I’m all for security. I believe that in a time like now, you have to be sure that the data you are getting, storing or sending has to be verifiable. However, there is a time when this is not the case. When security become a hindrance to everyday work, that’s when it is a problem. Imagine having to stop your work every 5 minutes to swipe your finger or type your password to prove that you are using the computer, and that someone didn’t tie you up and throw you under your desk. I know that it seems a bit too much, but the same thing could be said for encrypting every email you send. I don’t think an email about cats doing something funny needs to be encrypted. The same holds true for other things that verifying the source doesn’t truly matter. If I send an email to someone scheduling a meeting, I don’t care if it’s really them sending an email back saying they’ll be there. It’s not like an axe murder is going to take their place, and if they had encrypted their email, I wouldn’t get killed. Oh well, looks like I’ll keep having to type my ridiculously long GPG password just to decrypt an email saying ‘ok’. </rant>
Mutt and gnupg
Part of my job has now required me to actually start using my gpg key for more than just goofing off, or the occasional one-off. So, as part of that I wanted to make sure I have all of my work mail clients configured to work with gnupg. As a I talked about in a previous post this is pretty easy in thunderbird and firefox (for gmail). And I thought it would be difficult for mutt. But it’s not. Pretty much the first link in a google search for ‘gnupg mutt’ lead me to this page. Which has everything you need. Then I realized that I already had it in my .muttrc, but it was commented out. So I’ve updated my .muttrc on dotfiles.org The only thing that wasn’t explained in the documents is how you ecrypt or sign if auto-sign is off. After commiting the email, before hitting y to send the email, hit p to bring up the gpg. It’s pretty straight forward from there
Running Boxee on Ubuntu
First, I know I’m going to hell for using Ubuntu. But, I’m too lazy to compile xbmc and boxee on Fedora. So, now that it’s out of the way. Here’s the step-by-step:
- Install Ubuntu 10.4
- Add the extra boxee repo based on the instructions on boxee.tv
- Install mingetty and rcconf
apt-get install mingetty rcconf
- Disable gdm with rcconf
- Add a boxee user with and add them to the “admin” and “audio” group
useradd -G admin,audio -d /home/boxee boxee
- Add a .bashrc to /home/boxee
case "`tty`" in /dev/tty1) startx esac
- Add .xinitrc to /home/boxee
#!/bin/bash while [ 1 ] do exec /opt/boxee/Boxee --standalone done
- Make it executable
chmod a+x .xinitrc
- Edit line in /etc/event.d/tty1
#exec /sbin/getty 38400 tty1 exec /sbin/mingetty --autologin boxee tty1
- Reboot and pray
Installation, Upgradation and Such
I’ve spent the past couple of days reinstalling both my laptop, and my wife’s laptop. With that said, I Hate installing windows. It’s horrible. While I’ll be the first to admit the installation procedure has come a long way from from 20 some-odd 3.5 floppy discs, the installation time is still ridiculus. Some things I have learned from this whole escapade is to have a backup of all the drivers from the manufacturer, write down your serial numbers and/or store them somewhere they won’t get lost/deleted and just because you have a compsci degree doesn’t mean you won’t forget to backup files on you laptop, and loose ~2 days of web work.
These are the approximate install times that I’ve had to deal with over the past days
- Windows – Failed twice after 45 minutes – Successfully installed after 90 minutes
- OSX – Clean install after 80 minutes
- Fedora 9 – Clean install after 30 minutes
- RHEL 5 – Clean install 15 minutes (@base)
I’m going to update my list of apps that I’ve found after redoing my mac sometime soon.
My Favorite Apps
I’ve gone ahead and started a list of my “must have apps” for the three platforms I use the most. Linux, Palm, and Mac. (I didn’t include Windows, because the only apps that I use on there other than games, everybody already knows). I intentionally left the programs that everybody and their sister already uses. I also put this together, because I couldn’t find a good list of the “Must have palm apps”. If there’s something you use and think I should check out, lemme know. And I’ll try it out and add it to the list.
Posted in Computers
Leave a comment
Firefox, gpg, gmail and other security stuff
So, I’ve started listening to a couple of podcasts:
And the later one has rekindled my love for security and whatnot. It’s definitely made me put back on my tinfoil hat. Because of this, I wanted to set back up my GPG stuff for email and whatnot. It’s super easy in Thunderbird, by installing the Enigmail plugin (just make sure you pick the right arch and OS). However, since I use google’s hosted mail for my personal mail, I was in a bit of a pickle. Luckly, somebody else out there had the same idea and wrote FireGPG that will allow you to sign, encrypt or decrypt and GPG signed stuff on the web (such as the body of an email from gmail)
Just thought I’d plug those plugins and the podcasts.
Custom boot isos and imgs
I’ve spent the past couple of days banging my head against the desk trying to get this to work out correctly. And now it finally does. Just as a note, I’ve tested that the general steps work. I have not verified that i haven’t skipped a step. So if anything’s missing let me know.
Disclaimer: This has only been tested with RHEL and nothing else, but there is no reason why it won’t work. And if you don’t have a satellite you can use this with any old kickstart. Assuming you have the tree setup correctly. Please test your kickstart tree first.
Satellite prep
Create your kickstart as you normally would. Then, make sure the kickstart is accessiable via the following style URL:
http://satellite.example.com/kickstart/ks/view_label/<kickstart_label>
Replace <kickstart_label> with the name of label set on the satellite. Remember this URL, you’ll need it later
view_label VS label
In the kickstart URL, you can use either view_label or label. view_label will not register the box if there is not an activation key set inside the kickstart. label generates a one time use activation key and registers the box to the satellite
Why use one over the other?
view_label is good if you are using an activation key, or if you have to install a box a bunch of times, and don’t want to have a bunch of extra profiles lingering around.label is good if you don’t want to have to set up an activation key, and a machine is only going to be kickstarted once. If you are going to be using the disk image in a PXE like fasion, view_label is your best option.
Rolling the disk image (For usb-key)
Get the first disk of what ever you are trying to install from the kickstart. For this document, I will be using RHEL 5 U2 x86_64
NOTE: The arch and update must match or it will fail.
- Copy the images/diskboot.img file to /root/rhel5u2-64bit.img
- Mount the /root/rhel5u2-64bit.img file on the loopback (/mnt/)
- Edit the /mnt/syslinux.cfg file, and add/edit the following:
default custom
prompt 0
timeout 0
display boot.msg
label custom
kernel vmlinuz
append initrd=initrd.img ks=http://satellite.example.com/kickstart/ks/view_label/<kickstart_label> ksdevice=link noipv6
- Edit the /mnt/boot.msg to say what you want. I recommend removing the lines below ‘splash.lss’ and replace with something like:
Your install of Red Hat Enterprise Linux Update 2 (x86_64) will start shortly.
- Unmount the diskboot.img file
- Then burn to a cd, or copy to a jumpdrive with the following command:
dd if=/root/rhel5u2-64bit.img of=/dev/sdc
NOTE: Replace /dev/sdc with the device name of your jumpdrive
Rolling the disk image (For cdrom)
Get the first disk of what ever you are trying to install from the kickstart. For this document, I
will be using RHEL 5 U2 x86_64
NOTE: The arch and update must match or it will fail.
- Copy the images/boot.iso file to /root/rhel5u2-64bit-boot.iso
- Mount the /root/rhel5u2-64bit-boot.iso file on the loopback (/mnt/)
- Make a directory in /tmp/ (/tmp/rhel5u2-64bit/)
- Copy /mnt/* to that directory
- Unmount the rhel5u2-64bit-boot.iso file
- Remove the rhel5u2-64bit-boot.iso file to reduce confusion
- Make the /tmp/rhel5u2-64bit/isolinux/isolinux.cfg writable by root
- Edit the /tmp/rhel5u2-64bit/isolinux/isolinux.cfg file, and add/edit the following:
default custom
prompt 0
timeout 0
display boot.msg
label custom
kernel vmlinuzappend initrd=initrd.img ks=http://satellite.example.com/kickstart/ks/view_label/<kickstart_label> ksdevice=link noipv6
- Edit the /tmp/rhel5u2-64bit/isolinux/boot.msg to say what you want. I recommend removing the lines below ‘splash.lss’ and replace with something like:
Your install of Red Hat Enterprise Linux Update 2 (x86_64) will start shortly.
- Then make a bootable iso by running:
cd /tmp/
mkisofs -r -T -J \
-V “RHEL 5u2 x86_64 kickstart iso” \
-b isolinux/isolinux.bin -c isolinux/boot.cat \
-no-emul-boot -boot-load-size 4 -boot-info-table \
-v -o “/root/rhel5u2-64bit.iso” /tmp/rhel5u2-64bit/
- The burn the cd as a cd image
Boot
The insert the media into the machine and boot off of it.
Well hello there. My name’s Patrick and I’m a pretty technical guy, and I love technical things.