How do I create a crypted DVD?

First, make sure that AES is supported by your kernel as well as the following programs: losetup, mount and umount.

Next, check if you have aespipe installed (this package is part of the Debian distribution).

nThe command

mkisofs -r /backup | /usr/local/bin/aespipe -e AES128 -T >backup.iso

will create a crypted DVD-Image. In this example a keylength of 128 bit is used, thus AES asks for a password of (at least) 20 characters. Make sure that your image is not violating the maximum DVD size!

To check the integrity of the crypted image you can do a loopback mount with

mount -t iso9660 backup.iso /mnt/cdrom -o loop=/dev/loop0,encryption=AES128

Now, we have to get the image onto a disk. This is quite easily done with

growisofs -Z /dev/dvdrecorder=backup.iso

If you are creating a crypted CD (check the size of your image!) then you could use

cdrecord -v dev=/dev/cdrecorder backup.iso

Finally, we should check the data on our new disk before deleting any files from the harddrive.
Typing (as root)

mount -t iso9660 /dev/dvdrom /mnt/dvdrom -o loop=/dev/loop0,encryption=AES128

should ask you for the password and afterwards the data should be accessible at the mountpoint.

Just to remind you, device names and mountpoints are subject to your local installation.

How do I create a crypted filesystem?

This answer explains how to create a crypted file that can be mounted via a loopback device using AES encryption.

First, create a file of the appropriate size. Let’s say we want to create a file the size of a DVD-R, i. e. 4.37 GByte.

dd if=/dev/urandom of=./cryptfile bs=1024k count=4100

Now create the loopback device

losetup -e AES128 -T /dev/loop1 ./cryptfile

A 128 key demands a passphrase of 20 characters, 192 and 256 keys need 32 and 43 respectively. Next, you need to establish a filesystem on the cryptfile, in this example we use ext2.

mkfs -t ext2 /dev/loop1

The loop can be closed now.

losetup -d /dev/loop1

How can I do a remote logout from KDE?

Use the incredible dcop client!

To get an overview what is going on at the specific machine, type

dcop --all-users --list-sessions

This will show all sessions by all users.

If you have the appropriate permissions you can picka specific user and session by typing

dcop --user <username> --session <sessionid>

This will provide you with a list of all dcop-aware programms running in this session.

So let’s get to the logout. This is under controll of the KDE SessionManagemnet server.

dcop --user <username> --session <sessionid>
ksmserver default

provides a list of all available dcop commands to the specific programm. Among the list of ksmserver we will find logout (int,int,int)

The three integers have the following meanings:

  • ShutdownConfirm
    • Default = -1: Obey the user’s confirmation setting.
    • No = 0: Don’t confirm, shutdown without asking.
    • Yes = 1: Always confirm, ask even if the user turned it off.
  • ShutdownType
    • Default = -1: Select previous action or the default if it’s the first time.
    • None = 0: Only log out.
    • Reboot = 1: Log out and reboot the machine.
    • Halt = 2: Log out and halt the machine.
  • ShutdownMode
    • Default = -1: Select previous mode or the default if it’s the first time.
    • Schedule = 0: Schedule a shutdown (halt or reboot) for the time all active sessions have exited.
    • TryNow =
      1: Shut down, if no sessions are active. Otherwise do nothing.
    • ForceNow = 2: Force shutdown. Kill any possibly active sessions.
    • Interactive = 3: Pop up a dialog asking the user what to do if sessions are still active.

These flags are documented at

Thus, a logout could be initiated by

dcop --user <username> --session <sessionid> ksmserver default logout 0 0 -1

More info of dcop at for the protocol and for the client program.

Which process is listening on which port?

A good overview is given when using lsof -i. This gives an overview of all TCP and UDP activities.

An example:

pump 592 root 0u IPv4 1774 TCP *:bootpc (LISTEN)
portmap 596 daemon 3u
IPv4 1858 UDP *:sunrpc
portmap 596 daemon 4u IPv4 1859 TCP *:sunrpc (LISTEN)
syslogd 702 root 18u IPv4 1954 UDP *:syslog
twistd2.3 732 aptproxy 0u IPv4 2029 TCP *:9999 (LISTEN)
exim4 814 Debian-exim 0u IPv4 2202 TCP veles:smtp (LISTEN)
fwlogwatc 826 root 4u IPv4 2247 TCP *:888 (LISTEN)
icecast 829 icecast 0u IPv4 2267 TCP *:8000 (LISTEN)
icecast 829 icecast 3u IPv4 2275 UDP *:8000
inetd 840 root 4u IPv4 2282 TCP *:discard (LISTEN)
inetd 840 root 5u IPv4 2283 UDP *:discard
inetd 840 root 6u IPv4 2284 TCP *:daytime (LISTEN)
inetd 840 root 7u IPv4 2285 TCP *:time (LISTEN)
inetd 840 root 8u IPv4 2286 TCP *:telnet (LISTEN)
inetd 840 root 9u IPv4 2287 TCP *:ftp (LISTEN)
840 root 10u IPv4 2288 TCP *:auth (LISTEN)
inetd 840 root 11u IPv4 2289 TCP *:finger (LISTEN)
inetd 840 root 12u IPv4 2290 TCP *:vboxd (LISTEN)
inetd 840 root 13u IPv4 2291 TCP *:cvspserver (LISTEN)
junkbuste 850 junkbust 4u IPv4 2318 TCP *:5865 (LISTEN)
lisa 853 root 4u IPv4 2320 TCP *:7741 (LISTEN)
lisa 853 root 5u IPv4 2514 UDP *:7741
lpd 858 root 6u IPv4 2421 TCP *:printer (LISTEN)
postmaste 977 postgres 3u IPv6 2674 TCP *:postgresql (LISTEN)
postmaste 977 postgres 4u IPv4 2675 TCP *:postgresql (LISTEN)
postmaste 977 postgres 6u IPv4 2680 UDP veles:32769->veles:32769
postmaste 984 postgres 6u IPv4 2680 UDP veles:32769->veles:32769
sinfod 999 daemon 3u IPv4 2758 UDP *:32771
sinfod 999
daemon 4u IPv4 2759 TCP *:60001 (LISTEN)
sinfod 999 daemon 5u IPv4 2760 UDP *:60001
spong-ser 1010 spong 3u IPv4 2796 TCP *:1998 (LISTEN)
spong-ser 1011 spong 3u IPv4 2797 TCP *:1999 (LISTEN)
sshd 1012 root 3u IPv6 2825 TCP *:ssh (LISTEN)
wwwoffled 1026 proxy 4u IPv4 2903 TCP *:webcache (LISTEN)
wwwoffled 1026 proxy 5u IPv4 2904 TCP *:tproxy (LISTEN)
rpc.statd 1164 root 4u IPv4 3098 UDP *:919
rpc.statd 1164 root 5u IPv4 3085 UDP *:916
rpc.statd 1164 root 6u IPv4 3102 TCP *:922 (LISTEN)
ntpd 1194 root 4u IPv4 3240 UDP *:ntp
ntpd 1194 root 5u IPv6 3241 UDP *:ntp
ntpd 1194 root 6u IPv4 3242 UDP veles:ntp
ntpd 1194 root 7u IPv4 3243 UDP veles.feuersaenger.home:ntp
ntpd 1194
root 8u IPv4 3244 UDP
apache2 1229 root 3u IPv6 3361 TCP *:www (LISTEN)
apache2 1242 www-data 3u IPv6 3361 TCP *:www (LISTEN)
apache2 1243 www-data 3u IPv6 3361 TCP *:www (LISTEN)
apache2 1244 www-data 3u IPv6 3361 TCP *:www (LISTEN)
apache2 1245 www-data 3u IPv6 3361 TCP *:www (LISTEN)
apache2 1246 www-data 3u IPv6 3361 TCP *:www (LISTEN)
apache2 1682 www-data 3u IPv6 3361 TCP *:www (LISTEN)
apache2 1692 www-data 3u IPv6 3361 TCP *:www (LISTEN)
apache2 1693 www-data 3u IPv6 3361 TCP *:www (LISTEN)
apache2 1698 www-data 3u IPv6 3361 TCP *:www (LISTEN)
dovecot 1768 root 5u IPv4 9429 TCP *:imap2 (LISTEN)
dovecot 1768 root 6u IPv4 9430 TCP *:imaps (LISTEN)
dovecot 1768 root 7u IPv4 9431 TCP *:
pop3 (LISTEN)
dovecot 1768 root 8u IPv4 9432 TCP *:pop3s (LISTEN)
famd 1777 mafeu 3u IPv4 9518 TCP veles:681 (LISTEN)
imap-logi 3936 dovecot 0u IPv4 9429 TCP *:imap2 (LISTEN)
imap-logi 3936 dovecot 1u IPv4 9430 TCP *:imaps (LISTEN)
imap-logi 11552 dovecot 5u IPv4 476846 TCP veles:imap2->veles:36427 (ESTABLISHED)
kdeinit 20231 mafeu 15u IPv6 475205 TCP *:5800 (LISTEN)
kdeinit 20231 mafeu 16u IPv6 475206 TCP *:5902 (LISTEN)
kdeinit 20461 mafeu 6u IPv4 476841 TCP veles:36427->veles:imap2 (ESTABLISHED)
imap-logi 20465 dovecot 0u IPv4 9429 TCP *:imap2 (LISTEN)
imap-logi 20465 dovecot 1u IPv4 9430 TCP *:imaps (LISTEN)
imap-logi 25356 dovecot 0u IPv4 9429 TCP *:imap2 (LISTEN)
imap-logi 25356 dovecot 1u IPv4 9430 TCP *:imaps (LISTEN)

Check for more details.

How do I change the default applications for http, ftp and https in Mozilla Thunderbird?

Add the following entries to prefs.js under your profile (~/.thunderbird/default.50c/prefs.js)

user_pref("", "/
user_pref("", "/location/to/browser");
user_pref("", "/location/to/ftpprogram");


I set up ssh for public key identification but the server still asks for a password. What is wrong?

Make sure that that neither „group“ nor „others“ has write access to your home directory and to
the .ssh directory. Otherwise the ssh-Server does not trust your public key
in authorized_keys

A good manual for public key authetification (in German) can be found at

MediaWiki Setup fails on Debian with a ‚Couldn’t connect to database‘ error

This year MediaWiki found it’s way into Debian. So last night I thought I could set up this nice piece of software on my home machine.

Installing the package is no problem. But setting up the wiki fails with a ‚Couldn’t connect to
database‘. Unfortunately you don’t see the errors (that would be „Client does not support authentication protocol requested by server; consider upgrading MySQL client“ as I found out later) reported by MySQL.

The cause of this problem is, that MediaWiki (or in fact this is probably the MySQL extention in PHP) does not support the new authentication protocol in MySQL 4.1 and above and thus fails to connect. If you are running MySQL out of Sarge you should not be affected by this problem. However, testing and unstable hold 4.1.X at the moment of writing.

The problem is described at (curiously on a Mac OS X related page) further down the page, marked in red, and a solution can be found in the MySQL Reference manual at „A.2.3. Client does not support authentication protocol„.

I chose the third approach described in

  1. I changed the password for the DB root.
  2. I ran the wiki install with the DB root password given. This creates the database and sets up the database user before it fails when the database user tries to access that database.
  3. Now I also changed the password of the newly created database user and ran the setup again. Giving a root password is not necessary any more. This time the setup runs thru smoothly and the wiki is set up and reachable.