Archiv

Computing

I recently ran into this bug (or maybe just „weird, undocumented behavior“) of mc(1) when setting it up on FreeBSD. Even after saving the „Verbose operation“ option in the „Configuration“ menu, it was always disabled after the next startup of mc. I could confirm that verbose=true got set in the $HOME/.config/mc/ini file (probably $HOME/.mc/ini on Linux), but was ignored (or reset) on startup.

Now, „Verbose operation“ makes all those nice progress bar windows pop up, and without it there’s no point in using mc! So what’s going on here? Apparently, mc checks your terminal’s reaction speed in terms of „baud“, like it’s 1997 and we’re running stuff on serial cables or something. If mc finds that your terminal is too slow, you don’t get any progress bars (awww), because your terminal apparently can’t handle it.

Now, under some circumstances, some terminals don’t report a proper baud speed – maybe because it’s not 1997, and we’re not running stuff on serial cables. In these cases, the function tty_baudrate() returns -1, which I guess should alert programs that the value is useless. But Midnight Commanders just asserts that this value is smaller than 9600 (duh!) and always sets verbose=FALSE; on startup, because your serial cable is too thin. Gotcha!

The bug has been known and ignored for 6 years (mc Trac ticket #2452), but I can confirm that the patch proposed in comment #15 does the trick. I’ve submitted it to the maintainer of the mc port in FreeBSD, and maybe you want to go and bug mc people to fix it or get your distro to incorporate the patch – because who on earth would want to to use Midnight Commander without those progress bars, am I right?!

If you have LUKS partitions on gpt-partitioned drives, you might have noticed that cryptsetup doesn’t handle PARTUUID=[…] entries in /etc/crypttab, even though it does understand the traditional UUID=[…]. There’s an Ubuntu bug for this (since 2010, because that’s how much Ubuntu cares about bug reports), and apparently Arch is patching cryptsetup to make it work.

But it turns out there’s an elegant workround for everyone, as inspired by this Debian mailing list post, where a user has /dev/disk/by-id/[…] entries in their /etc/crypttab. /dev/disk is just the most delightful symlink squaredance! If you don’t know about it yet, just ls -lR /dev/disk and prepare to be amazed 🙂

So, to make cryptsetup correctly parse the gpt partuuid of your drives, just use /dev/disk/by-partuuid/[…] symlinks in /etc/crypttab. Here’s an example of such a setup:

root                     UUID=00000000-[…]-444444444444 none luks
backup0 /dev/disk/by-partuuid/55555555-[…]-999999999999 none luks
backup1 /dev/disk/by-partuuid/aaaaaaaa-[…]-eeeeeeeeeeee none luks

Have fun!

German freemail heavyweights web.de and gmx.net (several millions of users combined) are using deceptive techniques in order to manipulate Firefox and Chrome users into removing AdBlock and its variants. This message is displayed for people with the respective setup:

web_deThe yellow bar is part of the website (it even scrolls with the site). It says:

The security of your computer is compromised by a Firefox Add-On. [Restore Security]

Clicking the fake button or the „Further information“ link takes the user to a shady-looking website charmingly named browsersicherheit.info (browser security dot info).

This site imitates the look of Chrome’s browser settings and uses a seemingly objective and caring tone, explaining how „content manipulating browser add-ons“ pose an enormous security risk. It also contains a surprisingly short list of allegedly „known malicious browser add-ons“:

plugins2Note how AdBlock and several variants of it are shown at the top of this list, described as „filters page contents“. Every user of AdBlock is aware that it filters contents—that’s its purpose. Still, this list is obviously supposed to cause insecurity and fear, especially since the same list contains obscure and dubious sounding add-ons. Many of them are described as „inserting external elements like advertising“. One, ironically, is accused of „creating false security alerts“.

Otherwise, the page purports to be a well-meaning security initiative. Only the legally-mandated and well-hidden Contacts page shows that 1&1 Mail & Media is behind it. The 1&1 DSL and hosting franchise is part of the German United Internet company, which in turn owns web.de and gmx.net. A press release at gmx.net praises it, but gmx.net is not named as part of this „program“ anywhere on the site. However, in the ridiculously short „press comments“ section, gmx.net and web.de appear as two out of three sources (the third being a nasty tabloid’s computer spinoff magazine).

This practice is all the more more malicious, as it has taken years to establish that browsers show meaningful security notifications, and to get everyone’s parents to actually read and follow them.

Apparently, the Mozilla security team is looking at the situation, which I’m very grateful for.