Step by step instructions for adding a PATH to your directory.
Tag: Linux
Whonix in VirtualBox
I found these articles on Choosing Your Desktop Linux Distribution and Desktop Linux Hardening to both be interesting. At the bottom, you’ll see that they recommend using Whonix. Pretty clear Whonix is designed to be used within VirtualBox.
When I tried installing straight to Virtualbox using the Virtualbox instructions, it took about five minutes on my (admittedly old) machine. Then, I got a driver was not set-up correctly error. It tells you what to do:
$ sudo modprobe vboxdrvAfter doing this command, the virtual machines booted normally. Unfortunately, I could not get them to work, probably because I use a very old notebook.
Anyway, adding a comment here as a note to revisit once I have a box that can handle the virtualization requirements.
NixOS for the Impatient
“NixOS is a Linux distribution configured using Nix. It is declarative, meaning that the entire system state can be defined in a single .nix file; and reproducible, meaning you can have multiple computers set up identically.
If this sounds like a bullshit timesink like Arch or Gentoo: it’s not. There was a time when the idea of spending an afternoon typing cryptsetup incantations into a terminal would have been appealing. That time is past. I don’t use distros that lack a graphical installer (running fdisk is frankly beneath my dignity) or that require extensive maintenance. I’m not building my own kernel with some bespoke set of paranoid CFLAGS. I just want something that works.
NixOS works. It actually works great.”
—Fernando Borretti, “NixOS for the Impatient.” borretti.me. May 6, 2023.
I have been meaning to try NixOS for awhile, but I didn’t want to have to figure out how to do the configuration file to get near what I use: mutt, Firefox, ssh, my VPN, etc. I am saving this one for when I finally decide to do it.
Note: Add To New Laptop
An ongoing note of what to add to a new laptop, should I ever buy one. Suggestions welcomed. Will add to over time.
- Add Whiteboard Contact Paper as bottom layer sticker for cover.
Linux: Importing Keys from OpenKeychain (and Elsewhere) into GnuPG
Every now and again, I have to transfer my GPG keys to a new machine and I always forget how to do it. So, I figured I’d write a few notes to remember in the future.
Key detail: when you do a full back-up, it will export a file in the format: backup-YYYY-MM-DD.sec.pgp. You will also be given a password in the form of XXXX-XXXX-XXXX-XXXX-XXXX-XXXX. The password is a series of uppercase letters and numbers. So, at a command prompt in Linux, type:
$ gpg2 --decrypt backup_YYYY-MM-DD.sec.pgp | gpg2 --importWhen you are prompted for the initial password, make sure to use the one in the format above and include the dashes. After, you will be prompted for the private key password(s) that have been backed up in order to import them.
I did cover this in my post on mutt, but I didn’t think to look there this time. So, I figure it deserves its own entry.
Accessing a Locked Android Phone Not Displaying A Keyboard
I use AnySoftKeyboard as my keyboard of choice on Android. It’s great, except when my SD Card becomes corrupted. When that happens, AnySoftKeyboard no longer works. If my device is locked at the time, there doesn’t appear to be a way to type in my password to unlock the device.
There is a solution to this problem, if you have enabled Developer options and USB debugging on the device. Boot into recovery (Volume Up, Home & Power, all at the same time). Start adb on the device. Connect it to your computer with adb and reboot. Then from a command prompt on the computer, type in the following:
$ adb shell input text password && adb shell input keyevent 66This will basically work just like the displayed keyboard on your device. keyevent 66 is the equivalent of Enter. Then, you can reformat your SDCard in Settings. Then, reboot the device and you will be good to go.
Installing Citrix Workplace on Ubuntu Linux
Installation
- Download the Citrix Workspace app from the official website.
- Install using dpkg:
$ cd Downloads
$ sudo dpkg -i Citrix-Workspace.debInstalling a CA Certificate
The pre-installed certificates might work for you. If you get errors when trying to use Citrix, then you’ll likely need to install a CA certificate.
- Go to the VPN website you use Citrix for.
- Click on the lock in front of the url
- Click on certificate (Chrome) or Connection Secure (Firefox)
- Note the authority under Issued By (Chrome) or Verified By (Firefox)
- For example, the certification authority might be: DigiCert TLS RSA SHA256 2020 CA1
- Search for DigiCert TLS RSA SHA256 2020 CA1 in your favorite search engine.
- Select the official site that allows you to download the relevant certificates.
- Download both the PEM and the CRT files.
- Do the following:
$ sudo cp ~/Downloads/DigiCertTLSRSASHA2562020CA1-1.pem /opt/Citrix/ICAClient/keystore/cacerts
$ sudo chmod 644 /opt/Citrix/ICAClient/keystore/cacerts/DigiCertTLSRSASHA2562020CA1-1.pem
$ sudo /opt/Citrix/ICAClient/util/ctx_rehashNote: The instructions on the Citrix website seem to be incorrect. It tells you to cp the pem file with a crt extention, even though every other file in the directory is a PEM file. The above copies to the default Citrix directory on Ubuntu, changes the file permissions to -rw-r–r–, and rehashes the new certificate so Citrix can use it.
X.509 Certificate for Chrome or Firefox Browsers
I’m not sure if this is strictly necessary, but it might also be helpful to import the X.509 certificate into Chrome or Firefox. For Chrome (Firefox is similar), do the following:
- Go to the three dots (hamburger)
- Select Chrome settings
- Search for: certificate
- Click on Security
- Click on Manage Certificates
- Click on Authorities
- Click on Import
- Select ~/Downloads/DigiCertTLSRSASHA2562020CA1-1.crt
- Select all three options.
bash: TOTP From the Terminal With oathtool
TOTP is Time-based One Time Password. Most people use applications on their phone for TOTP, such as andOTP, Google Authenticator, and related apps. But, as we move from using a phone as a second factor for what we are doing on a computer to a phone being the primary way we interact with the Internet, it makes sense to make the computer the second factor. This is the idea behind this script. It is based on analyth’s script, except I stripped out the I/O.
#!/bin/bash
# Assign variables
google=$(oathtool --base32 --totp "YOUR SECRET KEY" -d 6)
wordpress=$(oathtool --base32 --totp "YOUR SECRET KEY" -d 6)
amazon=$(oathtool --base32 --totp "YOUR SECRET KEY" -d 6)
# Print variables
echo "google: ${google} | wordpress: ${wordpress} | amazon: ${amazon}"This will print:
google: 123456 | wordpress: 123456 | amazon: 123456However, I didn’t like the idea of my one time password codes only being protected by normal file protections on a Linux system. I thought it should be encrypted with gpg. So, I saved it to a file in my scripts directory, totp, and encrypted it with my public key. If you don’t have a gpg key pair, instructions are available online.
$ gpg -r your@email.com -e ~/pathto/totpThen, to run the shell script, do:
$ gpg -d ~/pathto/totp.gpg 2>/dev/null | bashThis will prompt you for your gpg password and then run this script. You likely won’t want to remember this string of commands, so you could make your life easier by adding it as an alias under .bash_aliases
alias totp='gpg -d ~/pathto/totp.gpg 2>/dev/null | bash'Mutt: Viewing Attachments / HTML via .mailcap and a Custom Fortune as a Signature in Mutt
It’s funny how small, trivial things can lead you to make radical changes in the tools you use. As regular readers of this blog know, I collect sayings that I publish every month. I then compile these sayings into a custom fortune file that displays one saying every time I login to my computer or open a new terminal window/shell process.
I recently learned that I can call this custom fortune file as a signature and have one added automatically to every email I write by adding this line to my .muttrc configuration file.
set signature="fortune /usr/share/games/fortunes/cafebedouin -s|"This is simply calling the fortune program, specifying the location of the file and the -s flag is telling fortune to find a small quote to add. This is a completely trivial feature, but I love it. It is what provided the motivation to actually get mutt to work as my main email client.
My main problem with mutt has been that I couldn’t figure out how to get it to render HTML emails in a readable format, which makes mutt a poor choice as an everyday email client. Half of the emails I receive are in HTML format. The problem, it turns out, is that my email provider encrypts all my email, so I needed an additional line in .mailcap that processes the pgp/mime format, like so:
text/plain; cat %s; copiousoutput
text/html; mkdir -p /tmp/mutt \; cp %s /tmp/mutt \; firefox /tmp/mutt/$(basename %s) &
text/html; lynx -nonumbers -dump %s; copiousoutput; nametemplate=%s.html
pgp/mime; lynx -dump %s; copiousoutput; nametemplate=%s.htmlThis points to something I didn’t understand. .mailcap is basically how you tell mutt to process email attachments, and you simply associate file types with programs on your system. There’s also default behavior, where the text/html with copiousoutput will be used when you hit enter by default and when you go to view the attachment, mutt will call the first relevant line in mailcap, as mentioned here.. The same idea applies to other file types, such as images.
image/*; mkdir -p /tmp/mutt \; cp %s /tmp/mutt \; xdg-open /tmp/mutt/$(basename %s) &So, once the change above is made, you then need to change this line in .muttrc:
alternative_order text/html text/plain text/enriched text multipart/alternative
auto_view text/html
# Removes temporary attachment files
folder-hook . `rm -f /tmp/mutt/*`And now, it works beautifully. I’ve completely stopped using thunderbird, and I only use mutt. And, it has improved my email experience so much. I receive something like 50-100 emails a day, most of them newsletters or promotional material from organizations I signed up to hear more about. But, mutt makes it so easy to navigate and delete email.
Since making the transition, my inbox – which I had always relatively good control over and rarely had more than a day’s worth of email in – is down to a couple of leftover emails per day. I read what I want and delete them. I highly recommend making the transition.
bash: Cryptocurrency Prices From the Linux Terminal
#!/bin/bash
printf -v coin '%s' -1 # crypto.sh bitcoin
price() {
# A function that pulls cryptocurrency price data from coingecko
curl -X 'GET' 'https://api.coingecko.com/api/v3/simple/price?ids='"$1"'&vs_currencies=usd' \
-H 'accept: application/json' 2> /dev/null | # sends download data to /dev/null
sed 's/.*usd"://' | # Removes everything before the price
sed 's/..$//' | # Removes back two }}
sed 's/^/\$/' # Adds dollar sign to the front, returns
}
bitcoin=$(price bitcoin)
ethereum=$(price ethereum)
# Checks to see if there is a command line variable and prints to console
if [[ -z $1 ]]; then
echo "bitcoin: ${bitcoin} | ethereum: ${ethereum}"
else
price=$(price $1) # calls function with command line variable
echo "${1}: ${price} | bitcoin: ${bitcoin} | ethereum: ${ethereum}"
fih/t Techstructive for the basic idea. I simplified their code by cutting out the I/O and putting the coin as a variable when calling the script, e.g. crypto.sh bitcoin, and formatting it by piping it through sed. Have I mentioned how much I love sed?
Edit: Modified this on August 12, 2021 so it is now a function and prints a portfolio of coins. I track two or three, and it was getting annoying to have to do them each individually. All you need to do to modify it for the coins you are interested in is create a new function call:
cardano=$(price cardano)Then add that to both the if and else print results.
echo "${1}: ${price} | bitcoin: ${bitcoin} | ethereum: ${ethereum} | cardano: ${cardano}"
cafebedouin.org 