Archive for the ‘Webtechnology’ Category

2 Comments

How to check the Signing Certificate on an Android app / apk.

Thursday, January 3rd, 2019

If you own a Android Phone, and you want to use Signal instead of Whatsapp or Telegram for privacy matters, and, for the same privacy matters, you don’t have a Google Account on your phone, or you don’t use Google Play but the free F-Droid, their is a solution. You can download the Signal APK from their website: https://signal.org/android/apk/

They give a warning:

Advanced users with special needs can download the Signal APK directly. Most users should not do this under normal circumstances.

What a normal circumstances these days? You can’t trust Facebook anymore, maybe you can trust Google, but you don’t wanna trust Google, because trusting Google is telling Google where you are, what you do, what you say, what and who you see and who your friends are.

It’s not a matter of trust, it’s a matter of privacy and decency that you don’t do that.

So downloading the Signal APK is probably what you should do these days. But how to be sure you download the real one?

The websites tells you to verify the signing certificate on the APK matches this SHA256 fingerprint. Unfortunately they don’t tell you how to do that.

Verify the signing certificate on the Signal APK.

This one-liner will show you the SHA256 Fingerprint that has to be checked:

unzip -p Signal-website-release-4.31.6.apk META-INF/SIGNAL_S.RSA > /tmp/tmp.cert ; keytool -printcert -file /tmp/tmp.cert

You get this output:

Owner: CN=Whisper Systems, OU=Research and Development, O=Whisper Systems, L=Pittsburgh, ST=PA, C=US
Issuer: CN=Whisper Systems, OU=Research and Development, O=Whisper Systems, L=Pittsburgh, ST=PA, C=US
Serial number: 4bfbebba
Valid from: Tue May 25 17:24:42 CEST 2010 until: Tue May 16 17:24:42 CEST 2045
Certificate fingerprints:
SHA1: 45:98:9D:C9:AD:87:28:C2:AA:9A:82:FA:55:50:3E:34:A8:87:93:74
SHA256: 29:F3:4E:5F:27:F2:11:B4:24:BC:5B:F9:D6:71:62:C0:EA:FB:A2:DA:35:AF:35:C1:64:16:FC:44:62:76:BA:26
Signature algorithm name: SHA1withRSA
Subject Public Key Algorithm: RSA (1024)
Version: 3

As you can see the SHA256 is the same fingerprint as on the Signal download page.

It’s verified. The Signal apk is safe to use now.

No Comments

Fixing the network after upgrading to Ubuntu 18.04 LTS from 16.04 LTS

Tuesday, December 18th, 2018

Just updated 16.04LTS to 18.04LTS, went easier and smoother than expected.

Under the hood there are major changes in Ubuntu, I decided to stick to Unity rather then the new Gnome 3, it’s much smoother on older hardware. You only change the setting at login once and you done.

The only nasty thing: DNS (Pi-Hole) was not working. I could fix that by manually setting the DNS server in /etc/resolv.conf from `nameserver 127.0.0.53` to the DNS of my router, but that would not persist a restart.

To get info about your network and DNS:


systemd-resolve --status

Link 1 (eth0)
      Current Scopes: none
       LLMNR setting: yes
MulticastDNS setting: no

Current scopes is none, but it should be DNS

Seems there was something wrong with the NetworkManager. Somehow in the past I’ve manually edited `/etc/NetworkManager/NetworkManager.conf` file. Can’t remember when I did that, could be years ago, Ubuntu 10.04 or something ;).

I had to comment out the line that explicitly set `no-auto-default`, meaning don’t let the NetworkManager create a default wired connection for my ethernet card. 

[main]
...
#no-auto-default=<mac-adress>
...
[ifupdown]
managed=false

After commenting it out, NetworkManager could create a default connection and after restart (the daemon), everything was OK. DNS was working.

systemd-resolve --status
Link 1 (eth0)
Current Scopes: DNS
LLMNR setting: yes
MulticastDNS setting: no

As you can see DNS is now working

Maybe this can help you, if you experience the same troubles.

No Comments

How to find your IPv4 and IPv6 ip-addresses?

Friday, December 7th, 2018

How to check your IPv4 and IPv6 ip-adresses on the command line

Sure you can start up your browser and use Google to find a suitable website, but why not keep it simple and use the command line for this trivial task. Fire up a terminal and type:

> my_ip
> 2001:db8:85a3::8a2e:370:7334
> 172.16.254.1

Above IP-addresses are bogus, but you got my drift. To do this simply create the following bash script:

#!/bin/bash
# bin/my_ip

curl -6 v6.ifconfig.co
curl -4 v6.ifconfig.co

It will first output your IPv6 address.  If you don’t have one, it it will tell you:

> curl: (7) Couldn't connect to server
> xx.xx.xx.xxx

The script uses the great curl application with the simple -6 and -4 flags, to connect with IPv6 and IPv4.

Of course you could extend the script a bit to include geographical information:
#!/bin/bash
# bin/my_ip

curl -6 v6.ifconfig.co
curl -6 v6.ifconfig.co/city
curl -6 v6.ifconfig.co/country
curl -4 v6.ifconfig.co
curl -4 v6.ifconfig.co/city
curl -4 v6.ifconfig.co/country

Now you will get info about your city and country as well.
1 Comment

Using Krusader with Ubuntu 18.04

Thursday, June 7th, 2018

Krusader is a very fine two pane file-manager that comes with many powerful inbuild features, while Nautilus or the Mate fork (Caja) lack many of those important features: two panes, open folder in terminal (with keyboard shortcut), a useful bookmark manager, password manager (for remote sites like (S)FTP, configurable user-actions, and its highly configurable (with a lot of keyboard shortcuts).

Once you’ve experienced Krusader from the keyboard, Caja or Nautilus is simply inferior in daily usage. It seems that Gnome’s choice to embrace touch screen devices comes with a cost for heavy keyboard desktop users.

This doesn’t mean I don’t use Nautilus, I do! I simply use both file managers. Remember, everything is a file in the Unix philosophy. So the file-manager, next to the editor, is the most important tool in Linux.

Browsing two panes in Krusader is easy, searching, copying, moving files, or synchronizing panes, browsing archives, it’s all supported, with nice keyboard support.

Some of Krusader’s powerful features:

  • remote mounts (SFTP/SSH/FTP)
  • compare by content
  • batch multi rename
  • synchronize panes
  • split/ combine files
  • verify files checksum
  • visual tool to show folder usage/size
  • user-actions to easily setup  cli based actions for selected files, like resizing images, converting media-files etc, all with keyboard shortcut support.
  • mirror mode, traversing trees

Krusader does need some additional tools to show real power, like krename, kate (for internal viewer), and the some icons are missing with a default install in Ubuntu 18.04. We will fix that.

Start with installing Krusader:

sudo apt install krusader

# and some tools
# krename powerfull batch rename tool)
# kate (editor)
# bookmark manager
sudo apt install keditbookmarks
# saving passwords
sudo apt install kwalletmanager
# PGP encryption for kwallet
sudo apt install kpgp
# support for (s)ftp mounts
sudo apt install kio-extras
# kde terminal, not needed if you tweak the Krusader settings to use gnome-terminal or mate-terminal
sudo apt install konsole
# for visual diff and merge tool
sudo apt install kompare
sudo apt install meld

Now you could start-up Krusader, it will ask you about some path for tools for packing and unpacking, you can install them later if you need them (rar/unrar etc).

Now you will probably notice, Krusader looks weird, it’s missing icons. By default Krusader is using breeze-icons. Unfortunately installing the breeze deb package will not do the trick. It’s a long story how to fix that, but the easiest method I came along was this:

Extract the binary icon-theme from the icon-package (breeze-icon-theme-rcc_5.46.0-1_all.deb), rename it  and place it in the Krusader config folder.

Download the deb, and open the deb with your archive manager and extra this file /usr/share/icons/breeze/breeze-icons.rcc.

Rename and copy it to the Krusader config map:

~/.local/share/krusader/icontheme.rcc

Restart Krusader, and icons are in place.

If you want  Krusader to  save passwords: Setup a new wallet with kwalletmanager, and Krusader will use that default wallet. Probably you will need a logout/reboot.

No Comments

Security by design: following the right principle

Friday, April 6th, 2018

Since there was some attention to a CSS driven keylogger, it’s good again to point out the security risks of third party content. That risk is huge.

When a third party CSS Stylesheet can steal your password, it would be a piece of cake for any Javascript script to do the same.

If you follow this blog, it will not surprise you that we’re skeptical to all the JavaScript driven frameworks that are fashionable. In general Javascript is bad for security, privacy, and the planet 🙂 : battery usage. It’s good for tracking, fingerprinting and advertisements, and visual eye-candy.

Yes, JavaScript can be nice, but please adhere to these old principles: graceful degradation and progressive enhancement. And it’s fashionable not to follow those principles.

Don’t force JavaScript, because you’re trying to sell adds, or track users.

Don’t overdo JavaScript: an URL with your contact info should have your contact info (in HTML). Otherwise you should point to another URL. Don’t hide this information behind Javascript and in JSON somewhere. You’re breaking the internet. Keep information accessible.

It’s important to underline again. Every script that is loaded with <script> has access to the DOM, and if the page is a login page, it has access to the password and username.

So a simple principle can be deducted, and it’s a shame that we have to repeat it here.

Never add any (third party) script to a login page. NEVER.

Nobody should be authorized to have access to a plain password, except for the user. Nobody. Limit access by design, not by trust.

(more…)

31 Comments

How to run or boot Raspbian on a Raspberry Pi Zero without an SD-card.

Thursday, March 22nd, 2018

In an earlier post I explained how you can run and connect to a Raspberry Pi Zero with just an USB cable. Still the RPI Zero was using a micro SD card.

Luckily the great minds of the Raspberry Pi Foundation developed new boot modes: ethernet boot and USB Mass Storage Device (MSD) boot for the Raspberry Pi 3.

Now they came up with USBBoot, a tiny program that pushes the bootcode over the USB to the Raspberry Pi Zero (Raspberry Pi model A, Compute Module, Compute module 3 and Raspberry Pi Zero and Raspberry Pi Zero W), so it can boot without a micro SD-card.

Boot a RPI Zero from your laptop without SD card

In this post we will boot the Zero with the latest Raspbian Stretch (lite) from an common Ubuntu laptop, running 16.04LTS. It is surprisingly comfortable once you’ve set it up. And remember we’re running the Zero without any SD card, which costs are higher then a Raspberry Pi Zero. You do not need an SD card at all.

Yes, we use a standard USB cable to power,  connect, provide internet-access, an OS and storage for the Pi Zero.

So we gonna run the poor Raspberry Pi headless (=no monitor), armless (=no keyboard or mouse) and brainless (=no memorycard). And you know what? Back to the basics make the little gem shine!!

(more…)