SSL for ERC

ERC is fully equipped to connect to SSL/TLS-enabled servers (e.g. OFTC and Freenode) however, Certificate Authentication support is rather untested.

For the purposes of this guide, head on over to the following OFTC page to get an idea on how to create the necessary certificates

To get started, ensure that SSL/TLS support is enabled in your emacs init file:

1
2
3
(require 'tls)
(require 'erc)

This allows us to set the tls-program variable that calls external tools openssl or gnutls-cli to perform the actual connection.

To see how the variable is initally defined:
[F1] V tls-program

You’ll notice that there are several options for tls-program. tls-program will cycle through the commands until a connection is established with the fallback.

Note that while you can add CA-chain and accompanying keys to gnutls-cli, ERC may fail to recognise them, and will proceed to create the secure connection using gnutls without certificate authentication.

I personally use OpenSSL:

1
2
3
4
5
6
7
8
(setq tls-program '("openssl s_client -connect %h:%p -no_ssl2 -ign_eof
-CAfile /home/ootput/.private/certs/CAs.pem
-cert /home/ootput/.private/certs/nick.pem"
"gnutls-cli --priority secure256
--x509cafile /home/ootput/.private/certs/CAs.pem
--x509certfile /home/ootput/.private/certs/nick.pem -p %p %h"
"gnutls-cli --priority secure256 -p %p %h"))

Please note that your distro’s implementation of libgnutls may also be unsuitable for CA-chaining.

Use of gnutls-cli is recommended for the future as most linux projects have sought to replace openssl dependencies with gnutls.

Now, assuming you’ve already enabled ‘erc, we can continue to work with the supplied erc-tls command:

1
2
3
4
5
6
7
8
9
10
(defun start-irc ()
"Connect to IRC."
(interactive)
(erc-tls :server "irc.oftc.net" :port 6697
:nick "ootput" :full-name "ootput")
(erc :server "irc.freenode.net" :port 6667
:nick "ootput" :full-name "ootput")
(setq erc-autojoin-channels-alist '(("freenode.net" "#emacs" "#screen" "#ion")
("oftc.net" "#debian"))))

This will establish connection to OFTC on port 6697 (SSL), but more importantly, it will allow us to use certificates for transparent Nickserv auth.

; M-x start-irc

Enjoy your SSL-encrypted IRC session!

On OpenBSD

This blog does not currently contain many entries on OpenBSD, and I imagine this will be the case indefinitely. Simply put, my experiences with OpenBSD have been of the set-and-forget variety, and consequently do not warrant blog updates. Granted, setting up my first ever Soekris box to run OpenBSD was no easy feat - as I was still rather spoiled by various Linux distro installers. But, as with all BSDs, OpenBSD’s documentation was thoroughly fantastic, and it didn’t take long before I was able to add more OpenBSD boxes to my ever-expanding home network. On the very rare occasion when I needed to maintain a box, the process was extremely straightforward.

OpenBSD, you are toxically-delicious!

FreeBSD 8.0 on Server

Half a decade later, I have decided to use FreeBSD on my server machines (instead of Gentoo) - where, in 2003, I had a brief encounter with the highly unstable FreeBSD 5.0. Back then, I was more at home with Red Hat Linux (with the newly introduced RHCE program); and the ever-fussy FreeBSD 5.0 Release - which seemed more like a developer preview with its pronounced instability - had left a bad taste in my mouth.

Now, the problems that plagued FreeBSD 5 are all but forgotten. Earlier today, FreeBSD 8.0 was formally released to the public (the announcement can be found here,) and having installed it soon after, I can certainly say that all bodes well for the future of this Internet-serving superstar.

As a side note, several OpenBSD-on-Soekris boxes still manage the IP routing in my household. FreeBSD has managed to incorporate a lot of the security features of OpenBSD, but for routing purposes, the much slimmer and more efficient OpenBSD still reigns supreme.

Dual-card ALSA Configuration

Sound in Linux can be a pain to get right. Thusly, I’ve attached my (functional) configuration for multiple soundcards in ALSA for reference below:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
# Set default sound card
# Useful so that all settings can be changed to a different card here.
pcm.av710spdif {
type hw
card 2
device 1
}
pcm.realtek {
type hw
card 0
# device 0
}
pcm.!default {
type plug
slave.pcm "av710duplex"
}
pcm.monitor {
type plug
ttable.0.10 1 # digital mix left
ttable.1.11 1 # digital mix right
slave.pcm "av710spdif"
}
# Allow mixing of multiple output streams to this device
pcm.av710output {
type dmix
ipc_key 1024
ipc_perm 0660 # Sound for everybody in your group!
slave.pcm "av710spdif"
slave {
# This stuff provides some fixes for latency issues.
# buffer_size should be set for your audio chipset.
format S32_LE
period_time 0
period_size 1024
buffer_size 8192
rate 44100
}
bindings {
0 0
1 1
}
}
# Allow reading from the default device.
# Also known as record or capture.
pcm.av710input {
type dsnoop
ipc_key 2048
slave.pcm "av710spdif"
slave {
# This stuff provides some fixes for latency issues.
# buffer_size should be set for your audio chipset.
format S32_LE
period_time 0
period_size 1024
buffer_size 8192
rate 44100
}
bindings {
0 0
1 1
}
}
# This is what we want as our default device
# a fully duplex (read/write) audio device.
pcm.av710duplex {
type asym
playback.pcm "av710output"
capture.pcm "av710input"
}
# Allow mixing of multiple output streams to this device
pcm.realtekoutput {
type dmix
ipc_key 3096
ipc_perm 0660 # Sound for everybody in your group!
slave.pcm "realtek"
slave {
# This stuff provides some fixes for latency issues.
# buffer_size should be set for your audio chipset.
# format S32_LE
period_time 0
period_size 1024
buffer_size 8192
rate 44100
}
bindings {
0 0
1 1
}
}
# Allow reading from the default device.
# Also known as record or capture.
pcm.realtekinput {
type dsnoop
ipc_key 4096
slave.pcm "realtek"
slave {
# This stuff provides some fixes for latency issues.
# buffer_size should be set for your audio chipset.
# format S32_LE
period_time 0
period_size 1024
buffer_size 8192
rate 44100
}
bindings {
0 0
1 1
}
}
# This is what we want as our default device
# a fully duplex (read/write) audio device.
pcm.realtekduplex {
type asym
playback.pcm "realtekoutput"
capture.pcm "realtekinput"
}

Debian 5.0 on Desktop

Back in 2002 - when I first got interested in Linux - I recall briefly accessing a Debian package/distro repository on Rice University’s network. Of course, as I had no previous knowledge of Linux, I couldn’t make sense of what I was looking at. Fast forward seven years, and Debian 5.0 (Lenny) is released to the public (earlier this year). The documentation required to install Lenny, though copious, was more accessible, and support was offered by friendlier community channels. In seven years, Linux had become much more mainstream, and Debian itself had gone from strength to strength.

A few days ago, I resolved to experiment with this “archaic” version of Linux, and I downloaded the network installer. Having used Linux From Scratch and Gentoo, I found Lenny to be incredibly easy to install, and it didn’t take long before I was staring at the default Gnome Desktop. I cannot say whether Debian will come with its fair share of problems, and it is too early to claim that I will stay with Debian forever, but so far I am loving it. Debian is fast, solid, reliable, and an absolute pleasure to work with.

Ion3 look_ootput

It appears that Tuomov is growing increasingly impatient with Open Source contributors customizing his code without his consent, and his latest adventure in Debian-land suggests that he’ll soon abandon work on Ion3. If Ion3 ceases to be developed, as it very well may be, I can only hope that someone archives Tuomov’s repository. In the mean time, to keep the meager contributions I’ve made to the project, I have posted the source code for both of my Ion-3 styles here.