for sending the file tour.gpx in the folder Documents in your home directory and your linux-username is mandark e.g. enter gpsbabel -w -r -t -i gpx -f /home/mandark/Documents/tour.gpx -o garmin -F /dev/ttyUSB0

Jun 30, 2014

Review of Linux Mint 17 KDE - Installation and Usage

So, for almost a week now, I'm using the Linux Mint 17 "Qiana" KDE version. As a Mint 16 User I had some expectations about this version.

First I tried a package upgrade, which is still not recommended, and therefore not really supported within the system. Again, changing the repositories to the new version (trusty replaces saucy, and qiana replaces mint) and upgrading the system (forced by using sudo apt get -f dist-upgrade 3 times after some non-critical errors(!) ), everything seemed to work. Made some test, all good. But I didn't like the way it looked. I also used not the KDE-version of mint, but KDE installed on the Cinnamon version. So you can imagine that I had some chaos in the menu and obsolete programs installed, even before the upgrade.
So I decided to do  a new installation. If I had known what chaos this would bring...

Backup, installation, nice new look, all went good and without problems. But then there was the restoring of the data. I restored settings of some programs, KMail and so on. But what is this? Addressbook empty. KMail without accounts. So, I restored the Akonadi config and data files. Then the complete Akonadi system failed, Kmail didn't startup and so on. So I removed all the files again, and set up all from scratch. Then I wanted to import my local mails into Kmail and... Kmail did not restore it. It couldn't read it's OWN maildir correctly. Mails were missing and the structure was horrible. Not nearly like KMail did on mint 16. So I couldn't import my mail correctly, even trying for hours. I gave up on that. The messages are still available to browser through with Dolphin in the directory I backed up from the old KMail.
By the way, uninstall programs you have in your favorites only AFTER removing them from the favorite list. Else you can't remove them anymore (see screenshot above). Even tried to edit the kickerrc manually. Get changed back automatically. I'm sure there will be a workaround, but that's not how it should be.

Also in the screenshot above in the terminal window, you can see another bug. Not from Mint, but apparently from Ubuntu 14.04. Some users seem to have problems with it. The encrypted swap doesn't work. you can get it to work for the session, but after reboot it's gone, despite it's in fstab and crypttab correctly. Well, I hope canonical will fix this soon. It might help to use /dev/sdax (your swap partition) instead of the UUID.

Then I experienced a little bug of the clock in the panel. It switches back to show the UTC time, despite it's set to "local". If I open "digital clock settings" -> "Time Zone" it says local. Just press okay and it get changed back to the setting. This changes with unknown reasons. Very annoying.

Still a problem: Wifi connection with a hidden network (hidden ssid). It#s unbelievable that in 2014, it's still not possible to enter a hidden network with any headache. You need to open a terminal then sudo iwlist wlan0 scanning essid SSID , where SSID is the name of the network to connect to. Then you can open the network manager in the tray and enter the password there, and it will work in the future. You don't have to do this again.

Using the KDE program soundKonverter was a very sad thing. I couldn't convert to Ogg vorbis. Can you believe this? It's a very sad thing to see that Linux Mint 17 does not install the required dependencies for getting this to work. You need to manually install sox or oggenc (vorbis-utils). Of course if you do anything with sound you need both

sudo apt-get install sox
sudo apt-get install sox libsox-fmt-all
sudo apt-get install vorbis-tools

Then you can select ogg within soundKonverter. This is very ugly, and I can't understand it. Instead patent-encumbered mp3 is working out of the box? Give me a break. You can do this of course. MP3 is the most used format. But leaving out Ogg vorbis is unacceptable. I hope this is only a bug. Boooh!
And why the hell is there no Konqueror installed by default? Unbelievable.

After doing these things, you have a nice system running, with good performance.
Positive things are the nice new look and it now let's you install the nvidia driver for 740M with dual graphics (Intel GMA). It wasn't recognized in Mint 16. That is a good thing. However I decided to stay with the open source variant, which is installed by default. It's good enough.
Now the kernel updates are shown, but not selected by default. A good thing, but it also makes you think again, if this is really the best way. Kernel updates are marked as security updates, and they are. I know, a stable system is hard to maintain with kernel updates. But is this really the way to go? Let's talk about security with a LTS-model

Jun 24, 2014

How To: Getting Rekonq / Konqueror work with Google services

If you try to work with Rekonq or Konqueror in Google+ or many other Google Services, you'll end up getting warnings about unsupported, legacy browser, or even get completely blocked out, like in Google+.

I tried to set another User Agent, without much success. They all force the same warnings at Google. Before I manually add some totally wrong identifications, I messed with the secondary settings. And you won't believe it. It worked.

It's so simple. As soon as I unchecked the "Add machine (processor) type", it worked. I'm pretty sure it's a combination of settings, so here in the screenshot you see how it works with Google. Send identification and only check "Add operating system name".
Don't look for this setting in Rekonq, you have to made this settings in Konqueror. It also applies to Rekonq then.

After this simple action I tried some services with Rekonq 2.4.2 compiled on Linux Mint 16 / KDE 4.11.5:

  • Google+: Works
  • Google Photos: Works
  • Blogger: Works
  • Google Maps Old: Works, but slow (WebGL enabled)
  • Google Maps New: Invokable, but keeps hanging when zooming (WebGL enabled)
  • YouTube Portal: Works, very laggy.
  • YouTube Videos: Works