Thursday, March 31, 2011

Why and how to block JavaScript on your email account

Why:

The JavaScript Trap

When you visit a website such as Gmail, your browser will download and run several thousand lines of JavaScript code. JavaScript code is no different to languages like Python, C++ or Ruby — applications written in those languages running on our computers should be free software, so we can run, modify and share them if we wish. JavaScript today is not the JavaScript of the past — it is now used to write powerful, server-side applications thanks to free software like Node.js and the V8 JavaScript engine.

Further, we've recently seen companies such as Research In Motion (makers of the Blackberry) advising customers to entirely disable JavaScript in the WebKit browser on its devices because of a security problem that was discovered. While free software JavaScript can have security problems too, this example illustrates that we have a real need to be able to see what the code we're running on our computers is actually doing, and change it.

Source: http://www.fsf.org/blogs/community/gmail-jstrap


Howto do it:

1. select "Basic HTML" at the bottom of any screen in your Gmail account.

2. Set basic html as default view

3. use No script to block javascript on the site

Or use a desktop email client with imap enabled and pop disabled; this will keep your data on the Google internet server.


More details: http://libreplanet.org/wiki/Group:NoJavaScript/Gmail

Monday, March 28, 2011

More privacy when on internet

1. Use a search engine that respects your privacy for instance DuckDockGo.
In August 2010 Duck Duck Go introduced anonymous searching, including an exit enclave, for its search engine traffic using Tor. This allows anonymity by routing traffic through a series of encrypted relays. Weinberg stated: "I believe this fits right in line with our privacy policy. Using Tor and DDG, you can now be end to end anonymous with your searching. And if you use our encrypted homepage, you can be end to end encrypted as well."

2. Use HTTPS Everywhere

HTTPS Everywhere is a Firefox extension produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. It encrypts your communications with a number of major websites.

Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site.


3. Use TOR The Tor software protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from learning your physical location, and it lets you access sites which are blocked.

For Arch: https://wiki.archlinux.org/index.php/Tor

Thursday, March 24, 2011

Dependency problems with pacman3.5.1

With the new pacman 3.5.1. I had to remove a lot of pacman helpers: sudo powerpill -R bigpkg package-query perl-xyne-arch bauerbill powerpill rebase reflector.
This will probably fixed soon. Today the new firefox 4 was in the Arch reps.

Monday, March 21, 2011

Create partition backup using SystemRescueCD and FSArchiver

SystemRescueCD provides different backup and recover solutions.
What I want to do is backup a partition to a special backup partition.
Scenario is that I want to backup my Arch install on partition sda11 to the backup partition on sda12.
After downloading and burning the SystemRescueCD.
I start it up; I choose for the graphical environment to have firefox as tool the find my commands or search for necessary info.
I will use FSArchiver to make the image.

Preparing the target
After starting up the terminal I do: mkdir /mnt/backup
I make a mount point for the backup partition; this is not needed as the mount point was already created.
Now I mount the backup partition to the mount point: mount /dev/sda12 /mnt/backup
Now I can make the backup:
fsarchiver savefs -j2 -o /mnt/backup/archma11.fsa /dev/sda11

The -j2 -o option is for dual core processors to make it a bit quicker.

When ready you get this kind of feedback :
Statistics for filesystem 0
* files successfully processed:....regfiles=261239, directories=23462, symlinks=29814, hardlinks=2661, specials=28
* files with errors:...............regfiles=0, directories=0, symlinks=0, hardlinks=0, specials=0


To restore it;
I will first have to mount the restore partition: mount /dev/sda12 /mnt/backup

And then I can do:
fsarchiver restfs /mnt/backup/backupname.fsa id=0,dest=/dev/sda11

Adapt backupname and partition.

Sunday, March 20, 2011

Undelete deleted files on NTFS partition or HD

ntfsundelete (belonging to ntfsprogs) makes it possible to do this from Linux.

ntfsundelete -h for help
+++++++++++++++++
ntfsundelete -s, --scan
Search through an NTFS volume and print a list of files that
could be recovered. This is the default action of ntfsun‐
delete. This list can be filtered by filename, size, percent‐
age recoverable or last modification time, using the --match,
--size, --percent and --time options, respectively.

The output of scan will be:

Inode Flags % age Date Size Filename
6038 FN.. 93% 2002-07-17 26629 thesis.doc

┌─────────────────
│Flag Description │
│F/D File/Directory │
│N/R (Non-)Resident data stream │
│C/E Compressed/Encrypted data stream

+++++++++++++++++

Look for deleted files on /dev/hda1.

ntfsundelete /dev/hda1

Look for deleted documents on /dev/hda1.

ntfsundelete /dev/hda1 -s -m '*.doc'

Look for deleted files between 5000 and 6000000 bytes, with at least
90% of the data recoverable, on /dev/hda1.

ntfsundelete /dev/hda1 -S 5k-6m -p 90

Look for deleted files altered in the last two days

ntfsundelete /dev/hda1 -t 2d

Undelete inodes 2, 5 and 100 to 131 of device /dev/sda1

ntfsundelete /dev/sda1 -u -i 2,5,100-131

Undelete inode number 3689, call the file 'work.doc' and put it in the
user's home directory.

ntfsundelete /dev/hda1 -u -i 3689 -o work.doc -d ~

Thursday, March 17, 2011

Run firefox in a sandbox for more security

Why run Firefox or other programs in a sandbox? In the Firefox example, there are many components running: Java, Flash, and third-party plugins. All of these can open vulnerabilities due to bugs and malicious code; under certain circumstances these components can run anything on your computer and can access, modify, and delete your files. It’s nice to know that when such vulnerabilities are exploited, these components can only see and access a limited subset of your files.

For example, to build a sandbox for Firefox and start Firefox running in the sandbox, close all running windows of Firefox, then:

sudo sandfox firefox
Sandfox has a default profile for Firefox, so it will automatically load that profile. The profile tells Sandfox how to build a sandbox which provides the system and user folders that Firefox requires. (For full functionality of your version of Firefox, you may want to edit this profile to add more folders and files. The profile is stored in /etc/sandfox/firefox.profile.

More info: http://igurublog.wordpress.com/downloads/script-sandfox/

Friday, March 4, 2011

Deluge permission problems storing to ntfs drive

I'm storing my torrent downloads to a NTFS drive.
Regularly I 'm facing permission problems to leads to problems restarting the downloads or accessing the drive by Deluge.
I found out the default user for deluge is deluge.
I added deluge to the storage group hoping this will solve the problem.
gpasswd -a deluge storage

We'll see.

Test your hd speed

sudo hdparm -t --direct /dev/sda

/dev/sda:
Timing O_DIRECT disk reads: 314 MB in 3.02 seconds = 104.13 MB/sec

See http://www.linuxinsight.com/how_fast_is_your_disk.html

Wednesday, March 2, 2011

Pilaunch Dmenu like starter

Set up the new app pilaunch https://bbs.archlinux.org/viewtopic.php?pid=898363
Aur: http://aur.archlinux.org/packages.php?ID=47003

It is a dmenu like program/web/music/terminal starter

Possibilities: keywords-- these will only be activated by typing them in, followed by a space
calculator = "c" #"calc"
web = "u" #"url"
websearch = "w" #"web"
sudo = "su"
term = "t" #"term" #bring up a new terminal running it
music = "m" #"music" #support for mpd

I have linked it in rx.xml to super+i .

Configuration of mpd:
Because I have set up mpd in root and in etc/mpd.conf to have access to a ntfs partition.

I edited /usr/share/pilaunch/piconfig.py

with mpd = False to mpd = True
and changed mpdcon = {'host':"/home/$USER/.mpd/socket", 'port':"6600"} to
mpdcon = {'host':"localhost", 'port':"6600"}

Keys for music:

"delete" key removes all from playlist
"end" key removes selected song from playlist
"tab" key switches between "playlist", "option", and "artists"
Left arrow and right arrow move between playlist, selected artist, selected album, and individual tracks.
e.g. if "lady gaga" is highlighted, hitting right will reveal her albums, hitting right again will show highlighted album's tracks. Left in reverse.
"enter" key adds selected to end of playlist, or if in playlist, plays song.

Configuration of apps in the same file:

#desktop defaults
browser = "firefox"
searchengine = "http://www.duckduckgo.com/search?q="
editor = "leafpad"
path = os.path.expandvars("$PATH") # + ":/home/paul/.scripts
terminal = "lxterminal"

Tuesday, March 1, 2011

Paccheck tools to control mirrors

There is a serious security issue regarding pacman mirros.
See http://bbs.archbang.org/viewtopic.php?pid=2076#p2076

A partial solution is paccheck.
Install: packer -S paccheck
Use: first synchronize mirrors: sudo pacman -Sy
Then: paccheck --install abc xyz

This will install package abc and xyz and their dependencies, check only those targets (including full mirror compare if configured), and offer to install them. Be sure to read the report to determine if installation is indicated.

How to do a general update with paccheck

When you do paccheck the command pacman -Sy is forwarded to the terminal and the mirrors are checked; when you don't get a warning, - look at the terminal output, you can let it go on; it will go on with pacman -Su ; when you see warnings you have to stop the update manually; fastest way is to close terminal window.
If you did this (stop the update) and want to go on anyway you will have to remove /var/lib/pacman/db.lck to be able to continue.

Blog Archive