walterw
-
Posts
39 -
Joined
-
Last visited
-
Days Won
1
Content Type
Profiles
Forums
Blogs
Posts posted by walterw
-
-
6 hours ago, drobbins said:
Two mobile phone apps that I like related to secure communications are: Signal and Telegram. Signal is designed to be a text message replacement (you can use it as your default text messaging app in Android, and upgrade certain conversations to secure) whereas Telegram is more like a better Google Hangouts.
Yes, those are both great applications for communicating securely.
I think the "problem" I'm trying to address is general web surfing where:
1. The source may not be reputable and information legitimate. It can plant an idea in your head.
2. The tracking, either through general surfing, use of "apps", OS-level monitoring, hardware monitoring (microphone / camera).
3. malicious apps / insecure apps / websites which harvest private information or are used to exchange private information, but may not be secure and could be intercepted by an adversary.
Having said that, if I were to run SSL Bump via Squid on myself, I could leverage ClamAV to screen the content before it gets to a browser which may help prevent malicious content from opening an exploit. Perhaps I could also leverage some additional peer proxy that would "monitor" the data being exchanged and either block just the data in question or terminate the request altogether. Ie. if I were unexpectedly transmitting my phone number (or some PII), I could potentially be notified in real-time then either terminate the request or allow it, etc. However, there are ways around that.
At the end of the day, I think it comes down to trust. If the site I'm visiting is trustworthy, the likelihood they would do nefarious things is small ...
This is what I'm looking for for mobile devices:
http://newport.eecs.uci.edu/~ashuba/publication/2015_antmonitor_s3/
I would imagine the same thing can be done more easily on an actual computer.
-
Hi,
Thanks for your thoughts. Yes, that is something I think about, and you're right the 2 are inversely proportionally related.
Yes, clearing cookies / browser cache is one step.
From the desktop / end computer standpoint, I feel securing the system is much easier than a mobile device as the knobs are much easier to get at. Google / Apple give developers more control over security / privacy than the end user.
Back to your philosophical view, so my concerns are:
1. I would like to minimize the blatant advertising that I am exposed to (here, privoxy works fairly well, but only for HTTP unless you're running an SSL Bump proxy). DNS / IP blocks work okay at this.
2. The more subtle advertising such as studies showing how blue light keeps you up at night and why you need these blue-light filtering glasses are also a nuisance (this is just a recent pertinent example). This is a more difficult problem to solve because often times the sources for these advertisements are reputable and will not be in a blocklist. This type of stuff is pervasive and gets into your mind without necessarily appearing as advertising directly.
3. From the mobile "app" perspective, when installing an "app" you're handing over much of your private information just to use the "app". The only choice you have here is to not use it. I think Android is getting better at selecting what permissions you give apps, but this is still the wild west. If you want to "secure" this information or data from "leaking" it is very difficult to do at the gateway level even with SSL Bump. Another option is to run the app inside of a sandbox such as VirtualBox where you have that app running in isolation. Sometimes you can do this, other times, the app needs to be on the device to be useful.
-
Thanks, I think I'm back in business now.
-
Thanks, I am trying that now.
-
I am unable to install xorg-server, I am having a problem with gl? This looks oddly familiar to this:
However, I have already done the same... Furthermore, to disable glamor, I removed support for ATI video cards since everything I run is Intel:
/etc/make.conf
VIDEO_CARDS="intel nouveau"/etc/portage/package.use/xorg
x11-base/xorg-server -glamor -glvnd udevchecking for GL... no configure: error: Package requirements (glproto >= 1.4.17 gl >= 9.2.0) were not met: Package dependency requirement 'gl >= 9.2.0' could not be satisfied. Package 'gl' has version '1.2', required version is '>= 9.2.0' Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. Alternatively, you may set the environment variables GL_CFLAGS and GL_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. !!! Please attach the following file when seeking support: !!! /var/tmp/portage/x11-base/xorg-server-1.20.5/work/xorg-server-1.20.5_build/config.log * ERROR: x11-base/xorg-server-1.20.5::xorg-kit failed (configure phase): * econf failed * * Call stack: * ebuild.sh, line 93: Called src_configure * environment, line 3608: Called xorg-2_src_configure * environment, line 4661: Called autotools-utils_src_configure * environment, line 995: Called econf '--docdir=/usr/share/doc/xorg-server-1.20.5' '--enable-shared' '--disable-static' '--disable-selective-werror' '--enable-ipv6' '--disable-debug' '--disable-dmx' '--enable-glamor' '--disable-kdrive' '--disable-libunwind' '--disable-xwayland' '--enable-record' '--enable-xfree86-utils' '--enable-dri' '--enable-dri2' '--enable-glx' '--disable-xcsecurity' '--disable-xephyr' '--disable-xnest' '--enable-xorg' '--enable-xvfb' '--enable-config-udev' '--without-doxygen' '--without-xmlto' '--without-systemd-daemon' '--disable-systemd-logind' '--disable-suid-wrapper' '--enable-install-setuid' '--enable-libdrm' '--sysconfdir=/etc/X11' '--localstatedir=/var' '--with-fontrootdir=/usr/share/fonts' '--with-xkb-output=/var/lib/xkb' '--disable-config-hal' '--disable-linux-acpi' '--without-dtrace' '--without-fop' '--with-os-vendor=Gentoo' '--with-sha1=libcrypto' * phase-helpers.sh, line 718: Called __helpers_die 'econf failed' * isolated-functions.sh, line 119: Called die * The specific snippet of code: * die "$@" * * If you need support, post the output of `emerge --info '=x11-base/xorg-server-1.20.5::xorg-kit'`, * the complete build log and the output of `emerge -pqv '=x11-base/xorg-server-1.20.5::xorg-kit'`. * The complete build log is located at '/var/tmp/portage/x11-base/xorg-server-1.20.5/temp/build.log'. * The ebuild environment file is located at '/var/tmp/portage/x11-base/xorg-server-1.20.5/temp/environment'. * Working directory: '/var/tmp/portage/x11-base/xorg-server-1.20.5/work/xorg-server-1.20.5_build' * S: '/var/tmp/portage/x11-base/xorg-server-1.20.5/work/xorg-server-1.20.5' >>> Failed to emerge x11-base/xorg-server-1.20.5, Log file: >>> '/var/tmp/portage/x11-base/xorg-server-1.20.5/temp/build.log'
-
Given the complexity of the systems today and the vast number of interconnected devices, it is challenging to both secure the devices and ensure privacy. Setting up a firewall used to be sufficient; however, that is just one small piece.
What components do you use and at which level?
ie. firewall, SIEM, proxy server, DNS filter, IP blocks, etc.
-
Does anyone still use squid for caching content these days? If so, do you use SSL Bump to make it more effective? Otherwise, Squid wouldn't be caching much since most sites are protected by SSL.
-
Resetting the UPS fixed it - is there anyway to do that in the future without resetting the UPS?
Walter -
I have a CyberPower, CP1500 AVR, UPS that I had at one point working with funtoo; however, I noticed recently that communications have broken down and I can no longer even start upsdrvctl.
/etc/nut/nut.conf
MODE=standalone/etc/nut/ups.conf
[CyberPowerUPS] driver = usbhid-ups port = auto vendorid = 0764 productid = 0501 product = CST135XLU serial = CR7HQ2008167 vendor = CPS # @see: https://raspberrypi.stackexchange.com/questions/66611/nut-cyberpower-data-stale pollinterval = 15
/etc/nut/upsd.conf (completely empty)/etc/nut/upsd.users
[nut]
password=SOMETHING
upsmon master
/etc/nut/upsmon.conf
MONITOR CyberPowerUPS@localhost 1 nut SOMETHING masterI have disconnected the USB cable and reconnected; however, I have yet to try resetting the UPS ...
Walter
-
I am just curious - what is the manual effort that Daniel and team perform? It seems there is some testing around that, can that by automated is what I'm getting at? Why can't there be rolling releases? I'm not complaining about the release process, but am trying to understand when the infra team prepares 1.3 or 1.4, what are they doing? Why must they do it by hand? I understand that Funtoo packages is a collection of software all developed at a different pace and that ebuilds have to be maintained to keep up with those packages.
I'm looking for, how can we improve infrastructure to make this process better, more robust, etc.
-
So, if I understand correctly, testing is based on the end user manually follows above steps and reporting any issues? Can any tasks be automated?
-
I am wondering what is involved for testing releases such as the upcoming 1.4 release? Is it manual by the user base, automated, etc.? How can we help out?
Thanks,
Walter
-
Hi all,
I built squid 4.6 with both ssl and ssl-crtd enabled:
net-proxy/squid qos tproxy ssl ssl-crtd htcp wccp wccpv2 capsAnd, after it is done building, I expect ssl_crtd to live in /usr/libexec or somewhere down there, but after doing:
find / -type f | grep ssl | grep crtdI see nothing. Even with:
find / -type f | grep crtdI too see nothing. I don't see any build errors
I checked the squid documentation and everything I found still references ssl-crtd and /usr/libexec ... ssl_crtd.
I see the answer:
/usr/libexec/squid/security_file_certgenThat is the default value, it apparently has moved and some of the documentation hasn't caught up. I'm leaving this here in case anyone else runs into the same problem.
Walter
-
Great, it looks like it got to the compile phase now!
Thanks!
-
When trying to install xorg-server, I get an error with GL:
configure: error: Package requirements (glproto >= 1.4.17 mesa-gl >= 9.2.0) were not met: Package 'mesa-gl', required by 'virtual:world', not found Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. Alternatively, you may set the environment variables GL_CFLAGS and GL_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. !!! Please attach the following file when seeking support: !!! /var/tmp/portage/x11-base/xorg-server-1.20.1-r1/work/xorg-server-1.20.1_build/config.log * ERROR: x11-base/xorg-server-1.20.1-r1::xorg-kit failed (configure phase): * econf failed * * Call stack: * ebuild.sh, line 92: Called src_configure * environment, line 3591: Called xorg-2_src_configure * environment, line 4644: Called autotools-utils_src_configure * environment, line 979: Called econf '--docdir=/usr/share/doc/xorg-server-1.20.1-r1' '--enable-shared' '--disable-static' '--disable-selective-werror' '--enable-ipv6' '--disable-debug' '--disable-dmx' '--disable-glamor' '--disable-kdrive' '--disable-libunwind' '--disable-xwayland' '--enable-record' '--enable-xfree86-utils' '--enable-dri' '--enable-dri2' '--enable-glx' '--disable-xcsecurity' '--disable-xephyr' '--disable-xnest' '--enable-xorg' '--enable-xvfb' '--enable-config-udev' '--without-doxygen' '--without-xmlto' '--without-systemd-daemon' '--disable-systemd-logind' '--disable-suid-wrapper' '--enable-install-setuid' '--enable-libdrm' '--sysconfdir=/etc/X11' '--localstatedir=/var' '--with-fontrootdir=/usr/share/fonts' '--with-xkb-output=/var/lib/xkb' '--disable-config-hal' '--disable-linux-acpi' '--without-dtrace' '--without-fop' '--with-os-vendor=Gentoo' '--with-sha1=libcrypto' * phase-helpers.sh, line 718: Called __helpers_die 'econf failed' * isolated-functions.sh, line 121: Called die * The specific snippet of code: * die "$@" * * If you need support, post the output of `emerge --info '=x11-base/xorg-server-1.20.1-r1::xorg-kit'`, * the complete build log and the output of `emerge -pqv '=x11-base/xorg-server-1.20.1-r1::xorg-kit'`. * The complete build log is located at '/var/tmp/portage/x11-base/xorg-server-1.20.1-r1/temp/build.log'. * The ebuild environment file is located at '/var/tmp/portage/x11-base/xorg-server-1.20.1-r1/temp/environment'. * Working directory: '/var/tmp/portage/x11-base/xorg-server-1.20.1-r1/work/xorg-server-1.20.1_build' * S: '/var/tmp/portage/x11-base/xorg-server-1.20.1-r1/work/xorg-server-1.20.1' >>> Failed to emerge x11-base/xorg-server-1.20.1-r1, Log file: >>> '/var/tmp/portage/x11-base/xorg-server-1.20.1-r1/temp/build.log' * Messages for package x11-base/xorg-server-1.20.1-r1:I commented out glamor support to see if that might have an effect:
/etc/portage/package.use/x11
media-libs/mesa bindist -gallium -d3d9 -llvm #x11-base/xorg-server glamor x11-base/xorg-server -glamor x11-drivers/xf86-video-ati -glamorI thought I came across an article about 1.4-release and how it changes the GL implementation. If I am remembering or interpreting correctly, I don't believe this will work easily until 1.4-release. Is that accurate, or is there a quick-fix to get up and running?
Thanks,
Walter
-
I also have pycharm installed and yes, it is 2018.2.4. Not the latest and greatest.
If you look in git:
find /var/git/meta-repo/kits/dev-kit/dev-util/pycharm-community -type f | grep \\.ebuild$You will only see 2018.2.1 and 2018.2.4.
Then, if you go to github.com or checkout the other branches, you will see 1.4-release has the latest version. I don't fully understand the methodology behind the releases and what testing takes place before the latest and greatest ebuilds get included into funtoo kits, but they don't track gentoo 1:1.
If you are feeling lucky or have patience, you can configure /etc/ego.conf to use a specific branch, ie. 1.4-release to get the latest. Just be aware that, that has cascading effects ...
Walter
-
If I am using the 1.4 generic 64-bit stage 3 tarball, that will already be referencing the 1.4 branches, correct? Will most things build under 1.4 without changing my use flags and other settings?
-
Thanks - I checked the gentoo wiki and will post back results after I rebuild the kernel.
Walter
-
Hi gingerbread,
I set that, rebuilt my kernel, modules, and installed it, but I still have no touchpad. I did have to manually modprobe hid-alps as it wasn't loaded by default; however, manually loading it had no impact. I am wondering if perhaps it would work if there were a corresponding x11 config file somewhere telling it to use it?
But I am also not sure that matters because my /proc/bus/input/devices doesn't show any touchpad devices.
I believe it works in Ubuntu, so I will have to keep comparing what the kernel supports versus what I have built in my kernel ...
Thanks,
Walter
-
Hi gingerbread,
Thanks for your reply, I do not have that set and will try that now.
Walter
-
Hi digifuzzy,
Good call - I think you are most certainly right, I checked and I do not have x11-drivers/xf86-input-synaptics installed, nor the use flags with synaptics (which probably pulls that in). I'm building now and will report back :).
Thanks,
Walter
-
Hi all,
I am having difficulty getting the touchpad working on my laptop - if I boot up to Ubuntu, it works fine. I played around with removing modules to semi isolate which modules I need and have deduced that I need at least:
i2c_hid
hid_multitouch
When I remove those on Ubuntu, the touchpad stops working. However, merely having those built and available on my funtoo installation is insufficient. I also tried copying the xorg.conf.d/*.conf files for anything resembling input devices and that also did not work (after restarting X11).
I will play around more with other kernel modules. I am trying to dig through lspci to see if I'm missing something but it isn't entirely clear to me, perhaps this might be what I need support:
Communication Controller: Intel Corporation Point-LP CSME HECI #1
SMBus: Intel Corporation Sunrise Point-LP SMBus (rev 21)
Thanks,
Walter
-
-
Hi,
I am starting with a base release 1.3 64-bit image and getting this message throughout my build process:
Unavailable repository 'gentoo' referenced by masters entry in '/var/git/met a-repo/kits/rust-kit/metadata/layout.conf'It appears whenever I am calling equery l <package-atom>, I am getting this error. Any ideas what might be causing this?
Thanks,
Walter
characters in terminator are squished together [SOLVED]
in General Discussion
Posted
I recently rebuilt my system to use the new 1.4 release and am still working out a few kinks which may be self-induced. I kept many of the previous use flags I had before, so maybe I should start anew? In any case, I compared the list of packages from my old image to the current one and don't see anything around fonts. The fonts also work well everywhere else, chromium, libreoffice, geany, etc.
The only place where they're "messed up" is in terminator. Even if I go to an old console (from bootup), the fonts are easy to read and not squished together.
The characters are over top of one another horizontally making it very difficult to read. I tried playing with the font settings, but that didn't get me anywhere.