Using a *real* x.509 certificate with Irssi and OFTC.

Due to random reasons — read: highest point in the yearly “I’m bored to death” bell distribution curve — my x.509 certificates expire on the last days of the year. Now, I don’t really use them much if at all because PKI certificates have been out of vogue for several years now. But that doesn’t say anything about their usefulness! They can help you be more secure and more conscious of the need of security. In fact, there are places where using a x.509 certificate can simplify your life. Case in file: OFTC.

If you don’t use a x.509 certificate to log in to OFTC, they will make sure your life is miserable, trust me. What do you think of having 10 seconds to login with your password every time you connect. OK, I exaggerate with the time, but you get my point. Right? OFTC’s website is a wiki. Not particularly well-organized, I’m afraid, so you need to go digging for a while to find instructions on how to use a x.509 certificate to login to the network, but after a while you find the darned instructions.

So, I won’t touch that particular theme. Besides I’m sure there are at least 5,230 places out there where you can find that information. What I do want to touch in this post is the matter of x.509 certificates.

What do I call a real certificate? One emitted by a recognized certificate authority. And if I can get it for free, I’m in for as long as the ride lasts. So instead of creating my own self-signed x.509 certificate as the OFTC instructions suggest, I decided to use a real x.509 certificate with a real certificate chain. What to do?

First, there was the matter of choosing a certificate authority that would give me a x.509 certificate for free. Thawte stopped its personal PKI a couple of years ago. So the ones left, to my knowledge, are CAcert and StartSSL. After some thought I chose StartSSL, because they work as a OpenID authentication source as well.

Now, the problem was how to use the certificate. To generate the certificate I used Firefox, not because I wanted to but rather because I had trouble with Chromium doing the right thing. After exporting it I had a PKCS12 file where both public and private keys are encrypted with a password of my choice. But irssi needs a PEM file where both keys are unencrypted in ASCII armor format. So what now? Here comes the hack:

openssl pkcs12 -in in.p12 -out out.pem -nodes -clcerts

Give your encryption password when asked. Make sure you don’t give a password to the private key! Use out.pem according to the instructions in OFTC’s wiki, and that’s it. Of course, the usual “don’t be a moron” precautions ensue: Set file permissions so that only you can read the file, don’t do it in a shared or public computer, perhaps use something like ecryptfs to keep your $HOME/.ssh directory encrypted, or do it with your whole home directory or, better yet, encrypt your partitions with dmcrypt! All depends on your level of paranoia and real need of security.

¿Es el infierno exotérmico o endotérmico?

[La nota original se encuentra en]

¿Es el infierno exotérmico o endotérmico?

Cuando estudie para exámenes, recuerde que no es la cantidad si nó la calidad. Y que no hay substituto para la mierda pura y sin adulterar.

El Dr. Robert L. Shambaugh de la Escuela de Ingeniería Química de la Universidad de Oklahoma es conocido por preguntar cosas como “¿Por qué vuelan los aviones?” en sus exámentes finales. La única pregunta de su exámen final del curso “Momento, calor y transferencia de masa II” en mayo de 1997 fué: “¿Es el infierno exotérmico o endotérmico? Soporte su respuesta con pruebas.”

La mayoría de los estudiantes escribió pruebas de sus creencias usando la ley de Boyle u otra variante. Un estudiante, sin embargo, escribió lo siguiente:

Primero, postulamos que si las almas existen deben tener alguna masa. Si estas la tienen, entonces un mol de almas también puede tener masa. Así que, ¿a que tasa de transferencia entran las almas al infierno y a que tasa de transferencia salen? Yo creo que podemos asumir con seguridad que una vez una alma entra al infierno, no saldrá.

Por lo tanto, no salen almas. Respecto a las almas que entran al infierno, examinemos las diferentes religiones que existen en el mundo hoy. Algunas de estas religiones establecen que si no eres miembro de esa religión, te irás al infierno. Ya que hay mas de una de estas religiones y la gente no pertenece a más de una religión, podemos proyectar que toda la gente y almas se van al infierno. Con las tasas de nacimiento y muerte tal como están podemos esperar que el número de almas en el infierno incremente exponencialmente.

Ahora, veamos la tasa de cambio en el volumen del infierno. La ley de Boyle establece que para que la temperatura y presión en el infierno permanezcan constantes, la relación de la masa de almas al volumen del infierno debe permanecer constante.

Existen dos opciones:

  1. Si el infierno se expande a una tasa menor que la tasa a la que entran almas al infierno, entonces la temperatura y presión en el infierno aumentarán hasta que el infierno explote.
  2. Si el infierno se expande a una tasa mayor que el incremento de almas en el infierno, entonces la temperatura y presión disminuirán hasta que el infierno se congele.

Entonces, ¿cual es? Si aceptamos la afirmación dada a mí por Theresa Manyan durante mi primer año de universidad, “será una noche fría en el infierno antes de que yo me acueste contigo” y tomando en cuenta el hecho que yo todavía NO he podido tener relaciones sexuales con ella, entonces la opción 2 no puede ser cierta… Así pues, el infierno es exotérmico.

El estudiante, Tim Graham, obtuvo la única A.

On the Difference Between Being Opinionated and Being a Fool

We all are entitled to our opinions but there is a huge difference between a private opinion and a public opinion.

Private opinions are based on cultural bias, ignorance, hubris and vanity. Yes. you are entitled to believe in the tooth fairy despite all facts denying its existence. But when you start shouting it to the four winds and to deceptively convince people you not only know what you are talking about but that they should believe in everything you say, you have crossed the boundary into that realm where madness lives. And in the process, those who are not weak of mind nor heart will know for certain that you are a fool.

Thus, here is my little piece of free advice to all self-appointed pundits out there: Check your facts and make sure you are not an ignorant sod.

Creating a MPEG2 file with mencoder

Note to self: This is a reminder and follow up on the previous post of how I managed to reencode an AVC1/AC3 video in a Matroska container to a DVD-ready MPEG2 file with the original AC3 sound in a MPEG container (VOB), just like DVD authoring tools like their files (no sign of players supporting h.264 where I live yet, else…).

mencoder the_darned_movie.mkv -sub -utf8 -subfont-text-scale 3.3 -subpos 96 -oac copy -ovc lavc -lavcopts vcodec=mpeg2video:vbitrate=5000:mbd=2:trell=yes:gmc=yes:aspect=1.83/1:vpass=1 -of mpeg -mpegopts format=dvd:muxrate=24000:tsaf=yes:interleaving2=yes:vframerate=25 -noskip -o /dev/null

and then the actual encoding (make sure to copy the log file from the first pass somewhere safe just in case):

mencoder the_darned_movie.mkv -sub -utf8 -subfont-text-scale 3.3 -subpos 96 -oac copy -ovc lavc -lavcopts vcodec=mpeg2video:vbitrate=5000:mbd=2:trell=yes:gmc=yes:aspect=1.83/1:vpass=2 -of mpeg -mpegopts format=dvd:muxrate=24000:tsaf=yes:interleaving2=yes:vframerate=25 -noskip -o the_darned_movie.mpg

I made a couple of fix ups, such as converting the srt file to UTF-8, with gaupol. As well, lavf output doesn’t support VOB output as it was my first idea and to make things worse, it is broken as per program output (MPlayer SVN-r31918 a.k.a MPlayer 1.0.rc4). But, the MPEG muxer supports VOB, yay!

Creating a MPEG4 with subtitles using mencoder

Note to self: This is a reminder of how I managed to reencode an AVC1/AC3 video in a Matroska container to a low-profile MPEG-4 (aka “XViD” or “DivX”) video with the original AC3 sound in an AVI container, just like modern video players like their files (no sign of players supporting h.264 where I live yet).

mencoder the_darned_movie.mkv -sub -utf8 -subfont-text-scale 3.3 -subpos 96 -aspect 2 -oac copy -ovc lavc -lavcopts vcodec=mpeg4:mbd=2:trell=yes:v4mv=yes:aspect=16/9:vbitrate=1200:vpass=1 -o /dev/null

and then the actual encoding (make sure to copy the log file from the first pass somewhere safe just in case):

mencoder the_darned_movie.mkv -sub -utf8 -subfont-text-scale 3.3 -subpos 96 -aspect 2 -oac copy -ovc lavc -lavcopts vcodec=mpeg4:mbd=2:trell=yes:v4mv=yes:vbitrate=1200:aspect=16/9:vpass=2 -o the_darned_movie.avi

I made a couple of fix ups, such as converting the srt file to UTF-8, with gaupol.

Hacking Debian’s Desktop Default

Changing the desktop default after installing Debian without giving it a second thought is a pain if one is not very familiar with debconf (a.k.a., the spawn from hell, second only to Solaris’ SMF oh, how I loath thee —until I get close to some iron with AIX inside anyways.) You love The Debian Way(tm), and you strive to always use it despite all odds. And what odds! There is no easy and obvious way to change the default desktop in a Debian system[1], just the following:

echo "tasksel tasksel/desktop string xfce" | debconf-set-selections

[1] Yes, I’m bitching too much, but how do you expect a luser to do this without suffering a heart attack? Wait I use Debian, not Ubuntu. Thank you $DEITY!