Palemoon 64-bit for Linux and Flash Player Plugin

  1. Install Palemoon using the pminstaller.sh from http://linux.palemoon.org/download/installer/
  2. Visit the main page at https://get.adobe.com/flashplayer/otherversions/ or use this direct link: https://get.adobe.com/flashplayer/download/?installer=FP_27.0_for_Linux_64-bit_(.rpm)_-_NPAPI&stype=7768&standalone=1 and install it.
  3. Load the libraries in the directory Pale Moon looks in:
    sudo ln -s /usr/lib64/flash-plugin/libflashplayer.so /usr/lib/mozilla/plugins/
    

References

My links

  1. https://bgstack15.wordpress.com/2017/12/07/palemoon-64-bit-for-linux-and-google-talk-plugin/
Advertisements

Palemoon 64-bit for Linux and Google Talk Plugin

  1. Install Palemoon using the pminstaller.sh from http://linux.palemoon.org/download/installer/
  2. Visit gmail and initiate a call, which will cause it to prompt you to download the google talk plugin. Install it.
  3. Load the libraries in the directory Pale Moon looks in:
    pushd /usr/lib/mozilla/plugins 1>/dev/null 2>&1
    sudo ln -s ../../../../opt/google/talkplugin/libnpo1d.so
    sudo ln -s ../../../../opt/google/talkplugin/libnpgoogletalk.so
    popd 1>/dev/null 2>&1

    You don’t even need to close and re-open the browser!

You will still get the warning “Hangouts phone calls will temporarily stop working in Firefox.” When making an outgoing call, you can dismiss the warning. However, I was unable dismiss the warning when receiving a call, which means I was not able to receive calls. I don’t know how to fix that part.

Also, on occasion, it simply wouldn’t make an outgoing call. Just cancel and try again, and then it will work.

References

Weblinks

https://askubuntu.com/questions/906315/install-java-plugin-in-pale-moon-browser/906341#906341

Original research

rpmrebuild google-talkplugin_current_x86_64.rpm

Ansible delegate_to a Windows host

If you use Ansible, and Windows, and you need to perform a few tasks out of a play on a Windows host, you use delegate_to.

However, using a regular delegate_to doesn’t work, because of a certificate validation error.

TASK [certreq : win_shell] *****************************************************************************************
fatal: [linux_host]: UNREACHABLE! => {"changed": false, "msg": "ssl: HTTPSConnectionPool(host='win_host', port=5986): Max retries exceeded with url: /wsman (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)'),))", "unreachable": true}

What you need to do is set a host fact in the play:

- set_fact:
    ansible_winrm_server_cert_validation: ignore

- win_shell: Write-Host 'Hello World!'
  delegate_to: "{{ winhost_hostname }}"
  vars:
    ansible_user: "{{ winhost_user }}"
    ansible_port: 5986

I have tried placing the variable in the vars on the win_shell command, but it didn’t work. You have to set it as a host fact of the regular host(s) running the play.
And that’s it! You’ll still get the warning, but the connection will work!

TASK [certreq : win_shell] *****************************************************************************************
/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:858: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
changed: [linux_host -> win_host] => {"changed": true, "cmd": "Write-Host 'Hello World!'", "delta": "0:00:00.265626", "end": "2017-11-14 03:36:10.390993", "rc": 0, "start": "2017-11-14 03:36:10.125366", "stderr": "", "stderr_lines": [], "stdout": "Hello World!\n", "stdout_lines": ["Hello World!"]}

References

Weblinks

  1. My original research based on info from another github user, jborean93 https://github.com/ansible/ansible/issues/32673#issuecomment-344291429

Compiling FreeFileSync on Fedora

FreeFileSync is a great open source GUI application. Think of it as the GUI for rsync.

The Freefilesync team does not provide an rpm of the software, but they do provide the source code. The link is for reference, I suppose, but the team does not allow direct linking. I haven’t even been able to script downloading the source, so for now just go visit their main site and get the source that way.

So, once you open up the zip file of the source code, you need to modify a few things. Please examine the patch I wrote: http://albion320.no-ip.biz/smith122/repo/patch/freefilesync/FreeFileSync_9.4.fc25.patch

Here is the text, in case my home server is down:

diff -Naur FreeFileSync/Source/Makefile FreeFileSync.fc25/Source/Makefile
--- FreeFileSync/Source/Makefile	2017-10-05 09:54:58.000000000 -0400
+++ FreeFileSync.fc25/Source/Makefile	2017-10-22 21:33:01.445470939 -0400
@@ -10,8 +10,8 @@
 LINKFLAGS = -s `wx-config --libs std, aui --debug=no` -lboost_thread -lboost_chrono -lboost_system -lz -pthread
 
 #Gtk - support recycler/icon loading/no button border/grid scrolling
-CXXFLAGS  += `pkg-config --cflags gtk+-2.0`
-LINKFLAGS += `pkg-config --libs   gtk+-2.0`
+CXXFLAGS  += `pkg-config --cflags gtk+-3.0`
+LINKFLAGS += `pkg-config --libs   gtk+-3.0`
 
 #support for SELinux (optional)
 SELINUX_EXISTING=$(shell pkg-config --exists libselinux && echo YES)
diff -Naur FreeFileSync/Source/RealTimeSync/Makefile FreeFileSync.fc25/Source/RealTimeSync/Makefile
--- FreeFileSync/Source/RealTimeSync/Makefile	2017-10-05 09:54:58.000000000 -0400
+++ FreeFileSync.fc25/Source/RealTimeSync/Makefile	2017-10-22 21:33:19.853796285 -0400
@@ -7,8 +7,8 @@
 LINKFLAGS = -s `wx-config --libs std, aui --debug=no` -lboost_thread -lboost_chrono -lboost_system -lz -pthread
 
 #Gtk - support "no button border"
-CXXFLAGS  += `pkg-config --cflags gtk+-2.0`
-LINKFLAGS += `pkg-config --libs   gtk+-2.0`
+CXXFLAGS  += `pkg-config --cflags gtk+-3.0`
+LINKFLAGS += `pkg-config --libs   gtk+-3.0`
 
 CPP_LIST=
 CPP_LIST+=application.cpp
diff -Naur FreeFileSync/Source/ui/main_dlg.cpp source.fc25/FreeFileSync/Source/ui/main_dlg.cpp
--- FreeFileSync/Source/ui/main_dlg.cpp	2017-10-05 09:54:58.000000000 -0400
+++ FreeFileSync.fc25/Source/ui/main_dlg.cpp	2017-10-22 21:33:01.446470957 -0400
@@ -1024,7 +1024,7 @@
         history.resize(globalSettings.gui.cfgFileHistMax);
 
     globalSettings.gui.cfgFileHistory = history;
-    globalSettings.gui.cfgFileHistFirstItemPos = m_listBoxHistory->GetTopItem();
+    //globalSettings.gui.cfgFileHistFirstItemPos = m_listBoxHistory-gt;GetTopItem();
     //--------------------------------------------------------------------------------
     globalSettings.gui.lastUsedConfigFiles.clear();
     for (const Zstring& cfgFilePath : activeConfigFiles_)
@@ -4862,6 +4862,7 @@
 
     m_menuItemCheckVersionAuto->Check(updateCheckActive(globalCfg_.gui.lastUpdateCheck));
 
+    /*
     if (shouldRunPeriodicUpdateCheck(globalCfg_.gui.lastUpdateCheck))
     {
         flashStatusInformation(_("Searching for program updates..."));
@@ -4869,6 +4870,7 @@
         periodicUpdateCheckEval(this, globalCfg_.gui.lastUpdateCheck, globalCfg_.gui.lastOnlineVersion,
                                 periodicUpdateCheckRunAsync(periodicUpdateCheckPrepare().get()).get());
     }
+    */
 }
 
 
@@ -4877,6 +4879,7 @@
     //execute just once per startup!
     Disconnect(wxEVT_IDLE, wxIdleEventHandler(MainDialog::OnRegularUpdateCheck), nullptr, this);
 
+    /*
     if (shouldRunPeriodicUpdateCheck(globalCfg_.gui.lastUpdateCheck))
     {
         flashStatusInformation(_("Searching for program updates..."));
@@ -4890,6 +4893,7 @@
                                     resultAsync.get()); //run on main thread:
         });
     }
+    */
 }
 
 

You will need a set of packages installed to compile:

dnf install -y boost-devel compat-wxGTK3-gtk2-devel gcc-c++ gtk+-devel gtk3-devel wxGTK-devel wxGTK3-devel

Get Windows license key from your hardware in Linux

If you are running on hardware that originally came with a licensed Microsoft Windows operating system, you should check to see if you can get the license key from your hardware.

sudo hexdump -s 56 -e '"MSDM key: " /29 "%s\n"' /sys/firmware/acpi/tables/MSDM
MSDM key: 12345-09876-ABCDE-FGHIJ-ZYXWV (obscured, of course)

Or another way:

sudo cat /sys/firmware/acpi/tables/MSDM | strings

I never came across this tidbit until today! Apparently it is well-known throughout the Internet.

References

Weblinks

  1. Found it first at https://solus-project.com/forums/viewtopic.php?f=11&t=8663
  2. Strings method https://superuser.com/questions/637971/how-do-i-get-out-my-embedded-windows-8-key-from-a-linux-environment#638033

Samba and ntlm for Windows clients

tl;dr

Use one or the other:

1. Insecure but fast, in /etc/samba/smb.conf:

[global]
ntlm auth = yes

2. Best, on client Windows machine:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"LmCompatibilityLevel"=dword:00000001

Samba and ntlm

With the published “ETERNALBLUE” vulnerability (CVE-2017-0146) a few months ago, the effects finally trickled down to the default settings for samba in CentOS 7.

After updating to samba 4.6.2, I was unable to access my samba share from a Windows client (using my freeipa credentials).

Here’s what I found in /var/log/samba/log.lsasd after setting [global] log level = 3:

  check_ntlm_password:  Authentication for user [bgstack15] -> [bgstack15] FAILED with error NT_STATUS_WRONG_PASSWORD
[2017/10/01 16:45:54.106771,  2, pid=5289] ../auth/gensec/spnego.c:768(gensec_spnego_server_negTokenTarg)
  SPNEGO login failed: NT_STATUS_WRONG_PASSWORD
[2017/10/01 16:45:54.106860,  3, pid=5289] ../source3/smbd/smb2_server.c:3097(smbd_smb2_request_error_ex)
  smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_LOGON_FAILURE] || at ../source3/smbd/smb2_sesssetup.c:134
[2017/10/01 16:45:54.107513,  3, pid=5289] ../source3/smbd/server_exit.c:246(exit_server_common)
  Server exit (NT_STATUS_CONNECTION_RESET)
[2017/10/01 16:45:54.113588,  3, pid=5249] ../source3/lib/util_procid.c:54(pid_to_procid)
  pid_to_procid: messaging_dgm_get_unique failed: No such file or directory

After lots and lots of research, I finally found the answer at the FreeBSD forum! Gotta love the FreeBSD folks; they keep us all sane and grounded in free and open computing.
Just add ntlm auth = yes to your [global] section of smb.conf!

However, I looked it up and that enables samba to accept ntlmv1, which was the vulnerable protocol based on that CVE I mentioned earlier in this article.

I wanted to find out how to stick to ntlmv2 authentication, if possible, and I did discover it! You can just configure your Windows clients to use the more secure settings either using the registry or the graphical secpol.msc tool.
For the Local Security Policy (secpol.msc) tool, navigate to Security Settings->Local Policies->Security Options->”Network security: LAN Manager authentication level.” Set it to “Send LM & NTLM – use NTLMv2 session security if negotiated.”

secpol.msc utility showing directory tree navigated to Network security: LAN Manager authentication level setting
Local Security Policy window with setting

To automate this setting, you can make a registry file such as ntlmv2.reg with the following contents:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"LmCompatibilityLevel"=dword:00000001

I recognize this location from when I’ve adjusted it in the past, at a place that would not have been affected by this vulnerability or its remediation because they were forcing NTLMv2 years ago on the workstations.

Reference

Weblinks

      1. Samba quick answer https://forums.freebsd.org/threads/62169/
      2. Client secpol.msc answer https://support.symantec.com/en_US/article.TECH132917.html
      3. Client registry answer https://kb.iu.edu/d/atcb

Enabling mkhomedir on Ubuntu for FreeIPA

The story

In my endeavors to practice with FreeIPA, I tested the Ubuntu port of freeipa. There is a known bug where the –mkhomedir option of the ipa-client-install command for Ubuntu does not actually enable making homedirs for users on first login.

The solution

apt-get install freeipa-client
th="$( hostname --fqdn )"; case "${th}" in *.*) :;; *) th="${th}.$( awk '/search/ {print $2}' /etc/resolv.conf )";; esac;
ipa-client-install --mkhomedir --force-ntpd --enable-dns-updates --hostname "${th}"
sed -i -r -e 's/Default:\s\w+/Default: yes/;' /usr/share/pam-configs/mkhomedir
pam-auth-update # and add the homedir option manually because it cannot be scripted.

References

Weblinks

  1. https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1336869

Inject hostname into kickstart

The story

I have been learning how to automate my centos installations in my virtual environment. I’ve learned how to use the virsh command line to spin up a new vm the way I like, and to feed it a kickstart file. I also learned how to use kickstarts.

Set hostname automatically with a kickstart

In the main area of the kickstart file, include this line:

%include /tmp/network.ks

Include in your %pre section this section:

%pre
echo "network  --bootproto=dhcp --device=eth0 --ipv6=auto --activate --hostname renameme.ipa.example.com" > /tmp/network.ks
for x in $( cat /proc/cmdline );
do
   case $x in SERVERNAME*)
      eval $x
      echo "network  --bootproto=dhcp --device=eth0 --ipv6=auto --activate --hostname ${SERVERNAME}.ipa.example.com" > /tmp/network.ks
      ;;
   esac
done
%end

To paraphrase the post I’m duplicating for myself, you need the first echo redirection to the file in case there was no SERVERNAME= parameter given to the kernel.
When you boot, you need to include on the kernel command (usually the “linux” one), the value SERVERNAME=myhostname.

For my virsh command, that is:

vm=centos7-02a ; virt-install -n "${vm}" --memory 2048 --vcpus=1 --os-variant=rhel7.2 --accelerate -v --disk path=/var/lib/libvirt/images/"${vm}".qcow2,size=20 -l /mnt/public/Support/SetupsBig/CentOS-7-x86_64-Minimal-1511.iso  --initrd-inject=/mnt/public/Public/centos7-ks.cfg --extra-args "ks=file:/centos7-ks.cfg SERVERNAME=${vm}" --debug --network type=direct,source=eno1

References

  1. Install system-config-kickstart on Fedora 25 http://bytefreaks.net/gnulinux/fedora-25-workaround-to-install-system-config-kickstart
    sudo dnf install
    https://kojipkgs.fedoraproject.org/packages/system-config-date/1.10.9/3.fc25/noarch/system-config-date-1.10.9-3.fc25.noarch.rpm python-kickstart system-config-kickstart;
  2. https://sysadmin.compxtreme.ro/automatically-set-the-hostname-during-kickstart-installation/

List available packages from one repository

For dnf

dnf list available --disablerepo=* --enablerepo=reponame

For dpkg (low-level package manager for apt)

ff() { for file in /etc/apt/sources.list.d/$1.list; do grep -iE "Package:" "/var/lib/apt/lists/$( cut -d' ' -f2 "${file}" | sed -r -e 'sX\/X_Xg;' -e 's/\<http.__//g;')Packages"; done; }
ff reponame

The story

For some reason it is harder to manage packages with apt: This is a main reason I don’t like to use it. I had to go write this crazy one-liner function to accomplish the same task that dnf provides with just two flags.
Also, the apt command here shows all the packages from that repository, regardless of its installed state. The dnf command will show only the ones available that are not already installed.

Using Google Talk Plugin in Palemoon Portable in Wine on Linux

Overview

My main browser is Palemoon Portable which I run in Wine on GNU/Linux. I also use Gmail, Google Talk (the pre-Hangouts tool), and Google Voice.

In order to make and receive phone calls from my main web gmail page, I used this process.

  1. Install Adobe Flash Player for Firefox on Windows. I used the offline installer from the download link at Weblink 2.
    1. Used my Linux native Firefox to navigate to the normal Adobe flash player download page.
    2. Selected “Need Flash Player for different computer?”
    3. Selected Windows 7/Vista/XP and FP 25 for Firefox – NPAPI.
    4. From a terminal, I ran the following command and installed Flash like normal.wine ~/Downloads/install_flash_player.exe
  2. Install Google Talk plugin.
    1. Unfortunately the gmail link for “Download voice chat plugin” failed to complete. When I ran wine ~/Downloads/GoogleVoiceAndVideoSetup.exe from a terminal, I observed that the process failed because of some network issue related to wine:fixme:secur32:schannel_get_cipher_algid unknown algorithm 23
      fixme:secur32:schannel_get_mac_algid unknown algorithm 200

      I bet it has something to do with the way my GNU/Linux computers always have some long MAC address in my dhcp list instead of a normal 12-character value. I don’t know how to fix that, nor was I able to trick the installer to continue.
    2. So I had to install the Google Talk plugin manually.
      1. I used a Windows computer that already had a working environment of Google Talk for Palemoon Portable. I copied these files:C:\Users\bgstack15\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
        C:\Users\bgstack15\AppData\Roaming\Mozilla\plugins\npo1d.dll
        To location
        /usr/share/PMP257/Lib/Mozilla/Plugins
        Where /usr/share/PMP257 is my D:\PortableApps location.
      2. I also copied this entire directory:C:\Users\bgstack15\AppData\Local\Google\Google Talk Plugin\
        As the directory
        /usr/share/PMP257/Lib/Mozilla/Plugins/Google Talk Plugin/
      3. I set up the wine registry with a key and values from a registry file as seen below.tf=/usr/share/PMP257/Lib/Mozilla/Plugins/googletalk.reg
        touch "${tf}"; chmod 0644 "${tf}"
        cat << EOF > "${tf}"
        REGEDIT4
        [HKEY_CURRENT_USER\Software\Google\Google Talk Plugin]
        "CrashReporterKeyPath"=dword:00000000
        "D3DXRedistKeyPath"=dword:00000000
        "DriverBlacklistKeyPath"=dword:00000000
        "install_dir"="z:\\usr\\share\\PMP257\\Lib\\Mozilla\\Plugins\\Google Talk Plugin\\"
        "neven_lm_installed"=dword:00000001
        "neven_sft_installed"=dword:00000001
        "nven_mft_installed"=dword:00000001
        EOF
        regedit "${tf}"

        If the registry file does not import properly, try sticking a blank line after REGEDIT4. WordPress and the html <code> tag do not play nicely together with blank lines in code.

Conclusion

This entire process was made possible by the fantastic users of the Portableapps.com community: portablealpha, taosk8r, acamp, and robertcollier4. It was that one page (weblink 1), and my working but disused Windows installation that made this whole process possible.

Backstory

I realize I make life hard for myself, for using a web interface in a portable version of a small fork of a web browser in an emulator.

The story behind why I use this portable browser, in wine, on Linux, is this. When I first started getting on the Internet, I was a teenager and did not own my own computer. I had a flash drive, and I used it to store my personal files. I discovered PortableApps which let me use probably Firefox 2 or 3 from my flash drive. Even as I grew and got my own computers, I still kept my main web browser as a portable one so it would be relatively free from OS hooks so it was easy to transplant from system to system, as I migrated my main workstation. I built up a new installation every couple of years, hopping from Firefox 17 at one point to 27 to 33 to 38. After that, I switched to Palemoon 25 Portable and that is what I’m still on as of this post.

Now, 2016 was the Year of Linux on the Desktop for me, as I wanted to avoid the Windows 10 debacle. I had installed Korora 22 Cinnamon on a spare laptop in November of 2015 and from there made it my main system. In February of 2016 I copied over my Palemoon Portable install and it ran in Wine just fine! The only problem it had was it didn’t work with Google Voice.

This week I was trying to solve a VLC dlna problem where it was not finding my Plex server. I got frustrated with that (a bug that’s still unresolved https://bugs.launchpad.net/ubuntu/+source/libupnp/+bug/1571199) and transitioned into looking into the Google talk problem on Palemoon Portable.

References

Weblinks

  1. Entire portableapps thread explaining how to get a PortableApp to use Google Talk. http://portableapps.com/node/24945

Portablealpha on September 15, 2010 – 9:18pm

Adding Google Voice plugin

Just wanted to let people know how I got the Google Voice plugin to work so that I could use the “Call Phone” feature from within gmail. This is *not* elegant but it’s the only way I could figure it out because the target computer is behind some nasty firewalls (and the Google Voice installer isn’t allowed to call home to download its files).

1. Install the Google Voice plugin on your home computer.
2. Locate the Google Voice and Video Accelerator plugins in FF using about:plugins.
3. Copy those to your Firefox Portable plugins directory on the flash drive.
4. Locate the “Google Talk Plugin” folder on your hard drive and copy it to the flash drive (doesn’t matter where).

When you want to use Google Voice through Firefox Portable, run the exe in the Google Talk Plugin first, then start FFP and go to gmail. Note that once you exit gmail, it will stop the exe, so you’ll have to run it again manually if needed.

Anyone have any suggestions to automate this?

Taosk8r on June 11, 2011 – 1:42am

Oh good

I found this thread again.. I cant seem to find where ff 4.0 puts these.. the info I get is:

npgoogletalk.dll
application/googletalk

npgtpo3dautoplugin.dll
application/vnd.gtpo3d.auto

Is this even still relevant?

Acamp on October 21, 2011 – 3:13am

Fantastic!

Works like a charm!

You have to search your computer for those two files (real pain in the ass on newer windows machines because they try not to display any scary system files). Once windows can’t find it, click advanced, check include non-indexed, hidden and system files.

You also need to search for the folder “Google Talk Plugin” and copy that to the flash drive. It contains the executable that needs to be launched before Firefox is opened

Robertcollier4 on September 28, 2012 – 7:33am

Works without needing to load the EXE manually

Create the following directory structure if not already existing:
FirefoxPortable\Data\Plugins\
ChromePortable\App\Chrome-bin\Plugins
Palemoon-Portable\Lib\Mozilla\Plugins

Place the following files/folders in Plugins directory:
npgoogletalk.dll
npgtpo3dautoplugin.dll
“Google Talk Plugin” (complete folder)
“Google Talk Plugin Extras” (complete folder)

The files are located at:
DocsandSettings\Username\Local Settings\Application Data\Google\Google Talk Plugin\
DocsandSettings\Username\Application Data\Mozilla\plugins\

Then it will work and the EXE will automatically load from Gmail.

Robertcollier4 on September 30, 2012 – 2:02pm

Specify path in registry to load EXE automatically

Hi – there is one update. If you want the EXE to run automatically, you must add the following registry key with the proper path to googletalkplugin.exe so that it knows where to find it and load it automatically. It will work without adding the registry path – but if the registry path is not there as shown below then you must run the googletalkplugin.exe manually before loading the browser.

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Google\Google Talk Plugin]
“install_dir”=”D:\\FirefoxPortable\\Data\\Plugins\\Google Talk Plugin\\”
“neven_sft_installed”=dword:00000001
“neven_mft_installed”=dword:00000001
“neven_lm_installed”=dword:00000001
“D3DXRedistKeyPath”=dword:00000000
“CrashReporterKeyPath”=dword:00000000
“DriverBlacklistKeyPath”=dword:00000000

  1. https://get.adobe.com/flashplayer/download/?installer=FP_25_for_Firefox_-_NPAPI&stype=5513&standalone=1
  2. Normal adobe flash player download page https://get.adobe.com/flashplayer/