June 30th, 2009
The following post was crossposted at http://www.internetling.com :
At my work, I noticed that I work on some documents that I felt needed to be encrypted. Working in a hybrid environment with Gentoo Linux, CentOS Linux, Solaris 10 sparc/i86pc, and Windows, I wanted to pick a program that was open source and can use cross platform if possible. I wanted to encrypt files instead of creating encrypted volumes that I have to mount and then put files into. It gives me an option to e-mail the encrypted files as well.
By default, our Solaris boxes come with /usr/bin/crypt which I can use to encrypt and decrypt files. Looking over the wikipedia entry, it is too cryptographically weak that it could be brute forced. After reading about this, I wanted something that uses the Rijndael cipher, which is much stronger and would take quite awhile to brute force.
Upon my search, I found two different open source programs that hashes the key to 256 bits (2^256 different possibilities):
Here’s a quick run down of some pros and cons of each:
ccrypt
Pros:
- Can be compiled/installed on multiple operating systems. Encrypting a file on Linux doesn’t mean it has to be decrypted in Linux. You can use encrypt in Linux and decrypt on Solaris just fine.
- The encryption writes over original file so you don’t leave any plain text copies around.
- The ccat command lets you cat the encrypted file to your screen without leaving plain text copies.
- Can decrypt old UNIX crypt files.
- A ton more options you can do. For example, recurse through directories.
Cons:
- The Windows port needs to have cygwin installed.
- Compiling on UNIX required to do the old ./configure, make , make install. Only a con because of how simple aescrypt was.
aescrypt
Pros:
- Can be compiled/installed on multiple operating systems. Encrypting a file on Linux doesn’t mean it has to be decrypted in Linux. You can use encrypt in Windows and decrypt on Solaris just fine.
- Windows port integrates with the context menu. You can right click a file and choose “AES decrypt” or “AES encrypt”.
- Really simply to compile, just a simple make.
- Has a java library to use for your java programs.
Cons:
- Encrypting a file creates a new file with the extension aes and leaves the plain text file alone.
- Only decrypt and encrypt, no nifty ccat command like in ccrypt.
The real deal breaker to some people though is how aescrypt can integrate in the context menu in Windows while ccrypt has to use cygwin to get it to work. I did not fall into this category as my deal breakers were the convenience of having ccat to quickly look over a file and the fact that I don’t have to do an extra step of deleting my plain text file after encrypting to be well worth it. Yes, it would be nice if I could use ccrypt in Windows without cygwin, but having it work on Linux and Solaris was good enough for me.
Choose what you need for your environment though, not everyone’s needs are the same. For creating some encrypted volumes, try out True Crypt.
Posted in software | No Comments »
June 11th, 2009
I was looking for a command in Solaris 10’s smpatch that would tell me all the files that would change after doing an smpatch update. I instead found a workable solution that will work for me:
First generate a list of patch id:
smpatch analyze |awk '{print $1}' > /tmp/patchlist
Next, use the download -t command to download the documentation for each patch:
smpatch download -x idlist=/tmp/patchlist -t >> /tmp/patch_docs
Now just grep through /tmp/patch_docs to find any specific files you want to see that might be changed. We were checking to see if anything in /etc would get overriden and didn’t find too much.
Tags: patch, smpatch, solaris
Posted in software | No Comments »
June 1st, 2009
I got this following problem on one of our Solaris 10 sparc machines today:
ld.so.1: cc1: fatal: /path/to/gcc/4.4.0/lib/libmpfr.so.1: bad ELF flags value: [ EF_SPARC_32PLUS EF_SPARC_SUN_US1 EF_SPARC_SUN_US3 ]
After mucking around for a bit, it worked fine on the following machines (using prtdiag):
- SUNW,UltraSPARC-IIIi
- SUNW,UltraSPARC-T1
And failed on just:
I did in fact compile gcc/4.4.0 on a UltraSPARC-IIIi machine so that’s probably why it’s not compatible with the IIe machines.
Tags: gcc
Posted in software | No Comments »
May 18th, 2009
So today at work, I popped in an OpenSolaris 2008.11 cd and loaded it up on a Dell Optiplex 620. After I booted up and got to the desktop, I realized that only the wireless keyboard worked and not the mouse.
After mucking around a few minutes, I gave up and did a Ctrl-Backspace to restart X and get to the login screen where I could log in and get to the failsafe console. I really just wanted try some zfs things on this version ofOpenSolaris. FYI, you cannot zpool attach a device that is smaller than the device you are attaching to it. So if you are trying to create a mirror of two disks, you need to start with the smaller one first. Sucks to learn that the hard way.
Tags: keyboard, microsoft, mouse, zpool
Posted in software | No Comments »
May 13th, 2009
See the post at http://source.kohlerville.com/?p=214 for an update on booting into the failsafe.
Tags: update
Posted in updates | No Comments »
May 5th, 2009
I got hold of a Vista laptop that has some weird problems both in the regular boot and the safe mode:
- Uninstalling programs reappear after reboot.
- Installing Windows Updates don’t persist after reboot
- Any changes to the desktop, like creating a folder on the desktop, reverts back after a reboot.
- Can’t change the Date/Time, says “Unable to continue. Yo do not have permission to perform this task. Please contact your computer administrator for help.”
- An endless BSOD when not booting in safe mode. I managed to get rid of this somehow.
- Last updates were in Februrary 2009.
- Last system restores were from February also.
If I load it up on a Ubuntu live cd and mount the drive, I can add stuff to the desktop that will become persistent when I go back into Vista.
I’ve also taken the hard drive out and put it on another desktop and run some root kit/virus scanners on it and they haven’t shown anything. Only thing I can think of is somekind of kernel rootkit that just can’t be detected.
Hopefully, I can get a recovery dvd to return it back to the original factory settings.
Tags: vista
Posted in broken and fixed | No Comments »
April 27th, 2009
I was unaware of this when I was looking for the software to upgrade the firmware on a Storedge 3511. Here’s the link for future reference:
StorageTek 3000 Family Storage Products–Related Software 2.4
Tags: solaris, storagetek, storedge
Posted in software | No Comments »
April 22nd, 2009
http://support.microsoft.com/kb/884018/EN-US/
http://support.microsoft.com/kb/278316/
I used the above links and was able to solve my fax problem in Windows XP which has turned out to be super helpful. I much prefer faxing private info than sending a plain text email.
Tags: fax, windows, xp
Posted in software | No Comments »
March 24th, 2009
On a Solaris jumpstart with Update 6 on an amd64 machine came up with this error using the x86.miniroot that it came with:
panic[cpu1]/thread=d10d1de0: Too many lgrps for platform (4)
I grabbed the x86.miniroot from the 200805 version of Solaris update 5 and it jumpstarted fine. I didn’t use zfs root, but it probably wouldn’t work if I did.
Tags: jumpstart, solaris
Posted in software | No Comments »