Friday, November 14, 2014

5.6 AMD64 X200: Using "Browser Back" & "Browser Next" keys in Xombrero.

Hi,

I was thinking of utilizing the "Browser Back" &"Browser Next" keys (located just above the "Left" & "Right" keys respectively) so that I can switch between previous and next open tabs in Xombrero browser.

So I start xev and after checking I found that the keysym for "Browser Back" is "XF86Back" and "Browser Next" is "XF86Forward". Good. Then I opened up ~/.xombrero.conf and add the keybindings such as:

keybinding = tabnext,XF86Forward
keybinding = tabprevious,XF86Back

Then restart Xombrero. Good times. Later.

Monday, November 03, 2014

5.6 AMD64 X200: Update to 5.6! Package update problem and pkg_check to the rescue.

Hi,

I updated my X200 lappy to 5.6 today using the trusted upgrade using USB thumbdrive method. Upgrading went smooth until I done upgrading my packages.

Well, "done" isn't the correct word. I exited the pkg_add -u while it was updating my packages and I should've known that it will haunt me sooner or later. I re-run the pkg_add -u without realising that previous update wasn't done correctly. So I paid the price when I saw that GIMP, LibreOffice and GTK+2 can't be updated due to some libraries error. Something like:

Can't install gtk+2-2.24.24 because of libraries
| avahi-client.0.0 not found
| bla bla not found

Oh my. So what do I need to do now? The answer is:

pkg_check

This neat command checks the packages, dependencies and lots more. It's kind of interactive, so it will ask if problematic packages needs to be repaired or not, or like what I choose, [a]utomatic answer. Then it will do its job. And it does it well.

After it's done, I re-run pkg_add -u and all is ok. All updated correctly. Wallah!

Saturday, July 12, 2014

5.5 amd64 X200: Alpine S/MIME, finally managed to sign with CACert.

Hi,

I finally managed to get my Alpine to sign outgoing emails with Digital Certs from CACert.org, "community-driven Certificate Authority that issues certificates to the public at large for free."

If you're using Thunderbird, setting up Digital Signature is quite easy, just a matter of getting your personal Digital ID and importing it in Thunderbird. There's a few steps in detail but it's just a matter of a bit of adventure in the Thunderbird's Option window.

But if you're like me, who uses Alpine and would like to have the ability to sign with Digital Signature, there's quite a challenge. I've been stuck with this for some time, but as it's not a super-urgent thing, I took my time to solve this. So here I'm posting the steps needed to get my Alpine to sign my email with Digital Cert attained from CACert.org.

1) Register with CACert.org and create a personal Digital Cert.
This step is self-explanatory, go to http://www.cacert.org, register your own account and create your personal Digital Certificate. I don't want to pay for Digital Certificate offered by more trustworthy company so this is a great option for me.

2) Download the Digital Certificate from CACert.org and import in Firefox.
Ok for this, you will need to have Firefox. After you downloaded your Digital Certificate, you will need to open up Firefox, and in Edit > Preferences > Advanced > Certificates > View Certificates > Your Certificates, click on the Import button and import your Digital Cert.

3) Backup Digital Cert from Firefox in PKCS12 format.
From Edit > Preferences > Advanced > Certificates > View Certificates > Your Certificates, choose the Digital Cert you want to use and then click the Backup button. You will need to create a password for it. Remember to save it at pkcs12 format. For example, save it as karl@mail.com.p12.

4) Create PEM format from the PKCS12 file.
Open your xterm, and create a PEM file from the PKCS12 (*.p12) file you just backed up.

$ openssl pkcs12 -in karl@mail.com.p12 -out karl.@mail.com.pem

Now the newly created karl@mail.com.pem file can be edited with vi or any text editor you use.

5) Create CRT and KEY file for Alpine use.
Some people suggested to use openssl to create CRT and KEY file. I didn't managed to do this successfully using the openssl method, and the result is that my Alpine gave out "Couldn't find the certificate needed to sign." prompt when I try to sign my outgoing emails. So I went with the manual way.

Remember that the PEM format is plain text and editable? So I vi the karl@mail.com.pem file. I can see there's 3 section there. The top part is something like this:

Bag Attributes
    *snipped*
-----BEGIN ENCRYPTED PRIVATE KEY-----
*blablabla*

That top portion is the private key. Delete everything before the:

-----BEGIN ENCRYPTED PRIVATE KEY-----

and delete everything after the:

-----END ENCRYPTED PRIVATE KEY-----

then save it to something as karl@mail.com.key. Remember, this is your private key. And don't overwrite the original file you've edited.

Open the karl@mail.com.pem file again. You would see the just below the private key portion, there's something like:

Bag Attributes
    friendlyName: CAcert.org Class 1 Certification Authority
    *snipped*
-----BEGIN CERTIFICATE-----

Now this is you Certificate Issuer portion. I edited the file and deleted everything before the immediate:

-----BEGIN CERTIFICATE-----

and deleted everything after the immediate:

-----END CERTIFICATE-----

then save the file as cacert.org.crt. Do take note that this file could be named as anything but make sure the filename ends with ".crt".

Open the PEM file again, and the 3rd portion is you public key. The "Bag Attributes" details should contain your email address you created the Digital Cert with. So I deleted everything before the:

-----BEGIN CERTIFICATE-----

then save the file to something as karl@mail.com.crt.

6) Setup Alpine to use the karl@mail.com.key Digital Cert.
By default, Alpine needs ~/.alpine-smime directory to store the Digital Certs. But in my case, it didn't exits. So I mkdir these directories:

~/.alpine-smime/ca
~/.alpine-smime/public
~/.alpine-smime/private

Then move all your *crt & *.key files to the correct directory such as:

~/.alpine-smime/ca/cacert.org.crt
~/.alpine-smime/public/karl@mail.com.crt
~/.alpine-smime/private/karl@mail.com.key

That should be it. In Alpine, I use Roles so the From address is the same as my Digital Cert so Alpine can Digitally sign the email composed. So far signing email is ok but I haven't tested the encryption. Later.

References.
- http://www.cacert.org
- http://comments.gmane.org/gmane.mail.alpine.info/4969
- Roles in Alpine
- Alpine S/MIME - http://patches.freeiz.com/alpine/alpine-info/misc/smime.html

5.5 amd64 X200: Firefox always crashing? Then try raising datasize.

Heyya,

My Firefox crashed sometime. Been like this since forever I think. Didn't bother to look at it until a few days ago when I think "hey I commonly sees this crashing but why other didn't flame the net about it?". So I went out to search for answers.

Then I found that this is not application or OpenBSD issue, but rather limited default setting. Firefox is quite a resource hog and by default, the datasize limit is set for 512Mb, which is by Firefox, quite low.

So I edited /etc/login.conf and find the default setting like below:

default:\
    *snipped*
    :datasize-max=512M:\
    :datasize-cur=512M:\
    *snipped*

and changed the value to:

default:\
    *snipped*
    :datasize-max=2048M:\
    :datasize-cur=1024M:\
    *snipped*

As I have about 4Gb of ram, this setting should be ok. So far this setting is ok and Firefox haven't crashed yet. Later.

References:

- man login.conf
- http://daemonforums.org/showthread.php?t=7894

Thursday, May 22, 2014

5.5 amd64 X200: Upgraded to 5.5!

Heyya,

I've upgraded my system to 5.5 yesterday using the USB Flashdrive upgrade method. Do check the links on the left side for info about creating USB Bootable Flashdrive for OpenBSD installation/upgrade.

Be sure to check http://www.openbsd.org/faq/upgrade55.html as there's quite major changes been done on this new version.

Oh also OpenBSD have provided disk images for us to create bootable flashdrive installation media. Do check http://www.openbsd.org/faq/faq4.html#MkInsMedia. I personally haven't tried this yet as I upgraded my flashdrive using my old method.

Make sure to create new openbsd.pbr if you're like me, dual-booting. Later.

6.5 amd64: Modify existing certbot certificates.

Hi, It's been quite some time eh. As you can see, I still upgrade my OpenBSD system regularly but currently I do not have the time to ...