Howto: A simple encrypted folder using Cryptkeeper.

I required a simple solution to easily secure some data, a single folder that could be encrypted and require a password to decipher being the ideal solution. A quick google soon pointed me to a couple fo options, Truecrypt and Cryptkeeper. Truecrypt seemed far more than I required but Cryptkeeper was perfect for my use.

To get it installed and any extra dependencies issue the following from a terminal or Synaptic if you prefer.

sudo apt-get install cryptkeeper

You can then start Cryptkeeper from the menu >> Applications >> System Tools >> Cryptkeeper It will launch to your System Tray, click the icon and choose "New encrypted folder". Give it a name in the top entry on the dialogue, and a location on your hard disks to have the encrypted folder in the lower part. Click "Forward" then enter your password, its pretty darned important not to lose this password as it will not be recoverable if you ever lose it, and that means the data won't be either.

Once that is done nautilus will open your new encrypted folder which is currently empty. You can now move the data you want making secure into this folder, when you are done, click on the Cryptkeeper System Tray icon again and "untick" the folder that you had just created. Once unmounted the data cannot be read and the folder will become hidden from view. When hidden the folder is simply renamed with a dot preceding it, so if you do get curious and navigate into it you will find your file names and the content they hold is encrypted and unreadable.

To access the data again just click the icon and "tick" the box next to the entry to remount it and make the data accessible, the files in the folder can be read as normal by any applications and resaved again directly in place. Its incredibly simple, usable and ample security for the data I want to keep private, little more than personal letters in my case and I think that is the case with most home users.

Howto: Automatically reboot on Kernel Panic.

While on holiday I was unable to SSH into my home PC one morning, worrying slightly about what might have happened as the machine is normally rock solid stable I called home to my parents who live very close and asked my mother when she went around to reboot the machine (assuming the house was ok and hadn't burnt down or been burgled)

She called me back up, the lights on the keyboard were flashing and she wasn't sure what to do as there was nothing on the screen when she turned it on, I explained how to hard reset the box (I wasn't going into Raising Skinny Elephants Is Utterly Boring with her), the machine rebooted ok.

After thanking her I logged in and did the tasks I needed to do and then spoke with a friend about it, he made a suggestion I had not known about. The computer could be configured to automatically reboot next time it Kernel paniced. No need to ask my mother to go and reboot it :]

Simply add the following line to /etc/sysctl.conf

kernel.panic = 60

After 60 seconds the computer will automatically reboot itself. Then you need to find out why it paniced and fix it.

Howto: Reclaim hard disk space from the system.

Before I went on holiday last week I had an internal drive start to fail, so a quick look at Ebuyer and a new Samsung Ecodrive F2 1.5TB monster was delivered. I swapped out the drives and went on holiday. While I was away I realised that I had left the default setting on the drive for system reserved space. Almost 80GB was reserved by the system for logs and such which I feel is a tad excessive myself ;)

This works on ext2/3 partitions and from what I can tell and been advised this is fairly safe to do, I'm using "fairly safe" deliberately here, as I best understand it the reserved space is mainly for system logs, helps to prevent fragmentation and helps when a drive becomes 100% full.

Note: This is safe to do on drives containing data, no need to backup everything to perform it, no data should be lost, based on advice I received and my own results of course, I will not be held liable for your data or lack of backups in general.

I have set my storage drives to 0% reserved space, left my root drive at 5% space and my /home drive at 2% space (which should be around 3GB which is excessive I think but better safe than sorry). Change /dev/sda1 to match the drive you want to change!

sudo tune2fs -l /dev/sda1

Lists the drives settings (note that "-l" is a lower case L, in case of font issues), you can then see how many blocks are being reserved by the system, you can then adjust the default 5% that the system uses to something nicer), If you have a Nautilus open before issuing the command, notice how much free space is available (lower left corner of the window) then issue the command and refresh the Nautilus window, the result is instant extra space available to see and use.

sudo tune2fs -m 0 /dev/sda1

This will set it to 0%, adjust that "0" to a more suitable number if needed, I prefered to leave some space reserved on root and /home, drive space is cheap but I don't like the though of wasting too much, making adjustments on various drives and partitions recovers me a good chunk over 100GB!

Make Pasword file Immutable - A Security tip

You can add a extra layer of protection to your machine, or in my case help to prevent wannabe haxx0r brothers at the parents house from changing to extremely short passwords with a little trick that not many are aware of.

What happened to me was my brother managed to shoulder surf the admin account on my parents PC, I normally update their PC by SSH from home, but I was around there visiting and mum had described a problem so I was fixing it while we chatted, my brother was lurking around and managed to shoulder read my 12 digit alpha numeric password (have to give the guy a bit of credit there, sadly)

Anyway I became aware that files on the admin account had incorrect accessed times afterwards and then looked deeper and found that someone had been in on the account and had changed my brothers password on his account from a sensible 10 digit alphanumeric (which was dead simple to bang in with two fingers as the digits were paired on the keyboard) into a rather less safe two letter password. He claimed that a friend had helped him break into my account as "you aren't the only one that knows linux", as if I ever imagined that I was some guru, I'm a self confessed learner still! As we "discussed" this further he came clean that he had simply watched me enter the password rather than "hacked" in.

Anyway lets get onto the crux of this, after setting your passwords open a terminal and enter:
chattr +i /etc/shadow

This will make the file immutable, which means that it cannot be deleted or renamed, no symlink can be made to this file and no data can be written to the file. The immutable flag must be cleared before passwords can be changed, if you try to do so without clearing it then it will appear to change the password, but in fact it would not write to the file, without error. Meaning the new password would never be written and the old password would continue being the active one.

If a fairly knowledgeable user tries to dig into why it won't write and they try:
$ ls -l /etc/shadow
-rw-r----- 1 root shadow 1027 2009-08-25 14:37 shadow

There is nothing obviously wrong with writing to the file, to check properly you would use:
$ sudo lsattr shadow
----i------------- shadow

Here we can see the +i flag set for immutable. If we clear that with:
chattr -i /etc/shadow
The password can now be changed as normal, using sudo passwd username
and then it can be set +i again to protect it.

A little bit sneaky and just a little bit safer.

A script to copy clipboard to a file.

While mucking about with some scripts I got a little bored of copying them into files and chmod +x and copying them into the path, so I just knocked up this little scriptlet. It will optionally set the execute flag on the file if it is a script you are pasting, or leave it as a normal txt file for just saving some text.


First install the package xclip with either Synaptic or:
sudo apt-get install xclip

This isn't a great script, there is very little error checking and it won't even go out of its way to tell you if the syntax is wrong, luckily its easy enough and does what I wanted simply.

Syntax is :
clip2file -x filename
Copies the clipboard into a file and sets it to execute with chmod +x then movies it into ~/bin
clip2file -a filename
Copies the clipboard into a file and nothing more.

You should have already made a bin/ folder in your home (~/bin/) this I believe is already defined as in the $PATH on Ubuntu install.

make a new file in that bin folder called "clip2file" and open it in your favourite text editor such as nano, vim or gedit and past the following script into it.

#!/bin/bash
#
# Copy the contents of the X clipboard into
# the specified file.
#
# This makes it crap loads easier to make new commands from scripts.
#
# Perhaps make it automagically +x if the first script line is
# #/bin/*
#
#

hflag=
aflag=
xflag=

while getopts 'ha:x:' OPTION
do
case $OPTION in
h) hflag=1 ;;

a) aflag=1
aval="$OPTARG" ;;

x) xflag=1
xval="$OPTARG" ;;

?) printf "Usage: %s: [-x filename] [-a filename] or use -h to recieve help\n"
exit 1 ;;
esac
done

shift $(($OPTIND - 1))

if [ "$hflag" ]
then
printf "Clip2file provides an easy method to create a file from the X clipboard\n"
printf "as either a text file, or make the file executable as a bash script.\n\n"
printf "-x filename ......... Create the file, then set the execute bit.\n"
printf "-a filename ......... Create the file but do not set execute.\n\n"
exit 1
fi

if [ "$xflag" ]
then
xclip -selection clipboard -o > "$xval"
chmod +x "$xval"
mv "$xval" $HOME/bin/
fi

if [ "$aflag" ]
then
xclip -selection clipboard -o > "$aval"
fi

exit 0

Set the file to allow executing, with with chmod +x clipt2file or by right clicking it in nautilus and choosing Proerties then going to the Permissions tab and setting it to allow executing.

Now if you want to add a new script off a website, simply copy the text into the clipboard and in a terminal or run dialog (alt+F2) enter:

clip2file -x filename

Filename of course being the name to save the file too, you can then run your new script right away.

Please remeber this script isn't perfect but its good enough for what it does, if someone would like to expand on it then I would happily post the improved version with credit.

Howto: SSH Public Key Authorisation Login (AKA Passwordless)

To be clear, this is how to login using SSH to another machine without having to enter your password. It is not an all encompassing solution but a "good enough" set up. I have to administer a couple of machines and a shell which I have use of, my own machine is kept up to date and I feel is secure enough with only myself as sole user.

Firstly we should make a key pair if you haven't already done so, these are deposited into into ~/.ssh

ssh-keygen -t rsa

Next we need to get the contents of ~/.ssh/id_rsa.pub onto our remote machine and into ~/.ssh/authorized_keys this can be done a couple ways, I found it as easy to just ssh into the remote machine and paste the contents directly into the file just note that if you paste it in you may have to correct the formatting so it is all on one line, I noticed a couple of line breaks sneak in. You could use something like the following however:

scp -P 20060 ~/.ssh/id_rsa.pub remoteaccount@remotesserver.com

Then you can just append it automatically with the following (we will touch the file in case it doesn't already exist on your machine:

touch ~/.ssh/authorized_keys
cat id_rsa.pub >> ~/.ssh/authorized_keys

We should at this point make the .ssh folder only readable by the owner:

chmod 700 ~/.ssh

You can optionally delete the id_rsa.pub key file if it was in your home folder, its the public key part so its not really necessary in my opinion but it is nice to tidy up after yourself ;)

rm id_rsa.pub

If you try and login now to the remote machine with SSH you should with any luck find you do not have to enter your password at all and can just get right on with your work.

Howto: Make Rhythmbox Put Album Covers on the Desktop (Desktop Art)

Ever wondered how people get the album covers on the desktop of the tracks they are listening too?

From Ubuntu Linux Tips and Tutorials

I'm happy to say its very simple, though it will depend on your albums having the cover art available in the mp3 folders.
Open up a terminal and simply paste these commands in one at a time:

If you do not have subversion installed then issue the following command, if you are not sure then enter it anyway, at worst it will just tell you it is already installed and do nothing.

sudo apt-get install subversion

And then these:

mkdir -p $HOME/.gnome2/rhythmbox/plugins/

cd $HOME/.gnome2/rhythmbox/plugins/

svn co http://nedrebo.org/svn/rhythmbox/desktop-art

Fire up Rhythmbox and go to the Edit/Plugins in the menu bar and find Desktop Art in the lefthand list and simply enable it. You can now configure it using the configure button on the right hand pane, don't worry about using the X,Y positioning coordinates as you can simply alt+leftclick drag the desktop art frame when you exit the configuration. So just adjust the colours if you want, and chane the text position relative to the album cover art.

Enable Composite Manager in Metacity

Not every computer has the resources to run Compiz, but if you pine after some nice effects like window shadows then there is a good chance your computer is capable of running simpler effects. i use this on my Acer Aspire One, sure it can manage Compiz, but it is a little overkill on the baby netbook.

Well rejoice now as Metacity has a composite manager built in which can give you nice drop shadows as well as a window preview on alt+tab and that  pesky inactive window title-bar transparency (which I detailed how to disable last post).

Enable the composite manager in gconf-editor and navigate to the branch in apps/metacity/general

Tick the box next to the setting composite_manager and you are now hopefully enjoying drop shadows... Yay!

A quick alternative is to paste this into a terminal

gconftool-2 -s '/apps/metacity/general/compositing_manager' --type bool true

and if you need to disable it again use:

gconftool-2 -s '/apps/metacity/general/compositing_manager' --type bool false

Adjust Titlebar Transparency in Metacity

I might be in the minority with this sentiment but I really dislike the transparency Gnome has gained on its inactive window titles when using the GTK window decorator. So here is how to make inactive windows have a solid title-bar or if you are are fan of it, make it even more transparent.

Press alt+F2 and in the run dialog enter:

gconf-editor

Navigate in the left hand tree to the branch /apps/gwd/

The two values we are interested in are :

metacity_theme_opacity which affects inactive window titlebars
metacity_theme_active_opacity which affects active windows

A setting of 1 will make the title-bars solid while 0.75 is the default at three quarters opacity.

How to use OTF fonts in Ubuntu

It isn't possible to use OTF fonts directly in Ubuntu without converting them into TTF's.

If we spend just a few minutes and install FontForge and make a very small script it becomes almost trivial to do.

sudo apt-get install fontforge

Now we should make the scripts, well it is two actually but one is a small config script for FontForge and the other is just a script to convert many OTF files in one go, rather than individually. First the FontForge settings file.

cd ~/bin
touch otf2ttf.conf

Then open otf2ttf.conf in your favourite text editor and paste the following into it.

#!/usr/local/bin/fontforge
# Quick and dirty hack: converts a font to truetype (.ttf)
Print("Opening "+$1);
Open($1);
Print("Saving "+$1:r+".ttf");
Generate($1:r+".ttf");
Quit(0);

Save the file, and now lets make the script to convert many fonts in one swoop.

cd ~/bin
touch otf2ttf
chmod +x otf2ttf

Again, open this file with your prefered text editor and paste the following in.

#!/bin/bash
#
# had to enable extglob
shopt -s extglob

# this uses globbing to match fiels ending in otf/OTF
for i in +(*.otf|*.OTF)

do fontforge -script /home/subbass/bin/otf2ttf.conf $i

done

To use this now (provided that your ~/bin folder is in your path) just open a terminal where your OTF files are, and issue the command otf2ttf. It will convert 20 files in just a couple of seconds to give you an idea of speed, you can then move all the resulting TTF files into ~/.fonts


Credit to http://www.stuermer.ch/blog/convert-otf-to-ttf-font-on-ubuntu.html where I found the script before re-typing the instructions. I put it here so I don't lose it next time I need it.