Recently in Tips Category

After struggling with several problems when installing a 64Bit Linux for the first time I want to write down the problems for which I didn't find a solution by using google. Two problems were related to Matrica Moneyplex. The first problem was that it didn't find my kobil chipcard-reader.
The solution in short is: follow the official docs from matrica on how to setup the necessary stuff (apt-get install pcscd pcsc-tools). Do NOT install the openct package! Then install the driver for your chipcardreader by downloading the necessary libct.zip from www.kobil.de and run the install64-script as root AND the installuser64-script as normal user. In the moneyplex settings select the libproxy-kobil.so as driver for the chipcard-reader.
Now the problem started: I wasn't able to access my reader. After some investigation I saw the following error messages when starting moneyplex in the console:

fejf@fejfs:[~/moneyplex] > ./start
=================================================
32<->64 bit CTAPI-Proxy library.
(C) 2007 Martin Preuss
=================================================
*** glibc detected *** : double free or corruption (fasttop):
0x0000000000604e50 ***
[...]

This took me some time but the solution is simple: add a export MALLOC_CHECK_=0 to the moneyplex start-script (normally ~/moneyplex/start) right after the other export-statement(s).

After that my chipcard-reader worked as user root. But when I tried to access it as normal user I still got error messages. The solution was simple again (after hours of finding it ;): I didn't have the right .CT_devices file in my home. I don't know why I got the wrong version (the installuser64-script from the kobil-installer should copy a new version!) but I could fix this problem by copying the file from root's home to mine (replace fejf with your username...):

cp /root/.CT_devices ~fejf
chown fejf:fejf ~fejf/.CT_devices

FYI: the .CT_devices file should contain only ONE Port#-Line which should look like this one:

Port1=PCSC;[IDX="1"];3;0;reader via PCSC [IDX="1"]: transparent

Starting with linux kernel 2.6.22 Kobil doesn't support the Kobil KAAN Standard Plus USB Card Reader anymore. That means that i couldn't do any bank transfers if i wanted to upgrade to a post 2.6.21 kernel. The only way to fix this remedy is to get a new card reader - the Kobil KAAN Advanced USB Card Reader ("they know how to make money" crosses my mind...). Anyway, they changed the usage of the new card reader and i counldn't access the card reader from within moneyplex. After contacting Matrica they instantly tried to support me and sent a howto for OpenSuSE which was a good starting point - but i still use Gentoo ;) So to give something back: here's the Gentoo Version.

Download here.

I mirrored a bash scripting quick-reference-card. View or download it:
bash quick reference by John McCreesh. There is also a site with links to several other quick reference cards: Quick Refs.

It took me several days to figure out how to connect to a checkpoint vpn server with certificate-authorization. That's why i want to put some quick info here.

First: you need a kernel with the ipsec-stuff (not everything shown here is needed for checkpoint-vpns):

Networking support (NET) [Y/n/?] y
   *
   * Networking options
   *
   PF_KEY sockets (NET_KEY) [Y/n/m/?] y
   IP: AH transformation (INET_AH) [Y/n/m/?] y
   IP: ESP transformation (INET_ESP) [Y/n/m/?] y
   IP: IPsec user configuration interface (XFRM_USER) [Y/n/m/?] y
Cryptographic API (CRYPTO) [Y/n/?] y
   HMAC support (CRYPTO_HMAC) [Y/n/?] y
   Null algorithms (CRYPTO_NULL) [Y/n/m/?] y
   MD5 digest algorithm (CRYPTO_MD5) [Y/n/m/?] y
   SHA1 digest algorithm (CRYPTO_SHA1) [Y/n/m/?] y
   DES and Triple DES EDE cipher algorithms (CRYPTO_DES) [Y/n/m/?] y
   AES cipher algorithms (CRYPTO_AES) [Y/n/m/?] y


(see: http://www.spenneberg.com/ipsec-2.6.pdf)

Second you need to install the ipsec-tools package. For Gentoo Linux this would be: emerge ipsec-tools.

After that you need to setup the /etc/ipsec.conf and /etc/racoon/racoon.conf files. Click on the filenames for examples. As a last step you need to convert the provided p12 (pkcs12) file to pem (cert) files. This can be done with openssl (use this little script). After executing this script you get 2 .pem files. One of them named "filename.split.me.into.2.cert.files.pem". You need to edit this file and split it into two files. It contains two certificates. The vpn-ca (certification authority of the vpn-server) and the client-cert. Normally the first one is the ca-cert (look at the subject-line - the ca-cert has your vpn-domain-name as subject) and the second the client-cert (normally the subject contains the user-dn). Copy these two certs together with the key to your /etc/racoon/certs directory. Now edit your ipsec.conf and racoon.conf files.

Finally: Prey... ;)

How to get info about errors (like: "racoon: ERROR: none message must be encrypted"):
Check if my_identifier, encryption_algorithm, hash_algorithm, dh_group, authentication_algorithm, pfs_group and the sainfo lines are correct (examples above work for me and the checpoint vpn). Best Way is to use wireshark (formely ethereal) to check for "ISAKMP: Informational" Messages.
Then click on "Internet Security Association and Management Protocol", "Notification Payload" and look at the "Message Type" line. This is the error. Best way is to google for it ;) Errors i encountered: INVALID-CERTIFICATE: export the cacert, the cert and the key from the pkcs12 file and add them to the config, INVALID-ID-INFORMATION: my_identifier is incorrect (perhaps does not match certificate?)

Usefull links:
http://felipe-alfaro.org/blog/category/ipsec/
http://www.spenneberg.com/
http://www.fw-1.de/aerasec/ng/vpn-racoon/CP-VPN1-NG-Linux-racoon.html

Another quick reference guide. This one has multiple pages about basic commands and files of Linux and was created by Jialong He. Download here.

I mirrored a perl regular expressions quick-reference-card. View or download it:

Perl RegExp QuickRef by Iain Truskett,

IMHO the best way to use Gimp in Ratpoison is to put all the Gimp controls into ONE single window. Then split the screen in two vertical frames and put the Gimp controls to the left frame and the pictures to the right. I made a screenshot of my setup:

I mirrored three quick-reference-cards for vim. View or download them:

vimqrc by Laurent Grégoire,
vimquick by Sebastian Menge,
vimrefcard by Charles E. Campbell and Alan E Klietz.

I also suggest reading the vim tips rss feed.