Using a *real* x.509 certificate with Irssi and OFTC.

Due to random reasons — read: highest point in the yearly “I’m bored to death” bell distribution curve — my x.509 certificates expire on the last days of the year. Now, I don’t really use them much if at all because PKI certificates have been out of vogue for several years now. But that doesn’t say anything about their usefulness! They can help you be more secure and more conscious of the need of security. In fact, there are places where using a x.509 certificate can simplify your life. Case in file: OFTC.

If you don’t use a x.509 certificate to log in to OFTC, they will make sure your life is miserable, trust me. What do you think of having 10 seconds to login with your password every time you connect. OK, I exaggerate with the time, but you get my point. Right? OFTC’s website is a wiki. Not particularly well-organized, I’m afraid, so you need to go digging for a while to find instructions on how to use a x.509 certificate to login to the network, but after a while you find the darned instructions.

So, I won’t touch that particular theme. Besides I’m sure there are at least 5,230 places out there where you can find that information. What I do want to touch in this post is the matter of x.509 certificates.

What do I call a real certificate? One emitted by a recognized certificate authority. And if I can get it for free, I’m in for as long as the ride lasts. So instead of creating my own self-signed x.509 certificate as the OFTC instructions suggest, I decided to use a real x.509 certificate with a real certificate chain. What to do?

First, there was the matter of choosing a certificate authority that would give me a x.509 certificate for free. Thawte stopped its personal PKI a couple of years ago. So the ones left, to my knowledge, are CAcert and StartSSL. After some thought I chose StartSSL, because they work as a OpenID authentication source as well.

Now, the problem was how to use the certificate. To generate the certificate I used Firefox, not because I wanted to but rather because I had trouble with Chromium doing the right thing. After exporting it I had a PKCS12 file where both public and private keys are encrypted with a password of my choice. But irssi needs a PEM file where both keys are unencrypted in ASCII armor format. So what now? Here comes the hack:

openssl pkcs12 -in in.p12 -out out.pem -nodes -clcerts

Give your encryption password when asked. Make sure you don’t give a password to the private key! Use out.pem according to the instructions in OFTC’s wiki, and that’s it. Of course, the usual “don’t be a moron” precautions ensue: Set file permissions so that only you can read the file, don’t do it in a shared or public computer, perhaps use something like ecryptfs to keep your $HOME/.ssh directory encrypted, or do it with your whole home directory or, better yet, encrypt your partitions with dmcrypt! All depends on your level of paranoia and real need of security.

What language do I use in this blog then?

So… What language do I use in this blog then? English or Spanish? At the start I said “English”, out of a certain mistrust and rejection for the Spanish-only speaking audience. It is silly and with time I started to write more and more in Spanish for two reasons: 1. Sometimes I write about tech topics for which it is very difficult to find information in Spanish. 2. I feel like it.

But that’s a question that has kept coming to my mind for a long time. I know I didn’t keep the promise I made myself to write here at least once a week, thus pretending this blog has some significance even for me is a bit pretentious. I can attribute my apparent aloofness to the problems that real life throws at us to make the best laid up plans break in pieces. There is a lot I could say about what real life has dished out to me since I opened this blog, but really: Does anyone listen anyway? 

On the other hand there is the problem of inner modesty that brings a strong sense of self-censorship. Yeah! I have things to say. I’m boiling to write about them and throw them to the seven directions, but do I really have the abandon to carelessly vent my private opinions and emotions in a public stand, even if in the case of this blog the audience is none? The answer to this question is “certainly no!”. As a famous (at leat for fifteen minutes) humorist of my country used to say: “Rather dead than discolored”.

So, I won’t answer the question yet and give myself the benefit of the doubt. I’ll keep saying this blog is in English. I’ll write most entries in English and try to write at least once a month. So there.

¿Es el infierno exotérmico o endotérmico?

[La nota original se encuentra en http://www.pinetree.net/humor/thermodynamics.html]

¿Es el infierno exotérmico o endotérmico?

Cuando estudie para exámenes, recuerde que no es la cantidad si nó la calidad. Y que no hay substituto para la mierda pura y sin adulterar.

El Dr. Robert L. Shambaugh de la Escuela de Ingeniería Química de la Universidad de Oklahoma es conocido por preguntar cosas como “¿Por qué vuelan los aviones?” en sus exámentes finales. La única pregunta de su exámen final del curso “Momento, calor y transferencia de masa II” en mayo de 1997 fué: “¿Es el infierno exotérmico o endotérmico? Soporte su respuesta con pruebas.”

La mayoría de los estudiantes escribió pruebas de sus creencias usando la ley de Boyle u otra variante. Un estudiante, sin embargo, escribió lo siguiente:

Primero, postulamos que si las almas existen deben tener alguna masa. Si estas la tienen, entonces un mol de almas también puede tener masa. Así que, ¿a que tasa de transferencia entran las almas al infierno y a que tasa de transferencia salen? Yo creo que podemos asumir con seguridad que una vez una alma entra al infierno, no saldrá.

Por lo tanto, no salen almas. Respecto a las almas que entran al infierno, examinemos las diferentes religiones que existen en el mundo hoy. Algunas de estas religiones establecen que si no eres miembro de esa religión, te irás al infierno. Ya que hay mas de una de estas religiones y la gente no pertenece a más de una religión, podemos proyectar que toda la gente y almas se van al infierno. Con las tasas de nacimiento y muerte tal como están podemos esperar que el número de almas en el infierno incremente exponencialmente.

Ahora, veamos la tasa de cambio en el volumen del infierno. La ley de Boyle establece que para que la temperatura y presión en el infierno permanezcan constantes, la relación de la masa de almas al volumen del infierno debe permanecer constante.

Existen dos opciones:

1. Si el infierno se expande a una tasa menor que la tasa a la que entran almas al infierno, entonces la temperatura y presión en el infierno aumentarán hasta que el infierno explote.
2. Si el infierno se expande a una tasa mayor que el incremento de almas en el infierno, entonces la temperatura y presión disminuirán hasta que el infierno se congele.

Entonces, ¿cual es? Si aceptamos la afirmación dada a mí por Theresa Manyan durante mi primer año de universidad, “será una noche fría en el infierno antes de que yo me acueste contigo” y tomando en cuenta el hecho que yo todavía NO he podido tener relaciones sexuales con ella, entonces la opción 2 no puede ser cierta… Así pues, el infierno es exotérmico.

El estudiante, Tim Graham, obtuvo la única A.

Correo Yahoo! con IMAP. La tercera es la vencida.

Acabo de leer en la Wikipedia en inglés que es posible usar IMAP para acceder a Yahoo! Mail. Por supuesto tiene mas condiciones que un tute cantado: O se usa un cliente desde un teléfono móvil, o se usa una extensión especial a IMAP que, por cierto, es soportada por Mozilla Thunderbird y por Evolution en modo «imapx».

On the Difference Between Being Opinionated and Being a Fool

We all are entitled to our opinions but there is a huge difference between a private opinion and a public opinion.

Private opinions are based on cultural bias, ignorance, hubris and vanity. Yes. you are entitled to believe in the tooth fairy despite all facts denying its existence. But when you start shouting it to the four winds and to deceptively convince people you not only know what you are talking about but that they should believe in everything you say, you have crossed the boundary into that realm where madness lives. And in the process, those who are not weak of mind nor heart will know for certain that you are a fool.

Thus, here is my little piece of free advice to all self-appointed pundits out there: Check your facts and make sure you are not an ignorant sod.

Creating a MPEG2 file with mencoder

Note to self: This is a reminder and follow up on the previous post of how I managed to reencode an AVC1/AC3 video in a Matroska container to a DVD-ready MPEG2 file with the original AC3 sound in a MPEG container (VOB), just like DVD authoring tools like their files (no sign of players supporting h.264 where I live yet, else…).

mencoder the_darned_movie.mkv -sub subtitles_spa.srt -utf8 -subfont-text-scale 3.3 -subpos 96 -oac copy -ovc lavc -lavcopts vcodec=mpeg2video:vbitrate=5000:mbd=2:trell=yes:gmc=yes:aspect=1.83/1:vpass=1 -of mpeg -mpegopts format=dvd:muxrate=24000:tsaf=yes:interleaving2=yes:vframerate=25 -noskip -o /dev/null

and then the actual encoding (make sure to copy the log file from the first pass somewhere safe just in case):

mencoder the_darned_movie.mkv -sub subtitles_spa.srt -utf8 -subfont-text-scale 3.3 -subpos 96 -oac copy -ovc lavc -lavcopts vcodec=mpeg2video:vbitrate=5000:mbd=2:trell=yes:gmc=yes:aspect=1.83/1:vpass=2 -of mpeg -mpegopts format=dvd:muxrate=24000:tsaf=yes:interleaving2=yes:vframerate=25 -noskip -o the_darned_movie.mpg

I made a couple of fix ups, such as converting the srt file to UTF-8, with gaupol. As well, lavf output doesn’t support VOB output as it was my first idea and to make things worse, it is broken as per program output (MPlayer SVN-r31918 a.k.a MPlayer 1.0.rc4). But, the MPEG muxer supports VOB, yay!

Creating a MPEG4 with subtitles using mencoder

Note to self: This is a reminder of how I managed to reencode an AVC1/AC3 video in a Matroska container to a low-profile MPEG-4 (aka “XViD” or “DivX”) video with the original AC3 sound in an AVI container, just like modern video players like their files (no sign of players supporting h.264 where I live yet).

mencoder the_darned_movie.mkv -sub subtitles.srt -utf8 -subfont-text-scale 3.3 -subpos 96 -aspect 2 -oac copy -ovc lavc -lavcopts vcodec=mpeg4:mbd=2:trell=yes:v4mv=yes:aspect=16/9:vbitrate=1200:vpass=1 -o /dev/null

and then the actual encoding (make sure to copy the log file from the first pass somewhere safe just in case):

mencoder the_darned_movie.mkv -sub subtitles.srt -utf8 -subfont-text-scale 3.3 -subpos 96 -aspect 2 -oac copy -ovc lavc -lavcopts vcodec=mpeg4:mbd=2:trell=yes:v4mv=yes:vbitrate=1200:aspect=16/9:vpass=2 -o the_darned_movie.avi

I made a couple of fix ups, such as converting the srt file to UTF-8, with gaupol.

Hacking Debian’s Desktop Default

Changing the desktop default after installing Debian without giving it a second thought is a pain if one is not very familiar with debconf (a.k.a., the spawn from hell, second only to Solaris’ SMF oh, how I loath thee —until I get close to some iron with AIX inside anyways.) You love The Debian Way(tm), and you strive to always use it despite all odds. And what odds! There is no easy and obvious way to change the default desktop in a Debian system[1], just the following:

echo "tasksel tasksel/desktop string xfce" | debconf-set-selections

[1] Yes, I’m bitching too much, but how do you expect a luser to do this without suffering a heart attack? Wait I use Debian, not Ubuntu. Thank you $DEITY!

Using Mozilla Weave, a.k.a. Firefox Sync with SELinux

Note to self: SELinux is a horrid kludge (not the idea, but the implementation) for the cold-war paranoid and it is time already for Torvalds to accept AppArmor into the main branch and for a major distribution’s developers to get their act together and at the very least provide TOMOYO, SMACK and AppArmor as first class alternatives with a working policy set and and not some sort of red-haired stepchildren a new user cannot use because they need to be integrated semi-automatically at best. Even if Debian provides ways of dealing with the kernel patching, it isn’t trivial. (I know this may not be possible because the original security subsystem design isn’t stackable; or it wasn’t the last time I checked).

In the meantime, and considering I use Fedora these days, I’ve run into  a problem using SELinux. When trying to use Firefox Sync, previously known as the artist called Mozilla Weave, SELinux blocks the cryptographic library bundled with the extension. The solution is to edit /etc/selinux/targeted/contexts/files/file_contexts.local and add the following line to the file (be careful, only do it if you know what you are doing):

/home(/.*)?/.mozilla(/.*)?/components/WeaveCrypto.so    system_u:object_r:textrel_shlib_t:s0

Las redes sociales y la pontificación sociológica

Mi amigo Zamuro dió una charla sobre redes sociales en el FLISOL de Caracas el sábado 24 de abril que acaba de pasar. Y como es muy aplicado ha puesto las diapositivas de su charla en su blog.

En los comentarios Mariangela Petrizzo escribe algo con lo que no puedo estar completamente de acuerdo.

Mi posición en el asunto es que las redes sociales no son un fenómeno simplemente sociológico o sociopolítico (que son cosas diferentes); eso es reductio ad absurdum, algo a lo que se han acostumbrado las ciencias sociales debido a) a la gran influencia de la física teórica en la ciencia del siglo pasado; no es más que observar el empobrecimiento intelectual al que ha llegado la biología a través de la “molecularidad del ser” dejando atrás todo el conocimiento acumulado por el naturalismo y por la bilogía organísmica, de poblaciones y ecosistemas. Ahora si quieres ser un naturalista exitoso te toca ser presentador de National Geographic o de Animal Planet. b) Las ciencias sociales como ejercicio reduccionista no son mas que la aceptación implicita por el status quo academico, de que las ciencias sociales en general son arte y no ciencia. Es por eso que se le dió tanto énfasis al uso de técnicas de análisis estadístico en la sicología, la sociología y la politología de los 50s, lo que al contrario del uso de la estadística en las ciencias naturales, es pura y física especulación.

En cambio, es apropiado ver a las redes sociales con ojos y mente de antropólogo. Las redes sociales son flujos de cultura que se tribalizan y por tanto deben ser estudiadas con las técnicas de los etnografos, quienes son los naturalistas que estudian a otros humanoides de la misma especie biológica usualmente… Desde este último punto de partida, es perfectamente válido hacer una diferenciación y un paragón entre academia y otros grupos subculturales, pues los academicos (que lo soy aunque no ejerza), hablamos y pensamos de maneras muy diferentes a los otros grupos culturales dentro de la sociedad y lo mismo se aplica a otras subculturas. Yo, por ejemplo, nunca pondría mis pies virtuales en 4chan ni muerto, pero conozco quien lo hace y lo disfruta.