The scenario: I've got a blogger account (i.e. this one) which is linked to my google account, and I'd like to be able to use youtube and google search without being considered as being logged in. If I log out in e.g. the google search page I also get logged out from blogger. Gmail isn't an issue since I use thunderbird/evolution, but it would cause similar issue to blogger vs search/youtube.
The past year I've become increasingly annoyed by the behaviour of google applications -- they feel more intrusive and I keep on being asked to sign in and stay signed in. Without going into specifics, it's beginning to feel like Google is trying to turn the entire web into their version of Facebook. And I don't lie it.
Anyway, luckily there's a pretty simple way to stay signed out of Google search and youtube, even without using privacy mode -- by restricting the use of cookies.
Here's what you can do in Firefox:
1. Install the Cookies Manager+ add-on in firefox, and restart firefox
2. In firefox, go to Tools, Cookies Manager+
3. Click on Tools/Exceptions
4. Add google.com and youtube.com
Done. Now you can remain signed in to all other google sites, while staying signed out of Youtube and Google Search. Note that it doesn't make you anonymous, but it just takes care of some of the minor nuisances associated with always being tracked by google.
Lindqvist - a blog about Linux and Science. Mostly.
Showing posts with label firefox. Show all posts
Showing posts with label firefox. Show all posts
04 January 2014
18 November 2013
530. Briefly: Adding a new entry to Default applications in Gnome 3. Example using Firefox
I'm tired of google chrome/chromium -- for some reason more and more websites are rendering incorrectly in it. Part of the reason is because I refuse to allow just any website to set cookies, but that can't explain all instances (e.g. I'm having major issues with any elsevier journals). I'm also tired of google in general, especially after having spent some time with google plus.
Anyway, I recently showed how to install firefox: http://verahill.blogspot.com.au/2013/11/528-briefly-setting-up-64-bit-pre-built.html
I'll show here to set it as a selectable application in the System Settings/Details
At the beginning the following selections are available:
The key to adding a new 'Default Application' is simply making sure that it appears in the MIME file type associations. And one way to do that is to create a .desktop file and use update-desktop-database to read it:
Once that's done we get the following:
You can then set up a shortcut launcher, e.g.
(you could of course just have it execute the command directly, but what's the challenge in that?)
Anyway, I recently showed how to install firefox: http://verahill.blogspot.com.au/2013/11/528-briefly-setting-up-64-bit-pre-built.html
I'll show here to set it as a selectable application in the System Settings/Details
At the beginning the following selections are available:
The key to adding a new 'Default Application' is simply making sure that it appears in the MIME file type associations. And one way to do that is to create a .desktop file and use update-desktop-database to read it:
sudo cp /usr/share/applications/iceweasel.desktop /usr/share/applications/firefox.desktop sudo sed -i 's/Iceweasel/Firefox/g' /usr/share/applications/firefox.desktop sudo sed -i 's/Exec=iceweasel/Exec=firefox25/g' /usr/share/applications/firefox.desktop sudo sed -i 's/Icon=iceweasel/Icon=firefox/g' /usr/share/applications/firefox.desktop sudo update-desktop-database
Once that's done we get the following:
07 November 2013
528. Briefly: Setting up 64 bit pre-built firefox (25) binaries on debian
/usr/local/lib is just a suggestion (and probably not a very good one).
Anyway, here's the quick and easy way to get set up with 64 bit firefox. Start it by calling firefox25
Anyway, here's the quick and easy way to get set up with 64 bit firefox. Start it by calling firefox25
mkdir ~/tmp cd ~/tmp wget ftp://ftp.mozilla.org/pub/firefox/releases/25.0/linux-x86_64/en-GB/firefox-25.0.tar.bz2 tar xvf firefox-25.0.tar.bz2 cd firefox/ sudo mkdir /usr/local/lib/firefox-25.0 sudo cp * -R /usr/local/lib/firefox-25.0 sudo ln -s /usr/local/lib/firefox-25.0/firefox /usr/bin/firefox25
28 February 2013
348. Using the official firefox 19 binary on debian testing/wheezy
UPDATE 20/3/2013: installing a system from scratch I'm having issues with xulrunner-10.0:i386, since it pulls in libstartup-notification0:i386 which causes all sorts of headaches (uninstalls xulrunner-10.0 and everything it depends on)
This post made me realise that installing the pre-built firefox binary isn't as straight-forward as one might like. A small nuisance is that the getfirefox.com versoin is only 32 bit, but that's life.
Here we go.
Download the standard binary version of firefox from here:
http://www.mozilla.org/en-US/firefox/new/?from=getfirefox
You can install it wherever you want, but I'm going for a local installation. Put the firefox-19.0.tar.bz2 in your home folder and untar it:
If you get
then you are missing 32 bit compatibility libraries:
To get flash set up you'll need the 32 bit version. Download the 32 bit version from http://get.adobe.com/flashplayer/?no_redirect
And that should leave you with a working firefox versions. Note that running 'firefox' as a command will invoke iceweasel if installed. To get around that you can e.g. do
after which you can launch firefox by running ffox form the terminal. A standard installation would be to put everything in /opt and set up a .desktop file -- but there's plenty of guides to how to do that.
This post made me realise that installing the pre-built firefox binary isn't as straight-forward as one might like. A small nuisance is that the getfirefox.com versoin is only 32 bit, but that's life.
Here we go.
Download the standard binary version of firefox from here:
http://www.mozilla.org/en-US/firefox/new/?from=getfirefox
You can install it wherever you want, but I'm going for a local installation. Put the firefox-19.0.tar.bz2 in your home folder and untar it:
tar xvf firefox-19.0.tar.bz2 cd ~/firefox/ ./firefox
If you get
bash: ./firefox: No such file or directory
then you are missing 32 bit compatibility libraries:
sudo dpkg --add-architecture i386 sudo apt-get update sudo apt-get install ia32-libs sudo apt-get install xulrunner-10.0:i386
To get flash set up you'll need the 32 bit version. Download the 32 bit version from http://get.adobe.com/flashplayer/?no_redirect
mkdir ~/.mozilla/plugins -p mv ~/Downloads/install_flash_player_11_linux.i386.tar.gz ~/firefox cd ~/firefox/ tar xvf install_flash_player_11_linux.i386.tar.gz cp libflashplayer.so ~/.mozilla/plugins/libflashplayer.so
And that should leave you with a working firefox versions. Note that running 'firefox' as a command will invoke iceweasel if installed. To get around that you can e.g. do
echo "alias ffox='$HOME/firefox/./firefox'" >> ~/.bashrc source ~/.bashrc
after which you can launch firefox by running ffox form the terminal. A standard installation would be to put everything in /opt and set up a .desktop file -- but there's plenty of guides to how to do that.
20 October 2012
262. chroot/jail your iceweasel (firefox)
Update: in my youth I thought that chroot=security. I now know better.
http://yarchive.net/comp/linux/chroot.html
http://pen-testing.sans.org/blog/2012/06/06/escaping-restricted-linux-shells
In other words, don't rely on chroot for security -- it's not meant to be a security tool. I personally use it to browse at work without leaving a too obvious a trail (nothing shady -- part of my job is to apply for permanent jobs, but it is not necessarily in the interest of my current employer to see me succeed. Academia is a weird place.)
Original post:
There are many reasons why you'd want to secure your browser -- ranging from paranoia to justifiable cautiousness (you're probably visiting the wrong kind of sites...).
A chroot environment doesn't make you anonymous -- it just helps sandbox your applications. To protect your anonymity you'll want to prevent your browser from setting cookies, and use a proxy via an ssh tunnel to encrypt your traffic and hide your true IP address. There's no silver bullet for these things.
I've chroot:d things in the past when compiling 32 bit applications on 64 bit machines, but for this guide I'm leaning heavily on this post: https://help.ubuntu.com/community/BasicChroot
Time to get rocking. Be aware that you should have a bit of free space on your target drive.
which gets stuff underway:
So far, so good.
Create a shell script, e.g. chroot.sh, with the following in it:
Run it everytime you want to enter you chroot environment:
In the chroot shell, do
Launch iceweasel/firefox:
And you're pretty much done.
Next time you want to launch a sandboxed version of firefox just do:
http://yarchive.net/comp/linux/chroot.html
http://pen-testing.sans.org/blog/2012/06/06/escaping-restricted-linux-shells
In other words, don't rely on chroot for security -- it's not meant to be a security tool. I personally use it to browse at work without leaving a too obvious a trail (nothing shady -- part of my job is to apply for permanent jobs, but it is not necessarily in the interest of my current employer to see me succeed. Academia is a weird place.)
Original post:
There are many reasons why you'd want to secure your browser -- ranging from paranoia to justifiable cautiousness (you're probably visiting the wrong kind of sites...).
A chroot environment doesn't make you anonymous -- it just helps sandbox your applications. To protect your anonymity you'll want to prevent your browser from setting cookies, and use a proxy via an ssh tunnel to encrypt your traffic and hide your true IP address. There's no silver bullet for these things.
I've chroot:d things in the past when compiling 32 bit applications on 64 bit machines, but for this guide I'm leaning heavily on this post: https://help.ubuntu.com/community/BasicChroot
sudo apt-get install coreutils debootstrap
Time to get rocking. Be aware that you should have a bit of free space on your target drive.
sudo debootstrap --arch amd64 wheezy /media/chroot/ http://ftp.au.debian.org/debian/
which gets stuff underway:
I: Retrieving InRelease I: Checking Release signature I: Valid Release signature (key id 9FED2BCBDCD29CDF762678CBAED4B06F473041FA) I: Retrieving Packages I: Validating Packages I: Resolving dependencies of required packages... I: Resolving dependencies of base packages... I: Checking component main on http://ftp.au.debian.org/debian... I: Retrieving libacl1 I: Validating libacl1 I: Retrieving apt [..] I: Configuring dpkg-dev... I: Configuring build-essential... I: Base system installed successfully.
So far, so good.
Create a shell script, e.g. chroot.sh, with the following in it:
xhost +
sudo mount -o bind /proc /media/chroot/proc sudo cp /etc/resolv.conf /media/chroot/etc/resolv.conf sudo chroot /media/chroot
Run it everytime you want to enter you chroot environment:
sh chroot.sh
In the chroot shell, do
apt-get install locales sudo vim echo 'export LC_ALL="C"'>>/etc/bash.bashrc echo 'export LANG="C"'>>/etc/bash.bashrc echo 'DISPLAY=:0.0' >> /etc/bash.bashrc source /etc/bash.bashrc adduser sandbox usermod -g sudo sandbox echo 'Defaults !tty_tickets' >> /etc/sudoers apt-get install iceweasel su sandbox cd ~
Launch iceweasel/firefox:
sandbox@beryllium:/$ firefox
And you're pretty much done.
Next time you want to launch a sandboxed version of firefox just do:
me@beryllium:~$ sh chroot.sh access control disabled, clients can connect from any host root@beryllium:/# su sandbox sandbox@beryllium:/$ firefox
18 October 2012
259. Compiling firefox 16.0.1 in debian testing/wheezy
I actually mainly use chromium/chrome for my normal browsing needs, and have set up an ssh tunnel with an American university for iceweasel so I can access sites that filter on IP.
There's nothing particularly wrong with iceweasel, but it's nice to check out the latest and shiniest versions of different projects every now and again, so here's how to compile the latest firefox:
The source is just a hair under 90 Mb and the build takes around 40 minutes on a three-core AMD.
I've got so many -dev packages installed on my system that I don't really know what the dependencies are anymore, but here's a guess:
Anyway:
I'm getting tired of the clutter in my PATH, so
There's nothing particularly wrong with iceweasel, but it's nice to check out the latest and shiniest versions of different projects every now and again, so here's how to compile the latest firefox:
The source is just a hair under 90 Mb and the build takes around 40 minutes on a three-core AMD.
I've got so many -dev packages installed on my system that I don't really know what the dependencies are anymore, but here's a guess:
sudo apt-get install build-essential gfortran gawk libpango1.0-dev libgconf2-dev libgnomevfs2-dev libcogl-pango-dev libpangomm-1.4-dev libgconfmm-2.6-dev libnotify-dev libgnomeui-dev libdbus-1-dev libdbus-glib-1-dev
Anyway:
cd ~/tmp wget ftp://ftp.mozilla.org/pub/firefox/releases/16.0.1/source/firefox-16.0.1.source.tar.bz2 tar xvf firefox-16.0.1.source.tar.bz2 mkdir firefox_build cd firefox_build/ ../mozilla-release/./configure --prefix=$HOME/.firefox --disable-necko-wifi make
make install
I'm getting tired of the clutter in my PATH, so
echo "alias firefox16='$HOME/.firefox/bin/firefox'" >> ~/.bashrc
Note that iceweasel puts a firefox in/usr/bin/, hence the use of firefox16
04 May 2012
134. Introducing a CA certificate in debian
So, for some reason you've been issued a CA certificate. Now what?
I've presumed that you've somehow downloaded both the root certificate (cacert.crt) and your personal certificate (usercert.pem). You'll need both.
Openssl
Convert to .p12
openssl pkcs12 -export -in usercert.pem -inkey userkey.pem -out usercert.p12
Verify
You can verify your issued certificate, e.g.
openssl verify -CAfile ~/Downloads/cacert.crt ~/.globus/usercert.pem
Browsers:
Iceweasel/Firefox
Go to Edit, Preferences, Advanced, Encryption: View certificates. Click import under Your Certificates and select your usercert.p12 (see above for conversion). Got to servers, import cacert.crt.
Make sure that your cert authority shows up under the authority tab (otherwise try importing cacert.crt). Highlight the relevant authority, and click on edit trust: select the relevant fields of identification (e.g. website and/or email).
Chrome/Chromium
Click on the spanner icon, go to Settings, Under the bonnet, Manage Certificates and select Import under Your Certificates. Click on server, import the cacert.crt. Approve the certificate authority for the intended uses of the certificate. If you did it already in firefox it may have carried over.
Email:
Evolution
First go to Edit, Preferences, scroll down to Certificates and import your certificate and, under authorities, import the root certificate (cacert.crt).
Next, go to Edit, Preferences, Mail Accounts, Select an account and click on Edit. Select the Security tab
Repeat this for all accounts you want to use this certificate with.
Test it:
Send it. Receive it.
Thunderbird
Go to Edit, Account Settings... and under each account click on Security, then on View Certificates -- import your certificate and the issuing authority's certificate here, or you won't be able to Select the certificates under Digital Signing and Encryption.
Also, under View Certificates, highlight the certificate authority and select Edit Trust -- click on Edit CA trust, select website, mail etc., then select I do trust...
You can select/de-select signing when composing using the S/MIME menu.
If all goes well, users which also have the same certificate authority listed as trusted (probably not the case, but whatever) will see a sealed envelope (this message has been signed by pgp as well as S/MIME:
I've presumed that you've somehow downloaded both the root certificate (cacert.crt) and your personal certificate (usercert.pem). You'll need both.
Openssl
Convert to .p12
openssl pkcs12 -export -in usercert.pem -inkey userkey.pem -out usercert.p12
Verify
You can verify your issued certificate, e.g.
openssl verify -CAfile ~/Downloads/cacert.crt ~/.globus/usercert.pem
Browsers:
Iceweasel/Firefox
Go to Edit, Preferences, Advanced, Encryption: View certificates. Click import under Your Certificates and select your usercert.p12 (see above for conversion). Got to servers, import cacert.crt.
Make sure that your cert authority shows up under the authority tab (otherwise try importing cacert.crt). Highlight the relevant authority, and click on edit trust: select the relevant fields of identification (e.g. website and/or email).
Chrome/Chromium
Click on the spanner icon, go to Settings, Under the bonnet, Manage Certificates and select Import under Your Certificates. Click on server, import the cacert.crt. Approve the certificate authority for the intended uses of the certificate. If you did it already in firefox it may have carried over.
Email:
Evolution
First go to Edit, Preferences, scroll down to Certificates and import your certificate and, under authorities, import the root certificate (cacert.crt).
Under the Authorities tab, select the issuing authority, click on edit and set the trust level (probably all)
Next, go to Edit, Preferences, Mail Accounts, Select an account and click on Edit. Select the Security tab
Repeat this for all accounts you want to use this certificate with.
Test it:
Send it. Receive it.
 |
| If all is correct, this is what greets you |
 |
| If you don't add the certificate authority as being trusted -- and this will be the case for some of your recipients, this is what you see. Signature no good. |
Thunderbird
Go to Edit, Account Settings... and under each account click on Security, then on View Certificates -- import your certificate and the issuing authority's certificate here, or you won't be able to Select the certificates under Digital Signing and Encryption.
Also, under View Certificates, highlight the certificate authority and select Edit Trust -- click on Edit CA trust, select website, mail etc., then select I do trust...
I presume that you do trust the authority or this is an exercise in futility.
You need to do this for ALL accounts that you intend to use, or you'll run into trust issues.
You can select/de-select signing when composing using the S/MIME menu.
If all goes well, users which also have the same certificate authority listed as trusted (probably not the case, but whatever) will see a sealed envelope (this message has been signed by pgp as well as S/MIME:
Subscribe to:
Posts (Atom)