rockstarmode

rockstar mode - [noun] 'räk'stär 'mOd: Expressing the insanity of living with your knobs permanently cranked to eleven.
 

Getting Tor onion routing + Chrome working

*** EDIT *** I used Google Chrome version 6.0.453.1 dev from their official yum repository, YMMV

I spent about an hour figuring this out tonight so I figured I'd send it along.  Up until now I've never really gotten the combo of Tor, a browser and a proxy working to my liking.  This is how I did it:

  1. Install Tor, get Vidalia if you can, this makes it a couple clicks to get going
  2. Install the Switchy! extension for Chrome
  3. Use Vidalia or whatever to start Tor, make sure the onion turns green
  4. Disable DNS pre-fetching in Chrome -> Options -> Under the Hood (ignore this if you don't care who sees the domains you are looking up)
  5. Restart Chrome (I couldn't get #4 to kick in without a restart)
  6. Configure a proxy in Switchy!  I named mine "Tor", under "Manual Configuration" I filled in "127.0.0.1" and port "9050" as the SOCKS Host, click SOCKS v5, leave everything else blank and save
  7. Click the Switchy! icon and choose your new proxy, visit the Tor Project to confirm, you might have to wait a second after choosing a proxy for the settings to start working.
SOCKS v5 and v4a have the ability to forward DNS lookups but apparently the threading model in Chrome makes it difficult to catch and forward the prefetched DNS queries so you must disable that feature (source)

I've verified with wireshark that the DNS queries and all other browser traffic (HTTPS included) also go through the proxy.

Filed under  //   fedora   howto   proxy   security   tor  
Posted August 24, 2010 by rockstarmode 
// 0 Comments
 

Microsoft and OpenSSL

I recently had to re-figure out how to coax windows and linux with GoDaddy to obtain compatible code signing certificates. This is *much* harder when using a mixed environment than it should be.

GoDaddy issues spc files and needs csr files which are generated in conjunction with pvk files but Ant/Java want p12 files and most Microsoft signtools want pfx files but you can't generate any of these without pem files. Here are the steps:

  1. Log into your build server
  2. Generate private key, don't forget the password: 
    openssl genrsa -des3 -out code-sign.pvk 2048
  3. Generate the csr: 
    openssl req -new -key code-sign.pvk -out code-sign.csr
  4. Take csr to GoDaddy
  5. Download spc file
  6. Convert spc to pem: 
    openssl pkcs7 -inform DER -in code-sign.spc -print_certs \
-out code-sign.pem
  7. Add the private key to the pem, this was the trickiest part. Apparently openssl outputs files in pem format unless otherwise instructed and the pkcs12 export doesn't like to be given more than one file during import: 
    cat code-sign.pvk >> code-sign.pem
  8. Generate p12 (which is also a pfx), use the passwords from above again to simplify things: 
    openssl pkcs12 -export -in code-sign.pem -out code-sign.p12

The P12 file is basically the same thing as a Microsoft PFX, awhile ago Microsoft switched to PKCS12 P12 but insists on calling their files PFX source

Filed under  //   frustration   howto   nerd   openssl  
Posted February 26, 2010 by rockstarmode 
// 0 Comments
 

Fedora 12 preupgrade issues

If you are having issues with upgrading Fedora from 11 to 12 with error messages saying that your /boot partition is full *and* this walkthrough doesn't help I may have a solution for you:

  1. Boot into your Fedora 11 kernel
  2. remount /boot as read write (mount -o remount rw /boot)
  3. move the file /boot/upgrade/install.img to unencrypted storage, I used a USB key
  4. Reboot into the Fedora 12 upgrade kernel, when it errors out with a message claiming it can't find the installation image point it at the place you moved the install.img file to. 
  5. Have a beer, the upgrade takes awhlie

The walkthrough on Fedora Project was for people preparing to upgrade, I however was stuck halfway though an upgrade so their solutions didn't help me.

Filed under  //   fedora   howto   linux   nerd  
Posted November 19, 2009 by rockstarmode 
// 0 Comments