How do I create a crypted filesystem?

This answer explains how to create a crypted file that can be mounted via a loopback device using AES encryption.

First, create a file of the appropriate size. Let’s say we want to create a file the size of a DVD-R, i. e. 4.37 GByte.

dd if=/dev/urandom of=./cryptfile bs=1024k count=4100

Now create the loopback device

losetup -e AES128 -T /dev/loop1 ./cryptfile

A 128 key demands a passphrase of 20 characters, 192 and 256 keys need 32 and 43 respectively. Next, you need to establish a filesystem on the cryptfile, in this example we use ext2.

mkfs -t ext2 /dev/loop1

The loop can be closed now.

losetup -d /dev/loop1

How can I do a remote logout from KDE?

Use the incredible dcop client!

To get an overview what is going on at the specific machine, type

dcop --all-users --list-sessions

This will show all sessions by all users.

If you have the appropriate permissions you can picka specific user and session by typing

dcop --user <username> --session <sessionid>

This will provide you with a list of all dcop-aware programms running in this session.

So let’s get to the logout. This is under controll of the KDE SessionManagemnet server.

dcop --user <username> --session <sessionid>
ksmserver default

provides a list of all available dcop commands to the specific programm. Among the list of ksmserver we will find logout (int,int,int)

The three integers have the following meanings:

  • ShutdownConfirm
    • Default = -1: Obey the user’s confirmation setting.
    • No = 0: Don’t confirm, shutdown without asking.
    • Yes = 1: Always confirm, ask even if the user turned it off.
  • ShutdownType
    • Default = -1: Select previous action or the default if it’s the first time.
    • None = 0: Only log out.
    • Reboot = 1: Log out and reboot the machine.
    • Halt = 2: Log out and halt the machine.
  • ShutdownMode
    • Default = -1: Select previous mode or the default if it’s the first time.
    • Schedule = 0: Schedule a shutdown (halt or reboot) for the time all active sessions have exited.
    • TryNow =
      1: Shut down, if no sessions are active. Otherwise do nothing.
    • ForceNow = 2: Force shutdown. Kill any possibly active sessions.
    • Interactive = 3: Pop up a dialog asking the user what to do if sessions are still active.

These flags are documented at

Thus, a logout could be initiated by

dcop --user <username> --session <sessionid> ksmserver default logout 0 0 -1

More info of dcop at for the protocol and for the client program.

Which process is listening on which port?

A good overview is given when using lsof -i. This gives an overview of all TCP and UDP activities.

An example:

pump 592 root 0u IPv4 1774 TCP *:bootpc (LISTEN)
portmap 596 daemon 3u
IPv4 1858 UDP *:sunrpc
portmap 596 daemon 4u IPv4 1859 TCP *:sunrpc (LISTEN)
syslogd 702 root 18u IPv4 1954 UDP *:syslog
twistd2.3 732 aptproxy 0u IPv4 2029 TCP *:9999 (LISTEN)
exim4 814 Debian-exim 0u IPv4 2202 TCP veles:smtp (LISTEN)
fwlogwatc 826 root 4u IPv4 2247 TCP *:888 (LISTEN)
icecast 829 icecast 0u IPv4 2267 TCP *:8000 (LISTEN)
icecast 829 icecast 3u IPv4 2275 UDP *:8000
inetd 840 root 4u IPv4 2282 TCP *:discard (LISTEN)
inetd 840 root 5u IPv4 2283 UDP *:discard
inetd 840 root 6u IPv4 2284 TCP *:daytime (LISTEN)
inetd 840 root 7u IPv4 2285 TCP *:time (LISTEN)
inetd 840 root 8u IPv4 2286 TCP *:telnet (LISTEN)
inetd 840 root 9u IPv4 2287 TCP *:ftp (LISTEN)
840 root 10u IPv4 2288 TCP *:auth (LISTEN)
inetd 840 root 11u IPv4 2289 TCP *:finger (LISTEN)
inetd 840 root 12u IPv4 2290 TCP *:vboxd (LISTEN)
inetd 840 root 13u IPv4 2291 TCP *:cvspserver (LISTEN)
junkbuste 850 junkbust 4u IPv4 2318 TCP *:5865 (LISTEN)
lisa 853 root 4u IPv4 2320 TCP *:7741 (LISTEN)
lisa 853 root 5u IPv4 2514 UDP *:7741
lpd 858 root 6u IPv4 2421 TCP *:printer (LISTEN)
postmaste 977 postgres 3u IPv6 2674 TCP *:postgresql (LISTEN)
postmaste 977 postgres 4u IPv4 2675 TCP *:postgresql (LISTEN)
postmaste 977 postgres 6u IPv4 2680 UDP veles:32769->veles:32769
postmaste 984 postgres 6u IPv4 2680 UDP veles:32769->veles:32769
sinfod 999 daemon 3u IPv4 2758 UDP *:32771
sinfod 999
daemon 4u IPv4 2759 TCP *:60001 (LISTEN)
sinfod 999 daemon 5u IPv4 2760 UDP *:60001
spong-ser 1010 spong 3u IPv4 2796 TCP *:1998 (LISTEN)
spong-ser 1011 spong 3u IPv4 2797 TCP *:1999 (LISTEN)
sshd 1012 root 3u IPv6 2825 TCP *:ssh (LISTEN)
wwwoffled 1026 proxy 4u IPv4 2903 TCP *:webcache (LISTEN)
wwwoffled 1026 proxy 5u IPv4 2904 TCP *:tproxy (LISTEN)
rpc.statd 1164 root 4u IPv4 3098 UDP *:919
rpc.statd 1164 root 5u IPv4 3085 UDP *:916
rpc.statd 1164 root 6u IPv4 3102 TCP *:922 (LISTEN)
ntpd 1194 root 4u IPv4 3240 UDP *:ntp
ntpd 1194 root 5u IPv6 3241 UDP *:ntp
ntpd 1194 root 6u IPv4 3242 UDP veles:ntp
ntpd 1194 root 7u IPv4 3243 UDP veles.feuersaenger.home:ntp
ntpd 1194
root 8u IPv4 3244 UDP
apache2 1229 root 3u IPv6 3361 TCP *:www (LISTEN)
apache2 1242 www-data 3u IPv6 3361 TCP *:www (LISTEN)
apache2 1243 www-data 3u IPv6 3361 TCP *:www (LISTEN)
apache2 1244 www-data 3u IPv6 3361 TCP *:www (LISTEN)
apache2 1245 www-data 3u IPv6 3361 TCP *:www (LISTEN)
apache2 1246 www-data 3u IPv6 3361 TCP *:www (LISTEN)
apache2 1682 www-data 3u IPv6 3361 TCP *:www (LISTEN)
apache2 1692 www-data 3u IPv6 3361 TCP *:www (LISTEN)
apache2 1693 www-data 3u IPv6 3361 TCP *:www (LISTEN)
apache2 1698 www-data 3u IPv6 3361 TCP *:www (LISTEN)
dovecot 1768 root 5u IPv4 9429 TCP *:imap2 (LISTEN)
dovecot 1768 root 6u IPv4 9430 TCP *:imaps (LISTEN)
dovecot 1768 root 7u IPv4 9431 TCP *:
pop3 (LISTEN)
dovecot 1768 root 8u IPv4 9432 TCP *:pop3s (LISTEN)
famd 1777 mafeu 3u IPv4 9518 TCP veles:681 (LISTEN)
imap-logi 3936 dovecot 0u IPv4 9429 TCP *:imap2 (LISTEN)
imap-logi 3936 dovecot 1u IPv4 9430 TCP *:imaps (LISTEN)
imap-logi 11552 dovecot 5u IPv4 476846 TCP veles:imap2->veles:36427 (ESTABLISHED)
kdeinit 20231 mafeu 15u IPv6 475205 TCP *:5800 (LISTEN)
kdeinit 20231 mafeu 16u IPv6 475206 TCP *:5902 (LISTEN)
kdeinit 20461 mafeu 6u IPv4 476841 TCP veles:36427->veles:imap2 (ESTABLISHED)
imap-logi 20465 dovecot 0u IPv4 9429 TCP *:imap2 (LISTEN)
imap-logi 20465 dovecot 1u IPv4 9430 TCP *:imaps (LISTEN)
imap-logi 25356 dovecot 0u IPv4 9429 TCP *:imap2 (LISTEN)
imap-logi 25356 dovecot 1u IPv4 9430 TCP *:imaps (LISTEN)

Check for more details.

How do I change the default applications for http, ftp and https in Mozilla Thunderbird?

Add the following entries to prefs.js under your profile (~/.thunderbird/default.50c/prefs.js)

user_pref("", "/
user_pref("", "/location/to/browser");
user_pref("", "/location/to/ftpprogram");


I set up ssh for public key identification but the server still asks for a password. What is wrong?

Make sure that that neither „group“ nor „others“ has write access to your home directory and to
the .ssh directory. Otherwise the ssh-Server does not trust your public key
in authorized_keys

A good manual for public key authetification (in German) can be found at

MediaWiki Setup fails on Debian with a ‚Couldn’t connect to database‘ error

This year MediaWiki found it’s way into Debian. So last night I thought I could set up this nice piece of software on my home machine.

Installing the package is no problem. But setting up the wiki fails with a ‚Couldn’t connect to
database‘. Unfortunately you don’t see the errors (that would be „Client does not support authentication protocol requested by server; consider upgrading MySQL client“ as I found out later) reported by MySQL.

The cause of this problem is, that MediaWiki (or in fact this is probably the MySQL extention in PHP) does not support the new authentication protocol in MySQL 4.1 and above and thus fails to connect. If you are running MySQL out of Sarge you should not be affected by this problem. However, testing and unstable hold 4.1.X at the moment of writing.

The problem is described at (curiously on a Mac OS X related page) further down the page, marked in red, and a solution can be found in the MySQL Reference manual at „A.2.3. Client does not support authentication protocol„.

I chose the third approach described in

  1. I changed the password for the DB root.
  2. I ran the wiki install with the DB root password given. This creates the database and sets up the database user before it fails when the database user tries to access that database.
  3. Now I also changed the password of the newly created database user and ran the setup again. Giving a root password is not necessary any more. This time the setup runs thru smoothly and the wiki is set up and reachable.

Bookmarklets in Konqueror

Jetzt habe ich mich schon mehrmals darüber geärgert, dass Bookmarklets in Konqueror nicht funktionieren. Aus der Addressleiste heraus kann man nämlich kein Javascript ausführen.

Nun habe ich endlich mal nach dem Problem gegoogelt und den Artikel „Using Bookmarklets in Konqueror“ gefunden.

Darin wird beschrieben, dass es nämlich doch geht und zwar indem man das Bookmarklet unter Extras > Mini-Dienstprogramme ablegt. Unter ‚Mini-Dienstprogramme bearbeiten‘ erscheint der bekannte Lesezeichen-Editor. Hier eingetragener Bookmarklet-Code funktioniert dann.

Ein Nachteil ist, dass das so angelegte Bookmarklet dann leider nur relativ versteckt unterhalb von Extras > Mini-Dienstprogramme oder dem Mini-Dienstprogramme-Knopf in der Extras-Werkzeugleiste erreichbar ist. Hier wäre eine eigene Mini-Dienstprogramme-Werkzeugleiste sinnvoll.

… wer hat denn nur
diese fürchterliche Namensschöpfung für die Minitools verbrochen? ‚Mini-Dienstprogramm‘ ist ja nun wirklich ein Zungenbrecher (und Fingerbrecher auch).