OpenGL applications over ssh -X

Lately, I needed to set up VirtualBox on some server I use to ssh into, and I wanted to use the GUI for initial setup. I did this previously, without any problems – ssh -X, then just start the GUI.

Not so with VirtualBox 5, the only message I got was libGL error: failed to load driver: swrast.

Turns out that the VirtualBox 5 GUI uses OpenGL, while previous versions didn’t, and there seem to be some issues whether that should be rendered locally or remotely.

Finally I found a solution in a 20 year old discussion: https://groups.google.com/forum/#!msg/comp.security.ssh/DXHF6hGznYI/15zYRY4L5pYJ is still valid.

GLFORCEREDIRECT=no VirtualBox

works.

Updating Minecraft liteloader mods

Every now and then, there is a new minecraft subversion, and when your favourite server updates, you need to update as well. Which is easy if you’re running a plain vanilla client, but can be quite an annoyance when you’re using mods, and your mod author doesn’t update them in time.

When there’s a lot of changes to the client itself, then, well, mods have to adjust to these changes. But when the changes are very minor, like 1.12 to 1.12.1 to 1.12.2, most of the time, plugins will still work.

As long as they’re forge mods. Not so, with liteloader.
Continue reading

The annoying alternate screen in vte-based terminal applications

Current Linux terminal emulators have a feature that many people consider a bug.

Read the manual of some command. Find what you wanted to check. Quit the viewer to return to the command line. Poof, your screen is restored to what it was before you started man, and the information you were looking for is gone.

Same if you start your editor; quit the editor and the screen restores to the previous content.

Continue reading

Using Logitech G keys in Linux (Ubuntu, 14.04)

Finding a useful resource for this took me quite a while. The solution comes with the standard repository:

apt-get install g15daemon

On my 18-key G15, keys G1..G18 map to key 175..192, and M1..MR map to 193..196.

xmodmap can be used to reassign keys; unfortunately, you can’t assign a sequence of keys to one key press. Still looking for a solution to this.

Setting up an SSL server to use a key exchange that wireshark can decrypt

Sometimes, you need to decrypt SSL. Wireshark says you can do that if you have the server key.

This works .. almost.

It doesn’t work if the key exchange uses a DH (Diffie-Helmann) cipher. You need to use a RSA cipher for the key exchange. Several people on the internet tell you this, but i was never able to find any information which keys to use and which not to use.

Seems this works, however:

I made it work. As SYN-bit said, the reason because my server and client use DH cipher to exchange key, I should config my server to use RSA cipher to exchange key. with Apache :

SSLCipherSuite RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS

Now I can decrypt https traffic.

How to get a free codesigner certificate, and sign Java jars with it

Oracle is (rightfully!) tightening the security requirements around the .jnlp web starter more and more. Formerly, they were just started; later, you got warning messages if they weren’t signed with a proper certificate, and in the newest versions, you need to explicitly manage a list of servers you permit execution from.

So, even if you’re a developer of open source, or freeware, you need to sign your code, which requires a certificate, which normally costs money. Unless you use the services of the nice company Unizeto, who, with their Certum certificates, give code signing certificates to open source developers for free.
Continue reading

Using Java to read Oracle Wallet files

A while ago, i was given the task to write a program to check for the expiration of client certificates. Since the program was supposed to be workable on Windows, Linux, Solaris, and AIX, i decided to not use the openssl libraries, instead, i wrote a java program. Now, when i started to make it productive, the guy actually in charge told me “great thing, and we actually have a few PEM certificates, but most of them are Oracle Wallets”.

Continue reading