Klaus on Tilde Town

In case you can't connect OpenVPN in Alpine Linux due to '/dev/net/tun not found'

Quick posting for a quick fix regarding Alpine: earlier today I wasn't able to reach my VPN servers with it via the openvpn command-line tool. The message indicated that the device file /dev/net/tun was not found in the system, to which I initially attributed to an unattended kernel upgrade (I had ran apk upgrade in the same session previously and noticed that the kernel was also in the line to be upgraded).

When a reboot didn't fix it, I started to wonder what could be happening and went out to search for a possible fix. The results pointed me to this SO page which, despite sounding like quite an ugly hack, managed to fix the whole thing seamlessly to me. Here's the TL;DR:

First off, yes, the file is indeed missing, so you can't create the VPN tunnel. However, you can create one on behalf of a process! To do so correctly, these are the commands:

# as root, of course.
mkdir -p /dev/net
mknod /dev/net/tun c 10 200
chmod 600 /dev/net/tun

And bingo, just run openvpn yourconfig.ovpn and watch the connection go through, just as intended. The rest of the answer concerns making the commands above into a cron job script so that every reboot the file is recreated, but that's enough for me as it is.

Wonder what happened in first place so that OpenVPN doesn't create the file by itself. But oh well, this one seems good enough to me!

Permalink 20220706_1544

Make the Home, End and F-keys work correctly in URxvt

Just sharing a quick tip to make URxvt aka rxvt-unicode a little more usable as a lightweight, fast and decent Terminal emulator.

If you've ever went past the first step of configuring urxvt away from its ugly white-background, scrollbar on the left mess, you've probably ended up with another annoying problem: lack of F-keys working, which extends to other important keys such as Home, End and Page up and down.

Searching around the interwebz, I couldn't quite figure out a solution for it, as most of the times it presented a program-specific (ex: vim, etc) solution, or something stretching all the way to ancient definitions of VT-100 and its emulation, so this annoyance persisted for a while. Thankfully, a tip came in in the IRC that solved everything. Simply add the following line to your .Xresources file:

URxvt.termName: rxvt-unicode-256color

Then update your X configurations via xrdb -load ~/.Xresources, re-open urxvt and surely enough, it will magically restore the behavior of your keys.

Sounds strange to me that simply changing the terminal name makes its behavior change like this, but I guess it has to do with how some programs try to "sniff" the terminal's "User Agent" to activate certain features, like colors. Oh well, works well enough for me the time being, so guess it's alright!

What other tip do you know about configuring URxvt that makes it better to use? Let me know in mastodon!

Permalink 20220604_2019

Sending secure "email" from a public / shared computer

These days I did a little thought experiment concerning a situation in which I don't have access to a machine I own and still would like to securely relay messages (or even small files) to myself for when I get back to my own machines. Here's the blurb of it:

Imagine you're on a public shared computer i.e. hotel business lounge or public library and you've found some information online or produced a kind of document that you want to send it to yourself.

You could trust the machine you're using or your network to log into your own webmail, type in your password and send an email as usual. But maybe the information is sensitive or you don't trust too much that computer, or maybe your access to your webmail is restricted for whatever reason. How do you send that information securely in that case? You don't have your gpg or your keyring to encrypt it.

Here's one way that I thought:

  1. Visit the online demo of CyberChef, or download a local copy of it (it's a purely Javascript webapp).
  2. Get a copy of your public PGP key from one of many online keyservers, like Ubuntu's.
  3. Open CyberChef, select PGP encrypt from the recipes, paste your public key into the required field.
  4. Type or paste your message / information into the input field, click Bake.
  5. Copy the ciphertext output.
  6. Go to some kind of pastebin service, like Debian's and paste your ciphertext there. I'd avoid using Pastebin.com for this.
  7. Make a note of the paste's URL - it could be as simple as writing down the ID with pencil and paper.
  8. When you are back in range of a machine you do control, download the paste and decrypt it with your private key. You can now read your important message securely!

Of course, this is a silly experiment and does not consider the aggressiveness of nation-state adversaries, but could be much more "low-key" than using email traffic to send your information against a passive average opponent. Plus no need to use any sort of secrets (no passwords, public key available on internet, publicly-available cipher engine, etc) to securely send the message.

What would you do in the face of a similar situation? Let me know on Mastodon!

Permalink 20220418_0951

More statuses

Welcome to my part of Town!

kzimmermann

I'm Klaus Zimmermann, the friendly hacker formerly very active on Quitter.se and GNUSocial in general. Although my social time has been diminishing quite a lot recently, I've discovered a new home (and an entire new world!) here in Tilde Town.

I'll share some of my thoughts, Linux and Infosec tutorials and other stuff here. Be sure to check back! I develop some scripts for fun and write python as a hobby, which I plan to share here as well. You can also look under /home/kzimmermann/ via ssh for more information.

Also, see my Random collection of thoughts. It's like a microblog, a twitter feed or something minus the tracking and bloat!

Elsewhere on the web

I used to have a Quitter.se account where I was quite active until about 2018 when it went under. I had alternative accounts named kzimmermann2 but kind of gave up when quitter went under.

I still have a Diaspora account where you can find a trove of my old posts, and currently I'm trying to revive the hacker social media spirit in my account in Mastodon (changed on October 8th 2020), though I'm still a little slow to get posting there again. Who knows, I might get back to it now that Tilde Town revived that spirit in me!

I hold a figurative account at Github, though my real software projects remain in the community-oriented Notabug.org. I feel I should mirror them back into Github for safety some time.

Contact

The best way to contact me is through my town email address. You can easily find me once you sign up for an account. There you can also request my PGP key so we can exchange internet-wide email or IM. DM me in mastodon as well, I'm always watching those.

If you Tox (which you should!), my ID is: 91B0216E0D873D163D125458E6EE1B3EA0BC80D3BA2B54452269BCD2DF80584D78F6CD29767D

In the meantime, check out some articles I wrote!

See you around!