Skip to content

HOWTO: Make startssl.com ssl authentication work under google chromium on Linux

This is really just a tutorial on importing a client certificate into chromium via the shared nss database. The real magic is knowing chromium reads a sqlite database under ~/.pki/nssdb for it’s key and certificate storage. pk12util can be installed via the nss-tools package on Fedora or the libnss3-tools package on Debian/*buntu.

$ pk12util -d sql:$HOME/.pki/nssdb -i ~/STARTCOM.p12
Enter password for PKCS12 file:
pk12util: PKCS12 IMPORT SUCCESSFUL

 

Could someone who has a windows installation clue me in via a comment on the best way to do this? Also, could anyone test this on google chrome?

After installing that certificate, startssl login works

Brought to you by the “I’d rather google and see how someone else did it rather than figure it out department”

5 Comments

Categories: Open Source, Planet GNOME.

Tags: , , , , , ,

By jeff
September 9, 2011 at 7:32 am

Ich war ein Berliner

Without much fanfare, my wife and I came to the Desktop Summit here in Berlin. I met a whole lot of very cool people and even some kde hackers as well. There are plenty of people I had a great time meeting and forgot to mention, but I’ll blame Behdad. His insistence on more shots of Absinthe is why I forgot their names. It has been absolutely incredible to *finally* meet so many people whom I’ve followed via planet or chatted with on IRC for years.

The great PiTiVi Hackers and I are hacking away in Wonderpots, this frozen yogurt shop right next to Humboldt University with great food and free 1Mbps wifi. Since he last posted, the PiTiVi team has done some great stuff. Stay tuned for more to come. I’m actually hacking on mango, the rewrite of the accounts management system for gnome. I’m on the left side in the red shirt.

In an hour or so, Becca and I will start preparing for our trip around Germany. Of Germany, the only thing I can think so far is that this is a wonderful country. The people are nice (even to American monoglots who try to speak horribly broken German), the food is amazing, and everything is so full of life. If I’d have came here 10 years ago, I’d have never went back to the US. We’ll be doing a walking tour around Berlin, hopping a train or plane to Munich to tour Neuschwanstein and whatever else happens to happen along the way.

If anyone has any suggestions of what to do in the next week, please leave it in a comment. Now back to hacking…

Update: Added a picture of our yogurt shop setup. Pretty sweet huh?

9 Comments

Categories: Open Source, Planet GNOME.

Tags: , , , ,

By jeff
August 12, 2011 at 2:52 pm

The ants go marching one by one… or “How the new mango is coming along”

Long time no blog… Real life has kept me busy and I’ve not had as much time as I’d like to finish this rewrite of mango, but we’re still marching on. It seemed like now was as good a time as any to show off a bit of the functionality and new shiney.

Without further ado…


Higher quality ogv for freedom lubbers

Some of the features I worked hard on to make things better for users:

  • Input boxes in the datatables table are always focused.
  • After selecting the dropdown to filter the type of account requests, the search input box is focused.
  • When filtering data in one of the tables and there is only 1 row, press <ENTER>.
    • It will take you to the href in the very first <td> element which is a hyperlink.
    • If there isn’t a <td> with a hyperlink, it won’t do anything.
  • All of this uses modern technologies that should be easy to find other hackers to work on it.
    • This helps solve the bus factor problem with the current mango where no one really wants to work on php + xslt a whole lot.

    • Well thats all good and great, but whats left?

    Quite a bit actually. Here are a few things off the top of my head.

    • Fix the custom ssh key widget to allow inline-ajax uploads of new ssh keys.
    • Port the ssh key widget to use the paramiko library for getting the ssh key fingerprint.
    • Account deletion with the ability to undo almost anything using django-reversion
    • The super secret foundation member management that only membership committee members can do.
    • Extensive auditing so we can see who did what and when.
    • A *LOT* of css cleanup and formatting
    • Updating the mirrors.txt file when mirrors are modified, added, or deleted.
    • Validate all forms live using one of the various jquery live validation plugins
    • Lots more

    Well thats all I’ve got for now. Time for bed.

1 Comment

Categories: Open Source, Planet GNOME.

Tags: , , ,

By jeff
June 10, 2011 at 7:15 am

Installing the Subsonic media server via apache on a Netgear ReadyNas Pro

I’ll admit it, I’m a geek. When geeks save $$$ for awhile, we get toys with 12Tb of raw disk space. Now this purchase wasn’t taken lightly. I did some research and chose the  ReadyNas Pro 6 disk for a few reasons.

  1. It runs Debian 4.0 (Etch) x86_64. In the past, I’ve used Ubuntu as a ‘nix workstation and am quite familar with Debianisms.
  2. It has an Intel Atom dual core processor instead of some of the lower end Mips or ARM processor. It is easier to get software to work on it as a standard x86 Linux install.
  3. Netgear not only allows, but actively encourages modding and tinkering with it. The ReadyNAS Forums are pretty top notch and “Yohdah“, their support guru, is very helpful.
  4. It has some pretty decent plugins and community plugins that make a lot of things you’d want to hack on dead simple. It is only a few clicks to install the root ssh plugin, yay!

After finding the Subsonic plugin, and the fantastic Subsonic web media server, I installed the plugin. It defaults to listening on port 4040 so you have to go to http / https://readynas:4040 to listen to your tunes. Knowing it could be better, I started poking around the readynas apache configuration and realized that it had mod_proxy installed.

Aha! I’ll just use my standard Debian apache configuration know how and all will be well. Nope… They put the apache configuration under /etc/frontview/apache and their “conf.d” directory is: /etc/frontview/apache/addons. Under the addons directory there was already a SUBSONIC.conf, but further plugin upgrades would overwrite that. I created /etc/frontview/apache/addons/subsonic_proxy.conf that looks ultimately like this:

readynas:/etc/frontview/apache/addons# cat subsonic_proxy.conf
# Serve Subsonic via apache under /subsonic/
LoadModule proxy_module      /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so 

ProxyRequests     Off
ProxyPreserveHost On

<Proxy *>
Order deny,allow
Allow from all
</Proxy>

ProxyPass        /subsonic/ http://localhost:4040/subsonic/
ProxyPassReverse /subsonic/ http://localhost:4040/subsonic/

<Location /subsonic>
Allow from all
</Location>

 

Next up was figuring out the proper way to restart apache. Since they use the non-standard configuration file, the normal apachectl configtest fails:

 

 

 

readynas:/etc/frontview/apache/addons# apache2ctl configtest
apache2: Could not open configuration file /etc/apache2/apache2.conf: No such file or directory

This was easy enough by changing into /etc/apache2 and running: ln -s ../frontview/apache/httpd.conf apache2.conf. Now commands like this work perfectly:


readynas:# apache2ctl configtest && apache2ctl stop && apache2ctl start

To finish up the configuration, edit /c/webroot/subsonic/subsonic.sh and change SUBSONIC_CONTEXT_PATH= to SUBSONIC_CONTEXT_PATH=/subsonic. Now just kill the existing java process and run ./subsonic.sh for it to start everything up.

Then you just browse to http://readynas/subsonic/ (notice the trailing slash) and you're doneski.

 

 

 

 

 

 

No Comments

Categories: Open Source.

Tags: , , , ,

By jeff
May 14, 2011 at 5:34 pm

Brief Outage for www.pitivi.org

The linode datacenter where www.pitivi.org is hosted had a power outage and took the website with it. Sorry about that guys!

Now that its back up, visit  www.pitivi.org to see how a few good men are making video editing on Linux rock.

No Comments

Categories: Planet GNOME.

Tags: , ,

By jeff
May 6, 2011 at 1:25 pm

New happenings in GNOME SysAdmin-land


The folks over at OpenGear were kind enough to give us a small 8 port serial console server pretty much at cost. We’ll be using it to make sure GNOME services are up faster in the unlikely event of a hardware failure. Thanks Todd Rychecky, VP of Sales for making this happen.

Should Murphy laugh at us again, manual intervention from a redhatter should be less likely (unless a hardware replacement is needed of course). This also gives owen and crew more time to make shell rock.

Knowing these things run Linux inside and being a techie at heart, the only sensible thing to do was enable ssh and poke around.

# uname -a
Linux gnomeconsole 2.4.34.5-uc0 #2 Fri Mar 18 01:51:44 EST 2011 armv4l unknown
# ps -efH
  PID USER       VSZ STAT COMMAND
    1 root       548 S    /bin/init
    2 root         0 SW   [keventd]
    3 root         0 SWN  [ksoftirqd_CPU0]
    4 root         0 SW   [kswapd]
    5 root         0 SW   [bdflush]
    6 root         0 SW   [kupdated]
    7 root         0 SW   [cifsoplockd]
    8 root         0 SW   [mtdblockd]
   53 root         0 SWN  [jffs2_gcd_mtd1]
  212 root      1048 S    /sbin/syslogd
  214 root      1008 S    /sbin/klogd
  215 1          444 S    /bin/portmap
  220 root      1020 S    /usr/sbin/crond -S
  232 root       460 S    /bin/inetd
  233 root       444 S    /bin/flatfsd
  234 root       428 S    /sbin/lighttpd-angel -D -f /etc/config/lighttpd.conf
  235 root       984 S    /bin/alertd
  237 root      1476 S    /bin/portmanager -f
  238 root      1980 S    /bin/stunnel /etc/config/https.conf
  240 root      2464 S    /bin/sshd -r -D -o AllowUsers=* -o AllowTcpForwarding
  241 root      1012 S    /bin/shellinaboxd --localhost-only -u root -g root --
  248 root       440 S    /bin/agetty sercon 115200
  249 root      1020 S    /bin/shellinaboxd --localhost-only -u root -g root --
  260 root      2696 S    sshd: root@ttyp0
  262 root       992 S    -sh
  818 root      2760 R    sshd: root@ttyp1
  820 root       996 S    -sh
  896 root      1244 S    /sbin/lighttpd -D -f /etc/config/lighttpd.conf
  942 root      1012 R    ps -efH
# free
              total         used         free       shared      buffers
  Mem:        14148        12216         1932            0          956
 Swap:            0            0            0
Total:        14148        12216         1932
# cat /proc/cpuinfo
Processor	: Arm922Tid(wb) rev 0 (v4l)
BogoMIPS	: 83.14
Features	: swp half thumb 

Hardware	: OpenGear/CM4008
Revision	: 0000
Serial		: 0000000000000000

Behold, the screaming fast ARM server with a whopping 14Mb of RAM in all of it’s glory!

This sucker also has a pretty webui for the type of people inclined to that sort of thing.

It will still take a bit to get this along with the sweet new servers racked and ready for  prime time. Until then, you can see more adoreable cat pictures here. Oh, don’t forget to subscribe to the news.gnome.org feed or at least follow the GNOME SysAdmin Team Blog. All the cool kids are doing it.

2 Comments

Categories: Open Source, Planet GNOME.

Tags: , , ,

By jeff
April 26, 2011 at 5:20 am

Loving GNOME is like loving crack, it is real easy to get hooked

Once upon a time, a freedom loving gnome hacker asked for help running a booth for GNOME at the Southern California Linux Expo for their 6th conference.

I thought, “Sure, why not, sounds like fun and perhaps I’ll meet some cool people.”.
That event seems like forever ago and I’ve not looked back since. Eric Butler, who joined us for the booth that year wrote a great write up of SCALE6x. He then went on to change the way web 2.0 websites think about security by writing Fire Sheep.

The following year for SCALE7x, I had the awful experience of my apartment being broken into a few days before the conference. The contents of the GNOME Event Box was dumped in my living room floor. The intruders took many of my valuables and electronics, stuffed it into the event box, and rolled it right out my front door while I was at work. Luckily for us, that didn’t make things any less awesome. Work let me borrow some hardware and all was well. Due to messing up my insurance paperwork and feeling bad about it, I just bought the foundation a new booth and contents out of pocket.


SCALE8x was very interesting when Christian and Jordan stocked a wet bar under the booth. There are a few stories floating around about me napping on the floor in the middle of the expo room. I swear they are all lies! Shapor and Jble also helped us keep things runnings smoothly.

Just like the past three years, Jordan, Christian, and myself ran the GNOME booth for SCALE9x. The difference is that this time I’m finally going to blog about it. We also had the pleasure of Christer Edwards coming all the way from Utah to help with booth logistics and a Sysadmin Hackfest. There were a few small issues that we’ll fix for next year, but all around things kicked ass.

 

Some time in all of this mess I joined the GNOME Sysadmin Team, became a contributor and then maintainer for snowy, and even was sponsored to fly to the boston summit! Reflecting back on all of this all I’ve got to say is thank you. GNOME *is* people and it is those people who make it awesome. The 3.0 release has went really well and I can’t wait to help push things forward even further.

Oh right, introductions… Thanks to the powers that be, I’m now on Planet GNOME. My name is Jeff Schroeder and I’m a GNOME-a-holic. I love python, ponies, and winning. While not as much of a fan of ice cream as Vincent, I could totally take him in an octagon ice cream deathmatch.  In all seriousness, it blows my mind that one person truly can make an impact. No matter how small your contribution, it will make a difference. If you don’t have the time or energy to work on translations, the wiki, or coding, please consider becoming a friend of GNOME. If you can’t do that, report bugs you find in your favorite GNOME software . There is something for everyone to work on and I’m just doing my little part. That my friends is how I’m changing the world in my own little way, and changing things for the better.

Tune in next time! Same bat time, same bat channel. This is Jeff Schroeder signing off!

4 Comments

Categories: Open Source, Planet GNOME.

Tags: , , ,

By jeff
April 20, 2011 at 6:01 am

Current status of the mango django/python port

To start out with, a brief bit of history… Many moons ago, back when GNOME was still a fairly new project, Jonathan Blanford (jrb) hacked together some python scripts for helping managing users in ldap. To ease the burden from the sysadmin team, a few good men wrote a user management tool for GNOME named mango. As you can see here, it has lots of the pretty. For the SysAdmin and Accounts team, mango is a workhorse, but as all good tools, it needs to be maintained.

Fast forward to today. Mango is still a champ and runs very well for what it was designed for. The issue is that it’s written in php, a language most of the GNOME sysadmin team don’t want to develop in. To fix this, Olav Vitters started rewriting it in python using django, the web framework full of pwnies and unicorns that I’ve got so much <3 for. When Olav started writing it, django and LDAP didn’t play so well together. This was a problem as the majority of mango’s data is stored in ldap so it needs first class ldap support. One of the largest french isps agrees that ldap + django are a good idea, so they wrote django-ldapdb. This is a subclass of django’s native orm, but for ldap directories.

As an excuse to work on more fun technology, I’ve picked up Olav’s great work and have started hacking on it. You can find the most up to date work here: https://github.com/SEJeff/mango/commits/django. This will also be my first really big non-work django project (other than snowy) that is being written from scratch. For managing users, one of my favorite features is that the search is “find as you type”. I’m sure the accounts team will appreciate this. It is still a huge WIP and I’ll need to clean up the commit history before pushing it to git.gnome.org. Either way, this is a good start.

Update:  4/17/2011 – Added a screenshot of the just prettified update user page.

TL; DNR – Pretty screenshots:
Managing users with mango
Managing GNOME mirrors with mango
Updating a user's information with mango


So some of the tech used so far is django, django-ldapdb, datatables, jquery-ui. This might not look like a whole lot, but it is a good start. Note that the users are being pulled from an actual ldap replica.

No Comments

Categories: Open Source, Planet GNOME.

Tags: , , ,

By jeff
April 17, 2011 at 12:02 am

Thank you GNOME!

The GNOME Foundation was kind enough to sponsor myself and five other hackers from all over the world to head to Boston, MA for a weekend of coding, designing, and fun. We worked on Snowy, a really clever way to sync tomboy notes between different devices and computers.

Brad Taylor was nice enough to let us use his sweet pad for our first day of the hackfest. My task was primarily to work on note sharing and a user interface for making private notes public.

After thinking the plan was to implement the mockup from Jeff Fortin (referred to as Jeff^2) that looks like this:

Brad had a better idea and suggested a more gmail-ish interface. His idea was to make a “Share this note” button like the gmail add label interface. The tricky part for me was going to be the find as you type dropdown box. While the idea sounded great, I am not the javascript guru him or Sandy Armstrong are as litl-ers.

jQuery to the rescue! This problem is mostly solved with the help of jquery-uitablefilter, a nifty plugin for filtering tables. The problem was that it took me 2 full days to create a usable prototype. Integrating the uitable filter plugin wasn’t too difficult, but getting it to work with a popover menu (css’s z-index property / position: absolute) was a bit problematic. I do plenty of back end stuff at work, but front ends and javascript are fairly new to me.

After a rough ui prototype was done, we all worked together on how to tackle note sharing on the backend. The original plan was changed to use a separate “Share” model instead of a special NoteTag for simplicity. K.I.S.S., it is a good thing.

Current Status

I’ve gotten all of the hard code written. The rest is mainly implementation details and cleaning up what is already there. The likely to be rebased and futzed with before being merged into master code is a hackfest/sharing branch on github.

  • Hook up an onclick handler for the “Share this note with all users” entry for marking a note Public.
  • Hook up an onclick handler for unsharing a note with one of your “friends”.  $.post() will rock your socks!
  • Send emails to users ala google docs when a user wants to share a note with you and types in your email.
  • Get this all working well enough to make everyone happy and get it on http://edge.tomboy-online.org

Sandy wrote an html5 snowy client so we can run on mobile devices. Leon Handreke worked tirelessly on markdown support for mobile note editing. Brad Taylor worked on a javascript markdown convertor appropriately named bitenuker. Between the three of them, we’ll eventually have rocking mobile device support and editing. Paul Cutler (as usual) cracked the whip and kept us focused on the task at hand while Jeff^2 gave things the pretty with his hand carved css wizardry and new-layout branch.

Paul, Owen Taylor, and myself also had an impromptu GNOME SysAdmin team meeting. The times, they’re a changin’.

I’d like to give a special thank you to Paul Cutler and Sandy Armstrong for herding cats and making sure we stay on task. Without their tireless effort, things wouldn’t have went nearly as smooth as they did. This was a great hackfest overall and expect to see great things coming to Tomboy Online as a result.

So long, and thanks for all the fish!

2 Comments

Categories: Open Source, Planet GNOME.

Tags: , , ,

By jeff
November 14, 2010 at 12:50 am