SIDEBAR
»
S
I
D
E
B
A
R
«
[Danish] Stallman til Danmark i Maj 2019!
Apr 7th, 2019 by miki

Rygterne har lydt noget tid, men nu er det officielt at formand for og stifter af Free Software Foundation, den ideologiske ophavsmand til GNU-projektet og højlydt fortaler for softwarebrugeres frihed og privatliv i den digitale verden, Richard Stallman besøger Danmark med en række åbne og gratis foredrag dette forår.

Det er Stallmans dedikerede arbejde med fri software og GNU-projektet fra starten af 1980’erne, herunder udformning af softwarelicenser som GNU GPL og udviklingsværktøjer som GNU Compiler Collection (GCC) og GNU Emacs, der er grundlaget for en stor del af det der i offentligheden i dag bedst kendes som “open source”. Kernen Linux er frigivet under GNU GPL og er både inspireret af og anvender GNU-projektets arbejde direkte, og er en vigtig del af et komplet GNU-system (også kendt som GNU/Linux eller en “Linux-distribution”).

Stallman kommer på en veritabel Danmarksturne med start i Aalborg mandag d. 6. maj 2019 og ender i København fredag d. 10.  maj 2019. Foredragsrækken er arrangeret af innovationsnetværket for IT, InfiniIT, som inkluderer de store IT-universiteter i Danmark.

Den samlede foredragsrække er som følger:

Tidspunkt Lokation Begivenhed hos FSF Begivenhed hos InfinIT Anden omtale
6. maj 2019 16:00 Aalborg Universitet, Aalborg Richard Stallman to speak in Aalborg, Denmark Free Software, Free Society – Richard Stallman og den frie software-bevægelse (AAU)
7. maj 2019 16:00 Syddansk Universitet, Odense Richard Stallman to speak in Odense, Denmark Free Software, Free Society – Richard Stallman og den frie software-bevægelse (SDU)
8. maj 2019 16:00 IT-Universitetet, København Richard Stallman to speak in Copenhagen, Denmark Free Software, Free Society – Richard Stallman og den frie software-bevægelse (ITU)
9. maj 2019 16:00 Lundbeckfond Auditorium, Københavns Biocenter, Københavns Universitet Richard Stallman – “Computing, freedom, and privacy” (Copenhagen, Denmark) Free Software, Free Society – Richard Stallman og den frie software-bevægelse (KU)
10. maj 2019 14:00 Danmarks Tekniske Universitet, København Richard Stallman – “Copyright vs Community” (Copenhagen, Denmark) Free Software, Free Society – Richard Stallman og den frie software-bevægelse (DTU)

Kilder: FSF: Where in the world is Richard Stallman?, InfinIT-arrangementer, IDA-søgning, PROSA-arrangementer

Information om Richard/GNU/FSF

  • gnu.org: GNU-projektet, et softwareprojekt med det formål at udvikle et komplet frit styresystem og værktøjer
  • fsf.org: Free Software Foundation, organisationen bag GNU-projektet og ideologisk tænketank for fri software
  • stallman.org: Richard Stallmans personlige hjemmeside
Micro:bit – Official Android mobile application maturity and future
Jan 31st, 2019 by miki

The support request replicated below was posted as ticket #20427 on Micro:bit support on 2019-01-31 22:19 CET spawned by discussion in F-Droid RFP #662 about inclusion of the official Micro:bit Android Companion application in the free software application store F-Droid.

Hi at Micro:bit Educational Foundation.

We are wondering a bit in the F-Droid free software community (https://gitlab.com/fdroid/rfp/issues/662) whether it is worthwhile for us to try to loosen the official Android companion application (https://microbit.org/guide/mobile/#og-app) from its non-free dependencies to make it available in the free software application store F-Droid (https://f-droid.org/).

This leads to a couple of questions you can hopefully help answering;

1) Do you regard the application as alive and supported?

The latest release of the application was v2.0 2017-01-17 (https://play.google.com/store/apps/details?id=com.samsung.microbit) and the publicly available code base (https://github.com/Samsung/microbit/) seems to have been completely abandoned. Only two commits were ever made by Samsung and no involvement with the community has been seen at all.

2) How come the big difference in maturity between the iOS and Android mobile applications?

It seems like the iOS application has received some more attention seeing regular updates through to v3.0.2 released 2018-11-01 (https://itunes.apple.com/gb/app/micro-bit/id1092687276?mt=8). Also it appears to have a much wider fetaureset (https://play.google.com/store/apps/details?id=com.samsung.microbit&reviewId=gp%3AAOqpTOGpgo4CF2qrry4qWqLXyj0TZaEEJcrTB-yZ61o4nJbqhq-2mBojlYQJP7BzdkAzseGaLD1sVO9fBv1R3sY) developed along the way by Insight Resources (http://www.insightresources.co.uk/microbit/index.html).

The Android application appears to have been more of a one-off project from Samsung having all sorts of issues especially with Bluetooth that has never been attended to (http://www.suppertime.co.uk/blogmywiki/2016/04/mobile-microbit/, https://support.microbit.org/support/solutions/articles/19000041104-diagnosing-bluetooth-problems-android).

3) Is there a plan to bring the application in better shape?

Some activity can be seen in repository forks and branches from the original Samsung committer ailrohit (https://github.com/Samsung/microbit/compare/master…ailrohit:school_project) and microbit-sam (https://github.com/Samsung/microbit/compare/master…microbit-sam:partial-flash) identifying as being from the foundation but none of this work seem to be included in releases yet.

4) If a freed fork is made for inclusion in F-Droid would you be willing and able to integrate the changes into the official sources?

F-Droid prefers an upstream source which can be directly built without non-free dependencies using an appropriate set of build options. This greatly simplifies maintenance and build efforts. A forked repository is already in place at the foundation’s Github organization (https://github.com/microbit-foundation/microbit-android) but is at the moment even with the stale Samsung repository.

Thanks for any clarifications you can provide.

Regards,
Mikkel

Rocket launch your calender
Jan 15th, 2019 by miki

If you’re interested in the universe (and who aren’t), outer &/| inner space and its human exploration you can get yourself a nice reminder of everything going on in your favourite calender application (be it mobile, desktop or cloud based) by configuring them to display these iCalendar/CalDAV feeds;

They contain schedules and usually good information (links background information, webcasts etc.) about earthly initiated stuff going on in space focusing on events and launches respectively. See for example the recent Spx-16 release & landing.

They are compiled by a guy called Mario Billiano (aka _starbase_) who announced them at the nasaspaceflight.com forums in August 2017.

He is also present on Twitter and Facebook.

Silent browser redirect on invalid certificate
Nov 15th, 2018 by miki

Hit an odd browser behaviour today.

Trawling through some of those nice and dandy terms for a service (no I won’t tell) I followed a link and suddenly hit an “insecure connection” message from Firefox.

Examining the certificate using the usual “openssl s_client” and “openssl x509” tools surely enough revealed that the served certificate didn’t include the second-level but only on the third-level www sub-domain. Strangely enough I discovered that when entering the same URL directly into the address bar of Firefox the connection was somehow redirected to the www sub-domain and loaded fine without any complaints from Firefox.

Looking into what was happening on the wire using wget directed to not check the certificate (–no-check-certificate) and displaying server responses (–server-response/-S) revealed that the server behind the misconfigured certificate was aiming to issue a HTTP 301 redirect to the valid www sub-domain of the site (actual site replaced by foo.bar and localhost ip);

$ wget –server-response –no-check-certificate –output-document=/dev/null https://foo.bar
–2018-11-15 18:59:14– https://foo.bar/
Resolving foo.bar (foo.bar)… 127.0.0.1
Connecting to foo.bar (foo.bar)|127.0.0.1|:443… connected.
WARNING: no certificate subject alternative name matches
requested host name ‘foo.bar’.
HTTP request sent, awaiting response…
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Location: https://www.foo.bar/
Date: Thu, 15 Nov 2018 17:59:13 GMT
Content-Length: 152
Location: https://www.foo.bar/ [following]

Apparently Firefox’s behaviour in this scenario differs depending on the method in which the user is supplying the URL, in some cases silently ignoring the TLS/SSL warning. A little more experimentation revealed that it was actually not the source of the URL, link followed versus one entered in address bar, that made any difference. Instead it is the presence of a trailing slash on the URL that triggers the silent suppression of the serious red flag that the second-level domain asked to be fetched is not present in the served certificate. I was fooled by the fact that when entering URLs in the address bar Firefox suggests ending the URL on a slash (‘/’) if it is not already present. Manually removing this when editing in the address bar also makes Firefox display the security warning. Alas, the link I originally followed was also missing the trailing slash and behaved as expected by throwing me into a security warning.

The whole “feature” of silently ignoring a security issue seemed very odd to me, but a bit of searching revealed that this was apparently championed by Google Chrome a couple of years ago. It is described in this servertastic post which also directs to a discussion on Twitter, with some key points replicated below, about its presence in Chrome and confirmation from a Chrome team member that the behaviour is intended.

The thread ends with a guy who had dug up the source code of the feature in Chromium (on which Chrome is based) known as “SSLCommonNameMismatchHandling” in file browser/ssl/common_name_mismatch_handler.cc (see all mentions across code base).

This has obviously also trickled down into Firefox, however, not much mention of that is to be found. Not even traces of it by some quick searches of the mozilla-central codebase. Some day I promise (really!) to dig through all source of Mozilla and hunt down the implementation, but for now I’ll revert to a bit of practical experimentation showing the behaviour in the different browsers and operating systems I happen to have access to at the moment;

  • Ubuntu 16.04
    • Firefox 62.0.3: warning, with trailing ‘/’: No warning
    • Chromium 69.0.3497.81: no warning, with trailing ‘/’: no warning
  • Windows Server 2016
    • Firefox 62.0.2: warning, with trailing ‘/’: no warning
    • Google Chrome 70.3538.102: no warning, with trailing ‘/’: no warning
    • Internet Explorer 11.2580.14393.0: warning, with trailing ‘/’: warning
  • Windows Server 2008
    • Firefox 59.0.3: warning, with trailing ‘/’: warning
    • Google Chrome 70.3538.102: no warning, with trailing ‘/’: no warning
    • Internet Explorer 11.0.9600.19080: warning, with trailing ‘/’: warning

So somewhere between 59.0.3 and 62.0.2 Firefox also implemented a policy of silently accepting invalid certificates when certain non-obvious criteria is met (is the redirect actually followed and certs checked, or is “www.” just prefixed?), but this happens only when the URL ends on a slash. Go figure…

Havfrue: A Googol-sized Mermaid Facing the Book
Oct 5th, 2018 by miki

2019-03-06 fix links to submarinacablemap.com and some press, add System Details section, some general touch ups
2019-01-22
change “Danish Press Coverage” to “National Press”, add “International Press”, add some National about datacenter prospects & International Press items about contractors choosen
2018-10-05 initial commit

Europe, Denmark and my local neighbourhood of Western Jutland is going to get its connectivity boosted by the Havfrue transatlantic cable system being built by a consortium consisting of Google, Facebook, Aqua Comms and Bulk Infrastructure. To quote the announcement done by Google;

To increase capacity and resiliency in our North Atlantic systems, we’re working with Facebook, Aqua Comms and Bulk Infrastructure to build a direct submarine cable system connecting the U.S. to Denmark and Ireland. This cable, called Havfrue (Danish for “mermaid”), will be built by TE SubCom and is expected to come online by the end of 2019.
Google blog post, 2018-01-16

Digging into the details first reveals the projected trench as illustrated in below by some of the stakeholders;

Havfrue cable, cloud.google.com

Projected trench of the Havfrue cable as illustrated by cloud.google.com.

Havfrue cable, te.com

Projected trench of the Havfrue cable as illustrated by TE SubCom.

Projected layout of the Havfru cable.

Projected trench of the Havfrue cable as illustrated by submarinecablemap.com.

 

 

More digging into the Danish parts reveals that most sources mention Blåbjerg (Blaabjerg) as the Danish landing point for Havfrue (just as TAT-14), although ComputerWorld DK (see National Press below) relays the information that it will land at Endrup (where COBRAcable is terminated). However, a FCC application dated 2018-05-25 SCL-00214S (pdf) refers to it as the “Havfrue system” and specifically states that a new cable landing station will be constructed in Blaabjerg (as well as in Leckanvy, Ireland and Kristiansand, Norway);

The Havfrue system will consist of three segments. (1) The Main Trunk will connect the existing cable landing station at Wall, New Jersey with a new cable landing station to be constructed at Blaabjerg, Denmark. (2) The Ireland Branch will connect a new cable landing station to be constructed at Old Head Beach, Leckanvy, Ireland with a branching unit on the Main Trunk. (3) The Norway Branch will connect a new cable landing station at Kristiansand, Norway with a branching unit on the Main Trunk.
The application also reveals the following distribution of ownership and control of the main trunk (US<->DK);
  1. 33.333% ownership each

    • AEC2
    • Facebook (via Edge USA/Edge Network Services Limited)
  2. 16.667% ownership each

    • Google (via GU Holdings/Google Infrastructure Bermuda Ltd/affiliate)
    • Optibulk
Ownership of the Blaabjerg landing station will be jointly between the above via the corporations America Europe Connect 2 Denmark ApS (for AEC2) and Edge Denmark (for Facebook) but it will be operated by AEC2.
As a spin off of Aqua Comms’ involvment in the Havfrue system they are also connecting Esbjerg to the UK via a new cabled dubbed North Sea Connect.

Google is currently also projecting its own private subsea cables, some of the rationale behind their mixed private/consortium/lease approach are disclosed in blog post from 2018-07-17 announcing the Dunant cable, which is the first Google private transatlantic subsea cable projected to connect Virginia Beach and France.

Further Information

News / Press releases

From Stakeholders

At Cable Map Sites

National Press

International Press

Other

Project Ember: name of a data center
Aug 20th, 2018 by miki

Taking a deeper look into the meta data of the document containing the Environmental Assessment (Danish: “miljøvurdering” shortened “MV”) and Environmental Impact Assessment (Danish: “miljøkonsekvensvurdering” or “vurdering af virkningerne på miljøet” shortened “VVM”) of the announced data center in Esbjerg reveals an interesting embedded title of the document which has not been carried out into other publicly used references.

The embedded PDF title of the document uses the “Project Ember” term which has not been indicated by other sources than articles in the JydskeVestkysten newspaper. The paper cite municipal sources but the municipality has not used the name directly in any of their communications.

The report authored by consultants COWI contains the following naming:

  • Official in text: “MILJØVURDERING (MV) OG MILJØKONSEKVENSVURDERING (VVM) – ERHVERVSOMRÅDE VED ESBJERG, AFGRÆNSNINGSRAPPORT
  • Filename of distributed PDF: “MV-VVM_afgrænsning.pdf
  • PDF meta data title: “Microsoft Word – Project_Ember_MV-VVM_afgrænsning_v.4.0.docx

Below a dump of the full meta data:

$ pdfinfo MV-VVM_afgr%c3%a6nsning.pdf
Title:          Microsoft Word – Project_Ember_MV-VVM_afgrænsning_v.4.0.docx
Author:         lojo
Creator:        PScript5.dll Version 5.2.2
Producer:       Acrobat Distiller 15.0 (Windows)
CreationDate:   Fri May 25 15:49:44 2018
ModDate:        Fri May 25 15:49:44 2018
Tagged:         no
UserProperties: no
Suspects:       no
Form:           none
JavaScript:     no
Pages:          25
Encrypted:      no
Page size:      595.22 x 842 pts (A4)
Page rot:       0
File size:      234728 bytes
Optimized:      yes
PDF version:    1.5

Hyperscale data center coming to Esbjerg
Jun 13th, 2018 by miki

2019-03-07 add local and national press items announcing cancellation of project
2019-02-27
add local press item about property value, environmentalist opposition and local educational initiatives
2019-02-21
add local press item about unsatisfied land owners
2019-01-22 add official approval of plans, fix original chronology of Official Documentation items, add (Local|National|International) Press items about a.o. announcement of Bulk Infrastructure datacenter in Esbjerg
2018-12-19 add Documentation and Local Press items about postponed permit decision from municipality
2018-11-30 add a bunch of Local Press items, and archaeological section to Official Documentation
2018-10-04 add Local and National Press item about Amsterdam trip and announcing Facebook as the developer
2018-09-06 add Local Press item about downscaling and older national press, reorder press items (top=latest)
2018-08-19 add Local Press item and Official Documentation section about housing abandonment
2018-08-01 add Local Press item with letter to editor
2018-06-13 updated with 1 new local + 1 new national press, rewrite first paragraphs, mention project name, mention DDI trade association, mention investindk & havfrue cable
2018-06-12 initial commit

Project Ember?

The local media of Western Jutland, JydskeVestkysten, has spearheaded the coverage of an interesting technology related story over the last weeks. The Esbjerg municipality planning departments has started to reveal details of the preparations for the development of an industrial site on a large swath of land just outside of Esbjerg seemingly for the purpose of a hyperscale data center of the proportions employed by FANG sized (Facebook, Amazon, Netflix, Google) organizations. According to the media the project is by some municipal sources referred to as “Project Ember“. I have been unable to confirm this name from official documentation yet released or any other sources.

Neither the newly formed trade association named Danish Data Center Industry (DDI/DanishDCI) (in Danish: “Datacenter Industrien“) or the state’s Invest in Denmark office has brought any more light to the issue. The former has, however, tweeted a couple of times about it when it hit the national media and the latter has brought forward a vague hint that Western Denmark is an “attractive data centre hub“. I’m not in any doubt that this is partly driven by the announcement of the “HAVFRUE consortium“, which includes Facebook, that they intend to install a 108 Tb/s transatlantic cable crossing from New Jersey to Ireland and Esbjerg, as also announced by Invest in Denmark in January.

Below is an outline of the area in question (on an OpenStreetMap based map using the umap project) that I have drawn from the only geographical details yet leaked which is contained in the meeting agenda mentioned below. See also a visualisation of the area on a photo taken by local photographer Christer Holte.

I have collected links to all official documentation I have been able to locate and to press coverage below, and intend to keep updating this post as details is being revealed.

See full screen

Official Documentation

  • 2019-01-21: Notitia Networks ApS was assigned a permit for construction by city council as documented in minutes of the city council meeting at 2019-01-21, item 11, p. 28-35
    • Changes to municipal plan approved with minor changes
      • Addition of passage detailing that an ecological corridor planned in the area should be moved accordingly
      • Explicitly state that land reserved for E20 (European highway) is being removed from plan (I understand this as being used for this project instead of E20, but not quite sure)
      • Corrections to various erroneous references, quoted noise limits and uniformity of maps
    • Area planning
      • National Road Department (Danish: Vejdirektoratet) asked for clarification that signs and other marketing in the open land is prohibited, and that supervision authority for signs that are erected near roads is awarded to the department
      • Clarification of unclear maps showing road outline
      • By citizen request a visualization of the visual consequences from the viewpoint of Nørregårdsparken has been produced and amended to the appendixes
      • Allowed area of buildings for the security facilities at entrance/exit increased from 50 m2 to 75 m2
      • Various references and minor clarifications added
    • Plan & Environment Committee: approved on meeting 2019-01-08 (item 5, p. 11-17)
    • Financial Committe: approved the recommendation from Plan & Environment Comittee on meeting 2019-01-14 (item 13, p. 27-33)
    • Administration recommendation to city council: approve
    • City Council: approved the recommendation from Plan & Environment Comittee and Financial Committe
  • 2018-12-18: An extensive trove of documents totalling 12 appendixes to “case 04” (“sag 04”) pertaining to the municipality hearing has been released as a part of the agenda for 2018-12-18 meeting in Municipal Planning & Environment committee (Plan & Miljø-udvalg), the final decision postponed for January meeting
    • minutes: “Resolution Plan & Environment Committee on 18-12-2018: Postponed for meeting on 8 January 2019 for further investigation.
    • appendix 03: complete environmental assessment
    • appendix 04: supplemental visualisations
    • appendix 06: updated map of area
    • appendix 12: 158 pages of citizen comments and the municipal department’s comments to those
  • 2018-10-11: Sydvestjyske Museer (Museum of Southwest Jutland) has released an article about their preliminary findings (Google Translate’d) of the excavations done in the area.
    • Large parts is old heath without archaeological interest
    • In the eastern part remnants from Stone Age, Iron Age and WWII has been found
    • A complete predecessor of Andrup from around 0-200 AC has been found, parts of a later settlement from 200-800 AC has also been found, these are pending further investigations in 2019
  • 2018-08-07: Area mentioned in agenda/minutes for 2018-08-07 meeting in Municipal Planning & Environment committee (Plan & Miljø-udvalg)
    • Details in item 9 “Demolition of housing – Nordre Tovrupvej 21 and 26, Esbjerg” (Danish: “Nedlæggelse af boliger – Nordre Tovrupvej 21 og 26, Esbjerg”), p. 21-22 (case referred to as “Dok.nr.: 11768”, “Sagsid.: 18/20401”)
    • Requests that the committee approve liquidation and demolition of two current municipality owned rental houses in the area for the possible sale of the area for commercial purposes
    • Current inhabitants are willing to agree to voluntarily leave the rentals, but such formal agreements have not yet been established
    • Technical & Construction Committee assesses that the liquidation and subsequent sale of the aree will have a positive impact and is not outside current statutes
    • Approved by the committee
  • 2018-06-01: Public hearing announced (Google Translate’d) (original) about changed use of the area
    • Hearing closes 2018-06-15 (14 day period)
    • Accompanying report about environmental impact (VVM) discloses even more details
      • Area referred to as used for “establishing of extraordinary space consuming commercial entity near Esbjerg in the form of a data center” (ch. 2, p. 8)
      • Total area: 250 ha = 2’500’000 m2 (1 hectare = 10’000 m2) (ch. 2.2, p. 8)
      • Building area: “Current project entails approx. 250’000 m2 under roof with 200’000 m2 data warehouses and 50’000 m2 administration, logistics and service buildings, in addition to one or two 150 kV high voltage substations, each of approx. 30’000 m2 and diesel emergency power facilities of 6’500 m2” (ch. 2.3, p. 9)
      • Heat surplus: “Planning will leave open the possibility of reusing surplus heat produced at the facility, however no such plan exist at the moment” (ch. 2.3, p. 9)
  • 2018-05-28: Area mentioned in agenda/minutes for 2018-06-01 meeting in Municipal Technical & Construction committee (Teknik & Bygge-udvalg)
    • Details in item 7 “Closure of public and private roads in Andrup” (Danish: “Nedlæggelse af offentlige og private fællesveje ved Andrup”), p. 14-16 (case referred to as “Dok.nr.: 11186”, “Sagsid.: 18/12587”)
    • Area is referred to as “a contiguous area laid out for commercial purposes
    • Includes map with outline of area
    • Suggests public roads being closed for cars, new cycling paths being constructed passing North of area
    • Approved by the committee

Local Press

National Press

International Press

HOWTO: restore an iPad using only Free Software
Feb 14th, 2018 by miki

Thanks to the fine people at the libimobiledevice project, who bothers to reverse engineer Apple products, I recently succeeded in resurrecting a relative’s iPad stuck in a boot loop (something with jailbreaking, running Sydia, missing an iOS update and attempted Sydia removal) without any use of proprietary tools.

This is a brief recipe of the procedure done using Ubuntu 16.04.

As the required tool from libimobiledevice, idevicerestore, is not packaged in the Ubuntu libimobiledevice package we need to build this from scratch from the sources.

iPad during recovery

iPad in recovery mode during firmware download using libimobiledevice

  1. Install build dependencies
    sudo apt install libusbmuxd-dev libplist-dev libplist++contents under-dev libzip-dev
  2. fetch and build libimobiledevice main library
    cd
    git clone https://git.libimobiledevice.org/libimobiledevice.git
    cd libimobiledevice/
    ./autogen.sh
    make
  3. fetch and build libirecovery library
    cd
    git clone https://git.libimobiledevice.org/libirecovery.git
    cd libirecovery
    ./autogen.sh
    make
  4. fetch and build idevicerestore tool, using the homebuilt libraries
    cd
    git clone https://git.libimobiledevice.org/idevicerestore.git
    cd idevicerestore
    CFLAGS="-I$HOME/libirecovery/include -I$HOME/libimobiledevice/include" LDFLAGS="-L$HOME/libirecovery/src/.libs \
    -L$HOME/libimobiledevice/src/.libs" PKG_CONFIG_PATH=~/libirecovery:~/libimobiledevice/src ./autogen.sh
    make
  5. put the iDevice in recovery mode (iPad = press power+home until screen with “iTunes+cable” symbol appear, see image above and check Apple support for details), make sure it has adequate charge or it will refuse (red battery flashing)
  6. perform the actual restore, asking for flashing of latest firmware (~2.5GiB automatically downloaded), this will probably get you in trouble if you desire to jailbreak the device. I noticed while writing this post that the below actually doesn’t run the tool using the libraries built above, but I’m leaving it as it was done because it “worked for me” (TM) and I can’t experiment further because I haven’t got access to any iDevices (and desire to keep it that way):
    sudo $HOME/idevicerestore/src/idevicerestore --latest
    NOTE: using cached version data
    Found device in Recovery mode
    Identified device as j71ap, iPad4,1
    Latest firmware is iPad_64bit_11.2_15C114_Restore.ipsw
    Verifying 'iPad_64bit_11.2_15C114_Restore.ipsw'...
    Checksum matches.
    Extracting BuildManifest from IPSW
    Product Version: 11.2
    Product Build: 15C114 Major: 15
    INFO: device serial number is DMPM4V3SFK15
    Device supports Image4: true
    Variant: Customer Upgrade Install (IPSW)
    This restore will update your device without losing data.
    Using cached filesystem from 'iPad_64bit_11.2_15C114_Restore/058-86080-124.dmg'
    Found ECID 6653578882512
    Getting ApNonce in recovery mode... 03 6b cc ac 57 8a b4 29 29 c1 a9 fe e4 97 54 3b a8 36 59 5a 
    Trying to fetch new SHSH blob
    Getting SepNonce in recovery mode... df 5c ad 67 48 bd 38 b4 6f 72 0a 5c b0 81 87 c3 95 37 4a da 
    WARNING: Unable to find BbChipID node
    WARNING: Unable to find BbSkeyId node
    Request URL set to https://gs.apple.com/TSS/controller?action=2
    Sending TSS request attempt 1... response successfully received
    Received SHSH blobs
    Extracting iBEC.ipad4.RELEASE.im4p...
    Personalizing IMG4 component iBEC...
    Sending iBEC (710360 bytes)...
    Recovery Mode Environment:
    iBoot build-version=iBoot-4076.30.43
    iBoot build-style=RELEASE
    Sending AppleLogo...
    Extracting applelogo@2x~ipad.im4p...
    Personalizing IMG4 component AppleLogo...
    Sending AppleLogo (22709 bytes)...
    ramdisk-size=0x10000000
    Extracting 058-85997-124.dmg...
    Personalizing IMG4 component RestoreRamDisk...
    Sending RestoreRamDisk (59978774 bytes)...
    Extracting DeviceTree.j71ap.im4p...
    Personalizing IMG4 component RestoreDeviceTree...
    Sending RestoreDeviceTree (101420 bytes)...
    Extracting kernelcache.release.ipad4...
    Personalizing IMG4 component RestoreKernelCache...
    Sending RestoreKernelCache (13226783 bytes)...
    About to restore device... 
    Waiting for device...
    Device 3fb0f5cc97b83c61c85d4b8333796d9e536a4c83 is now connected in restore mode...
    Connecting now...
    Connected to com.apple.mobile.restored, version 15
    Device 3fb0f5cc97b83c61c85d4b8333796d9e536a4c83 has successfully entered restore mode
    Hardware Information:
    BoardID: 16
    ChipID: 35168
    UniqueChipID: 6653578882512
    ProductionMode: true
    Starting FDR listener thread
    About to send NORData...
    Found firmware path Firmware/all_flash
    Getting firmware manifest from build identity
    Extracting LLB.ipad4.RELEASE.im4p...
    Personalizing IMG4 component LLB...
    Extracting applelogo@2x~ipad.im4p...
    Personalizing IMG4 component AppleLogo...
    Extracting batterycharging0@2x~ipad.im4p...
    Personalizing IMG4 component BatteryCharging0...
    Extracting batterycharging1@2x~ipad.im4p...
    Personalizing IMG4 component BatteryCharging1...
    Extracting batteryfull@2x~ipad.im4p...
    Personalizing IMG4 component BatteryFull...
    Extracting batterylow0@2x~ipad.im4p...
    Personalizing IMG4 component BatteryLow0...
    Extracting batterylow1@2x~ipad.im4p...
    Personalizing IMG4 component BatteryLow1...
    Extracting glyphplugin@2x~ipad-lightning.im4p...
    Personalizing IMG4 component BatteryPlugin...
    Extracting DeviceTree.j71ap.im4p...
    Personalizing IMG4 component DeviceTree...
    Extracting recoverymode@2x~ipad-lightning.im4p...
    Personalizing IMG4 component RecoveryMode...
    Extracting iBoot.ipad4.RELEASE.im4p...
    Personalizing IMG4 component iBoot...
    Extracting sep-firmware.j71.RELEASE.im4p...
    Personalizing IMG4 component RestoreSEP...
    Extracting sep-firmware.j71.RELEASE.im4p...
    Personalizing IMG4 component SEP...
    Sending NORData now...
    Done sending NORData
    About to send RootTicket...
    Sending RootTicket now...
    Done sending RootTicket
    Waiting for NAND (28)
    Checking filesystems (15)
    Checking filesystems (15)
    Unmounting filesystems (29)
    Unmounting filesystems (29)
    Creating filesystem (12)
    About to send filesystem...
    Connected to ASR
    Validating the filesystem
    Filesystem validated
    Sending filesystem now...
    [==================================================] 100.0%
    Done sending filesystem
    Verifying restore (14)
    [==================================================] 100.0%
    Checking filesystems (15)
    Checking filesystems (15)
    Mounting filesystems (16)
    Mounting filesystems (16)
    About to send KernelCache...
    Extracting kernelcache.release.ipad4...
    Personalizing IMG4 component KernelCache...
    Sending KernelCache now...
    Done sending KernelCache
    Installing kernelcache (27)
    About to send DeviceTree...
    Extracting DeviceTree.j71ap.im4p...
    Personalizing IMG4 component DeviceTree...
    Sending DeviceTree now...
    Done sending DeviceTree
    Certifying Savage (61)
    Flashing firmware (18)
    [==================================================] 100.0%
    Updating gas gauge software (47)
    Updating gas gauge software (47)
    Updating Stockholm (55)
    About to send FUD data...
    Sending FUD data now...
    Done sending FUD data
    About to send FUD data...
    Sending FUD data now...
    Done sending FUD data
    Fixing up /var (17)
    Modifying persistent boot-args (25)
    Unmounting filesystems (29)
    Unmounting filesystems (29)
    Got status message
    Status: Restore Finished
    Cleaning up...
    DONE
  7. The iDevice should reset and boot into the new firmware.
iPad during firmware flashing using libimobiledevice

iPad during firmware flashing using libimobiledevice

If you want to interact with iDevices from within Ubuntu during ordinary use, you could also install some utils and plugins for that. Below will fx. add a context menu in nautilus with info about the iDevice and install the ideviceinstaller command line utility which can be used to administer installed applications on the device.

sudo apt install libimobiledevice-utils nautilus-ideviceinfo ideviceinstaller

Setting free a Google Authenticator TOTP secret
Nov 7th, 2017 by miki

Below you’ll find an illustrated guide for freeing the authentication mechanism used by the Google Authenticator app for Android or iPhone for use on your favorite device (anywhere an implementation is available). In fact the Authenticator is using a standards based 2FA (two factor authentication) scheme defined by OATH (Initiative for Open Authentication) and published in RFC6238 dubbed TOTP – Time-Based One-Time Password Algorithm (more Authenticator background and it’s basis HOTP).

This is a rather fine contraption but Google doesn’t advertise it very loudly being a standard instead locking the generated TOTP secret into a QR code that they will only imply are for use by their own Google Authenticator. That is not true as a host of alternative Android OTP apps are compatible and can read the QR codes as they are based upon the Authenticator’s legacy as an open source application which Google took private.

Retrieve Google Account QR Code

Login to your Google Account (maybe using the authenticator?) and go to Account -> Security -> Signin -> 2-step verification.

Locate the “Authenticator app” section and Click “CHANGE PHONE” (really “CHANGE TOTP SECRET”).

Screenshot from 2017-11-06 22-32-05

In my country’s locale, Danish, this is BTW mistranslated as “SKIFT TELEFONNUMMER” = change phone number);

Screenshot from 2017-11-07 00-50-06

You’ll now get a choice between either iPhone or Android, this will only affect the link to the app store shown on next screen which also contains the QR code, the one we are really after:

Screenshot from 2017-11-06 23-03-44

Right click the QR code image, select to save it and put it somewhere you can find it (~/Google_TOTP_QR.png might be sensible).

Get your tools right

Install the QR-code decoder zbar for extracting the TOTP secet from the image and the OATH toolkit oathtool for generating future TOTP passwords using it. On Debian/Ubuntu this can be done by installing the packages zbar-tools and oathtool.

 

$ sudo apt install zbar-tools oathtool

 

Now extract the otpauth URI (seems to be a Google thing) by passing the image file to zbarimg;

 

$ zbarimg ~/Google_TOTP_QR.png
 QR-Code:otpauth://totp/Google%3Auser%40domain.com?secret=pca7uyfht7f6mfs7oiec4aeavxaevish&issuer=Google
 scanned 1 barcode symbols from 1 images in 0.02 seconds

 

The URI contains all parameters to input into the TOTP algorithm for generating a password usable for 2FA authentication, notably the secret key in base32 format. Defaults are not mentioned in the URI and are not necessary to specify explicitly for oathtool. So for the above URI specifying only a secret, a password can be generated as such;

$ oathtool --totp --base32 pca7uyfht7f6mfs7oiec4aeavxaevish
 491293

“491293” being the password, having a default validity of 30 seconds (called step size because of the counter based nature of the HOTP behind it).

If your are interested in the defaults assumed by oathtool they can be viewed by supplying -v to it (not showing TOTP mode=SHA512, I later added this feature in my oath-toolkit fork, and opened a MR) ;

$ oathtool --totp --base32 pca7uyfht7f6mfs7oiec4aeavxaevish -v
Hex secret: 7881fa60a79fcbe6165f72082e0080adc04aa247
Base32 secret: PCA7UYFHT7F6MFS7OIEC4AEAVXAEVISH
Digits: 6
Window size: 0
Step size (seconds): 30
Start time: 1970-01-01 00:00:00 UTC (0)
Current time: 2017-11-06 23:23:31 UTC (1510010611)
Counter: 0x30007F7 (50333687)

133339

 

Use & Behold

Enjoy having cut your reliance on the Google Autenticator, and opened up for your own choice of client:

Also see the dongleauth.info website for a list of other sites supporting TOTP and U2F.

Clean Up & Secure

Be sure to delete the QR code image when finished, and seek out a suitably secure place to store your TOTP secret. One solution could be using PGP encryption, maybe even through some clever management system such as pass.

Also educate yourself of the shortcomings of TOTP/HOTP and consider studying and using the FIDO U2F standard and related devices.

When email in a .msg file is not ASCII
Sep 18th, 2017 by miki

Got myself an exported message from (apparently) Exchange/Outlook in a file with .msg extension. My initial thought was that this was just a plain ASCII email (seem to remember having handled .msg files as such at some point), but looking at it as text exposed a load of binary and the “file” utility reported it being of type “Composite Document File V2 Document, Cannot read section info”.

What is it?

Some searching reveals .msg is in a proprietary format called “Outlook Item (.msg) File Format” (or formally, MS-OXMSG, find the specification  in the MSDN document entitled “[MS-OXMSG]: Outlook Item (.msg) File Format“). This format is related to the CFBF ([MS-CFB]: Compound File Binary File Format).

Check out what Library of Congress has to say about .msg files.

Interpreting it

libgsf

The GNOME project has developed an open source library and some tools for interacting with files of this type, check out libgsf documentation at developer.gnome.org/gsf/ and source code at github.com/GNOME/libgsf. Or install the package named libgsf-bin in Debian/Ubuntu for access to the “gsf” binary (man page) that can inspect and dump contents from a .msg file. This is quite rudimentary if you just want to read the content.

MSGViewer (java)

MSGViewer is a stand alone java application that can display/convert different mail-format, including .msg. On GitHub I found a fork which claims to provide further features than the original.

msgconv (perl)

msgconv (github source) is a perl script that converts a .msg file into standard RFC822/2822/5322 format .eml (email) format. Install as package “libemail-outlook-message-perl” on Debian/Ubuntu.

$ file test.msg
test.msg: Composite Document File V2 Document, Cannot read section info
$ msgconvert test.msg
$ file test.eml
test.eml: UTF-8 Unicode text, with very long lines, with CRLF line terminators

I prefer the approach of using a standard format for storing data, so I ended up accepting the .eml from msgconv which I propagated to other recipients of the file.

»  Substance:WordPress   »  Style:Ahren Ahimsa
© 2019 Mikkel Kirkgard Nielsen, contents CC BY-SA