My thoughts on Slackware, life and everything

Month: April 2010

X264 encoder gains blu-ray encoding capability

Interesting piece of information in the #videolan IRC channel today: the X264 encoder (producing the video format commonly used in MKV and MP4 movies) is now capable of producing Blu-Ray compliant video.

Until now, the free software world was not equipped with anything capable of producing Blu-Ray video discs. With the video encoding now taken care of (Blu-Ray audio can be produced with free AC3 audio encoders), all that is left is the authoring tool. This should be less of a challenge than writing the encoders. The VLMC movie creator project which uses the VideoLAN library (which in turn contains the X264 library) will hopefully pick up this exciting new capability.

Read all about it on Dark Shikari’s developer-blog: http://x264dev.multimedia.cx/?p=328

Eric

New version of VLC fixes security holes

The VideoLAN team have released version 1.0.6 of their VLC player. This version fixes several vulnerabilities which were found during development of the upcoming version 1.1.0.

I have built Slackware packages for vlc-1.0.6 (Slackware 13.0 32-bit and 64-bit) which you can find at the usual place, http://slackware.com/~alien/slackbuilds/vlc/. This is the release announcement in my repository’s ChangeLog.txt:

Fri Apr 23 10:35:49 UTC 2010
vlc: updated to 1.0.6. Several security holes were fixed in this release.
These packages do inotify-tools libnotify contain MP3/AAC audio encoders (playback of mp3/aac audio works fine); you can get packages with MP3/AAC encoding capability at http://slackware.org.uk/people/alien/restricted_slackbuilds/vlc/ as usual.
For playback of encrypted DVDs you’ll additionally need to install libdvdcss.

One remark: I found that the midi plugin (based on fluidsynth) does not work in this package because of a library linking error. I will try to get this resolved for Slackware 13.0 in a new build if I find the time (but KDE 4.4.3 is getting near). When I built a VLC package on Slackware-current, I did not have this issue however.

Note for those who run VLC on an older Slackware:

Older versions of the VideoLAN player will not get patched. Most notably the version 0.8.x which is still widely used. This version has already been vulnerable for some time, and the new vulnerabilities just get added to a growing list. Upgrading to the newest version will not be an option for everybody. Older releases of Slackware but also of other distro’s simply lack the libraries required by the current version of VLC. Too bad… or finally time to upgrade your Slackware?

Eric

Securely browsing the net – using SOCKS

If you are using a public/open wireless access point (like, in an Internet Cafe), or if you live in a country where people are not all that happy or concerned about it’s citizens’ freedom, you sometimes find yourself in the position that you want to hide your browsing behaviour from others.

I will describe a setup which allows you to run your browser traffic through an encrypted tunnel. And using Firefox, even your DNS lookups will use that tunnel instead of talking to the local (possibly monitored) DNS server. There is one catch: you have to have a shell account on a remote SSH server.

This article uses a less-known feature of OpenSSH which is that the ssh client can create a SOCKS proxy.

Suppose you have a shell account “alien” on a remote server “safehaven.net”. Using ssh you can quickly setup a local SOCKS proxy using the following command (assuming you are running this command as non-root, you can only make your SOCKS proxy listen on non-privileged ports – anything higher than port 1024 is unprivileged):

$ ssh -D 8888 alien@safehaven.net

Once your ssh client connects to that remote server, your local computer’s port 8888 will now act as a SOCKS proxy which enables encrypted traffic to the Internet for all applications that can use SOCKS proxies.

You then configure Firefox to use a SOCKS proxy; the proxy’s hostname will be “127.0.0.1” and the port is of course “8888“.

This is enough to hide your browsing (the URLs you access as well as the data you retrieve in your browser) from any 3rd party. But… your computer is still consulting a local DNS server for the hostname lookups. Anyone can still sniff that traffic and guess what you are doing. Even if your computer uses one of the many “free” DNS services on the Internet (like Google’s public DNS addresses 8.8.8.8 and 8.8.4.4), your DNS lookups can possibly be monitored on the local network.

So, there is one more setting in Firefox which you have to to change in order to alter its DNS lookup behaviour. In your Firefox entry bar, type “about:config” which will show the low-level configuration options for the browser, most of which are not accessible through its “normal” GUI. Look for the entry:

network.proxy.socks_remote_dns

which will have the value of “false” by default. Change its value to “true” by double-clicking it. From then on, Firefox will use the DNS server at the remote end of the SOCKS proxy instead of the locally configured DNS server, thereby effectively hiding your browsing from anyone. If you happen to be in a situation where  you know that DNS lookups are being filtered or spoofed, this is your secure way out of this ugliness.

Eric

KDE SC 4.4.2 for Slackware… including PolicyKit

KDE SC 4.4.2 (second maintenance release for the 4.4 series ) has been made available and the Slackware packages can be found at http://alien.slackbook.org/ktown/4.4.2/

You can download 32-bit as well as 64-bit packages. Many of the dependencies have been updated, some have been added. Read the README in the top-directory for full installation/upgrade instructions, or look for my older http://alien.slackbook.org/blog/its-been-released-kde-sc-4-4-0/ post.

Note that you have to be running Slackware-current (not older than 30-march-2010) or lots of things will break!

As a special gift on april 1st, I have added PolicyKit and ConsoleKit to the dependencies section. The KDE SC 4.4.2 packages have been built with support for them, which means you can now properly set your date/time in KDE, as well as install new fonts and configure your printer… thanks to the work of PiterPUNK and Robby Workman, and NaCl (from the WICD developer team) who wrote and refined the patch for polkit-1 that allowed me to add it without the need for PAM.

This upgrade is recommended if you are using my earlier 4.4.x packages.

Eric

© 2024 Alien Pastures

Theme by Anders NorenUp ↑