Så din webbläsaren funkar inte en dag, vad kan jag gjörde ? Kör GDB med firefox !


$ firefox -g
+ MOZDIR=/home/cristobal/.mozilla
+ LIBDIR=/usr/lib/firefox-3.6.10
+ APPVER=
+ META_NAME=firefox
+ GDB=/usr/bin/gdb
+ DROPPED=abandoned
+ which /usr/bin/firefox
+ NAME=/usr/bin/firefox
+ [ xfirefox != x ]
+ NAME=/usr/bin/firefox
+ basename /usr/bin/firefox
+ APPNAME=firefox
+ [ ! -f /usr/lib/firefox-3.6.10/firefox ]
+ want_debug=0
+ [ 1 -gt 0 ]
+ want_debug=1
+ shift
+ [ 0 -gt 0 ]
+ FOUND=
+ [ -d /home/cristobal/.mozilla/firefox ]
+ FOUND=firefox
+ FOUND_BETA=
+ BETA_LIST=
+ [ -d /home/cristobal/.mozilla/firefox-3.1 ]
+ [ -d /home/cristobal/.mozilla/firefox-3.5 ]
+ [ -d /home/cristobal/.mozilla/firefox-3.6 ]
+ [ firefox != -a != ]
+ [ != -a firefox = ]
+ [ 1 -eq 1 ]
+ [ ! -x /usr/bin/gdb ]
+ mktemp /tmp/mozargs.XXXXXX
+ tmpfile=/tmp/mozargs.bnrfme
+ trap [ -f "/tmp/mozargs.bnrfme" ] && /bin/rm -f --
"/tmp/mozargs.bnrfme" 0 1 2 3 13 15
+ echo set args
+ echo sh /usr/lib/firefox-3.6.10/run-mozilla.sh /usr/bin/gdb
/usr/lib/firefox-3.6.10/firefox-bin -x /tmp/mozargs.bnrfme
sh /usr/lib/firefox-3.6.10/run-mozilla.sh /usr/bin/gdb
/usr/lib/firefox-3.6.10/firefox-bin -x /tmp/mozargs.bnrfme
+ CMDNAME_USER=firefox sh /usr/lib/firefox-3.6.10/run-mozilla.sh
/usr/bin/gdb /usr/lib/firefox-3.6.10/firefox-bin -x
/tmp/mozargs.bnrfme
GNU gdb (GDB) 7.1-ubuntu
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu".
For bug reporting instructions, please see:
...
Reading symbols from /usr/lib/firefox-3.6.10/firefox-bin...(no
debugging symbols found)...done.

(gdb) bt
#0 0xb7fe2422 in __kernel_vsyscall ()
#1 0xb7fbb245 in sem_wait@@GLIBC_2.1 () from /lib/tls/i686/cmov/libpthread.so.0
#2 0xacfe90e9 in event_wait () from /usr/local/lib/libtokenapi.so
#3 0xad32a4a4 in CInternalThreadObject::EventHandlingThread() () from
/usr/local/lib/personal/libP11.so
#4 0xad32dec6 in CHandleTokenEventThread::Run() () from
/usr/local/lib/personal/libP11.so
#5 0xacfe8934 in CThread_posix::RunInternal() () from
/usr/local/lib/libtokenapi.so
#6 0xacfe8981 in CThread_posix::RunProcess(void*) () from
/usr/local/lib/libtokenapi.so
#7 0xb7fb496e in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#8 0xb638ca4e in clone () from /lib/tls/i686/cmov/libc.so.6


Visst, /usr/local/lib/libtokenapi.so är den skyldige. Följa en andra post här om du vill fixa det, lycka till !

So you want to backup all your bas^H^H google documents ? You may do it manually, but isn’t it more interesting to do it by code ?

GoogleCL has been around for a while, but it’s becoming more stable and interesting as time goes on. Let’s see how to install it first, since the documented way on INSTALL.txt is broken at the time of writing these lines.

Continue reading →

I would have preferred that my Android 1.6 device supported OpenVPN out of the box. Unfortunately, this is only available for rooted devices and a bit of suffering. Instead, I went for configuring IPsec inside L2TP VPN server. All of it stuffed into an old and low-end Soekris net4511 board running Voyage Linux.

First, I will just redirect you to the well-documented, lengthy but primary resource:

Using a Linux L2TP/IPsec VPN server

On the client side, this post is quite complete:

Adding VPN connections to Android 1.6 (Donut)

If you’re feeling impatient and brave, perhaps you’ll succeed with the configuration files that follow (they worked for me)… since those are highly dependant on your network setup, YMMV, a lot.

Before jumping right into the meat and to avoid confusion, let’s see what is the game all these evil daemons are going to play:

1. A client (my android phone), connects to the server on port 4500.
2. IPsec server (OpenSWAN) responds and asks for the PSK.
3. If the previous “gatekeeper” is ok with you, control is handed over L2TP, the other “tunnel keeper” who will ask for another password.
4. If L2TP is satisfied with your answer, PPPD, the ancient UNIX beast will be waken up and ask for… your user and password !
5. Congrats ! You’re survived the gates, now you’re on your home network from your smartphone, ain’t it cool ?

Continue reading →

Just had a conversation with one good friend, rambling on the possibility of having a server-side crypted Maildir INBOX.

It seems that dovecot has a nice server-side mail compression plugin… how come there are no implementations of a session-based cyphering of mail storage based on this same principle ?

The use case is quite simple to imagine:

1. Mails keep coming to the MDA, on plain text, as usual.
2. User logs into the IMAP server with her credentials.
3. A keypair stored on user’s maildir, for instance, is unlocked using the login password.
4. New mails are cyphered and all subsequent read/write operations are performed through this (de)cyphering mechanism.
5. User logs out and the key is forgotten, shrinking the window of opportunity on possible sneakers or forensic forces.

EDIT: Of course, keeping just the public key on the server is way smarter in this case:

1. The user’s GnuPG public key is stored on her maildir.
2. All incoming emails are cyphered as they arrive with the previous public key.
3. The user logs in and sees all her mailbox cyphered, ready to be decyphered with his private key residing on her mail client.
4. Forensic analysis/spying on emails gets just a little bit harder .

He argued that just a quick UNIX pipework (using qmail) should be sufficient, but I rather preferred to keep the MTA out of the equation. The reason is that the MTA just “sinks” mail to the mailbox, while the MDA usually has both read and write access to emails, so to me it makes more sense to keep this “plugin” on the MDA side…

Is the idea clear at this point ? Is this already invented and passed under my radar ? Anyone has suggestions on top of that ?

So we have a simple migration at hand looking at the current virtualization landscape, right ?

1. Use virt-convert from python-virtinst. In other words: OVF to libvirt’s XML
2. Launch KVM with the resulting migrated files (both images and metadata)
3. Do trivial configurations inside the guest machine to match host environment

That was my idealized view. It turns to be this way:

1. Try virt-convert to discover that it fails when converting from OVF.
2. Try to fix libvirt python code libraries (OVF XML parser).
3. When the code is fixed, the resulting metadata files are malformed.
4. Try with the commercial “vCenter Converter Standalone”: ERROR: “OVF contains multiple virtual machines”.
5. Download ~500MB of “VMWare Server” to just use the “vmware-vdiskmanager” binary (1.4MB).
6. Construct libvirt’s xml, with some hand-edited sections.
7. virt-manager fails when connecting via VNC to your remote VM due to a Ubuntu-CentOS cross-distro issue involving NetCat parameters. Place a workaround and report the bug.
8. Optimize both virtual network and disk performance switching to VirtIO.
9. Rebuild guest ramdisk image in order to load VirtIO drivers in the boot process.

Want more details ? Keep reading…
Continue reading →