14 June 2013

452. Briefly: Wine and MIME nuisance: MS Modelling is associated with everything...

I've battled with this on and off for a long time.

And it's not problem unique to me: http://wiki.winehq.org/FAQ#head-c847a3ded88bac0e61aae0037fa7dbd4c7ae042a. The problem with that particular solution is that it's no good once the damage has happened. It's also a blanket method.

So, in a weak moment some winters ago I installed MS Modelling in Wine. I actually never use it, because there are better tools, but that's besides the point.

Unfortunately, MS Modelling has associated itself with most common (and uncommon) file types, such as .dat, .txt and .pgp:

I decided it was time to explore it in greater detail and remove all MS Modelling associations

The first step is to see how deep the rabbit hole goes:

grep "MS Modeling" $HOME/.local/share/applications/*.desktop
/home/verahill/.local/share/applications/wine-extension-3cam.desktop:Name=MS Modeling /home/verahill/.local/share/applications/wine-extension-accin.desktop:Name=MS Modeling /home/verahill/.local/share/applications/wine-extension-acx.desktop:Name=MS Modeling /home/verahill/.local/share/applications/wine-extension-arc.desktop:Name=MS Modeling [..] /home/verahill/.local/share/applications/wine-extension-xsd.desktop:Name=MS Modeling /home/verahill/.local/share/applications/wine-extension-xtd.desktop:Name=MS Modeling /home/verahill/.local/share/applications/wine-extension-xyd.desktop:Name=MS Modeling /home/verahill/.local/share/applications/wine-extension-xyz.desktop:Name=MS Modeling

85 file types. Not acceptable.

grep "MS Modeling" $HOME/.local/share/applications/*.desktop|sed 's/:/\t/g'|gawk '{print $1}'| xargs -I {} rm {}
grep "Materials Studio" $HOME/.local/share/mime/application/*.xml|sed 's/:/\t/g'|gawk '{print $1}'| xargs -I {} rm {}
update-mime-database ~/.local/share/mime

I also remove mime.cache, although I'm not sure whether that's a good idea. I haven't suffered for it yet though:
rm ~/.local/share/applications/mimeinfo.cache
update-mime-database ~/.local/share/mime

That solves the problem - temporarily.

Here's the issue: the files in $HOME/.local/share/mime/application/ get re-created when you start a wine program though.

And I think the problem is this: http://wiki.winehq.org/FileTypesIntegration

In other words, whatever associations are listed in the wine windows registry pollutes Gnome. And that's not acceptable. Anyway, let's put a stop to it using the method recommended on the Wine FAQ:

echo '[HKEY_CURRENT_USER\Software\Wine\DllOverrides] "winemenubuilder.exe"=""'> ~/.wine/disable-winemenubuilder.reg
regedit ~/.wine/disable-winemenubuilder.reg 

It seems to have worked. Opening a program in wine no longer recreates any of the files in ~/.local/share/mime/application.

451. Seahorse plugins on gnome 3.4 -- PGP encrypting/decrypting in nautilus

Once upon a time it was possible to de/encrypt in gedit, and life was good. Then GNOME 3 came along, and the seahorse plugin for edit disappeared. (presumably you might be able to write a script to use with the External Tools gedit plugin).

It re-emerged as a plugin for Nautilus instead.

I'm showing version 3.4.0 since I'm on GNOME 3.4, and who knows what API has broken in between this and 3.8...anyway, look at https://git.gnome.org/browse/seahorse-nautilus/ for different versions.

There are probably more build dependencies than the ones I'm listing.

sudo apt-get install libcryptui-dev libnautilus-extension-dev libgpgme11-dev checkinstall autoconf automake checkinstall
wget https://git.gnome.org/browse/seahorse-nautilus/snapshot/seahorse-nautilus-3.4.0.tar.gz
tar xvf seahorse-nautilus-3.4.0.tar.gz 
cd seahorse-nautilus-3.4.0/
./autogen.sh
GnuPG Version: gpg (GnuPG) 1.4.12 GPGME Version: 1.2.0 Notification Support: yes Now type `make' to compile seahorse-nautilus
sudo checkinstall --fstrans=no
- Maintainer: [ root@beryllium ] 1 - Summary: [ seahorse-nautilus 3.4.0 ] 2 - Name: [ seahorse-nautilus ] 3 - Version: [ 3.4.0 ] 4 - Release: [ 1 ] 5 - License: [ GPL ] 6 - Group: [ checkinstall ] 7 - Architecture: [ amd64 ] 8 - Source location: [ seahorse-nautilus-3.4.0 ] 9 - Alternate source location: [ ] 10 - Requires: [ ] 11 - Provides: [ seahorse-nautilus ] 12 - Conflicts: [ ] 13 - Replaces: [ ]

Encrypting:
Open nautilus, select a text file and right click:




Decrypting:
Simple:

Although in my case I had kde-full installed, which pulled in kgpg:

If you're having other issues with decrypting, check that the mime associations are correct:

xdg-mime query filetype plaintext.file.pgp 
application/pgp-encrypted

12 June 2013

450. Tor and Chrome on Debian

Note:
* For the Tor bundle see http://verahill.blogspot.com.au/2013/05/408-briefly-tor-on-debian-quick-option.html
* For securing your dropbox, see http://verahill.blogspot.com.au/2013/04/398-securing-your-dropbox.html
* For encrypting your filesystem with encfs, see http://verahill.blogspot.com.au/2013/05/408-briefly-tor-on-debian-quick-option.html
* For one-time passwords (OTPW), see http://verahill.blogspot.com.au/2013/04/385-otpw-connecting-from-insecure.html
* For encryption in general using PGP/GPG, OTR, SRTP for chat, email, voice and video, see http://verahill.blogspot.com.au/2013/04/381-encrypting-chat-voice-video.html
* For truecrypt with dropbox, see http://verahill.blogspot.com.au/2012/04/using-truecrypt-with-dropbox.html

Post begins:
I think it's fair to say that online privacy is in the spotlight again, temporarily,  in particular if you are not living in the US. After all, the rest of the world is offered no protection from US agencies.

There are two levels of snooping that (can) go on:
Case 1:  outright intercept of communications
In this case your emails are read, your browsing data is intercepted and your phone conversations tapped. This is the most intrusive form, and I think even in the US a warrant is required for the intercept of this type of data (whether that's too easy of difficult to get is another question entirely).

Case 2: mining of 'meta-data'
In this case data such as recipient/sender of emails, URLs that you've been visiting, and whom you have been calling/called by are collected. In addition, e.g. cell phone tower records can be collected to track your whereabouts 24/7.

While the contents of your conversations isn't known, your entire social and professional life can be charted.
As far as I understand this is what NSA has been engaging in. Likewise, knowing exactly where you are at any given point in time, a pretty detailed picture of your life can be painted.

Begin Rant
I don't have anything to hide, but I am not too keen on the government having better records of my life than I do myself. And I should be the one deciding what to share as long as the presumption of innocence holds.

Also, we're making the presumption that the government is benign, and as has been shown repeatedly, it isn't always. That goes for the US government, the UK government and just about any bloody imaginable government, and for a simple reason: the government is made up of people. In particular people who are keen on 'leading' i.e. controlling others. Even a benign despot is a despot.

There's no use being naive -- in either direction. There are legitimate reasons for clandestine organisations wanting to mine data, and there are legitimate reasons for why we should not give them a carte blanche.

Whether you use PGP/GPG or not won't affect the mining of meta-data. Nor will OTR, although it might in theory give you a somewhat better level of deniability (but not really).

Using PGP/GPG, OTR and encryption of data in general will only protect the content of your conversations, not the fact that they occurred. Not that it's easy getting people to start using encryption of their email, especially not since hotmail and gmail provided the final push into getting people to do all their email processing in the browser rather than using a more capable email client. Obviously Google would not be pleased if all communication was PGP encrypted, since this would create issues with targeted ads.

Finally, what really irks me is the fact that because John Doe won't use encryption -- or learn how to do it -- I also cannot use it. Instead we have to play according to the rules of the least technologically informed.
End Rant

Anyway. There are a few things you can do -- at least to make you feel better. Whether they have any real impact on your privacy depends on what other sources of information leakage there are in your life.

The simplest thing you can do is to do all your browsing anonymously, including setting up and checking your email. And the easiest way to do that is by using Tor.

It's easy enough to use the Tor Bundle, e.g. http://verahill.blogspot.com.au/2013/05/408-briefly-tor-on-debian-quick-option.html

However, I for some forsaken reason like using Chrome.

To set up Proxy SwitchySharp I'm following this post:
http://lifehacker.com/5614732/create-a-tor-button-in-chrome-for-on+demand-anonymous-browsing

NOTE: there are many layers to managing your privacy, and you're only as anonymous as your worst habits allow you to be. I'm a pessimist -- I think it is virtually impossible to protect yourself against a determined adversary. However, trying won't hurt.


Step 0. Block cookies by default and install an ad blocker

Cookies
Pretending to be anonymous won't help if you give the game away by exposing cookies that you acquired while surfing without Tor.

You'll be surprised how many websites require you to accept cookies -- however, it's up to you whether you want to put up with that. I only allow cookies with services that I've signed up to and that I trust. I refuse to allow in particular commercial sites to require cookies for me to simply visit.

In Chrome, go to Settings, Content Settings, and check:
* Block sites from setting any data
* Block third-party cookies and site data
* Clear cookies and other site and plug-in data when I close my browser

Disable:
* Allow local data to be set

You may want to restrict e.g. image loading, javascript, pop-ups, plugins etc. as well. It's down to you to weight inconvenience vs privacy.

Set Cookie and Site Data exceptions manually, and make sure to distinguish between Session Only and Allow.

Ads
Also, install e.g. simple adblock:
https://chrome.google.com/webstore/search/simple%20adblock



Step 1. Install the HTTPS everywhere extension
https://chrome.google.com/webstore/search/https%20everywhere?hl=en-GB



Step 2. Install Proxy SwitchySharp
https://chrome.google.com/webstore/search/proxy%20switchysharp?hl=en-GB

Set up a profile called Tor to use SOCK 5 with 127.0.0.1:9050
Go to the General Tab and enable Quick Switch.
Make sure to drag both Tor and Direct Connection into the Quick Switch field.



Step 3. Install Tor and Vidalia
Add the following to your /etc/apt/sources.list
deb http://deb.torproject.org/torproject.org wheezy main

Then do
sudo apt-get update
sudo apt-get install deb.torproject.org-keyring
sudo apt-get update
sudo apt-get install vidalia

Tor should run in the background whether you start Vidalia or not.

Step 4. Prevent DNS leaks:
[for fun, do
sudo apt-get install tcpdump
sudo tcpdump -pni eth0 'port domain'
before turning off prefetching. ]

To make sure that your DNS requests aren't being read (i.e. providing meta-data to your ISP), you will need to turn of DNS pre-fetching in Chrome.

Google is sneaky about it though -- to turn off prefetching go to Settings/Under the Bonnet and uncheck "Predict network actions to improve page load performance".

[If you set up tcpdump before you'll see how suddenly the IPs and URLs stop streaming by.]


Step 5. Start Tor/Vidalia
You don't seem to be able to launch Vidalia from the terminal, so launch Vidalia from within e.g. gnome.
In fact, you probably don't have launch vidalia as Tor should be run in the background.
Then open Chrome and navigate to e.g. whatsmyip.org or ipchicken.com:


You can turn on and off the proxy by clicking on the icon in the top right corner.

Step 6. Enable private browsing:
You don't want to risk one website being able to see what another website left behind. It shouldn't happen, but it has happened in the past.

Anyway, it's easy: open an Incognito window (ctrl + shift + N).


Done.
As far as I can tell this should give you some privacy. However, the question is how effective this is in the long run since it's difficult to maintain enough discipline to prevent any information leakage to occur.