Reset the Internet – Securing Mutt with GPG

Advertisements

With all the privacy issues these days, it is important to encrypt pretty much everything you can. This includes email. So, I went to set up Mutt with encryption. I’m one of those people who likes a “Do this, then do this, then” … etc style how-to. Most things have those readily available, but I haven’t yet been able to find one for mut with encryption. There are a lot of good tutorials out there, but they all seem to assume you have knowledge of what to put where. So, this is a “do this, then do that” … style tutorial.
If you’re interested in why you do the following steps, this is probably not for you.

Mutt Setup

First, install mut and gnupg. In Arch you do:

pacman -S --needed mutt gnupg

Next, set up your muttrc file with your email information. If you’re not sure how, there are a lot of good tutorials to help. Most of them recommend you put your muttrc in ~/.mutt/muttrc, and this is where I will assume yours is. Since w’re focusing on security, I will also include directions for encrypting your password so it’s not stored in plain text.
Add the following lines to your ~/.mutt/muttrc:

source ~/.mutt/gpg.rc
source "gpg -d ~/.mutt/passwd.gpg|"

To get the password info encrypted, create the file ~/.mutt/passwd with your favorite text editor. Add the following information:

set imap_pass="IMAPPASSWORD"
set smtp_pass="SMTPPASSWORD"

Now, to encrypt it:

gpg -r EMAIL@DOMAIN.EXT -e ~/.mutt/passwd

replace EMAIL@DOMAIN.EXT with the email address you used to create your gpg key. this will create your encrypted password, and now we need to get rid of the unencrypted version. This is easily done with srm, which is part of the secure-delete package:

srm ~/.mutt/passwd

Next, to get the gpg.rc file:

cp /usr/share/doc/mutt/samples/gpg.rc ~/.mutt/

Finally, add the following to the end of ~/.mutt/gpg.rc:

set pgp_sign_as=KEYNAME
set pgp_autosign=yes
set crypt_autosign=yes
set pgp_replyencrypt=yes
set pgp_timeout=1800

Later, after we have set up a gpg key, we’ll come back and change KEYNAME to its propper value.

GPG Setup

Edit the file ~/.gnupg/gpg.conf and add the following:

personal-digest-preferences SHA512
cert-digest-algo SHA512
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
keyserver hkp://pool.sks-keyservers.net

Create a key:

gpg --gen-key

Press enter to select the first default. RSA keys may be between 1024 and 4096 bits long. You can select the default of 2048, but of course 4096 will be harder to break. Next, select how long the key is valid.
Enter your name, email, and a comment, e.g., email encryption key. You will be given the chance to change anything you think is wrong. If you are happy with everything the way it is, press o and enter. You will be asked for a password. You need to make a good, strong password. Make sure it has a mix of upper and lower case letters as well as numbers. Son’t lose the password, it will make all this work useless, and you won’t be able to view messages sent to you that are encrypted.
The key will be generated, it takes a while, and while it is being made, try to do some tasks that require you to use the keyboard, mouse, and the disk drives. I am writing this while generating a key, so I’m getting lots of keyboard usage.
When it is finished, you will get a line that reads something like:

gpg: key DFE7A865 marked as ultimately trusted

The name of the key is DFE7A865. Take this number, and edit ~/.mutt/gpg.rc. Change the word KEYNAME to the name of your key. In the case of our example:

set pgp_sign_as=DFE7A865

If you want to publish your public key to a server:

gpg --send-key DFE7A865

That should do it. You should be able to send mail that is automatically signed using your key. To bring up the gpg menu in mut, after composing a message, press p and you will get encryption options. I hope this has been useful, and that all your data remains safe.

CLI Day 2014

CLI day has been a great holiday. I came up with it a few years ago to celebrate all the cool stuff you can do with the command line, and to hopefully get more people using it.
Last year, because of some events, I didn’t really do much for CLI Day. This year, it’s back and stronger than ever. I wanted to make some changes though, and since it’s my holiday, I figured what the heck, I may as well.
Someone suggested to me that CLI Day should be on May 31, because CLI in Roman Numerals is 151. Originally I wanted my birthday, may 29, to be CLI Day, but I realize the my birthday rocks all by itself, so the Roman Numeral thing is a great idea.
Second, I think CLI Day should be decentralized. So, if you have a blog or whatever, write about it. If you have a Identi.ca or Diaspora account, mension #CLIDay. Enjoy using the commandline, and share the love with others.
This year, for CLI Day, I would like to share a new git project with you. I have written, and am in the process of writing, some games for the command line. It’s definitely a work in progress still, but the games are a lot of fun. If you would like to play, you need bash 4.2+, rolldice, and sox.

git clone git://github.com/stormdragon2976/storm-games.git
Have fun, and enjoy CLI Day 2014!

Cheers Mate

Advertisements

To tell the tale of Linux desktop based accessibility is a long and daunting endever. There have been several screen readers most started and abandoned after a short time, some possibly not abandoned, in name only, and the only one to really make any headway as far as a graphical environment goes is Orca. There is good old reliable speakup of course, but it is console only. The Copernicus screen reader has been left by the wayside, in fact, I doubt many people still remember it. there is another one, or was, called LSR (Linux Screen Reader) but, as far as I know, that project is also dead.
As if that isn’t a twisted road enough, let’s take a look at the desktop environment situation. First, accessibility wise, there was Gnome. Gnome 2 was great. Accessibility chugged along at a decent rate,bugs got fixed eventually, except that thing in terminal that caused the first letter of words on a line to be dropped by Orca. It had a great, easy to use interface, and everything just worked and worked well, and except for the little hiccup caused by the Oracle Fiasco, Orca development went along at a decent pace. Of course, the Oracle travesty screwed lots of projects and it fell to the open source community to fix the mess left behind when Oracle acquired Sun. As is usally the case, the open source community did an excellent job, making new and better projects to replace the stuff destroyed in the takeover. But, I digress. All in all, Gnome 2 was great. Then, Gnome 3 came out.
I’m not going to rant about Gnome 3. Out there, somewhere, there are Gnome 3 users and developers who love the project, and out of respect for those poor souls, I will keep my opinion to myself, well for the most part anyway. Let’s just say, I like it only slightly better than Unity, which is one of the key reasons I left Ubuntu and its derivitives such as Vinux in favor of Arch. It’s really too bad about Vinux, the projecthad a lot of potential, but it is so tied to Ubuntu that accessibility seems to take a back seat to sticking with a distro that seems to become less and less accessible as time passes.
So, without Gnome, which I refuse to use in its current condition, I was in need of a desktop. There were supposed to be two of them that worked with accessibility, LXDE and XFCE. I can’t comment on LXDE, because I was never able to get it working with Orca. The closest I ever got was getting Orca to say “Welcome to Orca”. Other people had better luck with it than I did, and the accessibility was supposed to be pretty good for the most part.
I went with XFCE. It really seemed to have a lot of potential. Most of the programs that came with it work with Orca. The file manager, desktop, and panels did not read at all though. So, I went to the propper IRC channels, file the propper bugs, was told the usual “accessibility is very important to us, it will be fixed in the next release.”
The next release came and went, and nothing. I was told that it had been kind of rushed and that the accessibility stuff was definitely going to be in the next release. Well, that release came and went as well. After that one, there was really no more communication. No one answer quearies in the IRC channel, no one replied to messages on the XFCE accessibility mailing list, nothing improved with accessibility at all.
Things stayed that way for about a year, until one day a friend of mine tried the Mate desktop. For those who don’t know, Mate is a fork of Gnome 2. Apparently, there are more people than just me who refuse to use Gnome 3. We were both surprised to find that Mate was very accessible. The last we had heard, the accessibility stack had been completely removed from it. Either that was completely wrong, or sometime afterwards they put it back in. There were a couple problem areas, once again with the desktop and panels, and the propper channels were once again followed. And, unlike with previous experiences, the bugs were fixed right away.
As far as the Mate desktop itself goes, I can’t say enough good stuff about it. It’s like the good old days, the desktop is fun again. I once again enjoy using a graphical environment. Of course, I think I have become a hard core CLI user, but when I need a desktop, Mate is completely awesome.
The one thing I kind of don’t like, is if you install the mate and mate-extra packages and select the defaults, you get stuck with pulseaudio. I have disliked pulseaudio for as long as I can remember. I probably would have stuck with XFCE if there wasn’t a way around it. Fortunately, though, you can select packages 1-12, and 14-23 I think it is and it will skip the pulse dependancy. In the mate-extra packages also skip the package that pulls in pulse, and it will fall back to using gstreamer.
To install, just do the usual pacman -S mate mate-extra.
So that Orca will talk when you first open Mate and launch Orca, add this to your ~/.xinitrc

#accessibility enabled
export GTK_MODULES=gail:atk-bridge

There is a second way to do this using gsettings directly. I haven’t tried this method yet, but others say it works just as well.

gsettings set org.mate.interface accessibility true
gsettings set org.gnome.desktop.a11y.applications screen-reader-enabled true

So, in closing, if you want a great, accessible desktop that is fun to use, works well, and behaves like a desktop should instead of something that appears to have a Mac and/or tablet identity crisis, use Mate. Even the people who can see prefer mate to the other desktops, the interface is well thought out, and just plain better in pretty much every way.

Cheers Mate

Advertisements

To tell the tale of Linux desktop based accessibility is a long and daunting endever. There have been several screen readers most started and abandoned after a short time, some possibly not abandoned, in name only, and the only one to really make any headway as far as a graphical environment goes is Orca. There is good old reliable speakup of course, but it is console only. The Copernicus screen reader has been left by the wayside, in fact, I doubt many people still remember it. there is another one, or was, called LSR (Linux Screen Reader) but, as far as I know, that project is also dead.
As if that isn’t a twisted road enough, let’s take a look at the desktop environment situation. First, accessibility wise, there was Gnome. Gnome 2 was great. Accessibility chugged along at a decent rate,bugs got fixed eventually, except that thing in terminal that caused the first letter of words on a line to be dropped by Orca. It had a great, easy to use interface, and everything just worked and worked well, and except for the little hiccup caused by the Oracle Fiasco, Orca development went along at a decent pace. Of course, the Oracle travesty screwed lots of projects and it fell to the open source community to fix the mess left behind when Oracle acquired Sun. As is usally the case, the open source community did an excellent job, making new and better projects to replace the stuff destroyed in the takeover. But, I digress. All in all, Gnome 2 was great. Then, Gnome 3 came out.
I’m not going to rant about Gnome 3. Out there, somewhere, there are Gnome 3 users and developers who love the project, and out of respect for those poor souls, I will keep my opinion to myself, well for the most part anyway. Let’s just say, I like it only slightly better than Unity, which is one of the key reasons I left Ubuntu and its derivitives such as Vinux in favor of Arch. It’s really too bad about Vinux, the projecthad a lot of potential, but it is so tied to Ubuntu that accessibility seems to take a back seat to sticking with a distro that seems to become less and less accessible as time passes.
So, without Gnome, which I refuse to use in its current condition, I was in need of a desktop. There were supposed to be two of them that worked with accessibility, LXDE and XFCE. I can’t comment on LXDE, because I was never able to get it working with Orca. The closest I ever got was getting Orca to say “Welcome to Orca”. Other people had better luck with it than I did, and the accessibility was supposed to be pretty good for the most part.
I went with XFCE. It really seemed to have a lot of potential. Most of the programs that came with it work with Orca. The file manager, desktop, and panels did not read at all though. So, I went to the propper IRC channels, file the propper bugs, was told the usual “accessibility is very important to us, it will be fixed in the next release.”
The next release came and went, and nothing. I was told that it had been kind of rushed and that the accessibility stuff was definitely going to be in the next release. Well, that release came and went as well. After that one, there was really no more communication. No one answer quearies in the IRC channel, no one replied to messages on the XFCE accessibility mailing list, nothing improved with accessibility at all.
Things stayed that way for about a year, until one day a friend of mine tried the Mate desktop. For those who don’t know, Mate is a fork of Gnome 2. Apparently, there are more people than just me who refuse to use Gnome 3. We were both surprised to find that Mate was very accessible. The last we had heard, the accessibility stack had been completely removed from it. Either that was completely wrong, or sometime afterwards they put it back in. There were a couple problem areas, once again with the desktop and panels, and the propper channels were once again followed. And, unlike with previous experiences, the bugs were fixed right away.
As far as the Mate desktop itself goes, I can’t say enough good stuff about it. It’s like the good old days, the desktop is fun again. I once again enjoy using a graphical environment. Of course, I think I have become a hard core CLI user, but when I need a desktop, Mate is completely awesome.
The one thing I kind of don’t like, is if you install the mate and mate-extra packages and select the defaults, you get stuck with pulseaudio. I have disliked pulseaudio for as long as I can remember. I probably would have stuck with XFCE if there wasn’t a way around it. Fortunately, though, you can select packages 1-12, and 14-23 I think it is and it will skip the pulse dependancy. In the mate-extra packages also skip the package that pulls in pulse, and it will fall back to using gstreamer.
To install, just do the usual pacman -S mate mate-extra.
So that Orca will talk when you first open Mate and launch Orca, add this to your ~/.xinitrc

#accessibility enabled
export GTK_MODULES=gail:atk-bridge

There is a second way to do this using gsettings directly. I haven’t tried this method yet, but others say it works just as well.

gsettings set org.mate.interface accessibility true

So, in closing, if you want a great, accessible desktop that is fun to use, works well, and behaves like a desktop should instead of something that appears to have a Mac and/or tablet identity crisis, use Mate. Even the people who can see prefer mate to the other desktops, the interface is well thought out, and just plain better in pretty much every way.

Customize Everything

Advertisements

Imagine for a moment you have just purchased a car. You get the keys, you climb in, start the engine. Now, let’s take this
imagined scene and add a few details. It’s the middle of a heat wave, outside your car the temperature reads 103 degrees
Fahrenheit. Somehow, the heat in the car has been set to max, and the volume on the radio is all the way up, and what’s worse,
the radio is tuned to rap. You can still save this imagined scene, just reach out, flip the heat over to air, turn down the
radio, and for god’s sake! find a station that plays music, you know, the stuff with talent.
I have noticed that when people get a new program, or in a lot of cases, a new computer, they never customize anything about it
at all. Just like you wouldn’t drive the car with the heat maxed during a heatwave with rap crashing through your new speakers
assailing your ears, neither should leave default settings as they are unless they are what you want. One great example of this
is the completely awesome speech synthesizer eSpeak. I have heard so many people complain that they don’t like the voice or the
British accent. If that is the case, why not customize it? It has a ton of languages including … you guessed it … U.S.
English and, there are a ton of variants as well so the voice can sound different. Go ahead, if you have a command line up:

espeak -v en-us+m3 "I just customized espeak. Yay for me."

See there, not so difficult.
I personally check preferences or settings for programs as soon as I install them. You never know what essential feature you
may discover that is disabled by default.

Blogging With Charm

Advertisements

If you love the CLI, and I do, charm is a great way to write, edit, or pretty much do anything with your blog. It is written for Live Journal, but works with WordPress. Setup is simple, just change the info below to match your credentials and launch charm. In Arch Linux, charm is available in the AUR:

metaweb = USERNAME PASSWORD http://YOURSITE.EXT/xmlrpc.php
editor = vim
pager = vimpager

And that’s it, you’re ready to pretty much control your blog right from the terminal. Charm has tons of options, and the menu based interface makes everything nice and easy.

Blogging With Charm

Advertisements

If you love the CLI, and I do, charm is a great way to write, edit, or pretty much do anything with your blog. It is written for Live Journal, but works with WordPress. Setup is simple, just change the info below to match your credentials and launch charm. In Arch Linux, charm is available in the AUR:

metaweb = USERNAME PASSWORD http://YOURSITE.EXT/xmlrpc.php
editor = vim
pager = vimpager

And that’s it, you’re ready to pretty much control your blog right from the terminal. Charm has tons of options, and the menu based interface makes everything nice and easy.

Let’s Have Sox

Advertisements

I have mentioned sox briefly in passing in a couple other posts. This awesome command line music player and editor is a truly great addition to anyone’s CLI arsenal though, so I figured I’d devote a whole post to it. So, without further ado, let’s have sox!
Simple usage:
play file name.ext
as in play guitarsolo.ogg
or to record yourself,
rec guitarsolo.flac
To convert file from wav to ogg:
sox scream.wav scream.ogg
The sox manual does a great job at explaining play and rec, so I will keep it brief here. The purpose of this article is more to discuss the synth function and all the really neat stuff you can do with it.
There are several sound types you can choose from when using synth, they are brown, pink, pluck, saw, square, triangle and white. To play a single guitar note, an E, you can do the following:
play -n synth 2 pl E2
Notice the use of pl instead of pluck in the line above. You can use abbreviated synth types for any of the sound types, pi for pink, tri for triangle, etc. If, you want to write your note to a file, do it like this:
sox -n note.ogg synth 2 pl E2
Using the play command will fail here because it will try to play the file note.ogg instead of writing to it. There are lots of effects you can add to your notes including overdrive, flanger, etc. Each is well documented in the sox manual. One thing that I found difficult to understand at first was linking multiple notes together. There are some simple demonstrations of chords in the manual, but, if you want to have sox play a song, you will run into the daunting task of making some huge delays for each note, or you can link multiple sox commands together like this:
play "|sox -np synth .25 pl E2" "|sox -np synth .7 pl B2"
I have written a script to play the song "Twinkle Twinkle Little Star" using sox. It is available here. Now, if we stopped here, that would have been some good sox, but I’m all about the really great sox. So, There is a second script that turns your keyboard into a keyboard (synthesizer) which you can download from here. Simply tar xzf soxsynth.tar.gz and cd to the soxsynth directory. run the script with ./soxsynth.
I have really enjoyed this sox with you. I hope it was as good for you as it was for me.

A Quick Update

Advertisements

Over the last few months I have been getting used to my new Distro of choice, Arch Linux. It has been an excellent experience so far. I am really enjoying my new choice of graphical desktop too, XFCE. The XFCE accessibility is in pretty good shape, but new progress is kind of slow, and the accessibility list almost never responds to queries. There is a lot of potential though, and I am hoping for the best. If you follow the arch installation guide and are interested in setting up XFCE with accessibility, you will need to install the orca and speech-dispatcher packages. Remember to run spd-conf before launching speech-dispatcher for the first time. One of the really great things about Arch Linux is you aren’t forced to use pulseaudio by default. So, if you hate pulseaudio as much as I do, remember to set your sound output to alsa in the speech-dispatcher configurations. To enable accessibility, you will need to add the following line to your .xinitrc
export GTK_MODULES=gail:at-bridge
That should be enough to get you up and running, if you decide to enter the wonderful world of Arch.

Vmail CLI Email Client

Advertisements

Vmail is one of, if not the most awesome email client I have ever used. If you are a fan of the vim text editor, you are going to love Vmail.
The documentation on the Vmail website explains everything you need to know about usage and installing, so I will not cover usage here. I will show how to install it in Ubuntu 10.04 and higher. The suggested installation method uses RVM which was a bit tricky for me until I figured out that it needed sudo to put programs in your executable path. To install, type the following:
sudo curl -L https://get.rvm.io | bash -s stable --ruby
After it downloads it will begin the process. Read the screen, then press q to continue. Enter the source command it gives you right before your prompt reappears, or just close and reopen your terminal. Next, type:
rvm install 1.9.3
This command may take a while.
gem install vmail
To update to the latest version, simply type:
gem install vmail
again. I am currently using Vmail as my primary email client, and I am sure, after trying it you will be too. One last thing, if you would like to set a script as your signature, you can do so by placing:
signature_script: /home/USER/path/to/script
in your ~/.vmailrc

Random stuff I happen to feel like writing about at the moment.